1489a0ec7301a86af8497d24748336db09ca278damikesamuel<html> 2489a0ec7301a86af8497d24748336db09ca278damikesamuel<head> 3489a0ec7301a86af8497d24748336db09ca278damikesamuel<title>FindBugs™ - Find Bugs in Java Programs</title> 4489a0ec7301a86af8497d24748336db09ca278damikesamuel<link rel="stylesheet" type="text/css" href="findbugs.css" /> 5489a0ec7301a86af8497d24748336db09ca278damikesamuel 6489a0ec7301a86af8497d24748336db09ca278damikesamuel</head> 7489a0ec7301a86af8497d24748336db09ca278damikesamuel 8489a0ec7301a86af8497d24748336db09ca278damikesamuel<body> 9489a0ec7301a86af8497d24748336db09ca278damikesamuel 10489a0ec7301a86af8497d24748336db09ca278damikesamuel <table width="100%"> 11489a0ec7301a86af8497d24748336db09ca278damikesamuel <tr> 12489a0ec7301a86af8497d24748336db09ca278damikesamuel 13489a0ec7301a86af8497d24748336db09ca278damikesamuel 14489a0ec7301a86af8497d24748336db09ca278damikesamuel<td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> 15489a0ec7301a86af8497d24748336db09ca278damikesamuel<table width="100%" cellspacing="0" border="0"> 16489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> 17489a0ec7301a86af8497d24748336db09ca278damikesamuel 18489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td> </td></tr> 19489a0ec7301a86af8497d24748336db09ca278damikesamuel 20489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><b>Docs and Info</b></td></tr> 21489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> 22489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> 23489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> 24489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> 25489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> 26489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> 27489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr> 28489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> 29489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> 30489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> 31489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> 32489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> 33489a0ec7301a86af8497d24748336db09ca278damikesamuel 34489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td> </td></tr> 35489a0ec7301a86af8497d24748336db09ca278damikesamuel 36489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr> 37489a0ec7301a86af8497d24748336db09ca278damikesamuel 38489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td> </td></tr> 39489a0ec7301a86af8497d24748336db09ca278damikesamuel 40489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr> 41489a0ec7301a86af8497d24748336db09ca278damikesamuel 42489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td> </td></tr> 43489a0ec7301a86af8497d24748336db09ca278damikesamuel 44489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><b>Development</b></td></tr> 45489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> 46489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> 47489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> 48489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> 49489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> 50489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> 51489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> 52489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> 53489a0ec7301a86af8497d24748336db09ca278damikesamuel<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> 54489a0ec7301a86af8497d24748336db09ca278damikesamuel</table> 55489a0ec7301a86af8497d24748336db09ca278damikesamuel</td> 56489a0ec7301a86af8497d24748336db09ca278damikesamuel 57489a0ec7301a86af8497d24748336db09ca278damikesamuel <td align="left" valign="top"> 58489a0ec7301a86af8497d24748336db09ca278damikesamuel 59489a0ec7301a86af8497d24748336db09ca278damikesamuel <p></p> 60489a0ec7301a86af8497d24748336db09ca278damikesamuel <table> 61489a0ec7301a86af8497d24748336db09ca278damikesamuel <tr> 62489a0ec7301a86af8497d24748336db09ca278damikesamuel <td valign="center"><a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png" alt="FindBugs logo" 63489a0ec7301a86af8497d24748336db09ca278damikesamuel border="0" /> </a></td> 64489a0ec7301a86af8497d24748336db09ca278damikesamuel <td valign="center"><a href="http://www.umd.edu/"><img src="informal.png" 65489a0ec7301a86af8497d24748336db09ca278damikesamuel alt="UMD logo" border="0" /> </a></td> 66489a0ec7301a86af8497d24748336db09ca278damikesamuel </tr> 67489a0ec7301a86af8497d24748336db09ca278damikesamuel </table> 