1 <html> 2 <head> 3 <title>FindBugs™ - Find Bugs in Java Programs</title> 4 <link rel="stylesheet" type="text/css" href="findbugs.css" /> 5 6 </head> 7 8 <body> 9 10 <table width="100%"> 11 <tr> 12 13 14 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> 15 <table width="100%" cellspacing="0" border="0"> 16 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> 17 18 <tr><td> </td></tr> 19 20 <tr><td><b>Docs and Info</b></td></tr> 21 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> 22 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> 23 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> 24 <tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> 25 <tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> 26 <tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> 27 <tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/日本語)</a></font></td></tr> 28 <tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> 29 <tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> 30 <tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> 31 <tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> 32 <tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> 33 34 <tr><td> </td></tr> 35 36 <tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr> 37 38 <tr><td> </td></tr> 39 40 <tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr> 41 42 <tr><td> </td></tr> 43 44 <tr><td><b>Development</b></td></tr> 45 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> 46 <tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> 47 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> 48 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> 49 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> 50 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> 51 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> 52 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> 53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> 54 </table> 55 </td> 56 57 <td align="left" valign="top"> 58 59 <p></p> 60 <table> 61 <tr> 62 <td valign="center"><a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png" alt="FindBugs logo" 63 border="0" /> </a></td> 64 <td valign="center"><a href="http://www.umd.edu/"><img src="informal.png" 65 alt="UMD logo" border="0" /> </a></td> 66 </tr> 67 </table> 68 69 <h1>FindBugs™ - Find Bugs in Java Programs</h1> 70 71 <p> 72 This is the web page for FindBugs, a program which uses static analysis to look for bugs in Java 73 code. It is free software, distributed under the terms of the <a 74 href="http://www.gnu.org/licenses/lgpl.html">Lesser GNU Public License</a>. The name 75 FindBugs™ and the <a href="buggy-sm.png">FindBugs logo</a> are trademarked by <a 76 href="http://www.umd.edu">The University of Maryland</a>. FindBugs has been downloaded more than 77 a million times. 78 </p> 79 80 <p>The current version of FindBugs is 2.0.3.</p> 81 82 <p> 83 FindBugs requires JRE (or JDK) 1.5.0 or later to run. However, it can analyze programs 84 compiled for any version of Java, from 1.0 to 1.7. Some classfiles compiled for Java 1.8 give 85 FindBugs problems, the next major release of FindBugs will handle Java 1.8 classfiles. 86 87 <p> The current version of FindBugs is 2.0.3, 88 89 released on 17:16:15 EST, 22 November, 2013. <a href="reportingBugs.html">We are very interested in getting 90 feedback on how to improve FindBugs</a>. File bug reports on <a 91 href="http://sourceforge.net/tracker/?func=browse&group_id=96405&atid=614693"> our 92 sourceforge bug tracker</a> 93 </p> 94 <p>The current version of FindBugs may encounter errors when analyzing 95 Java 1.8 bytecode, due to changes in the classfile format. After FindBugs 2.0.3 96 is released, work will start on the next major release of FindBugs, which will 97 be able to analyze Java 1.8 (and will require Java 1.7 to compile and run). 