1 <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "file:../etc/docbook/docbookx.dtd" [
4 <!ENTITY FindBugs "<application>FindBugs</application>">
5 <!ENTITY Ant "<application>Ant</application>">
6 <!ENTITY Saxon "<application>Saxon</application>">
7 <!ENTITY FBHome "<replaceable>$FINDBUGS_HOME</replaceable>">
8 <!ENTITY nbsp " ">
11 <book lang="en" id="findbugs-manual">
14 <title>&FindBugs;™ Manual</title>
18 <firstname>David</firstname>
19 <othername>H.</othername>
20 <surname>Hovemeyer</surname>
23 <firstname>William</firstname>
24 <othername>W.</othername>
25 <surname>Pugh</surname>
34 <holder>University of Maryland</holder>
39 This manual is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License.
40 To view a copy of this license, visit
41 <ulink url="http://creativecommons.org/licenses/by-nc-sa/1.0/">http://creativecommons.org/licenses/by-nc-sa/1.0/</ulink>
42 or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
45 The name FindBugs and the FindBugs logo is trademarked by the University of Maryland.
49 <edition>1.3.0</edition>
51 <pubdate>09:39:09 EST, 08 November, 2007</pubdate>
56 **************************************************************************
58 **************************************************************************
61 <chapter id="introduction">
62 <title>Introduction</title>
64 <para> &FindBugs;™ is a program to find bugs in Java programs. It looks for instances
65 of "bug patterns" --- code instances that are likely to be errors.</para>
67 <para> This document describes version 1.3.0 of &FindBugs;. This is an
68 early release of the tool, so you may find problems with it. We
69 are very interested in getting your feedback on &FindBugs;. Please visit
70 the <ulink url="http://findbugs.sourceforge.net">&FindBugs; web page</ulink> for
71 the latest information on &FindBugs;, contact information, and support resources such
72 as information about the &FindBugs; mailing lists.</para>
75 <title>Requirements</title>
76 <para> To use &FindBugs;, you need a runtime environment compatible with
77 <ulink url="http://java.sun.com/j2se">Java 2 Standard Edition</ulink>, version 1.4.0 or later.
78 &FindBugs; is platform independent, and is known to run on GNU/Linux, Windows, and
79 MacOS X platforms.</para>
81 <para>You should have at least 512 MB of memory to use &FindBugs;.
82 To analyze very large projects, more memory may be needed.</para>
88 **************************************************************************
90 **************************************************************************
93 <chapter id="installing">
94 <title>Installing and Running &FindBugs;™</title>
97 This chapter explains how to install and run &FindBugs;.
101 <title>Extracting the Distribution</title>
104 The easiest way to install &FindBugs; is to download a binary distribution.
105 Binary distributions are available in
106 <ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-1.3.0.tar.gz?download">gzipped tar format</ulink> and
107 <ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-1.3.0.zip?download">zip format</ulink>.
108 Once you have downloaded a binary distribution, extract it into a directory of your choice.
112 Extracting a gzipped tar format distribution:
114 <prompt>$ </prompt><command>gunzip -c findbugs-1.3.0.tar.gz | tar xvf -</command>
119 Extracting a zip format distribution:
121 <prompt>C:\Software></prompt><command>unzip findbugs-1.3.0.zip</command>
126 Usually, extracting a binary distribution will create a directory ending in
127 <filename class="directory">findbugs-1.3.0</filename>. For example, if you extracted
128 the binary distribution from the <filename class="directory">C:\Software</filename>
129 directory, then the &FindBugs; software will be extracted into the directory
130 <filename class="directory">C:\Software\findbugs-1.3.0</filename>.
131 This directory is the &FindBugs; home directory. We'll refer to it as
132 &FBHome; throughout this manual.
137 <title>Configuration</title>
140 Once you have extracted the binary distribution, all you need to do in order
141 to run &FindBugs; is to invoke the wrapper script.
145 On Unix-like systems, use the following command to invoke the wrapper script:
147 <prompt>$ </prompt><command>&FBHome;/bin/findbugs <replaceable>options...</replaceable></command>
152 On Windows systems, the command to invoke the wrapper script is
154 <prompt>C:\My Directory></prompt><command>&FBHome;\bin\findbugs.bat <replaceable>options...</replaceable></command>
159 On both Unix-like and Windows systems, you can simply add the <filename><replaceable>$FINDBUGS_HOME</replaceable>/bin</filename>
160 directory to your <filename>PATH</filename> environment variable and then invoke
161 FindBugs using the <command>findbugs</command> command.
166 <sect1 id="commandLineOptions">
167 <title>Command Line Options</title>
171 There are two ways to invoke &FindBugs;. The first invokes the the Graphical User Interface (GUI):
174 <prompt>$ </prompt><command>findbugs <replaceable>[standard options]</replaceable> <replaceable>[GUI options]</replaceable></command>
177 The second invokes the Command Line Interface (Text UI):
180 <prompt>$ </prompt><command>findbugs -textui <replaceable>[standard options]</replaceable> <replaceable>[Text UI options]</replaceable></command>
185 <title>Standard options</title>
188 These options may be used with both the GUI and Text UI.
192 <term><command>-jvmArgs <replaceable>args</replaceable></command></term>
195 Specifies arguments to pass to the JVM. For example, you might want
196 to set a JVM property:
198 <prompt>$ </prompt><command>findbugs -textui -jvmArgs "-Duser.language=ja" <replaceable>myApp.jar</replaceable></command>
205 <term><command>-javahome <replaceable>directory</replaceable></command></term>
208 Specifies the directory containing the JRE (Java Runtime Environment) to
209 use to execute &FindBugs;.