68489a0ec7301a86af8497d24748336db09ca278damikesamuel 69489a0ec7301a86af8497d24748336db09ca278damikesamuel <h1>FindBugs™ - Find Bugs in Java Programs</h1> 70489a0ec7301a86af8497d24748336db09ca278damikesamuel 71489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 72489a0ec7301a86af8497d24748336db09ca278damikesamuel This is the web page for FindBugs, a program which uses static analysis to look for bugs in Java 73489a0ec7301a86af8497d24748336db09ca278damikesamuel code. It is free software, distributed under the terms of the <a 74489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.gnu.org/licenses/lgpl.html">Lesser GNU Public License</a>. The name 75489a0ec7301a86af8497d24748336db09ca278damikesamuel FindBugs™ and the <a href="buggy-sm.png">FindBugs logo</a> are trademarked by <a 76489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.umd.edu">The University of Maryland</a>. FindBugs has been downloaded more than 77489a0ec7301a86af8497d24748336db09ca278damikesamuel a million times. 78489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 79489a0ec7301a86af8497d24748336db09ca278damikesamuel 8010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p>The current version of FindBugs is 2.0.3.</p> 81489a0ec7301a86af8497d24748336db09ca278damikesamuel 82489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 83489a0ec7301a86af8497d24748336db09ca278damikesamuel FindBugs requires JRE (or JDK) 1.5.0 or later to run. However, it can analyze programs 8410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel compiled for any version of Java, from 1.0 to 1.7. Some classfiles compiled for Java 1.8 give 8510f18856cda13e8f5ff16c26d965c2577f943457mikesamuel FindBugs problems, the next major release of FindBugs will handle Java 1.8 classfiles. 8610f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 8710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p> The current version of FindBugs is 2.0.3, 8810f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 8910f18856cda13e8f5ff16c26d965c2577f943457mikesamuel released on 17:16:15 EST, 22 November, 2013. <a href="reportingBugs.html">We are very interested in getting 90489a0ec7301a86af8497d24748336db09ca278damikesamuel feedback on how to improve FindBugs</a>. File bug reports on <a 91489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://sourceforge.net/tracker/?func=browse&group_id=96405&atid=614693"> our 92489a0ec7301a86af8497d24748336db09ca278damikesamuel sourceforge bug tracker</a> 93489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 9410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p>The current version of FindBugs may encounter errors when analyzing 9510f18856cda13e8f5ff16c26d965c2577f943457mikesamuel Java 1.8 bytecode, due to changes in the classfile format. After FindBugs 2.0.3 9610f18856cda13e8f5ff16c26d965c2577f943457mikesamuel is released, work will start on the next major release of FindBugs, which will 9710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel be able to analyze Java 1.8 (and will require Java 1.7 to compile and run). 9810f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 99489a0ec7301a86af8497d24748336db09ca278damikesamuel 100489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 101489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="#changes">Changes</a> | <a href="#talks">Talks</a> | <a href="#papers">Papers </a> | <a 102489a0ec7301a86af8497d24748336db09ca278damikesamuel href="#sponsors">Sponsors</a> | <a href="#support">Support</a> 103489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 10410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 10510f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <h1>FindBugs 2.0.3 Release</h1> 10610f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p>FindBugs 2.0.3 is intended to be a minor bug fix release over 10710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel FindBugs 2.0.2. Although than some improvements to existing bug detectors 10810f18856cda13e8f5ff16c26d965c2577f943457mikesamuel and analysis engines, and a few new bug patterns, and some 10910f18856cda13e8f5ff16c26d965c2577f943457mikesamuel important bug fixes to the Eclipse plugin, no significant changes 11010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel should be observed. Consult the <a href="Changes.html">Change log</a> 11110f18856cda13e8f5ff16c26d965c2577f943457mikesamuel for more details.