98 99 100 <p> 101 <a href="#changes">Changes</a> | <a href="#talks">Talks</a> | <a href="#papers">Papers </a> | <a 102 href="#sponsors">Sponsors</a> | <a href="#support">Support</a> 103 </p> 104 105 <h1>FindBugs 2.0.3 Release</h1> 106 <p>FindBugs 2.0.3 is intended to be a minor bug fix release over 107 FindBugs 2.0.2. Although than some improvements to existing bug detectors 108 and analysis engines, and a few new bug patterns, and some 109 important bug fixes to the Eclipse plugin, no significant changes 110 should be observed. Consult the <a href="Changes.html">Change log</a> 111 for more details.</p> 112 113 <p> 114 Also check out <a href="http://code.google.com/p/findbugs/w/list">http://code.google.com/p/findbugs/w/list</a> 115 for more information about some recent features/changes in FindBugs. 116 </p> 117 118 119 <h3> 120 <a href="findbugs2.html">Major changes in FindBugs 2.0 (from FindBugs 1.3.x)</a> 121 </h3> 122 <ul> 123 <li><a href="findbugs2.html#cloud">FindBugs Communal cloud</a></li> 124 <li><a href="findbugs2.html#updateChecks">checks for updated versions of FindBugs</a></li> 125 <li><a href="findbugs2.html#plugins">Powerful plugin capabilities</a></li> 126 <li><a href="findbugs2.html#newBugPatterns">new bug patterns</a>, 127 including new/improved support for <a href="findbugs2.html#guava">Guava</a> 128 and <a href="findbugs2.html#jsr305">JSR-305</a> 129 </li> 130 <li><a href="findbugs2.html#performance">improved performance</a></li> 131 </ul> 132 133 134 <h2>Ways to run FindBugs</h2> 135 <p>Here are various ways to run FindBugs. For plugins not supported by the FindBugs team, check to 136 see what version of FindBugs they provide; it might take a little while for the plugins to update to 137 FindBugs 2.0.</p> 138 <dl> 139 <dt>Command line, ant, GUI</dt> 140 <dd>Provided in FindBugs download</dd> 141 <dt> 142 <a href="http://www.eclipse.org/">Eclipse</a> 143 </dt> 144 <dd> 145 Update site for Eclipse plugin: <a href="http://findbugs.cs.umd.edu/eclipse">http://findbugs.cs.umd.edu/eclipse</a>. 146 Supported by the FindBugs project. 147 </dd> 148 <dt> 149 <a href="http://maven.apache.org/">Maven</a> 150 </dt> 151 <dd> 152 <a href="http://mojo.codehaus.org/findbugs-maven-plugin/">http://mojo.codehaus.org/findbugs-maven-plugin/</a> 153 </dd> 154 <dt> 155 <a href="http://netbeans.org/">Netbeans</a> 156 </dt> 157 <dd> 158 <a href="http://kenai.com/projects/sqe/pages/Home">SQE: Software Quality Environment</a> 159 </dd> 160 <dt><a href="https://wiki.jenkins-ci.org/display/JENKINS">Jenkins</a></dt> 161 <dd> <a href="https://wiki.jenkins-ci.org/display/JENKINS/FindBugs+Plugin">Jenkins FindBugs Plugin</a> 162 163 <dt> 164 <a href="http://wiki.hudson-ci.org/display/HUDSON/Home">Hudson</a> 165 </dt> 166 <dd> 167 <a href="http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin"> HUDSON FindBugs Plugin</a> 168 </dd> 169 <dt> 170 <a href="http://www.jetbrains.com/idea/">IntelliJ</a> 171 </dt> 172 <dd> 173 Several plugins, see <a href="http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins">http://code.google.com/p/findbugs/wiki/IntellijFindBugsPlugins</a> 174 for a description. 175 176 </dd> 177 </dl> 178 179 180 <h1>New</h1> 181 <ul> 182 183 <li>jFormatString library republished at 184 <a href="http://code.google.com/p/j-format-string">http://code.google.com/p/j-format-string</a>. 185 This is the library we use for compile time checking of format strings. It is separately published to 186 187 <li>We're releasing FindBugs 2.0.3. 188 189 Mostly small changes to address false positives, with one important fix to the Eclipse plugin 190 to fix a problem that had prevented the plugin from running in some versions of Eclipse. 191 Check the <a href="Changes.html">change log</a> for more details. 