RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Find the Java Bugs That Pose a Threat with FindBugs : Page 4

FindBugs enables you to isolate and correct dangerous Java bugs. Its unique features separate it from the many static analysis tools in the Java world. Find out what makes FindBugs so special.

FindBugs in the Build Process
Using FindBugs directly in your IDE is probably the most efficient way to work with the static analysis tool. However, you can also integrate FindBugs bug detection very effectively into your build process. This is a great way to maintain high code quality across an entire project automatically and to make sure everybody plays by the rules. In addition, if you practice automated project-wide FindBugs analysis in conjunction with informal code reviews and/or regular code quality meetings, it can also be a great way to improve your team's skills.

To this end, FindBugs integrates nicely with both Ant and Maven. If your build scripts are written using Ant, you can use the Ant task provided with the FindBugs distribution. Copy the findbugs-ant.jar file into your Ant lib directory, and declare the FindBugs task as follows:

<taskdef name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask"/>

You also need to define where FindBugs is installed on your machine. For example, if you installed it in a directory called findbugs under your home directory, you could do this:

<property name="findbugs.home" value="${user.home}/findbugs" />

Then you simply invoke the FindBugs task as follows:

<target name="findbugs" depends="compile">
  <findbugs home="${findbugs.home}" output="xml" 
            failOnError="true" outputFile="findbugs-report.xml">
    <class location="${build.classes.dir}" />
    <auxClasspath refId="compile.classpath" />
    <sourcePath path="src" />

This will produce an XML report containing details of all the FindBugs issues, suitable for machine consumption. For a more readable equivalent, you can use the HTML output option.

If you use Maven, all you need to do is integrate the Maven FindBugs plugin into the reporting section of your pom.xml file:


Figure 5. FindBugs Analysis Statistics in Hudson: The Hudson Continuous Integration server is a user-friendly way to display FindBugs results and statistics.

Both these plugins can generate reports in both XML and HTML. The HTML reports are clean and readable, and can be used to publish your results. However, one of the most user-friendly ways to display FindBugs results and statistics is to use the Hudson Continuous Integration server (see Figure 5). Hudson takes the XML reports generated by FindBugs and produces an HTML report and annotated source code detailing the issues found in each build. It also produces a graph tracing the number of FindBugs issues found over time.

Zeroing in on Application-Threatening Bugs
In a market full of Java static analysis tools, FindBugs stands out. Rather than focusing on coding style, naming conventions, or best practices, FindBugs concentrates on identifying genuine application-threatening bugs. And it does so with a very reasonable degree of success—in my experience, at least half of the issues raised by FindBugs deserved attention. If you are serious about detecting errors in your code, FindBugs is a must.

John Ferguson Smart is principal consultant at Wakaleo Consulting, a company that provides consulting, training, and mentoring services in Enterprise Java and Agile Development. Well known in the Java community for his many published articles and talks, he is also the author of the book Java Power Tools.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date