Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / owasp / sanitizer / 17dd0aae5ab2bce80e4f8f289e14b9c220883575 / . / tools / findbugs / doc / index.html
blob: 111f6efddde68b10891ecb49badd69bbd0f204d1 [file] [log] [blame]
<html>
<head>
<title>FindBugs&trade; - Find Bugs in Java Programs</title>
<link rel="stylesheet" type="text/css" href="findbugs.css" />
</head>
<body>
<table width="100%">
<tr>
<td bgcolor="#b9b9fe" valign="top" align="left" width="20%">
<table width="100%" cellspacing="0" border="0">
<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td><b>Docs and Info</b></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/&#26085;&#26412;&#35486;)</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td><b>Development</b></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr>
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr>
</table>
</td>
<td align="left" valign="top">
<p></p>
<table>
<tr>
<td valign="center"><a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png" alt="FindBugs logo"
border="0" /> </a></td>
<td valign="center"><a href="http://www.umd.edu/"><img src="informal.png"
alt="UMD logo" border="0" /> </a></td>
</tr>
</table>
<h1>FindBugs&trade; - Find Bugs in Java Programs</h1>
<p>
This is the web page for FindBugs, a program which uses static analysis to look for bugs in Java
code.&nbsp; It is free software, distributed under the terms of the <a
href="http://www.gnu.org/licenses/lgpl.html">Lesser GNU Public License</a>. The name
FindBugs&trade; and the <a href="buggy-sm.png">FindBugs logo</a> are trademarked by <a
href="http://www.umd.edu">The University of Maryland</a>. FindBugs has been downloaded more than
a million times.
</p>
<p>The current version of FindBugs is 2.0.3.</p>
<p>
FindBugs requires JRE (or JDK) 1.5.0 or later to run.&nbsp; However, it can analyze programs
compiled for any version of Java, from 1.0 to 1.7. Some classfiles compiled for Java 1.8 give
FindBugs problems, the next major release of FindBugs will handle Java 1.8 classfiles.
<p> The current version of FindBugs is 2.0.3,
released on 17:16:15 EST, 22 November, 2013. <a href="reportingBugs.html">We are very interested in getting
feedback on how to improve FindBugs</a>. File bug reports on <a
href="http://sourceforge.net/tracker/?func=browse&amp;group_id=96405&amp;atid=614693"> our
sourceforge bug tracker</a>
</p>
<p>The current version of FindBugs may encounter errors when analyzing
Java 1.8 bytecode, due to changes in the classfile format. After FindBugs 2.0.3
is released, work will start on the next major release of FindBugs, which will
be able to analyze Java 1.8 (and will require Java 1.7 to compile and run).
<p>
<a href="#changes">Changes</a> | <a href="#talks">Talks</a> | <a href="#papers">Papers </a> | <a
href="#sponsors">Sponsors</a> | <a href="#support">Support</a>
</p>
<h1>FindBugs 2.0.3 Release</h1>
<p>FindBugs 2.0.3 is intended to be a minor bug fix release over
FindBugs 2.0.2. Although than some improvements to existing bug detectors
and analysis engines, and a few new bug patterns, and some
important bug fixes to the Eclipse plugin, no significant changes
should be observed. Consult the <a href="Changes.html">Change log</a>
for more details.</p>
<p>
Also check out <a href="http://code.google.com/p/findbugs/w/list">http://code.google.com/p/findbugs/w/list</a>
for more information about some recent features/changes in FindBugs.
</p>
<h3>
<a href="findbugs2.html">Major changes in FindBugs 2.0 (from FindBugs 1.3.x)</a>
</h3>
<ul>
<li><a href="findbugs2.html#cloud">FindBugs Communal cloud</a></li>
<li><a href="findbugs2.html#updateChecks">checks for updated versions of FindBugs</a></li>
<li><a href="findbugs2.html#plugins">Powerful plugin capabilities</a></li>
<li><a href="findbugs2.html#newBugPatterns">new bug patterns</a>,
including new/improved support for <a href="findbugs2.html#guava">Guava</a>
and <a href="findbugs2.html#jsr305">JSR-305</a>
</li>
<li><a href="findbugs2.html#performance">improved performance</a></li>
</ul>
<h2>Ways to run FindBugs</h2>
<p>Here are various ways to run FindBugs. For plugins not supported by the FindBugs team, check to
see what version of FindBugs they provide; it might take a little while for the plugins to update to
FindBugs 2.0.</p>
<dl>
<dt>Command line, ant, GUI</dt>
<dd>Provided in FindBugs download</dd>
<dt>
<a href="http://www.eclipse.org/">Eclipse</a>
</dt>
<dd>
Update site for Eclipse plugin: <a href="http://findbugs.cs.umd.edu/eclipse">http://findbugs.cs.umd.edu/eclipse</a>.
Supported by the FindBugs project.
