Findbugs Eclipse Example
In this tutorial, we will learn to install the FindBugs Eclipse Plugin and use it for code analysis within Eclipse.
As most of us know, FindBugs is a static code analyser which operates on Java bytecodes, and helps identify a range of potential errors / bad code practice in Java programs. FindBugs does not require the program code to be executed in order to be analyzed for bugs.
FindBugs can be run through various options including command prompt, Maven build, Hudson continuous integration as well through plugins for other IDEs.
Before using the plugin, it is important to understand the main attributes of the FindBugs – namely rank and confidence.
Bug Ranks
From FindBugs version 2.0, Bugs are given a rank 1-20, and grouped into the categories
- Scariest (rank 1-4)
- Scary (rank 5-9)
- Troubling (rank 10-14)
- Of concern (rank 15-20)
Bug Confidence
The priority attribute of FindBugs 1.x has been renamed to Confidence. Confidence only depicts the confidence level of the occurence of the bug as evaluated by the analyzer.
Note: Issues of different bug patterns should be compared by their rank and not their confidence.
FindBugs Plugin in Eclipse
This tutorial is divided into three parts:
- Installing the FindBugs Plugin in Eclipse.
- Configuring the FindBugs properties in Eclipse
- Analyzing code with FindBugs within Eclipse
This tutorial uses Eclipse Kepler as an installation and all programs mentioned in the tutorial are compatible with JDK 1.7 compiler.
Installing the FindBugs Plugin
The FindBugs installation in Eclipse is a very simple step. We will use the safest way of plugin installation – through Eclipse MarketPlace.
Go to Help –> Eclipse MarketPlace.
In the Find option type FindBugs and hit search. The MarketPlace would return some options including the latest FindBugs eclipse plugin version (3.0.0 RC2).
Click Install & Confirm. You may need to Accept the Terms of License agreement during the Installation process.
While Installing you might recieve a Security Warning prompting to accept the Unsigned Content being installed in Eclipse. Check Details and accept as appropriate.
Re-start eclipse if not adviced after the installation.
Configuring the FindBugs
Once the plugin is installed and eclipse re-started, we will configure the FindBugs properties for static code analysis.
Go To Windows –> Preferences. Under Java, navigate to FindBugs.
Configurations
- Bug Categories
- Minimum Rank to report
- Minimum Confidence to report
- Mark Bugs with rank as:
We have selected all possible bug categories to be reported in the FindBugs report after the code analysis.
We have set the Minimum rank to report as 20 (Of Concern). This will enable us to view all the Bugs as evaluated by FindBugs to be reported.
As you might have noticed, we have been conservative in all the FindBugs reporting, hence here as well we set it to the Low so as to report all potential bug occurences, even though their confidence may be low.
Here we set the bugs to be reported as Error / Info / Warning based on their ranks.
For our example, we will set Scariest rank and Scary rank bugs to be reported as Error (in the code). You will notice the same in the example code below.
The other tabs –> Filter Files helps you match patterns, source files, exclude bug patterns and source files. Detailed documentation is available to use these custom properties of the Plugin.
Finally you can review the FindBugs bug patterns and their details. You can select or remove any of the bug patterns based on your preference.
Analyzing Code with the FindBugs Plugin
For the sake of this tutorial, we will create three different classes in our project, purposely having Scary, Troubling and Of Concern Rank bugs.
ScaryRankBugs.java
package com.javacodegeeks.example.findBugsPluginExample; /** * Scary Rank Bugs Sample */ public class ScaryRankBugs { /** The check str value. */ private String checkStrValue = null; /** * The Constructor. */ public ScaryRankBugs() { this.checkStrValue = "SomeValue"; } /** * Execute some conditions. */ private void executeSomeConditions() { if ("SomeValue".equals(this.checkStrValue)) { // Condition 1 } else if ("SomeValue".equals(this.checkStrValue)) { // Condition 2 } } /** * Incorrect assignment in if condition. */ private static void incorrectAssignmentInIfCondition() { boolean value = false; if (value = true) { //do Something } else { //else Do Something } }
TroublingRankBugs.java
package com.javacodegeeks.example.findBugsPluginExample; /** * Troubling Rank Bugs Sample. */ public class TroublingRankBugs { /** * Empty synchronized. */ private void emptySynchronized() { synchronized (this) { // Forgot implementation } } /** * Sleep in synchronized. * * @throws InterruptedException * the interrupted exception */ private void sleepInSynchronized() throws InterruptedException { synchronized (this) { Thread.sleep(5000); } }
OfConcernRankBugs.java
package com.javacodegeeks.example.findBugsPluginExample; /** * Of Concern Rank Bugs Sample */ public class OfConcernRankBugs { /** The place holder. */ private String placeHolder = null; /** * The Constructor. */ public OfConcernRankBugs() { this.placeHolder = "Test String"; } /** * Gets the place holder. * * @return the place holder */ private String getPlaceHolder(){ return this.placeHolder; } /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ @Override public boolean equals(Object obj) { OfConcernRankBugs object = (OfConcernRankBugs) obj; return this.getPlaceHolder().equals(object.getPlaceHolder()); } }
Run FindBugs, Right Click Project –> FindBugs –> FindBugs.
Once FindBugs runs and completes the analysis, all the Source files in the project are appended with the number of violations.
Also, the cause of each of the bugs with the description is visible in the FindBugs viewer.
As can be seen, for the java file with Scary Rank bugs, the plugin is highlighting ERROR in the source, which is because of the configuration setting in step 2.
The FindBugs plugin is a very useful developer tool and can be used to analyze your code before the violations are pointed by Maven OR during Hudson builds integrating with sonar.
The source code used in the example is available for download here.
FindBugs is dead; it is now spotbugs