Static Code checking tool FindBugs

Static Code checking tool FindBugs why and how to use FindBugsThe static analysis tool promises to find bugs that are already in the code without the hassle of a developer. Of course, if you have many years of experience in writing, you will know that these commitments are not necessarily fulfilled. Still, good static analysis tools are invaluable in the toolbox. In the first part of this two-part series, Senior software engineer Chris Grindstaff analyzes how FindBugs can help improve code quality and eliminate hidden flaws. One of the problems with the code quality tool is that they easily provide developers with a large but not real problem-pseudo problem (false positives). When a pseudo problem arises, the developer learns to ignore the output of the tool or discard it. FindBugs's designers, David Hovemeyer and William Pugh, noted the problem and tried to reduce the number of pseudo problems they reported. Unlike other static analysis tools, FindBugs does not focus on styling or formatting, it tries to find only real bugs or potential performance problems. FindBugs is what. FindBugs is a static analysis tool that examines a class or JAR file (note that it analyzes whether it is a Java source file but is an edited class class), comparing bytecode with a set of bug patterns to discover possible problems. With static analysis tools, software can be analyzed without actually running the program. Rather than analyzing the form or structure of a class file to determine the intent of the program, you typically use the Visitor pattern (see Resources). Figure 1 shows the results of an analysis of an anonymous item (to prevent a terrible crime, here is not given its name): Figure 1. FindBugs UI

2. Install Eclipse's FindBugs plugin

Can be at the address below

Http://findbugs.sourceforge.net/downloads.html

The contents of the open page are as follows:

Download findbugs software and plug-ins for Eclipse and BlueJ. FindBugs tool (Standard version with command line, Ant, and Swing interfaces) findbugs-1.3.9.tar.gz Findbugs-1.3.9.zip--- -windows download findbugs software, can run independently. And you can use findbugs findbugs-1.3.9-source.zip Eclipse plugin for findbugs version in Ant 1.3.9.20090821 (requires Eclipse 3.3 or later) Edu.umd.cs.findbugs.plugin.eclipse_1.3.9.20090821.zip--------Eclipse FindBugs Plug-ins that cannot be run independently and can only be integrated into the Eclipse plug-in run Eclipseplugin-1.3.9.20090821-source.zip

The Eclipse plugin may also is obtained from one of the FindBugs Eclipse plugin update sites: The--findbugs plugin has a number of update addresses, depending on the type , including the following: Http://findbugs.cs.umd.edu/eclipse update site for official releases---only provide an official release version of FindBugs. Http://findbugs.cs.umd.edu/eclipse-candidate Update site for candidate releases and official releases-- Provides an official release version of the FindBugs and an optional release version. http://findbugs.cs.umd.edu/eclipse-daily Update site for all releases, including developmental ones-provides the latest FindBugs plug-ins. The version that was not tested except for compilation passed.

Click the link above to download (save).

You can also at the following address:

Http://prdownloads.sourceforge.net/findbugs

Download the plugin's zip file and unzip it to Eclipse's plugin directory (<eclipse_install_dir>/plugins).

After installing the plug-in, you can use Help-->about Eclipse platform-->plug-in details to see how the FindBugs plug-in is used.

3. Using the FindBugs plug-in in eclipse

The way to run the FindBugs plug-in is very simple, select a Java project, click the right button, select Find Bugs, then will start FindBugs, and will be in the source code of the problem to display the tag.

You can customize how the FindBugs works: View the Properties dialog box for the Java project, select the FindBugs property page, and you can see the following options:

→ Enable/disable the Autorun findbugs check box---whether to check findbugs on each change

→ Select the minimum warning priority and enable the classification of bugs---these options are used to determine which issues to display, for example, if you select Medium Warning priority, only medium and Hign priority warnings will be displayed, similarly, if you do not select the Style check box, Warnings about the style category are also not displayed.

→ Select Check Engine: Enable those detectors for the specified project.

The specific Settings screen is as follows:

(Set detectors and whether to run FindBugs automatically)

(Set enabled categories)

The common types are as follows:

· Correctness (correctness): Problems under this category can cause bugs in some cases, such as incorrect coercion type conversions, and so on.

· Best Practice counter (bad Practice): The code under this category violates the accepted best practice criteria, such as a class that implements the Equals method but does not implement the Hashcode method.

· Multithreading correctness (multithreaded correctness): Focus on synchronization and multithreading issues.

· Performance (performance): Potential performance issues.

· Security: safety related.

· High risk (dodgy): The FindBugs team believes that the problem code under this type causes bugs to be highly likely.

Installing the FindBugs plug-in in eclipse

Download the version of Eclipse plugin and unzip the zip file.

Put the extracted files into Eclipse's plugin.

Restart Eclipse.

I'm using the MyEclipse8.5 possible path and everyone's not quite the same, I was placed under the path Genuitec/myeclipse 8.5/dropins

Using FindBugs in Eclipse

Restart Eclipse

Open FindBugs View

Perform Find Bug task

Right-click the project, package, or file you want to test,-->find Bugs-->find Bugs.

When check is complete, you will see a list of issues in the Bug Explorer view, organized by question type.

Expand the list and double-click the specific line of code in the list to locate the specific problem.