</dd>
<dt>
<a href="http://maven.apache.org/">Maven</a>
</dt>
<dd>
<a href="http://mojo.codehaus.org/findbugs-maven-plugin/">http://mojo.codehaus.org/findbugs-maven-plugin/</a>
</dd>
<dt>
<a href="http://netbeans.org/">Netbeans</a>
</dt>
<dd>
<a href="http://kenai.com/projects/sqe/pages/Home">SQE: Software Quality Environment</a>
</dd>
<dt><a href="https://wiki.jenkins-ci.org/display/JENKINS">Jenkins</a></dt>
<dd> <a href="https://wiki.jenkins-ci.org/display/JENKINS/FindBugs+Plugin">Jenkins FindBugs Plugin</a>
<dt>
<a href="http://wiki.hudson-ci.org/display/HUDSON/Home">Hudson</a>
</dt>
<dd>
<a href="http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin"> HUDSON FindBugs Plugin</a>
</dd>
<dt>
<a href="http://www.jetbrains.com/idea/">IntelliJ</a>
</dt>
<dd>
Several plugins, see <a href="http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins">http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins</a>
for a description.
</dd>
</dl>
<h1>New</h1>
<ul>
<li>jFormatString library republished at
<a href="http://code.google.com/p/j-format-string">http://code.google.com/p/j-format-string</a>.
This is the library we use for compile time checking of format strings. It is separately published to
<li>We're releasing FindBugs 2.0.3.
Mostly small changes to address false positives, with one important fix to the Eclipse plugin
to fix a problem that had prevented the plugin from running in some versions of Eclipse.
Check the <a href="Changes.html">change log</a> for more details.
<li>We've released <a href="findbugs2.html">FindBugs 2.0</a>
</li>
<li>FindBugs communal cloud and Java web start links:. We have analyzed several large open
source projects, and provide Java web start links to allow you to view the results. We'd be
happy to work with projects to make the results available from a continuous build:
<p></p>
<ul>
<li><a href="http://findbugs.cs.umd.edu/cloud/jdk.jnlp">Sun's JDK 8</a></li>
<li><a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.8</a></li>
<li><a href="http://findbugs.cs.umd.edu/cloud/tomcat.jnlp">Apache Tomcat 7.0</a></li>
<li><a href="http://findbugs.cs.umd.edu/cloud/intellij.jnlp">IntelliJ IDEA</a></li>
<li><a href="http://findbugs.cs.umd.edu/cloud/jboss.jnlp">JBoss</a></li>
</ul>
</li>
</ul>
<h1>Experience with FindBugs</h1>
<ul>
<li><b>Google FindBugs Fixit</b>: Google has a tradition of <a
href="http://www.nytimes.com/2007/10/21/jobs/21pre.html">engineering fixits</a>, special days where
they try to get all of their engineers focused on some specific problem or technique for improving
the systems at Google. A fixit might work to improve web accessibility, internal testing, removing
TODO's from internal software, etc.
<p>In 2009, Google held a global fixit for UMD's FindBugs tool a static analysis tool for
finding coding mistakes in Java software. The focus of the fixit was to get feedback on the
4,000 highest confidence issues found by FindBugs at Google, and let Google engineers decide
which issues, if any, needed fixing.</p>
<p>More than 700 engineers ran FindBugs from dozens of offices. More than 250 of them entered
more than 8,000 reviews of the issues. A review is a classification of an issue as must-fix,
should-fix, mostly-harmless, not-a-bug, and several other categories. More than 75% of the
reviews classified issues as must fix, should fix or I will fix. Many of the scariest issues
received more than 10 reviews each.</p>
<p>Engineers have already submitted changes that made more than 1,100 of the 3,800 issues go
away. Engineers filed more than 1,700 bug reports, of which 600 have already been marked as
fixed Work continues on addressing the issues raised by the fixit, and on supporting the
integration of FindBugs into the software development process at Google.</p>
<p>The fixit at Google showcased new capabilities of FindBugs that provide a cloud computing /
social networking backdrop. Reviews of issues are immediately persisted into a central store,
where they can be seen by other developers, and FindBugs is integrated into the internal Google
tools for filing and viewing bug reports and for viewing the version control history of source
files. For the Fixit, FindBugs was configured in a mode where engineers could not see reviews
from other engineers until they had entered their own; after the fixit, the configuration will
be changed to a more open configuration where engineers can see reviews from others without
having to provide their own review first. These capabilities have all been contributed to UMD's
open source FindBugs tool, although a fair bit of engineering remains to prepare the