</p> 112489a0ec7301a86af8497d24748336db09ca278damikesamuel 113489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 114489a0ec7301a86af8497d24748336db09ca278damikesamuel Also check out <a href="http://code.google.com/p/findbugs/w/list">http://code.google.com/p/findbugs/w/list</a> 115489a0ec7301a86af8497d24748336db09ca278damikesamuel for more information about some recent features/changes in FindBugs. 116489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 117489a0ec7301a86af8497d24748336db09ca278damikesamuel 118489a0ec7301a86af8497d24748336db09ca278damikesamuel 119489a0ec7301a86af8497d24748336db09ca278damikesamuel <h3> 12010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <a href="findbugs2.html">Major changes in FindBugs 2.0 (from FindBugs 1.3.x)</a> 121489a0ec7301a86af8497d24748336db09ca278damikesamuel </h3> 122489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 123489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="findbugs2.html#cloud">FindBugs Communal cloud</a></li> 124489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="findbugs2.html#updateChecks">checks for updated versions of FindBugs</a></li> 125489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="findbugs2.html#plugins">Powerful plugin capabilities</a></li> 126489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="findbugs2.html#newBugPatterns">new bug patterns</a>, 127489a0ec7301a86af8497d24748336db09ca278damikesamuel including new/improved support for <a href="findbugs2.html#guava">Guava</a> 128489a0ec7301a86af8497d24748336db09ca278damikesamuel and <a href="findbugs2.html#jsr305">JSR-305</a> 129489a0ec7301a86af8497d24748336db09ca278damikesamuel </li> 130489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="findbugs2.html#performance">improved performance</a></li> 131489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 132489a0ec7301a86af8497d24748336db09ca278damikesamuel 133489a0ec7301a86af8497d24748336db09ca278damikesamuel 134489a0ec7301a86af8497d24748336db09ca278damikesamuel <h2>Ways to run FindBugs</h2> 135489a0ec7301a86af8497d24748336db09ca278damikesamuel <p>Here are various ways to run FindBugs. For plugins not supported by the FindBugs team, check to 136489a0ec7301a86af8497d24748336db09ca278damikesamuel see what version of FindBugs they provide; it might take a little while for the plugins to update to 137489a0ec7301a86af8497d24748336db09ca278damikesamuel FindBugs 2.0.</p> 138489a0ec7301a86af8497d24748336db09ca278damikesamuel <dl> 139489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt>Command line, ant, GUI</dt> 140489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd>Provided in FindBugs download</dd> 141489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt> 142489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://www.eclipse.org/">Eclipse</a> 143489a0ec7301a86af8497d24748336db09ca278damikesamuel </dt> 144489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd> 145489a0ec7301a86af8497d24748336db09ca278damikesamuel Update site for Eclipse plugin: <a href="http://findbugs.cs.umd.edu/eclipse">http://findbugs.cs.umd.edu/eclipse</a>. 146489a0ec7301a86af8497d24748336db09ca278damikesamuel Supported by the FindBugs project. 147489a0ec7301a86af8497d24748336db09ca278damikesamuel </dd> 148489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt> 149489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://maven.apache.org/">Maven</a> 150489a0ec7301a86af8497d24748336db09ca278damikesamuel </dt> 151489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd> 152489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://mojo.codehaus.org/findbugs-maven-plugin/">http://mojo.codehaus.org/findbugs-maven-plugin/</a> 153489a0ec7301a86af8497d24748336db09ca278damikesamuel </dd> 154489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt> 155489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://netbeans.org/">Netbeans</a> 156489a0ec7301a86af8497d24748336db09ca278damikesamuel </dt> 157489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd> 158489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://kenai.com/projects/sqe/pages/Home">SQE: Software Quality Environment</a> 159489a0ec7301a86af8497d24748336db09ca278damikesamuel </dd> 16010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <dt><a href="https://wiki.jenkins-ci.org/display/JENKINS">Jenkins</a></dt> 16110f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <dd> <a href="https://wiki.jenkins-ci.org/display/JENKINS/FindBugs+Plugin">Jenkins FindBugs Plugin</a> 16210f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 