215 <term><command>-maxHeap <replaceable>size</replaceable></command></term>
218 Specifies the maximum Java heap size in megabytes. The default is 256.
219 More memory may be required to analyze very large programs or libraries.
225 <term><command>-debug</command></term>
228 Prints a trace of detectors run and classes analyzed to standard output.
229 Useful for troubleshooting unexpected analysis failures.
235 <term><command>-conserveSpace</command></term>
238 This option disables analyses that increase precision but also
239 increase memory consumption. You may want to try this option if
240 you find that &FindBugs; runs out of memory, or takes an unusually
241 long time to complete its analysis.
247 <term><command>-effort:min</command></term>
250 This option disables analyses that increase precision but also
251 increase memory consumption. You may want to try this option if
252 you find that &FindBugs; runs out of memory, or takes an unusually
253 long time to complete its analysis.
259 <term><command>-effort:max</command></term>
262 Enable analyses which increase precision and find more bugs, but which
263 may require more memory and take more time to complete.
269 <term><command>-property</command> <replaceable>name=value</replaceable></term>
272 This option sets a system property. &FindBugs; uses system properties
273 to configure analysis options. See <xref linkend="analysisprops"/>.
274 You can use this option multiple times in order to set multiple properties.
275 Note: In most versions of Windows, the <replaceable>name=value</replaceable>
276 string must be in quotes.
282 <term><command>-project</command> <replaceable>project</replaceable></term>
285 Specify a project to be analyzed. The project file you specify should
286 be one that was created using the GUI interface. It will typically end
287 in the extension <filename>.fb</filename>.
298 <title>GUI Options</title>
301 These options are only accepted by the Graphical User Interface.
305 <term><command>-look:</command><replaceable>plastic|gtk|native</replaceable></term>
308 Set Swing look and feel.
318 <title>Text UI Options</title>
321 These options are only accepted by the Text User Interface.
326 <term><command>-sortByClass</command></term>
329 Sort reported bug instances by class name.
335 <term><command >-include</command> <replaceable>filterFile.xml</replaceable></term>
338 Only report bug instances that match the filter specified by <replaceable>filterFile.xml</replaceable>.
339 See <xref linkend="filter" />.
345 <term><command >-exclude</command> <replaceable>filterFile.xml</replaceable></term>
348 Report all bug instances except those matching the filter specified by <replaceable>filterFile.xml</replaceable>.
349 See <xref linkend="filter" />.
355 <term><command>-onlyAnalyze</command> <replaceable>com.foobar.MyClass,com.foobar.mypkg.*</replaceable></term>
358 Restrict analysis to find bugs to given comma-separated list of
359 classes and packages.
360 Unlike filtering, this option avoids running analysis on
361 classes and packages that are not explicitly matched:
362 for large projects, this may greatly reduce the amount of time
363 needed to run the analysis. (However, some detectors may produce
364 inaccurate results if they aren't run on the entire application.)
365 Classes should be specified using their full classnames (including
366 package), and packages should be specified in the same way
367 they would in a Java <literal>import</literal> statement to
368 import all classes in the package (i.e., add <literal>.*</literal>
369 to the full name of the package).
370 Replace <literal>.*</literal> with <literal>.-</literal> to also
371 analyze all subpackages.
377 <term><command>-low</command></term>
386 <term><command>-medium</command></term>
389 Report medium and high priority bugs. This is the default setting.
395 <term><command>-high</command></term>
398 Report only high priority bugs.
404 <term><command>-relaxed</command></term>
407 Relaxed reporting mode. For many detectors, this option
408 suppresses the heuristics used to avoid reporting false positives.
414 <term><command>-xml</command></term>
417 Produce the bug reports as XML. The XML data produced may be
418 viewed in the GUI at a later time. You may also specify this
419 option as <command>-xml:withMessages</command>; when this variant
420 of the option is used, the XML output will contain human-readable
421 messages describing the warnings contained in the file.
422 XML files generated this way are easy to transform into reports.
428 <term><command>-html</command></term>
431 Generate HTML output. By default, &FindBugs; will use the <filename>default.xsl</filename>
432 <ulink url="http://www.w3.org/TR/xslt">XSLT</ulink>
433 stylesheet to generate the HTML: you can find this file in <filename>findbugs.jar</filename>,
434 or in the &FindBugs; source or binary distributions. Variants of this option include
435 <command>-html:plain.xsl</command>, <command>-html:fancy.xsl</command> and <command>-html:fancy-hist.xsl</command>.
436 The <filename>plain.xsl</filename> stylesheet does not use Javascript or DOM,
437 and may work better with older web browsers, or for printing. The <filename>fancy.xsl</filename>
438 stylesheet uses DOM and Javascript for navigation and CSS for
439 visual presentation. The <command>fancy-hist.xsl</command> an evolution of <command>fancy.xsl</command> stylesheet.
440 It makes an extensive use of DOM and Javascript for dynamically filtering the lists of bugs.
444 If you want to specify your own
445 XSLT stylesheet to perform the transformation to HTML, specify the option as
446 <command>-html:<replaceable>myStylesheet.xsl</replaceable></command>,
447 where <replaceable>myStylesheet.xsl</replaceable> is the filename of the
448 stylesheet you want to use.
