Open Source Tools FindBugs Usage Summary

Source: Internet
Author: User
Tags checkstyle

First, code inspection method concept

White-Box testing is divided into static tests and dynamic tests.

Code inspection method is a static test, mainly by manual, give full play to the people's logical thinking advantage, can also be automated with the help of software tools.

Code inspection includes code walk, desktop inspection, code review, and so on, mainly check the consistency of code and design, code to follow the standards, readability, the correctness of the logical expression of the code, the rationality of the code structure, and so on, you can find the problem that violates the program writing standard, the unsafe, unclear and vague parts of the program, Find out the non-portable part of the program, violate the programming style of the problem, including variable check, naming and type review, Program logic Review, program grammar check and program structure check and so on.

Ii. Introduction of FindBugs Tools

There are many static analysis tools, among which commercial tools are more famous klocwork,coverity,pc-lint, open source has splint,findbugs and so on.

The following is a brief introduction to the FindBugs tool.

Findbugs is a Java static Code analysis tool that differs from other static analysis tools such as Checkstyle and PMD, and Findbugs does not focus on style or format, it focuses on finding real flaws or potential performance problems, It can help Java engineers improve code quality and eliminate hidden flaws. With the static analysis tool, you can analyze the software without actually running the program.

FindBugs uses the Apache BCEL Library Analysis class file (class file) instead of the source code to compare bytecode with a set of defect patterns to identify possible problems. FindBugs detectors have been increased to more than 300, are divided into different types, the common types are as follows:

· Correctness (correctness): This sort of problem causes bugs in some cases, such as the wrong coercion type conversions.

· Best Practices Counter Example (bad practice): code in this category violates recognized best practice standards, such as a class that implements the Equals method but does not implement the Hashcode method.

· Multithreading correctness (multithreaded correctness): Focus on syncing and multithreading issues.

· Performance (performance): Potential performance issues.

· Security: Security-related.

· High risk (dodgy): The FindBugs team considers the problem code under this type to be highly likely to cause a bug.

Third, findbugs installation and use

The findbugs can be used in three ways, through the Ant tool, through the swing operator interface provided by Ant and as a plug-in for Eclipse. The third type is described below.

: http://Findbugs.sourceforge.net/downloads.html

Note that the version of Eclipse is a problem, the latest FindBugs version is 2.0.3.20131118, support Eclipse version 3.6 and above.

Here I am using the Eclipse version 3.3.2, which uses the findbugs version of 1.3.9.20090821.

After the download is complete, install the FindBugs plugin in eclipse

1. Installing FindBugs

Unzip the zip file and place the extracted files in Eclipse's plugin. Restart Eclipse. (If you use MyEclipse, put it in the/dropins folder)

2. Open the FindBugs view

3. Perform the Find Bug task

Right-click the project, package, or file that you want to detect,-->find bugs-->find Bugs.

4. View specific error messages

Select a question and right-click-->properties.

Double-click the problem to navigate to the specific line of code.

Iv. Setting the FindBugs property

1. Minimum priority to report selection

Choose which level of information to display with low, Medium, and high three selections.

1) The high selection is the high level of the prompt information will be displayed.

2) Medium selection is the medium and high level of the prompt information will be displayed.

3) The low selection is displayed for all levels of prompt information.

2. report Bug categories selection

Here are some options for displaying bug classifications:

Malicious code vulnerability on the related aspects of malicious vandalism

Correctness about the relative aspects of code correctness

Internationalization about the related aspects of code internationalization

Performance about code performance-related aspects

Multithreaded correctness about code multithreading correctness related Aspects of

3. Run automatically switch

When this item is selected, FindBugs will run automatically when you modify the Java class, as soon as you set the Eclipse auto-compile switch, and when you finish modifying the Java file Save, FindBugs will run and display the appropriate information.

When this is unchecked, you can only run findbugs to check your code every time you need it.

4. Detector Configuration selection

Here you can select the relevant bug pattern entries that you want to check, and you can select or remove the appropriate check conditions as needed.

V. Other analytical tools

In addition to the Fingbugs static analysis tools, there are also PMD and Checkstyle,fingbugs, PMD and Checkstyle three tools with different characteristics, combined use to help reduce false positives errors, improve reporting accuracy.

Open Source Tools FindBugs Usage Summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.