capabilities for general release and make sure they can integrate into systems outside of
Google. The new capabilities are expected to be ready for general release in Fall 2009.</p>
</li>
</ul>
<h2>
<a name="talks">Talks about FindBugs</a>
</h2>
<ul>
<li>
<a href="http://www.cs.umd.edu/~pugh/MistakesThatMatter.pdf">Mistakes That Matter</a>, JavaOne,
2009
</li>
<li><a href="http://youtu.be/jflQSFhYTEo?hd=1">Youtube video</a> showing of demo
of our 2.0 Eclipse plugin (5 minutes)</li>
<li><a href="http://findbugs.cs.umd.edu/talks/findbugs.mov">Quicktime movie</a> showing of demo
of our new GUI to view some of the null pointer bugs in Eclipse (Big file warning: 23 Megabytes)</li>
<li><a href="http://findbugs.cs.umd.edu/talks/JavaOne2007-TS2007.pdf">JavaOne 2007 talk on
Improving Software Quality Using Static Analysis</a></li>
<li><a href="http://findbugs.cs.umd.edu/talks/fb-sdbp-2006.pdf">Talk</a> Bill Pugh gave at <a
href="http://www.sdexpo.com/2006/sdbp/">SD Best Practices</a>, Sept 14th (more of a handle on
tutorial about using FindBugs)</li>
<li><a href="http://findbugs.cs.umd.edu/talks/fb-Sept1213-2006.pdf">Talk</a> Bill Pugh gave at
<a href="http://itasoftware.com/">ITA Software</a> and <a href="http://www.csail.mit.edu/">MIT</a>,
Sept 12th and 13th (more of a research focus)</li>
<li><a href="http://video.google.com/videoplay?docid=-8150751070230264609">Video of talk</a>
Bill Pugh gave at <a href="http://www.google.com">Google</a>, July 6th, 2006</li>
<li><a href="http://javaposse.com/index.php?post_id=95780">Java Posse podcast interview
with Bill Pugh and Brian Goetz</a></li>
</ul>
<h2>
<a name="papers">Papers about FindBugs</a>
</h2>
<ul>
<li><a href="http://findbugs.cs.umd.edu/papers/MoreNullPointerBugs07.pdf">Finding More Null
Pointer Bugs, But Not Too Many</a>, by <a href="http://faculty.ycp.edu/~dhovemey/">David
Hovemeyer</a>, York College of Pennsylvania and <a href="http://www.cs.umd.edu/~pugh/">William
Pugh</a>, Univ. of Maryland, <a href="http://paste07.cs.washington.edu/">7th ACM
SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering</a>, June, 2007</li>
<li><a href="http://findbugs.cs.umd.edu/papers/FindBugsExperiences07.pdf">Evaluating Static
Analysis Defect Warnings On Production Software,</a> <a href="http://www.cs.umd.edu/~nat/">Nathaniel
Ayewah</a> and <a href="http://www.cs.umd.edu/~pugh/">William Pugh</a>, Univ. of Maryland, and
J. David Morgenthaler, John Penix and YuQian Zhou, Google, Inc., <a
href="http://paste07.cs.washington.edu/">7th ACM SIGPLAN-SIGSOFT Workshop on Program
Analysis for Software Tools and Engineering</a>, June, 2007
</li>
</ul>
<h1>
<a name="sponsors">Contributors and Sponsors</a>
</h1>
<p>
The <a href="team.html">current development team</a> consists of <a
href="http://www.cs.umd.edu/~pugh">Bill Pugh</a> and <a
href="http://andrei.gmxhome.de/privat.html">Andrey Loskutov</a>.
</p>
<p>The most recent funding for FindBugs comes from a Google Faculty Research Awards.</p>
<h2>
<a name="support">Additional Support</a>
</h2>
<p>
Numerous <a =href="team.html">people</a> have made significant contributions to the FindBugs
project, including founding work by <a href="http://goose.ycp.edu/~dhovemey/">David Hovemeyer</a>
and the web cloud infrastructure by Keith Lea.
</p>
<p>
YourKit is kindly supporting open source projects with its full-featured Java Profiler. YourKit, LLC
is creator of innovative and intelligent tools for profiling Java and .NET applications. Take a look
at YourKit's leading software products: <a href="http://www.yourkit.com/java/profiler/index.jsp">YourKit
Java Profiler</a> and <a href="http://www.yourkit.com/.net/profiler/index.jsp">YourKit .NET
Profiler</a>.
</p>
<p>
The FindBugs project also uses <a href="http://www.atlassian.com/software/fisheye/">FishEye</a> and
<a href="http://www.atlassian.com/software/clover/">Clover</a>, which are generously provided by <a
href="http://www.cenqua.com/">Cenqua/Atlassian</a>.
</p>
<p>
Additional financial support for the FindBugs project was provided by <a href="http://www.nsf.gov">National
Science Foundation</a> grants ASC9720199 and CCR-0098162,
</p>
<p>Any opinions, findings and conclusions or recommendations expressed in this material are those of
the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).
</p>
<hr> <p>
<script language="JavaScript" type="text/javascript">
<!---//hide script from old browsers
document.write( "Last updated "+ document.lastModified + "." );
//end hiding contents --->
</script>
<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a>
<p>
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>
</td>
</tr>
</table>
</body>
</html>