454 <term><command>-emacs</command></term>
457 Produce the bug reports in Emacs format.
463 <term><command>-xdocs</command></term>
466 Produce the bug reports in xdoc XML format for use with Apache Maven.
472 <term><command>-output</command> <replaceable>filename</replaceable></term>
475 Produce the output in the specified file.
481 <term><command>-outputFile</command> <replaceable>filename</replaceable></term>
484 This argument is deprecated. Use <command>-output</command> instead.
490 <term><command>-nested</command><replaceable>[:true|false]</replaceable></term>
493 This option enables or disables scanning of nested jar and zip files found in
494 the list of files and directories to be analyzed.
495 By default, scanning of nested jar/zip files is enabled.
496 To disable it, add <command>-nested:false</command> to the command line
503 <term><command>-auxclasspath</command> <replaceable>classpath</replaceable></term>
506 Set the auxiliary classpath for analysis. This classpath should include all
507 jar files and directories containing classes that are part of the program
508 being analyzed but you do not want to have analyzed for bugs.
515 <term><command></command> <replaceable></replaceable></term>
531 **************************************************************************
532 Compiling FindBugs from Source
533 **************************************************************************
536 <chapter id="building">
537 <title>Building &FindBugs;™ from Source</title>
540 This chapter describes how to build &FindBugs; from source code. Unless you are
541 interesting in modifying &FindBugs;, you will probably want to skip to the
542 <link linkend="gui">next chapter</link>.
546 <title>Prerequisites</title>
549 To compile &FindBugs; from source, you will need the following:
553 The <ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-1.3.0-source.zip?download"
554 >&FindBugs; source distribution</ulink>
559 <ulink url="http://java.sun.com/j2se/">JDK 1.5.0 beta or later</ulink>
564 <ulink url="http://ant.apache.org/">Apache &Ant;</ulink>, version 1.6.3 or later
572 The version of &Ant; included as <filename>/usr/bin/ant</filename> on
573 Redhat Linux systems will <emphasis>not</emphasis> work for compiling
574 &FindBugs;. We recommend you install a binary distribution of &Ant;
575 downloaded from the <ulink url="http://ant.apache.org/">&Ant; website</ulink>.
576 Make sure that when you run &Ant; your <replaceable>JAVA_HOME</replaceable>
577 environment variable points to the directory in which you installed
583 If you want to be able to generate formatted versions of the &FindBugs; documentation,
584 you will also need the following software:
588 The <ulink url="http://docbook.sourceforge.net/projects/xsl/index.html">DocBook XSL Stylesheets</ulink>.
589 These are required to convert the &FindBugs; manual into HTML and PDF formats.
594 The <ulink url="http://saxon.sourceforge.net/">&Saxon; XSLT Processor</ulink>.
595 The file <filename>saxon.jar</filename> should be in your <envar>CLASSPATH</envar>.
610 <title>Extracting the Source Distribution</title>
612 After you download the source distribution, you'll need to extract it into
613 a working directory. A typical command to do this is:
616 <prompt>$ </prompt><command>unzip findbugs-1.3.0-source.zip</command>
623 <title>Modifying <filename>build.properties</filename></title>
625 If you intend to build the FindBugs documentation,
626 you will need to modify the <filename>build.properties</filename> file
627 used by the <ulink url="http://ant.apache.org/">&Ant;</ulink>
628 <filename>build.xml</filename> file to build &FindBugs;.
629 If you do not want to build the FindBugs documentation, then you
630 can ignore this file.
634 The <filename>build.properties</filename> looks like this:
637 # User Configuration:
638 # This section must be modified to reflect your system.
640 local.software.home =/export/home/daveho/linux
642 # Set this to the directory containing the DocBook Modular XSL Stylesheets
643 # from http://docbook.sourceforge.net/projects/xsl/
645 xsl.stylesheet.home =${local.software.home}/docbook/docbook-xsl-1.71.1
647 # Set this to the directory where Saxon (http://saxon.sourceforge.net/)
650 saxon.home =${local.software.home}/java/saxon-6.5.5
656 The <varname>xsl.stylesheet.home</varname> property specifies the full
657 path to the directory where you have installed the
658 <ulink url="http://docbook.sourceforge.net/projects/xsl/">DocBook Modular XSL
659 Stylesheets</ulink>. You only need to specify this property if you will be
660 generating the &FindBugs; documentation.
664 The <varname>saxon.home</varname> property is the full path to the
665 directory where you installed the <ulink url="http://saxon.sourceforge.net/">&Saxon; XSLT Processor</ulink>.
666 You only need to specify this property if you will be
667 generating the &FindBugs; documentation.
673 <title>Running &Ant;</title>
676 Once you have extracted the source distribution,
677 made sure that &Ant; is installed,
678 modified <filename>build.properties</filename> (optional),
679 and configured the tools (such as &Saxon;),
680 you are ready to build &FindBugs;. Invoking &Ant; is a simple matter
681 of running the command
683 <prompt>$ </prompt><command>ant <replaceable>target</replaceable></command>
685 where <replaceable>target</replaceable> is one of the following:
688 <term><command>build</command></term>
691 This target compiles the code for &FindBugs;. It is the default target.
697 <term><command>docs</command></term>
700 This target formats the documentation. (It also compiles some of
701 the source code as a side-effect.)