163489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt> 164489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://wiki.hudson-ci.org/display/HUDSON/Home">Hudson</a> 165489a0ec7301a86af8497d24748336db09ca278damikesamuel </dt> 166489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd> 16710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <a href="http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin"> HUDSON FindBugs Plugin</a> 168489a0ec7301a86af8497d24748336db09ca278damikesamuel </dd> 169489a0ec7301a86af8497d24748336db09ca278damikesamuel <dt> 170489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://www.jetbrains.com/idea/">IntelliJ</a> 171489a0ec7301a86af8497d24748336db09ca278damikesamuel </dt> 172489a0ec7301a86af8497d24748336db09ca278damikesamuel <dd> 173489a0ec7301a86af8497d24748336db09ca278damikesamuel Several plugins, see <a href="http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins">http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins</a> 17410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel for a description. 175489a0ec7301a86af8497d24748336db09ca278damikesamuel 176489a0ec7301a86af8497d24748336db09ca278damikesamuel </dd> 177489a0ec7301a86af8497d24748336db09ca278damikesamuel </dl> 178489a0ec7301a86af8497d24748336db09ca278damikesamuel 179489a0ec7301a86af8497d24748336db09ca278damikesamuel 180489a0ec7301a86af8497d24748336db09ca278damikesamuel <h1>New</h1> 181489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 18210f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 18310f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <li>jFormatString library republished at 18410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <a href="http://code.google.com/p/j-format-string">http://code.google.com/p/j-format-string</a>. 18510f18856cda13e8f5ff16c26d965c2577f943457mikesamuel This is the library we use for compile time checking of format strings. It is separately published to 18610f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 18710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <li>We're releasing FindBugs 2.0.3. 18810f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 189489a0ec7301a86af8497d24748336db09ca278damikesamuel Mostly small changes to address false positives, with one important fix to the Eclipse plugin 19010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel to fix a problem that had prevented the plugin from running in some versions of Eclipse. 191489a0ec7301a86af8497d24748336db09ca278damikesamuel Check the <a href="Changes.html">change log</a> for more details. 19210f18856cda13e8f5ff16c26d965c2577f943457mikesamuel 193489a0ec7301a86af8497d24748336db09ca278damikesamuel <li>We've released <a href="findbugs2.html">FindBugs 2.0</a> 194489a0ec7301a86af8497d24748336db09ca278damikesamuel </li> 195489a0ec7301a86af8497d24748336db09ca278damikesamuel <li>FindBugs communal cloud and Java web start links:. We have analyzed several large open 196489a0ec7301a86af8497d24748336db09ca278damikesamuel source projects, and provide Java web start links to allow you to view the results. We'd be 197489a0ec7301a86af8497d24748336db09ca278damikesamuel happy to work with projects to make the results available from a continuous build: 198489a0ec7301a86af8497d24748336db09ca278damikesamuel <p></p> 199489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 200489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/cloud/jdk.jnlp">Sun's JDK 8</a></li> 201489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.8</a></li> 202489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/cloud/tomcat.jnlp">Apache Tomcat 7.0</a></li> 203489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/cloud/intellij.jnlp">IntelliJ IDEA</a></li> 204489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/cloud/jboss.jnlp">JBoss</a></li> 205489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 206489a0ec7301a86af8497d24748336db09ca278damikesamuel </li> 207489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 208489a0ec7301a86af8497d24748336db09ca278damikesamuel 209489a0ec7301a86af8497d24748336db09ca278damikesamuel 210489a0ec7301a86af8497d24748336db09ca278damikesamuel 211489a0ec7301a86af8497d24748336db09ca278damikesamuel <h1>Experience with FindBugs</h1> 212489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 213489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><b>Google FindBugs Fixit</b>: Google has a tradition of <a 