1 <html> 2 <head> 3 <title>FindBugs 2™ - Find Bugs in Java Programs</title> 4 <link rel="stylesheet" type="text/css" href="findbugs.css" /> 5 6 </head> 7 8 <body> 9 10 <table width="100%"> 11 <tr> 12 13 14 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> 15 <table width="100%" cellspacing="0" border="0"> 16 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> 17 18 <tr><td> </td></tr> 19 20 <tr><td><b>Docs and Info</b></td></tr> 21 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> 22 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> 23 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> 24 <tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> 25 <tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> 26 <tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> 27 <tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr> 28 <tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> 29 <tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> 30 <tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> 31 <tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> 32 <tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> 33 34 <tr><td> </td></tr> 35 36 <tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr> 37 38 <tr><td> </td></tr> 39 40 <tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr> 41 42 <tr><td> </td></tr> 43 44 <tr><td><b>Development</b></td></tr> 45 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> 46 <tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> 47 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> 48 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> 49 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> 50 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> 51 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> 52 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> 53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> 54 </table> 55 </td> 56 57 <td align="left" valign="top"> 58 59 <p></p> 60 <table> 61 <tr> 62 <td valign="center"><a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png" alt="FindBugs logo" 63 border="0" /> </a></td> 64 <td valign="center"><a href="http://www.umd.edu/"><img src="informal.png" 65 alt="UMD logo" border="0" /> </a></td> 66 </tr> 67 </table> 68 69 <h1>FindBugs 2</h1> 70 71 <p>This page describes the major changes in FindBugs 2. We are well aware that the documentation on 72 the new features in FindBugs 2.0 have not kept up with the implementation. We will be working to 73 improve the documentation, but don't want to hold up the release any longer to improve the 74 documentation.</p> 75 <p>Anyone currently using FindBugs 1.3.9 should find FindBugs 2.0 to largely be a drop-in 76 replacement that offers better accuracy and performance.</p> 77 78 79 <p> 80 Also check out <a href="http://code.google.com/p/findbugs/w/list">http://code.google.com/p/findbugs/w/list</a> 81 for more information about some recent features/changes in FindBugs. 82 </p> 83 84 <p>The major new features in FindBugs 2 are as follows:</p> 85 <ul> 86 <li>Bug Rank - bugs are given a rank 1-20, and grouped into the categories scariest (rank 1-4), 87 scary (rank 5-9), troubling (rank 10-14), and of concern (rank 15-20). 88 <ul> 89 <li>priority renamed confidence - many people were confused by the priority reported by 90 FindBugs, and considered all HIGH priority issues to be important. To reflect the 91 actually meaning of this attribute of issues, it has been renamed confidence. Issues of 92 different bug patterns should be compared by there rank, not their confidence.</li> 93 </ul> 94 95 </li> 96 <li><a href="#cloud">Cloud storage</a> - having a convent way for developers to share 97 information about when an issue was first seen, and whether it is believed to be a serious 98 problem, is important to successful and cost-effective deployment of static analysis in a large 99 software project.</li> 100 <li><a href="#updateChecks">update checks</a> - FindBugs will check for releases of new 101 versions of FindBugs. Note: we leverage this capability to count the number of FindBugs users. 102 These update checks can easily be disabled.</li> 103 <li><a href="#plugins">Plugins</a> - FindBugs 2.0 makes it much easier to define plugins that 104 provide various capabilities, and install these plugins either on a per user or per installation 105 basis.</li> 106 <li><code>fb</code> command - rather than using the rather haphazard collection of command line 107 scripts developed over the years for running various FindBugs commands, you can now use just 108 one: <code>fb</code>. 