707 <term><command>runjunit</command></term>
710 This target compiles and runs the internal JUnit tests included
711 in &FindBugs;. It will print an error message if any unit
718 <term><command>bindist</command></term>
721 Builds a binary distribution of &FindBugs;.
722 The target creates both <filename>.zip</filename> and
723 <filename>.tar.gz</filename> archives.
731 After running an &Ant; command, you should see output similar to
732 the following (after some other messages regarding the tasks that
737 Total time: 17 seconds
745 <title>Running &FindBugs;™</title>
747 The &Ant; build script for &FindBugs; is set up such that after
748 building the <command>build</command> target, the working directory
749 is set up just like a binary distribution. So, the information about
750 installing a binary distribution of &FindBugs; in <xref linkend="installing" />
751 applies to source distributions, too.
759 **************************************************************************
760 Using the FindBugs Graphical Interface
761 **************************************************************************
765 <title>Using the &FindBugs;™ Graphical User Interface</title>
768 &FindBugs; has two user interfaces: a graphical user interface (GUI) and a
769 command line user interface. This chapter describes the graphical user interface.
774 <title>Executing the &FindBugs;™ GUI</title>
779 <title>Creating a Project</title>
781 After you have started &FindBugs; using the <command>findbugs</command> command,
782 choose the <menuchoice><guimenu>File</guimenu><guimenuitem>New Project</guimenuitem></menuchoice>
783 menu item. You will see a dialog which looks like this:
786 <imagedata fileref="project-dialog.png" />
792 Use the "Add" button next to the "Class archives and directories to analyze" text field to select a Java archive
793 file (zip, jar, ear, or war file) or directory containing java classes to analyze for bugs. You may add multiple
794 archives/directories.
798 You can also add the source directories which contain
799 the source code for the Java archives you are analyzing. This will enable
800 &FindBugs; to highlight the source code which contains a possible error.
801 The source directories you add should be the roots of the Java
802 package hierarchy. For example, if your application is contained in the
803 <varname>org.foobar.myapp</varname> package, you should add the
804 parent directory of the <filename class="directory">org</filename> directory
805 to the source directory list for the project.
809 Another optional step is to add additional Jar files or directories as
810 "Auxiliary classpath locations" entries. You should do this if the archives and directories you are analyzing
811 have references to other classes which are not included in the analyzed
812 archives/directories and are not in the standard runtime classpath. Some of the bug
813 pattern detectors in &FindBugs; make use of class hierarchy information,
814 so you will get more accurate results if the entire class hierarchy is
815 available which &FindBugs; performs its analysis.
821 <title>Running the Analysis</title>
823 Once you have added all of the archives, directories, and source directories,
824 click the "Finish" button to analyze the classes contained in the
825 Jar files. Note that for a very large program on an older computer,
826 this may take quite a while (tens of minutes). A recent computer with
827 ample memory will typically be able to analyze a large program in only a
833 <title>Browsing Results</title>
836 When the analysis completes, you will see a screen like the following:
839 <imagedata fileref="example-details.png" />
845 The upper left-hand pane of the window shows the bug tree; this is a hierarchical
846 representation of all of the potential bugs detected in the analyzed
851 When you select a particular bug instance in the top pane, you will
852 see a description of the bug in the "Details" tab of the bottom pane.
853 In addition, the source code pane on the upper-right will show the
854 program source code where the potential bug occurs, if source is available.
855 In the above example, the bug is a stream object that is not closed. The
856 source code window highlights the line where the stream object is created.
860 You may add a textual annotations to bug instances. To do so, type them
861 into the text box just below the hierarchical view. You can type any
862 information which you would like to record. When you load and save bug
863 results files, the annotations are preserved.
869 <title>Saving and Opening</title>
872 You may use the <menuchoice><guimenu>File</guimenu><guimenuitem>Save as...</guimenuitem></menuchoice>
873 menu option to save your work. To save your work, including the jar
874 file lists you specified and all bug results, choose
875 "FindBugs analysis results (.xml)" from the drop-down list in the
876 "Save as..." dialog. There are also options for saving just the jar
877 file lists ("FindBugs project file (.fbp)") or just the results
878 ("FindBugs analysis file (.fba)"), but these are rarely needed. A
879 saved file may be loaded with the
880 <menuchoice><guimenu>File</guimenu><guimenuitem>Open...</guimenuitem></menuchoice>
891 **************************************************************************
892 Using the FindBugs Command Line Interface
893 **************************************************************************
896 <chapter id="textui">
897 <title>Using the &FindBugs;™ Command Line Interface</title>
900 The &FindBugs; Command Line Interface (or Text UI) can be used to
901 analyze an application for bugs non-interactively. Each bug instance will be
902 reported on a single line. All output is written to the standard output file descriptor.
903 <xref linkend="filter" /> explains how bug reports may be filtered in order
904 to get only the output you're interested in.
908 See <xref linkend="commandLineOptions" /> in <xref linkend="installing" /> for a description of how to invoke the
909 Command Line Interface.
917 **************************************************************************
918 Using the FindBugs Ant task
919 **************************************************************************
922 <chapter id="anttask">
923 <title>Using the &FindBugs;™ &Ant; task</title>
926 This chapter describes how to integrate &FindBugs; into a build script
927 for <ulink url="http://ant.apache.org/">&Ant;</ulink>, which is a popular Java build
928 and deployment tool. Using the &FindBugs; &Ant; task, your build script can
929 automatically run &FindBugs; on your Java code.
