This project hosts tutorials and other documentation that have been developed for FindBugs. FindBugs is a static analysis tool that finds coding mistakes by examining Java classfiles. FindBugs incorporates some fairly sophisticated checking for null pointer bugs, but also looks for hundreds of other bug patterns, many of which can be found using very simple techniques. FindBug has been downloaded more than 450,000 times from all over the world, and is used by a number of large open source efforts and companies. FindBugs is typically able to find hundreds of real defects/mistakes per million lines of noncommenting source statements.

Using FindBugs in Anger (given at OOPSLA 2007)

This tutorial is designed to help attendees fully incorporate FindBugs into their software development process, with an emphasis on solving the issues that arise in using static analysis on projects with a large code base and multiple developers. We will go into substantial detail about how to perform differential analysis, which allows you to see which warnings have been introduced since the previous build, or since the last release to customers. We will also discuss persistent auditing, so that after reviewing a set of warnings and deciding which need to be fixed and which can be ignored, those audit results are applied to the results of each new analysis, so that you don't have to reexamine warnings already audited. We will also discuss how to apply annotations, including those defined by JSR-305, to allow FindBugs to better understand your own code and libraries, thus finding important bugs and suppressing unimportant issues. Finally, we will also discuss how to write your own bug detectors.

Slides

Introduction

Running FindBugs

Working with XML output from FindBugs

Managing FindBugs and incorporating it into your software development process

Description of JSR-305, annotations for software defect detection

Writing detectors for FindBugs

Using FindBugs for Research (given at PLDI 2007)

In addition to having many bug detectors, FindBugs also has a plug-in architecture, allowing third party detectors to be added, and FindBugs can run within a GUI, the command line, Eclipse or Netbeans. FindBugs also supports the ability to track the persistence of defects across multiple versions or instances of a piece of software, so you can see when defect warnings are introduced, how long they persist and when they are removed.

We believe this offers researchers an excellent opportunity to study how certain defects are created, persist and are removed. It also provides an opportunity for researchers looking to gain broader visibility for their own tools: by packaging your own analysis as a FindBugs plugin, you can gain a huge installed base of users.

Slides

Slides