109 <ul> 110 <li><code>fb analyze</code> - invokes the FindBugs analysis</li> 111 <li><code>fb gui</code> - launches the FindBugs GUI 112 <li><code>fb list</code> - lists the issues from a FindBugs analysis file</li> 113 <li><code>fb help</code> - lists the command available.</li> 114 </ul> 115 <p> 116 Plugins can be used to extend the commands that can be invoked via 117 <code>fb</code>. 118 </p> 119 </li> 120 <li><a href="#newBugPatterns">New bug patterns and detectors</a>, 121 and improved accuracy 122 </li> 123 <li><a href="#performance">Improved performance</a>: overall, we've seen an average 10% 124 performance improvement over a large range of benchmarks, although a few users have experienced 125 performance regressions we are still trying to understand.</li> 126 <li id="guava">Guava support - working with Kevin Bourrillion, we have provided additional support for the 127 <a href="http://code.google.com/p/guava-libraries/">Guava library</a>, recognizing many common 128 misuse patterns. 129 </li> 130 <li id="jsr305">JSR-305 support - improved detection of problems identified by JSR-305 annotations. In 131 particular, we've significantly improved both the accuracy and performance of the analysis of 132 type qualifiers.</li> 133 </ul> 134 135 <h2 id="cloud">Cloud storage of issue evaluations</h2> 136 <p>For many years, you could store evaluations of FindBugs issues within the XML containing the 137 analysis results. However, this approach did not work well for a team of distributed developers. 138 Instead, we now provide a cloud based mechanism for storing this information. We are providing a 139 free communal cloud (hostied by Google appengine) for storing evaluations of FindBugs issues. You 140 can set up your own private cloud for storing issues, but at the moment this checking out a copy of 141 FindBugs, making some modifications and building the cloud storage plugin from source. We hope to 142 make it easier to have your own private cloud in FindBugs 2.0.1.</p> 143 <p>We have analyzed several large open source projects, and provide Java web start links to allow 144 you to view the results. We'd be happy to work with projects to make the results available from a 145 continuous build:</p> 146 <ul> 147 <li><a href="http://findbugs.cs.umd.edu/cloud/jdk.jnlp">Sun's JDK 8</a></li> 148 <li><a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.8</a></li> 149 <li><a href="http://findbugs.cs.umd.edu/cloud/tomcat.jnlp">Apache Tomcat 7.0</a></li> 150 <li><a href="http://findbugs.cs.umd.edu/cloud/intellij.jnlp">IntelliJ IDEA</a></li> 151 <li><a href="http://findbugs.cs.umd.edu/cloud/jboss.jnlp">JBoss</a></li> 152 </ul> 153 154 <h2 id="updateChecks">FindBugs update checks</h2> 155 <p> 156 FindBugs now checks to see if a new version of FindBugs or a plugin has been released. We make use 157 of this check to collect statistics on the operating system, java version, locale and FindBugs entry 158 point (e.g., ant, command line, GUI). <a href="updateChecking.html">More information is 159 available</a>, including information about how to disable update checks if your organization has a 160 policy against allowing the collection of such information. No information about the code being 161 analyzed is reported. 162 163 </p> 164 165 <h2 id="plugins">Plugins</h2> 166 <p>FindBugs 2.0 makes it much easier to customize FindBugs with plugins.</p> 167 <p>FindBugs looks for plugins in two places: your personal home directory, and in FindBugs home 168 (plugins installed in your home directory take precedence). In both places, it looks in two places: 169 the plugin directory, which contains plugins that are enabled by default, and the optionalPlugin 170 directory, which contains plugins that are disabled by default but can be enabled for a particular 171 project.</p> 172 <p>The FindBugs project includes several plugins:</p> 173 <ul> 174 <li><i>Cloud plugins</i>: These plugins provide ways to persist and share information about 175 issues seen in an analysis (e.g., when was this issue first seen, and any evaluations as to 176 whether this is harmless or a must fix issue, as well as comments about the issue from 177 developers) 178 <ul> 179 <li><code>bugCollectionCloud</code> - stores issue evaluations in the XML. The way 180 issue evaluations were always stored before FindBugs 2.0. Distributed in the 181 optionalPlugin directory.</li> 182 <li><code>findbugsCommunalCloud</code> Stores issue evaluations in the communal cloud 183 hosted at findbugs.appspot.com. Distributed in the plugin directory.</li> 184 <li><code>jdbcCloudClient</code> an older, deprecated cloud that stored information in 185 an SQL database. Not distributed, most be built from source.</li> 186 </ul></li> 187 <li><code>noUpdateChecks</code> - Disables checks for updated versions and usage counting. 