933 The &Ant; task was generously contributed by Mike Fagan.
937 <title>Installing the &Ant; task</title>
940 To install the &Ant; task, simply copy <filename>&FBHome;/lib/findbugs-ant.jar</filename>
941 into the <filename>lib</filename> subdirectory of your &Ant; installation.
944 <para>It is strongly recommended that you use the &Ant; task with the version
945 of &FindBugs; it was included with. We do not guarantee that the &Ant; task Jar file
946 will work with any version of &FindBugs; other than the one it was included with.</para>
953 <title>Modifying build.xml</title>
956 To incorporate &FindBugs; into <filename>build.xml</filename> (the build script
957 for &Ant;), you first need to add a task definition. This should appear as follows:
960 <taskdef name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask"/>
963 The task definition specifies that when a <literal>findbugs</literal> element is
964 seen in <filename>build.xml</filename>, it should use the indicated class to execute the task.
968 After you have added the task definition, you can define a target
969 which uses the <literal>findbugs</literal> task. Here is an example
970 which could be added to the <filename>build.xml</filename> for the
971 Apache <ulink url="http://jakarta.apache.org/bcel/">BCEL</ulink> library.
974 <property name="findbugs.home" value="/export/home/daveho/work/findbugs" />
976 <target name="findbugs" depends="jar">
977 <findbugs home="${findbugs.home}"
979 outputFile="bcel-fb.xml" >
980 <auxClasspath path="${basedir}/lib/Regex.jar" />
981 <sourcePath path="${basedir}/src/java" />
982 <class location="${basedir}/bin/bcel.jar" />
987 The <literal>findbugs</literal> element must have the <literal>home</literal>
988 attribute set to the directory in which &FindBugs; is installed; in other words,
989 &FBHome;. See <xref linkend="installing" />.
993 This target will execute &FindBugs; on <filename>bcel.jar</filename>, which is the
994 Jar file produced by BCEL's build script. (By making it depend on the "jar"
995 target, we ensure that the library is fully compiled before running &FindBugs; on it.)
996 The output of &FindBugs; will be saved in XML format to a file called
997 <filename>bcel-fb.xml</filename>.
998 An auxiliary Jar file, <filename>Regex.jar</filename>, is added to the aux classpath,
999 because it is referenced by the main BCEL library. A source path is specified
1000 so that the saved bug data will have accurate references to the BCEL source code.
1005 <title>Executing the task</title>
1008 Here is an example of invoking &Ant; from the command line, using the <literal>findbugs</literal>
1009 target defined above.
1012 <prompt>[daveho@noir]$</prompt> <command>ant findbugs</command>
1013 Buildfile: build.xml
1024 [findbugs] Running FindBugs...
1025 [findbugs] Bugs were found
1026 [findbugs] Output saved to bcel-fb.xml
1029 Total time: 35 seconds
1032 In this case, because we saved the bug results in an XML file, we can
1033 use the &FindBugs; GUI to view the results; see <xref linkend="gui"/>.
1039 <title>Parameters</title>
1041 <para>This section describes the parameters that may be specified when
1042 using the &FindBugs; task.
1047 <term><literal>class</literal></term>
1050 A nested element specifying which classes to analyze. The <literal>class</literal>
1051 element must specify a <literal>location</literal> attribute which names the
1052 archive file (jar, zip, etc.), directory, or class file to be analyzed. Multiple <literal>class</literal>
1053 elements may be specified as children of a single <literal>findbugs</literal> element.
1059 <term><literal>auxClasspath</literal></term>
1062 An optional nested element which specifies a classpath (Jar files or directories)
1063 containing classes used by the analyzed library or application, but which
1064 you don't want to analyze. It is specified the same way as
1065 &Ant;'s <literal>classpath</literal> element for the Java task.
1071 <term><literal>sourcePath</literal></term>
1074 An optional nested element which specifies a source directory path
1075 containing source files used to compile the Java code being analyzed.
1076 By specifying a source path, any generated XML bug output will have
1077 complete source information, which allows later viewing in the
1084 <term><literal>home</literal></term>
1087 A required attribute.
1088 It must be set to the name of the directory where &FindBugs; is installed.
1094 <term><literal>quietErrors</literal></term>
1097 An optional boolean attribute.
1098 If true, reports of serious analysis errors and missing classes will
1099 be suppressed in the &FindBugs; output. Default is false.
1105 <term><literal>reportLevel</literal></term>
1108 An optional attribute. It specifies
1109 the priority threshold for reporting bugs. If set to "low", all bugs are reported.
1110 If set to "medium" (the default), medium and high priority bugs are reported.
1111 If set to "high", only high priority bugs are reported.
1117 <term><literal>output</literal></term>
1121 It specifies the output format. If set to "xml" (the default), output
1123 If set to "xml:withMessages", output is in XML format augmented with
1124 human-readable messages. (You should use this format if you plan
1125 to generate a report using an XSL stylesheet.)