214489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.nytimes.com/2007/10/21/jobs/21pre.html">engineering fixits</a>, special days where 215489a0ec7301a86af8497d24748336db09ca278damikesamuel they try to get all of their engineers focused on some specific problem or technique for improving 216489a0ec7301a86af8497d24748336db09ca278damikesamuel the systems at Google. A fixit might work to improve web accessibility, internal testing, removing 217489a0ec7301a86af8497d24748336db09ca278damikesamuel TODO's from internal software, etc. 218489a0ec7301a86af8497d24748336db09ca278damikesamuel 21910f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p>In 2009, Google held a global fixit for UMD's FindBugs tool a static analysis tool for 220489a0ec7301a86af8497d24748336db09ca278damikesamuel finding coding mistakes in Java software. The focus of the fixit was to get feedback on the 221489a0ec7301a86af8497d24748336db09ca278damikesamuel 4,000 highest confidence issues found by FindBugs at Google, and let Google engineers decide 222489a0ec7301a86af8497d24748336db09ca278damikesamuel which issues, if any, needed fixing.</p> 223489a0ec7301a86af8497d24748336db09ca278damikesamuel <p>More than 700 engineers ran FindBugs from dozens of offices. More than 250 of them entered 224489a0ec7301a86af8497d24748336db09ca278damikesamuel more than 8,000 reviews of the issues. A review is a classification of an issue as must-fix, 225489a0ec7301a86af8497d24748336db09ca278damikesamuel should-fix, mostly-harmless, not-a-bug, and several other categories. More than 75% of the 226489a0ec7301a86af8497d24748336db09ca278damikesamuel reviews classified issues as must fix, should fix or I will fix. Many of the scariest issues 227489a0ec7301a86af8497d24748336db09ca278damikesamuel received more than 10 reviews each.</p> 228489a0ec7301a86af8497d24748336db09ca278damikesamuel <p>Engineers have already submitted changes that made more than 1,100 of the 3,800 issues go 229489a0ec7301a86af8497d24748336db09ca278damikesamuel away. Engineers filed more than 1,700 bug reports, of which 600 have already been marked as 230489a0ec7301a86af8497d24748336db09ca278damikesamuel fixed Work continues on addressing the issues raised by the fixit, and on supporting the 231489a0ec7301a86af8497d24748336db09ca278damikesamuel integration of FindBugs into the software development process at Google.</p> 232489a0ec7301a86af8497d24748336db09ca278damikesamuel <p>The fixit at Google showcased new capabilities of FindBugs that provide a cloud computing / 233489a0ec7301a86af8497d24748336db09ca278damikesamuel social networking backdrop. Reviews of issues are immediately persisted into a central store, 234489a0ec7301a86af8497d24748336db09ca278damikesamuel where they can be seen by other developers, and FindBugs is integrated into the internal Google 235489a0ec7301a86af8497d24748336db09ca278damikesamuel tools for filing and viewing bug reports and for viewing the version control history of source 236489a0ec7301a86af8497d24748336db09ca278damikesamuel files. For the Fixit, FindBugs was configured in a mode where engineers could not see reviews 237489a0ec7301a86af8497d24748336db09ca278damikesamuel from other engineers until they had entered their own; after the fixit, the configuration will 238489a0ec7301a86af8497d24748336db09ca278damikesamuel be changed to a more open configuration where engineers can see reviews from others without 239489a0ec7301a86af8497d24748336db09ca278damikesamuel having to provide their own review first. These capabilities have all been contributed to UMD's 240489a0ec7301a86af8497d24748336db09ca278damikesamuel open source FindBugs tool, although a fair bit of engineering remains to prepare the 241489a0ec7301a86af8497d24748336db09ca278damikesamuel capabilities for general release and make sure they can integrate into systems outside of 242489a0ec7301a86af8497d24748336db09ca278damikesamuel Google. The new capabilities are expected to be ready for general release in Fall 2009.