Configure FindBugs
The FindBugs rules can be set up in detail here.
Select your project, right key => Properties => FindBugs =>

1 Run automatically switch

Set the Eclipse automatic compilation switch-----The main Window menu Project---Build automatically this option is on the hook.

When this item is selected, FindBugs will automatically run when you modify the Java class, such as when you set up the Eclipse automatic compiler switch, and when you have finished modifying the Java file Save, FindBugs will run and display the corresponding information.
When this item is not selected, you can only run findbugs to check your code each time you need it.

2 Detector Configuration Selection
Here you can select the related bug pattern entry you want to check, and you can select or remove the corresponding check condition as needed.

3 Minimum priority to the Select item
The option is to choose which level of information you want to display, with low, Medium, and high three options to choose from, much like the log4j level setting. Like what:

You select the High Select item, then only the high level of the cue message will be displayed.
You select the Medium option, then only the medium and high level prompts will be displayed.
If you select the low selection, all levels of the prompts will be displayed.

4 The Bug Categories selection
Here are some options for displaying bug classifications:
Malicious code vulnerability Related aspects of malicious vandalism
Correctness relevant aspects of code correctness
Internationalization about code internationalization related aspects of
Performance about code performance related Aspects of
Multithreaded correctness related Aspects of code multithreading correctness

In addition, FindBugs has UI pages that can be run separately. You can also run it by using Ant and the command line.

4. Using FindBugs in Ant

Ant as an excellent automated build software, a large number of applications in the Java Software development (although there is the risk of being replaced by Maven). FindBugs provides an ant Task that integrates with Ant, and can run findbugs when it is built and deployed automatically.

After you copy the $findbugs_home/lib/findbugs-ant.jar to the $ant_home/lib directory, you complete the installation of the FINDBUGS ant task. (It is highly recommended that you use the jar file included with FindBugs)

In order to integrate findbugs tasks into your ant script, you need to first define a task, as shown in the following fragment:---The following ant XML content introduction

<taskdef name= "FindBugs" classname= "Edu.umd.cs.findbugs.anttask.FindBugsTask"/>

Once you have defined the FindBugs task, you can use the. Here is an example:

<property name= "Findbugs.home" value= "/export/home/daveho/work/findbugs"/>

<target name= "findbugs" depends= "jar" >

<findbugs home= "${findbugs.home}"

output= "XML"

outputfile= "Bcel-fb.xml" >

<auxclasspath path= "${basedir}/lib/regex.jar"/>

<sourcepath path= "${basedir}/src/java"/>

<class location= "${basedir}/bin/bcel.jar"/>

</findbugs>

</target>

The findbugs element must have a home property that specifies the installation path for the findbugs.

This is the findbugs that will be executed on the Bcel.jar. The results of the findbugs run are saved in XML format in the Bcel-fb.xml file. A secondary jar file is added to the Auxclasspath element because the Bcel library references it.

Another example:

Download the latest version of FindBugs from Http://findbugs.sourceforge.net/downloads.html, the current version is 1.3.0, released on November 8, 2007. Copy the extracted directory into the project's Lib directory, and then use it with Ant. FindBugs work in j2se1.4.0 or later versions, requires at least 256MB of memory.

In your ant script, you first define the location of the FindBugs decompression directory:

<path id= "Findbugs.path" >

<fileset dir = "${lib.home}/findbugs-1.3.0">

<include name = "**/*.jar"/>

</fileset>

</path>

Then declare the FINDBUGS task:

<taskdef name= "FindBugs"

Classname= "Edu.umd.cs.findbugs.anttask.FindBugsTask"

Classpathref = "Findbugs.path"/>

Then set up the FindBugs task:

<property name = "Findbugs.home" value = "${lib.home}/findbugs-1.3.0"/>

<!--define FindBugs home,findbugs task to use-->

<target name = "FindBugs">

<findbugs home = "${findbugs.home}" includefilter= "${findbugs_include_filter}"

Excludefilter= "${findbugs_exclude_filter}"

jvmargs= "-xmx384m" output = "html"

outputfile = "d:/test.html">

<class location = "${build.home}/web-inf/classes/"/>

<!--the class path for FindBugs lookup is defined above-->

<auxclasspath path= "${lib.home}/findbugs-1.3.0/lib/findbugs-ant.jar"/>

<auxClasspath>

<fileset dir= "${build.home}/web-inf/lib" includes= "**/*.jar" />

</auxClasspath>

<!--above defines the class path that the above class relies on-->

<sourcepath Path = "${src.home}"/>

<!--above defines the source code path-->

</findbugs >

</target >

Finally, run Ant findbugs.

Using filters

Using filters, we can define which bug detectors to use and which classes to check, because once the project is large, it is painful to look at lengthy bug reports. Using filters, filters are used to include or exclude special bug reports. Doing so helps to focus our attention within a specific time period. The filter is actually defined in an XML file, and the contents of the XML configuration file are as follows:

<FindBugsFilter>

<!--all classes use Bugcode as he detector-->

<Match>

<bugcode name = "he"/>

</Match>

<!--This class uses all bug detectors-->

<match class = "Com.foobar.AClass"/>

<!--This class uses Bugcode as he's detector-->

<match class = "Com.foobar.BClass">

<bugcode name = "he"/>

</Match>

<!--the Amethod and Bmethod methods of this class use Bugcode as he detector-->

<match class =