1126 If set to "html", output is in HTML formatted (default stylesheet is default.xsl).
1127 If set to "text", output is in ad-hoc text format.
1128 If set to "emacs", output is in <ulink url="http://www.gnu.org/software/emacs/">Emacs</ulink> error message format.
1129 If set to "xdocs", output is xdoc XML for use with Apache Maven.
1134 <term><literal>stylesheet</literal></term>
1138 It specifies the stylesheet to use to generate html output when the output is set to html.
1139 Stylesheets included in the FindBugs distribution include default.xsl, fancy.xsl, fancy-hist.xsl, plain.xsl, and summary.xsl.
1140 The default value, if no stylesheet attribute is provided, is default.xsl.
1147 <term><literal>sort</literal></term>
1150 Optional attribute. If the <literal>output</literal> attribute
1151 is set to "text", then the <literal>sort</literal> attribute specifies
1152 whether or not reported bugs are sorted by class. Default is true.
1158 <term><literal>outputFile</literal></term>
1161 Optional attribute. If specified, names the output file in which the
1162 &FindBugs; output will be saved. By default, the output is displayed
1169 <term><literal>debug</literal></term>
1172 Optional boolean attribute. If set to true, &FindBugs; prints diagnostic
1173 information about which classes are being analyzed, and which bug pattern
1174 detectors are being run. Default is false.
1180 <term><literal>effort</literal></term>
1183 Set the analysis effort level. The value specified should be
1184 one of <literal>min</literal>, <literal>default</literal>,
1185 or <literal>max</literal>. See <xref linkend="commandLineOptions"/>
1186 for more information about setting the analysis level.
1192 <term><literal>conserveSpace</literal></term>
1194 <para>Synonym for effort="min".</para>
1199 <term><literal>workHard</literal></term>
1201 <para>Synonym for effort="max".</para>
1206 <term><literal>visitors</literal></term>
1209 Optional attribute. It specifies a comma-separated list of bug detectors
1210 which should be run. The bug detectors are specified by their class names,
1211 without any package qualification. By default, all detectors which are
1212 not disabled by default are run.
1218 <term><literal>omitVisitors</literal></term>
1221 Optional attribute. It is like the <literal>visitors</literal> attribute,
1222 except it specifies detectors which will <emphasis>not</emphasis> be run.
1228 <term><literal>excludeFilter</literal></term>
1231 Optional attribute. It specifies the filename of a filter specifying bugs
1232 to exclude from being reported. See <xref linkend="filter" />.
1238 <term><literal>includeFilter</literal></term>
1241 Optional attribute. It specifies the filename of a filter specifying
1242 which bugs are reported. See <xref linkend="filter" />.
1248 <term><literal>projectFile</literal></term>
1251 Optional attribute. It specifies the name of a project file.
1252 Project files are created by the &FindBugs; GUI, and specify classes,
1253 aux classpath entries, and source directories. By naming a project,
1254 you don't need to specify any <literal>class</literal> elements,
1255 nor do you need to specify <literal>auxClasspath</literal> or
1256 <literal>sourcePath</literal> attributes.
1257 See <xref linkend="gui"/> for how to create a project.
1263 <term><literal>jvmargs</literal></term>
1266 Optional attribute. It specifies any arguments that should be passed
1267 to the Java virtual machine used to run &FindBugs;. You may need to
1268 use this attribute to specify flags to increase the amount of memory
1269 the JVM may use if you are analyzing a very large program.
1275 <term><literal>systemProperty</literal></term>
1278 Optional nested element. If specified, defines a system property.
1279 The <literal>name</literal> attribute specifies the name of the
1280 system property, and the <literal>value</literal> attribute specifies
1281 the value of the system property.
1287 <term><literal>timeout</literal></term>
1290 Optional attribute. It specifies the amount of time, in milliseconds,
1291 that the Java process executing &FindBugs; may run before it is
1292 assumed to be hung and is terminated. The default is 600,000
1293 milliseconds, which is ten minutes. Note that for very large
1294 programs, &FindBugs; may require more than ten minutes to complete its
1301 <term><literal>failOnError</literal></term>
1304 Optional boolean attribute. Whether to abort the build process if there is an
1305 error running &FindBugs;. Defaults to "false"
1311 <term><literal>errorProperty</literal></term>
1314 Optional attribute which specifies the name of a property that
1315 will be set to "true" if an error occurs while running &FindBugs;.
1321 <term><literal>warningsProperty</literal></term>
1324 Optional attribute which specifies the name of a property
1325 that will be set to "true" if any warnings are reported by
1326 &FindBugs; on the analyzed program.
1345 **************************************************************************
1346 Using the FindBugs Eclipse plugin
1347 **************************************************************************
1350 <chapter id="eclipse">
1351 <title>Using the &FindBugs;™ Eclipse plugin</title>
1354 The FindBugs Eclipse plugin allows &FindBugs; to be used within
1355 the <ulink url="http://www.eclipse.org/">Eclipse</ulink> IDE.
1356 The FindBugs Eclipse plugin was generously contributed by Peter Friese.
1357 Phil Crosby and Andrei Loskutov contributed major improvements
1362 <title>Requirements</title>
1365 To use the &FindBugs; Plugin for Eclipse, you need Eclipse 3.0.1 or later,
1366 and JRE/JDK 1.4.0 or later.
1372 <title>Installation</title>
1375 We provide update sites that allow you to automatically install FindBugs into Eclipse and also query and install updates.