</p> 243489a0ec7301a86af8497d24748336db09ca278damikesamuel </li> 244489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 245489a0ec7301a86af8497d24748336db09ca278damikesamuel 246489a0ec7301a86af8497d24748336db09ca278damikesamuel <h2> 247489a0ec7301a86af8497d24748336db09ca278damikesamuel <a name="talks">Talks about FindBugs</a> 248489a0ec7301a86af8497d24748336db09ca278damikesamuel </h2> 249489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 25010f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <li> 251489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://www.cs.umd.edu/~pugh/MistakesThatMatter.pdf">Mistakes That Matter</a>, JavaOne, 252489a0ec7301a86af8497d24748336db09ca278damikesamuel 2009 25310f18856cda13e8f5ff16c26d965c2577f943457mikesamuel </li> 25410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <li><a href="http://youtu.be/jflQSFhYTEo?hd=1">Youtube video</a> showing of demo 25510f18856cda13e8f5ff16c26d965c2577f943457mikesamuel of our 2.0 Eclipse plugin (5 minutes)</li> 256489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/talks/findbugs.mov">Quicktime movie</a> showing of demo 257489a0ec7301a86af8497d24748336db09ca278damikesamuel of our new GUI to view some of the null pointer bugs in Eclipse (Big file warning: 23 Megabytes)</li> 258489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/talks/JavaOne2007-TS2007.pdf">JavaOne 2007 talk on 259489a0ec7301a86af8497d24748336db09ca278damikesamuel Improving Software Quality Using Static Analysis</a></li> 260489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/talks/fb-sdbp-2006.pdf">Talk</a> Bill Pugh gave at <a 261489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.sdexpo.com/2006/sdbp/">SD Best Practices</a>, Sept 14th (more of a handle on 262489a0ec7301a86af8497d24748336db09ca278damikesamuel tutorial about using FindBugs)</li> 263489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/talks/fb-Sept1213-2006.pdf">Talk</a> Bill Pugh gave at 264489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://itasoftware.com/">ITA Software</a> and <a href="http://www.csail.mit.edu/">MIT</a>, 265489a0ec7301a86af8497d24748336db09ca278damikesamuel Sept 12th and 13th (more of a research focus)</li> 266489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://video.google.com/videoplay?docid=-8150751070230264609">Video of talk</a> 267489a0ec7301a86af8497d24748336db09ca278damikesamuel Bill Pugh gave at <a href="http://www.google.com">Google</a>, July 6th, 2006</li> 268489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://javaposse.com/index.php?post_id=95780">Java Posse podcast interview 269489a0ec7301a86af8497d24748336db09ca278damikesamuel with Bill Pugh and Brian Goetz</a></li> 270489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 271489a0ec7301a86af8497d24748336db09ca278damikesamuel <h2> 272489a0ec7301a86af8497d24748336db09ca278damikesamuel <a name="papers">Papers about FindBugs</a> 273489a0ec7301a86af8497d24748336db09ca278damikesamuel </h2> 274489a0ec7301a86af8497d24748336db09ca278damikesamuel <ul> 275489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/papers/MoreNullPointerBugs07.pdf">Finding More Null 276489a0ec7301a86af8497d24748336db09ca278damikesamuel Pointer Bugs, But Not Too Many</a>, by <a href="http://faculty.ycp.edu/~dhovemey/">David 277489a0ec7301a86af8497d24748336db09ca278damikesamuel Hovemeyer</a>, York College of Pennsylvania and <a href="http://www.cs.umd.edu/~pugh/">William 278489a0ec7301a86af8497d24748336db09ca278damikesamuel Pugh</a>, Univ. of Maryland, <a href="http://paste07.cs.washington.edu/">7th ACM 279489a0ec7301a86af8497d24748336db09ca278damikesamuel SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering</a>, June, 2007</li> 280489a0ec7301a86af8497d24748336db09ca278damikesamuel <li><a href="http://findbugs.cs.umd.edu/papers/FindBugsExperiences07.pdf">Evaluating Static 281489a0ec7301a86af8497d24748336db09ca278damikesamuel Analysis Defect Warnings On Production Software,</a> <a href="http://www.cs.umd.edu/~nat/">Nathaniel 282489a0ec7301a86af8497d24748336db09ca278damikesamuel Ayewah</a> and <a href="http://www.cs.umd.edu/~pugh/">William Pugh</a>, Univ. of Maryland, and 283489a0ec7301a86af8497d24748336db09ca278damikesamuel J. David Morgenthaler, John Penix and YuQian Zhou, Google, Inc., <a 284489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://paste07.cs.washington.edu/">7th ACM SIGPLAN-SIGSOFT Workshop on Program 285489a0ec7301a86af8497d24748336db09ca278damikesamuel Analysis for Software Tools and Engineering</a>, June, 2007 286489a0ec7301a86af8497d24748336db09ca278damikesamuel </li> 287489a0ec7301a86af8497d24748336db09ca278damikesamuel </ul> 288489a0ec7301a86af8497d24748336db09ca278damikesamuel 289489a0ec7301a86af8497d24748336db09ca278damikesamuel <h1> 290489a0ec7301a86af8497d24748336db09ca278damikesamuel <a name="sponsors">Contributors and Sponsors</a> 291489a0ec7301a86af8497d24748336db09ca278damikesamuel </h1> 292489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 293489a0ec7301a86af8497d24748336db09ca278damikesamuel The <a href="team.html">current development team</a> consists of <a 294489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.cs.umd.edu/~pugh">Bill Pugh</a> and <a 295489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://andrei.gmxhome.de/privat.html">Andrey Loskutov</a>. 