192 193 <li>We've released <a href="findbugs2.html">FindBugs 2.0</a> 194 </li> 195 <li>FindBugs communal cloud and Java web start links:. We have analyzed several large open 196 source projects, and provide Java web start links to allow you to view the results. We'd be 197 happy to work with projects to make the results available from a continuous build: 198 <p></p> 199 <ul> 200 <li><a href="http://findbugs.cs.umd.edu/cloud/jdk.jnlp">Sun's JDK 8</a></li> 201 <li><a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.8</a></li> 202 <li><a href="http://findbugs.cs.umd.edu/cloud/tomcat.jnlp">Apache Tomcat 7.0</a></li> 203 <li><a href="http://findbugs.cs.umd.edu/cloud/intellij.jnlp">IntelliJ IDEA</a></li> 204 <li><a href="http://findbugs.cs.umd.edu/cloud/jboss.jnlp">JBoss</a></li> 205 </ul> 206 </li> 207 </ul> 208 209 210 211 <h1>Experience with FindBugs</h1> 212 <ul> 213 <li><b>Google FindBugs Fixit</b>: Google has a tradition of <a 214 href="http://www.nytimes.com/2007/10/21/jobs/21pre.html">engineering fixits</a>, special days where 215 they try to get all of their engineers focused on some specific problem or technique for improving 216 the systems at Google. A fixit might work to improve web accessibility, internal testing, removing 217 TODO's from internal software, etc. 218 219 <p>In 2009, Google held a global fixit for UMD's FindBugs tool a static analysis tool for 220 finding coding mistakes in Java software. The focus of the fixit was to get feedback on the 221 4,000 highest confidence issues found by FindBugs at Google, and let Google engineers decide 222 which issues, if any, needed fixing.</p> 223 <p>More than 700 engineers ran FindBugs from dozens of offices. More than 250 of them entered 224 more than 8,000 reviews of the issues. A review is a classification of an issue as must-fix, 225 should-fix, mostly-harmless, not-a-bug, and several other categories. More than 75% of the 226 reviews classified issues as must fix, should fix or I will fix. Many of the scariest issues 227 received more than 10 reviews each.</p> 228 <p>Engineers have already submitted changes that made more than 1,100 of the 3,800 issues go 229 away. Engineers filed more than 1,700 bug reports, of which 600 have already been marked as 230 fixed Work continues on addressing the issues raised by the fixit, and on supporting the 231 integration of FindBugs into the software development process at Google.</p> 232 <p>The fixit at Google showcased new capabilities of FindBugs that provide a cloud computing / 233 social networking backdrop. Reviews of issues are immediately persisted into a central store, 234 where they can be seen by other developers, and FindBugs is integrated into the internal Google 235 tools for filing and viewing bug reports and for viewing the version control history of source 236 files. For the Fixit, FindBugs was configured in a mode where engineers could not see reviews 237 from other engineers until they had entered their own; after the fixit, the configuration will 238 be changed to a more open configuration where engineers can see reviews from others without 239 having to provide their own review first. These capabilities have all been contributed to UMD's 240 open source FindBugs tool, although a fair bit of engineering remains to prepare the 241 capabilities for general release and make sure they can integrate into systems outside of 242 Google. The new capabilities are expected to be ready for general release in Fall 2009.</p> 243 </li> 244 </ul> 245 246 <h2> 247 <a name="talks">Talks about FindBugs</a> 248 </h2> 249 <ul> 250 <li> 251 <a href="http://www.cs.umd.edu/~pugh/MistakesThatMatter.pdf">Mistakes That Matter</a>, JavaOne, 252 2009 253 </li> 254 <li><a href="http://youtu.be/jflQSFhYTEo?hd=1">Youtube video</a> showing of demo 255 of our 2.0 Eclipse plugin (5 minutes)</li> 256 <li><a href="http://findbugs.cs.umd.edu/talks/findbugs.mov">Quicktime movie</a> showing of demo 257 of our new GUI to view some of the null pointer bugs in Eclipse (Big file warning: 23 Megabytes)</li> 258 <li><a href="http://findbugs.cs.umd.edu/talks/JavaOne2007-TS2007.pdf">JavaOne 2007 talk on 259 Improving Software Quality Using Static Analysis</a></li> 260 <li><a href="http://findbugs.cs.umd.edu/talks/fb-sdbp-2006.pdf">Talk</a> Bill Pugh gave at <a 261 href="http://www.sdexpo.com/2006/sdbp/">SD Best Practices</a>, Sept 14th (more of