Author: Xiao Pu, Shradheya Thakre
FindBugs is a static analysis tool to find bugs in Java programs. It looks for 'bug patterns' in the code and signals possible violations. Potential errors are classified in four ranks:
This is a hint to the developer about their possible impact or severity. For example, the bug 'null pointer dereference' has the pattern — A program declares a non-nullable variable but assigns null to the variable somewhere and uses it later.
The "bug patterns" can be divided into nine groups:
Refer to FindBugs official documentation for a comprehensive list of bugs and the explanation of each bug.
FindBugs analyses bytecode in compiled Java .class file and checks multiple files at the same time. This is unlike CheckStyle or PMD which can only check files one by one and analyse Java source code, allowing FindBugs to spot errors that would have been missed by CheckStyle and PMD. For example, one of the bug patterns in FindBugs is RCN: Redundant nullcheck of value known to be non-null. FindBugs will analyse all the assignments to a particular variable in the code base and then check whether the nullcheck for the variable is redundant or not.
Consider the following code:
class Foo {
//... data members ...
//... methods ...
//Overriding equals method - the wrong way
public boolean equals(Foo foo) {
//... logic ...
}
}
In the above code, if foo.equals() method is called, the equals() method of Object class rather than Foo class will be called. This is due to the way the Java code resolves overloaded methods at compile-time. FindBugs warns the developer of possible cases when a class defines a co-variant version of the equals() or compareTo() method.
The hashCode() and equals() method are called by many Collection based classes like - List, Maps, Sets, etc. FindBugs helps in finding problems when a class overrides the equals() but not the hashCode() method or vice-versa. Overriding only one of the equals() or hashCode() method can cause methods of Collection based classes to fail and hence FindBugs helps in reporting these errors at an early stage
FindBugs helps in finding places where your code has ignored the return value of method when it shouldn't have been.
1 String s = "bob";
2 s.replace('b', 'p');
3 boolean isCorrect = s.equals("pop"); //isCorrect is `false`
In the above examples, one would assume that the variable isCorrect is assigned true because the line 2 replaces b with p. However since strings are immutable, the replace() function actually returns a new string with updated value rather than updating the string the method is called on.
Hence, line 2 should be String newString = s.replace('b', 'p'); //newString ="pop"
FindBugs looks for cases where a code path will or could cause a null pointer exception.
1 Person person = aMap.get("bob");
2 if (person != null) {
3 person.updateAccessTime();
4 }
5 String name = person.getName();
In the above example, the aMap may or may not contain "bob", so FindBugs will report possible NullPointerException at line 5
You can tell FindBugs which bug patterns to exclude and include by using FilterFiles. By default, if no filter files are provided, FindBugs will run all checks.
You can use filter files with exclude option in FindBugs as discussed above to suppress warnings.
In addition, you can also use SuppressWarnings annotation to filter out unwanted violations.
There are several ways to run FindBugs.
GUI:
Command Line:
Build Automation Tools:
IDE Integration:
On November 2016, FindBugs was declared dead and SpotBugs was declared as its successor in September 2017.
The current projects using FindBugs can make a shift to SpotBugs by following the migration manual