1376 There are three different update sites</para>
1378 <variablelist><title>FindBugs Eclipse update sites</title>
1379 <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</ulink></term>
1383 Only provides official releases of FindBugs.
1388 <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse-candidate/">http://findbugs.cs.umd.edu/eclips-candidate/</ulink></term>
1392 Provides official releases and release candidates of FindBugs.
1397 <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse-daily/">http://findbugs.cs.umd.edu/eclipse-daily/</ulink></term>
1401 Provides the daily build of FindBugs. No testing other than that it compiles.
1407 <para>You can also manually
1408 download the plugin from the following link:
1409 <ulink url="http://prdownloads.sourceforge.net/findbugs/edu.umd.cs.findbugs.plugin.eclipse_1.3.0.20071108.zip?download"
1410 >http://prdownloads.sourceforge.net/findbugs/edu.umd.cs.findbugs.plugin.eclipse_1.3.0.20071108.zip?download</ulink>.
1411 Extract it in Eclipse's "plugins" subdirectory.
1412 (So <eclipse_install_dir>/plugins/edu.umd.cs.findbugs.plugin.eclipse_1.3.0.20071108/findbugs.png
1413 should be the path to the &FindBugs; logo.)
1418 Once the plugin is extracted, start Eclipse and choose
1420 <guimenu>Help</guimenu>
1421 <guimenuitem>About Eclipse Platform</guimenuitem>
1422 <guimenuitem>Plug-in Details</guimenuitem>
1424 You should find a plugin called "FindBugs Plug-in" provided by "FindBugs Project".
1429 <title>Using the Plugin</title>
1432 To get started, right click on a Java project,
1433 and select the option labeled "Find Bugs".
1434 &FindBugs; will run, and problem markers (displayed in source
1435 windows, and also in the Eclipse Problems view) will point to
1436 locations in your code which have been identified as potential instances
1441 You may customize how &FindBugs; runs by opening the Properties
1442 dialog for a Java project, and choosing the "Findbugs" property page.
1443 Options you may choose include:
1449 Enable or disable the "Run FindBugs Automatically" checkbox.
1450 When enabled, FindBugs will run every time you modify a Java class
1457 Choose minimum warning priority and enabled bug categories.
1458 These options will choose which warnings are shown.
1459 For example, if you select the "Medium" warning priority,
1460 only Medium and High priority warnings will be shown.
1461 Similarly, if you uncheck the "Style" checkbox, no warnings
1462 in the Style category will be displayed.
1468 Select detectors. The table allows you to select which detectors
1469 you want to enable for your project.
1477 <title>Troubleshooting</title>
1480 The &FindBugs; Eclipse plugin is still experimental. This section
1481 lists common problems with the plugin and (if known) how to resolve them.
1487 If you do not see any &FindBugs; problem markers (in your source
1488 windows or in the Problems View), you may need to change your
1489 Problems View filter settings. See
1490 <ulink url="http://findbugs.sourceforge.net/FAQ.html#q7">http://findbugs.sourceforge.net/FAQ.html#q7</ulink> for more information.
1503 **************************************************************************
1505 **************************************************************************
1508 <chapter id="filter">
1509 <title>Filter Files</title>
1512 Filter files may be used to include or exclude bug reports for particular classes
1513 and methods. This chapter explains how to use filter files.
1516 <title>Planned Features</title>
1518 Filters are currently only supported by the Command Line interface.
1519 Eventually, filter support will be added to the GUI.
1526 <title>Introduction to Filter Files</title>
1529 Conceptually, a filter matches bug instances against a set of criteria.
1530 By defining a filter, you can select bug instances for special treatment;
1531 for example, to exclude or include them in a report.
1535 A filter file is an <ulink url="http://www.w3.org/XML/">XML</ulink> document with a top-level <literal>FindBugsFilter</literal> element
1536 which has some number of <literal>Match</literal> elements as children. Each <literal>Match</literal>
1537 element represents a predicate which is applied to generated bug instances.
1538 Usually, a filter will be used to exclude bug instances. For example:
1541 <prompt>$ </prompt><command>findbugs -textui -exclude <replaceable>myExcludeFilter.xml</replaceable> <replaceable>myApp.jar</replaceable></command>
1544 However, a filter could also be used to select bug instances to specifically
1548 <prompt>$ </prompt><command>findbugs -textui -include <replaceable>myIncludeFilter.xml</replaceable> <replaceable>myApp.jar</replaceable></command>
1553 <literal>Match</literal> elements contain children, which are conjuncts of the predicate.
1554 In other words, each of the children must be true for the predicate to be true.
1560 <title>Types of Match clauses</title>
1564 <term><literal><Bug></literal></term>
1566 This element specifies a particular bug pattern or patterns to match.
1567 The <literal>pattern</literal> attribute is a comma-separated list of
1568 bug pattern types. You can find the bug pattern types for particular
1569 warnings by looking at the output produced by the <command>-xml</command>
1570 output option (the <literal>type</literal> attribute of <literal>BugInstance</literal>
1571 elements), or from the <ulink url="../bugDescriptions.html">bug
1572 descriptions document</ulink>.
1574 For more coarse-grained matching, use <literal>code</literal> attribute. It takes
1575 a comma-separated list of bug abbreviations. For most-coarse grained matching use
1576 <literal>category</literal> attriute, that takes a comma separated list of bug category names:
1577 <literal>CORRECTNESS</literal>, <literal>MT_CORRECTNESS</literal>,
1578 <literal>BAD_PRACTICICE</literal>, <literal>PERFORMANCE</literal>, <literal>STYLE</literal>.