a handle on 262 tutorial about using FindBugs)</li> 263 <li><a href="http://findbugs.cs.umd.edu/talks/fb-Sept1213-2006.pdf">Talk</a> Bill Pugh gave at 264 <a href="http://itasoftware.com/">ITA Software</a> and <a href="http://www.csail.mit.edu/">MIT</a>, 265 Sept 12th and 13th (more of a research focus)</li> 266 <li><a href="http://video.google.com/videoplay?docid=-8150751070230264609">Video of talk</a> 267 Bill Pugh gave at <a href="http://www.google.com">Google</a>, July 6th, 2006</li> 268 <li><a href="http://javaposse.com/index.php?post_id=95780">Java Posse podcast interview 269 with Bill Pugh and Brian Goetz</a></li> 270 </ul> 271 <h2> 272 <a name="papers">Papers about FindBugs</a> 273 </h2> 274 <ul> 275 <li><a href="http://findbugs.cs.umd.edu/papers/MoreNullPointerBugs07.pdf">Finding More Null 276 Pointer Bugs, But Not Too Many</a>, by <a href="http://faculty.ycp.edu/~dhovemey/">David 277 Hovemeyer</a>, York College of Pennsylvania and <a href="http://www.cs.umd.edu/~pugh/">William 278 Pugh</a>, Univ. of Maryland, <a href="http://paste07.cs.washington.edu/">7th ACM 279 SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering</a>, June, 2007</li> 280 <li><a href="http://findbugs.cs.umd.edu/papers/FindBugsExperiences07.pdf">Evaluating Static 281 Analysis Defect Warnings On Production Software,</a> <a href="http://www.cs.umd.edu/~nat/">Nathaniel 282 Ayewah</a> and <a href="http://www.cs.umd.edu/~pugh/">William Pugh</a>, Univ. of Maryland, and 283 J. David Morgenthaler, John Penix and YuQian Zhou, Google, Inc., <a 284 href="http://paste07.cs.washington.edu/">7th ACM SIGPLAN-SIGSOFT Workshop on Program 285 Analysis for Software Tools and Engineering</a>, June, 2007 286 </li> 287 </ul> 288 289 <h1> 290 <a name="sponsors">Contributors and Sponsors</a> 291 </h1> 292 <p> 293 The <a href="team.html">current development team</a> consists of <a 294 href="http://www.cs.umd.edu/~pugh">Bill Pugh</a> and <a 295 href="http://andrei.gmxhome.de/privat.html">Andrey Loskutov</a>. 296 </p> 297 <p>The most recent funding for FindBugs comes from a Google Faculty Research Awards.</p> 298 <h2> 299 <a name="support">Additional Support</a> 300 </h2> 301 <p> 302 Numerous <a =href="team.html">people</a> have made significant contributions to the FindBugs 303 project, including founding work by <a href="http://goose.ycp.edu/~dhovemey/">David Hovemeyer</a> 304 and the web cloud infrastructure by Keith Lea. 305 </p> 306 <p> 307 YourKit is kindly supporting open source projects with its full-featured Java Profiler. YourKit, LLC 308 is creator of innovative and intelligent tools for profiling Java and .NET applications. Take a look 309 at YourKit's leading software products: <a href="http://www.yourkit.com/java/profiler/index.jsp">YourKit 310 Java Profiler</a> and <a href="http://www.yourkit.com/.net/profiler/index.jsp">YourKit .NET 311 Profiler</a>. 312 </p> 313 <p> 314 The FindBugs project also uses <a href="http://www.atlassian.com/software/fisheye/">FishEye</a> and 315 <a href="http://www.atlassian.com/software/clover/">Clover</a>, which are generously provided by <a 316 href="http://www.cenqua.com/">Cenqua/Atlassian</a>. 317 </p> 318 <p> 319 Additional financial support for the FindBugs project was provided by <a href="http://www.nsf.gov">National 320 Science Foundation</a> grants ASC9720199 and CCR-0098162, 321 </p> 322 <p>Any opinions, findings and conclusions or recommendations expressed in this material are those of 323 the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF). 324 </p> 325 326 <hr> <p> 327 <script language="JavaScript" type="text/javascript"> 328 <!---//hide script from old browsers 329 document.write( "Last updated "+ document.lastModified + "." ); 330 //end hiding contents ---> 331 </script> 332 <p> Send comments to <a class="sidebar" href="mailto:findbugs (a] cs.umd.edu">findbugs (a] cs.umd.edu</a> 333 <p> 334 <A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A> 335 </td> 336 </tr> 337 </table> 338 339 </body> 340 </html> 341