296489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 29710f18856cda13e8f5ff16c26d965c2577f943457mikesamuel <p>The most recent funding for FindBugs comes from a Google Faculty Research Awards.</p> 298489a0ec7301a86af8497d24748336db09ca278damikesamuel <h2> 299489a0ec7301a86af8497d24748336db09ca278damikesamuel <a name="support">Additional Support</a> 300489a0ec7301a86af8497d24748336db09ca278damikesamuel </h2> 301489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 302489a0ec7301a86af8497d24748336db09ca278damikesamuel Numerous <a =href="team.html">people</a> have made significant contributions to the FindBugs 303489a0ec7301a86af8497d24748336db09ca278damikesamuel project, including founding work by <a href="http://goose.ycp.edu/~dhovemey/">David Hovemeyer</a> 304489a0ec7301a86af8497d24748336db09ca278damikesamuel and the web cloud infrastructure by Keith Lea. 305489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 306489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 307489a0ec7301a86af8497d24748336db09ca278damikesamuel YourKit is kindly supporting open source projects with its full-featured Java Profiler. YourKit, LLC 308489a0ec7301a86af8497d24748336db09ca278damikesamuel is creator of innovative and intelligent tools for profiling Java and .NET applications. Take a look 309489a0ec7301a86af8497d24748336db09ca278damikesamuel at YourKit's leading software products: <a href="http://www.yourkit.com/java/profiler/index.jsp">YourKit 310489a0ec7301a86af8497d24748336db09ca278damikesamuel Java Profiler</a> and <a href="http://www.yourkit.com/.net/profiler/index.jsp">YourKit .NET 311489a0ec7301a86af8497d24748336db09ca278damikesamuel Profiler</a>. 312489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 313489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 314489a0ec7301a86af8497d24748336db09ca278damikesamuel The FindBugs project also uses <a href="http://www.atlassian.com/software/fisheye/">FishEye</a> and 315489a0ec7301a86af8497d24748336db09ca278damikesamuel <a href="http://www.atlassian.com/software/clover/">Clover</a>, which are generously provided by <a 316489a0ec7301a86af8497d24748336db09ca278damikesamuel href="http://www.cenqua.com/">Cenqua/Atlassian</a>. 317489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 318489a0ec7301a86af8497d24748336db09ca278damikesamuel <p> 319489a0ec7301a86af8497d24748336db09ca278damikesamuel Additional financial support for the FindBugs project was provided by <a href="http://www.nsf.gov">National 320489a0ec7301a86af8497d24748336db09ca278damikesamuel Science Foundation</a> grants ASC9720199 and CCR-0098162, 321489a0ec7301a86af8497d24748336db09ca278damikesamuel </p> 322489a0ec7301a86af8497d24748336db09ca278damikesamuel <p>Any opinions, findings and conclusions or recommendations expressed in this material are those of 323489a0ec7301a86af8497d24748336db09ca278damikesamuel the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF). 32410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel </p> 325489a0ec7301a86af8497d24748336db09ca278damikesamuel 326489a0ec7301a86af8497d24748336db09ca278damikesamuel<hr> <p> 327489a0ec7301a86af8497d24748336db09ca278damikesamuel<script language="JavaScript" type="text/javascript"> 328489a0ec7301a86af8497d24748336db09ca278damikesamuel<!---//hide script from old browsers 329489a0ec7301a86af8497d24748336db09ca278damikesamueldocument.write( "Last updated "+ document.lastModified + "." ); 330489a0ec7301a86af8497d24748336db09ca278damikesamuel//end hiding contents ---> 331489a0ec7301a86af8497d24748336db09ca278damikesamuel</script> 332489a0ec7301a86af8497d24748336db09ca278damikesamuel<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a> 333489a0ec7301a86af8497d24748336db09ca278damikesamuel<p> 33410f18856cda13e8f5ff16c26d965c2577f943457mikesamuel<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A> 335489a0ec7301a86af8497d24748336db09ca278damikesamuel </td> 336489a0ec7301a86af8497d24748336db09ca278damikesamuel </tr> 337489a0ec7301a86af8497d24748336db09ca278damikesamuel </table> 338489a0ec7301a86af8497d24748336db09ca278damikesamuel 339489a0ec7301a86af8497d24748336db09ca278damikesamuel</body> 340489a0ec7301a86af8497d24748336db09ca278damikesamuel</html> 341