This is my favorite source code analyzer, simply because it tends to find the most horribly, awful bugs. FindBugs is based on the concept of bug patterns. A bug pattern is a pattern in your code that implies a bug. The FindBugs tool is initially developed at The University of Maryland. According to Professor William Pugh, "Students are good bug generators". As such many of the students mistakes has generated a new bug detector implementation. One might think that these are mistakes only made by beginners, but as it turns out many of these problems are also part of production code. For example, the FindBugs tool was used on the Sun JDK and it found some serious bugs.
The FindBugs tool is available as a stand-alone GUI, Ant, Eclipse and Maven plugins. During development I prefer to use a plugin in my IDE, which in my case is Eclipse. The source code analyzer should also be a part of the build process.
For all the newcomers to Eclipse, this is how you install the FindBugs plugin from the update site:
- Select menu "Help" -> "Software Updates" -> "Find and Install..."
- Select "Search for new features to install" and press the "Next" button.
- Press the "New Remote Site..." button.
- Enter your name for the update site, for example "FindBugs Update Site", and enter the following into the URL field: http://findbugs.cs.umd.edu/eclipse
Press the "OK" button
- Press the "Finish" button. Eclipse will now contact the update site and check for the latest version.
- After a while you will get a list with the features that are available to you. Press the "Next" button until you get to the "Install" page. Press the "Finish" button.
- When you get to the "Verification" page, press the "Install" button.
- Eclipse will now run the "Update Manager" and download the plugin.
- When everything is finished, you will be prompted to restart Eclipse. Please press "Yes" and Eclipse will be restarted.
Select this menu and within seconds you will have a list of potential problems in your code. These are all gathered together with the compiler warnings. When you click on a warning, your code will be displayed with a bug:
Double-click on the bug and you get an explanation on what the warning really means:
Now you could start figuring out what to do with the warnings. Hopefully FindBugs has found some bugs for you.
Here is where you find more information about FindBugs:CheckStyle
As the name implies, CheckStyle check the style of code. For example, it can check if you follow the Sun Java Code Convention. But CheckStyle can find more than this. It contains a multitude of rules that are considered bad programming practices. Some are very common, and others are a little bit more doubtful. In other words CheckStyle is not really in the same category as FindBugs, but I find it a tool that is worth having in your Java programmer toolbox. Installation of the CheckStyle Eclipse plugin is made the same way as with FindBugs, but you use another link (found below).
Here is where you find more information about CheckStyle:
The Lint4j tool is a tool that is similar to the famous lint tool for the C programming language. I have not used it very much, but it have found some code that smelled badly. When I have used it for a while I will communicate my opinions to you.
Here is where you find more information about Lint4j:
Some Final Words
Here are some final words of advice
- Use it from the start of your project. Otherwise you could be overwhelmed by the enormous pile of things that you should correct.
- Do not use full checking from the beginning, start by using the default settings. When you have checked your code you could add the checks that you find useful.
- Do not check in your code without running your source code analyzer.
- Add code checking as part of your continuous build process. Your build should not fail when it detects some problem(s). The reports could be used to ensure that nobody check in code that is bad.
- Use common sense, you should not obey the tool relentlessly without questioning. The FindBugs tools is the most effective, but sometime it indicates things that are not really a bug. Use the filtering capabilities found in the tools to filter out what is not relevant. This let you focus on the real bugs.
- A source code analysis tool should not replace other good practices like unit testing and code reviews. These are all complementary tools to make your code close to perfect, and avoid those nasty bugs.
I hope these tips will help you to improve your code, and will make you a better programmer.
Happy bug hunting!