FindBugs Eclipse plugin

Findbugs is an Open Source project for static analysis of the Java bytecode to identify potential software bugs. The Findbugs analysis can be integrated into the Eclipse IDE via an additional software component.

Findbugs provides early feedback about potential errors in the code. This helps the developer to access these problems early in the development phase.

The first question arrives in our mind is, what can I do with FindBugs?

Findbugs scans for possible bugs in Java software. Each finding is reported as a warning, but not all of these warnings are necessarily defects, e.g. warnings referring to possible performance issues. The terms bug or bug pattern are used in a misleading way by Findbugs. A better way would be to talk just about warnings . In the following article, the term warning will be used. All warnings are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about the possible impact/severity of the warnings. The current version reports 400 warnings in the nine categories.

Plugin requirements

This plugin has primarily been tested with Eclipse 3.3 and 3.4 It should work with 3.xreleases, but let us know if you have any problems. The plugin is not compatible with versions of Eclipse preceding 3.3. The plugin runs under Java 1.5/5.0, or newer.

Plugin installation

If you have previously installed a version of the FindBugs plugin prior to mid-May, 2006, then you should remove it first. Simply remove the de.tobject.findbugs_0.0.n directory from Eclipse’s plugins directory.

To install the FindBugs plugin:

  • In Eclipse, click on Help -> Software Update -> Find and Install…
  • Choose the Search for new features to install option, and click Next.
  • Click New Remote Site .
  • Enter the following:
  • Name: FindBugs update site
  • URL: one of the following (note: no final slash on the url)
  • http://findbugs.cs.umd.edu/eclipse for official releases
  • http://findbugs.cs.umd.edu/eclipse-candidate for candidate releases and official releases
  • http://findbugs.cs.umd.edu/eclipse-daily for all releases, including developmental ones
  • and click OK.
  • “FindBugs update site” should appear under Sites to include in search.

    Click the checkbox next to it to select it, and click Finish.

  • You should see FindBugs Feature under Select features to install.

    (You may have to click on one or two triangles to make it visible in the tree.)

    Select the checkbox next to it and click next.

  • Select the I accept option to accept the license and click Next.
  • Make sure the location is correct where you’re installing it. The default (your workspace) should be fine. Click Finish.
  • The plugin is not digitally signed. Go ahead and install it anyway.
  • Click Yes to make Eclipse restart itself.

Using Findbugs

You can also customize the bug finding.

Go to Eclipse -> Prefference -> Java -> FindBugs A wizard will appear as shown bellow.

Here bugs are categorized in 9 ways

1. Malicious code vulnerability – Malicious Code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

2. Dodgy code – Code that is confusing, anomalous, or written in a way that leads itself to errors. Examples include dead local stores, switch fall through, unconfirmed casts, and redundant null check of value known to be null

3. Bad Practice – Violations of recommended and essential coding practice. Examples include hash code and equals problems, cloneable idiom, dropped exceptions, serializable problems, and misuse of finalize. We strive to make this analysis accurate, although some groups may not care about some of the bad practices.

4. Correctness bug – Probable bug – an apparent coding mistake resulting in code that was probably not what the developer intended.

5. Internationalization – Use of non-localized methods

6. Performance – Inefficient memory usage/buffer allocation, usage of non-static classes.

7.Security – Similar to malicious code vulnerability. e.g. Hardcoded constant password. A prepared statement is generated from a variable String

8. Multithreaded correctness – Thread synchronization issues.

9 – Experimental – Method that may fail to clean up stream or resource.

Using Findbugs in your projects

To use FindBug right click on you project -> Find Bugs -> Find Bugs your project will automatically get scanned

Once your project is scanned Select Window –> Show View –> Other… to access the FindBugs view.

You will see the a box below where all the bugs are classified in (i) scariest, (ii) scary, (iii) troubling and (iv) of concern