188 Distributed in the optionalPlugin directory.</li> 189 <li><code>poweruser</code> - provides a number of additional commands for the <code>fb</code> 190 command. It is believed most of these commands are used by few people outside of the FindBugs 191 development team. Distributed in the optionalPlugin directory.</li> 192 <li><i>Bug filing plugins</i>: these plugins assist in the filing of FindBugs issues in built 193 trackers. The bug filing framework is designed to be extensible to other bug filing systems. At 194 the moment, these plugins are not supported, and must be built from source. 195 <ul> 196 <li><code>jira</code></li> 197 <li><code>google code</code></li> 198 </ul></li> 199 </ul> 200 <h2 id="performance">Performance Improvements/regressions</h2> 201 <p> 202 In our own testing, <a href="performance.html">we've seen an overall improvement of 9% in 203 FindBugs performance from 1.3.9 to 2.0.0, with the majority of benchmarks seeing improvements</a>. A 204 few users have reported significant performance regressions and we are <a href="performance.html">asking 205 for more information from anyone seeing significant performance regressions</a>. 206 207 </p> 208 <h2 id="newBugPatterns">New Bug patterns</h2> 209 <ul> 210 <li><a 211 href="http://findbugs.sourceforge.net/bugDescriptions.html#AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION</a> 212 </li> 213 <li><a 214 href="http://findbugs.sourceforge.net/bugDescriptions.html#BX_UNBOXING_IMMEDIATELY_REBOXED">BX_UNBOXING_IMMEDIATELY_REBOXED</a> 215 </li> 216 <li><a 217 href="http://findbugs.sourceforge.net/bugDescriptions.html#CO_COMPARETO_RESULTS_MIN_VALUE">CO_COMPARETO_RESULTS_MIN_VALUE</a> 218 </li> 219 <li><a 220 href="http://findbugs.sourceforge.net/bugDescriptions.html#DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD">DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD</a> 221 </li> 222 <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_ARGUMENTS_WRONG_ORDER">DMI_ARGUMENTS_WRONG_ORDER</a> 223 </li> 224 <li><a 225 href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE">DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE</a> 226 </li> 227 <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a></li> 228 <li><a 229 href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS">DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS</a> 230 </li> 231 <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a> 232 </li> 233 <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#ICAST_INT_2_LONG_AS_INSTANT">ICAST_INT_2_LONG_AS_INSTANT</a> 234 </li> 235 <li><a 236 href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_INT_VALUE">INT_BAD_COMPARISON_WITH_INT_VALUE</a> 237 </li> 238 <li><a 239 href="http://findbugs.sourceforge.net/bugDescriptions.html#JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT">JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT</a> 240 </li> 241 <li><a 242 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</a> 243 </li> 244 <li><a 245 href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE">OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE</a> 246 </li> 247 <li><a 248 href="http://findbugs.sourceforge.net/bugDescriptions.html#PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS">PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS</a> 249 </li> 250 <li><a 251 href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE">RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE</a> 252 </li> 253 <li><a 254 href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_NEGATING_RESULT_OF_COMPARETO">RV_NEGATING_RESULT_OF_COMPARETO</a> 255 </li> 256 <li><a 257 href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_IGNORED_INFERRED">RV_RETURN_VALUE_IGNORED_INFERRED</a> 258 </li> 259 <li><a 260 href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD">SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD</a> 261 </li> 262 <li><a 263 href="http://findbugs.sourceforge.net/bugDescriptions.html#URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD</a> 264 </li> 265 <li><a 266 href="http://findbugs.sourceforge.net/bugDescriptions.html#UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD">UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD</a> 267 </li> 268 <li><a 269 href="http://findbugs.sourceforge.net/bugDescriptions.html#UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</a> 270 </li> 271 <li><a 272 href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_USES_NEWLINE">VA_FORMAT_STRING_USES_NEWLINE</a> 273 </li> 274 <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#VO_VOLATILE_INCREMENT">VO_VOLATILE_INCREMENT</a> 275 </li> 276 </ul> 277 278 </td> 279 </tr> 280 </table> 281 282 </body> 283 </html> 284