1580 If more than one of the attributes mentioned above are specified on the same
1581 <literal><Bug></literal> element, all bug patterns that match either one of specified
1582 pattern names, or abreviations, or categories will be matched.
1584 As a backwards compatibility measure, <literal><BugPattern></literal> and
1585 <literal><BugCode></literal> elements may be used instead of
1586 <literal><Bug></literal> element. Each of these uses a
1587 <literal>name</literal> attribute for specifying accepted values list. Support for these
1588 elements may be removed in a future release.
1593 <term><literal><Priority></literal></term>
1596 This element matches warnings with a particular priority.
1597 The <literal>value</literal> attribute should be an integer value:
1598 1 to match high-priority warnings, 2 to match medium-priority warnings,
1599 or 3 to match low-priority warnings.
1606 <term><literal><Package></literal></term>
1609 This element matches warnings associated with classes within the package specified
1610 using <literal>name</literal> attribute. Nested packages are not included (along the
1611 lines of Java import statement). However matching multiple packages can be achieved
1612 easily using regex name match.
1618 <term><literal><Class></literal></term>
1621 This element matches warnings associated with a particular class. The
1622 <literal>name</literal> attribute is used to specify the exact or regex match pattern
1627 As a backward compatibility measure, instead of element of this type, you can use
1628 <literal>class</literal> attribute on a <literal>Match</literal> element to specify
1629 exact an class name or <literal>classregex</literal> attribute to specify a regular
1630 expression to match the class name against.
1634 If the <literal>Match</literal> element contains neither a <literal>Class</literal> element,
1635 nor a <literal>class</literal> / <literal>classregex</literal> attribute, the predicate will apply
1636 to all classes. Such predicate is likely to match more bug instances than you want, unless it is
1637 refined further down with apropriate method or field predicates.
1643 <term><literal><Method></literal></term>
1645 <listitem><para>This element specifies a method. The <literal>name</literal> is used to specify
1646 the exact or regex match pattern for the method name.
1647 The <literal>params</literal> attribute is a comma-separated list
1648 of the types of the method's parameters. The <literal>returns</literal> attribute is
1649 the method's return type. In <literal>params</literal> and <literal>returns</literal>, class names
1650 must be fully qualified. (E.g., "java.lang.String" instead of just
1651 "String".) If one of the latter attributes is specified the other is required for creating a method signature.
1652 Note that you can provide either <literal>name</literal> attribute or <literal>params</literal>
1653 and <literal>returns</literal> attributes or all three of them. This way you can provide various kinds of
1654 name and signature based matches.
1659 <term><literal><Field></literal></term>
1661 <listitem><para>This element specifies a field. The <literal>name</literal> attribute is is used to specify
1662 the exact or regex match pattern for the field name. You can also filter fields according to their signature -
1663 use <literal>type</literal> attribute to specify fully qualified type of the field. You can specify eiter or both
1664 of these attributes in order to perform name / signature based matches.
1669 <term><literal><Local></literal></term>
1671 <listitem><para>This element specifies a local variable. The <literal>name</literal> attribute is is used to specify
1672 the exact or regex match pattern for the local variable name. Local variables are variables defined within a method.
1677 <term><literal><Or></literal></term>
1679 This element combines <literal>Match</literal> clauses as disjuncts. I.e., you can put two
1680 <literal>Method</literal> elements in an <literal>Or</literal> clause in order match either method.
1688 <title>Java element name matching</title>
1691 If the <literal>name</literal> attribute or <literal>Class</literal>, <literal>Method</literal> or
1692 <literal>Field</literal> starts with the ~ character the rest of attribute content is interpreted as
1693 a Java regular expression that is matched against the names of the Java element in question.
1697 Note that the pattern is matched against whole element name and therefore .* clauses need to be used
1698 at pattern beginning and/or end to perform substring matching.
1702 See <ulink url="http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html"><literal>java.util.regex.Pattern</literal></ulink>
1703 documentation for pattern syntax.
1708 <title>Caveats</title>
1711 <literal>Match</literal> clauses can only match information that is actually contained in the
1712 bug instances. Every bug instance has a class, so in general, excluding
1713 bugs by class will work.
1717 Some bug instances have two (or more) classes. For example, the DE (dropped exception)
1718 bugs report both the class containing the method where the dropped exception
1719 happens, and the class which represents the type of the dropped exception.
1720 Only the <emphasis>first</emphasis> (primary) class is matched against <literal>Match</literal> clauses.
1721 So, for example, if you want to suppress IC (initialization circularity)
1722 reports for classes "com.foobar.A" and "com.foobar.B", you would use
1723 two <literal>Match</literal> clauses:
1727 <Class name="com.foobar.A" />
1728 <Bug code="IC" />
1732 <Class name="com.foobar.B" />
1733 <Bug code="IC" />
1737 By explicitly matching both classes, you ensure that the IC bug instance will be
1738 matched regardless of which class involved in the circularity happens to be
1739 listed first in the bug instance. (Of course, this approach might accidentally
1740 supress circularities involving "com.foobar.A" or "com.foobar.B" and a third
1745 Many kinds of bugs report what method they occur in. For those bug instances,
1746 you can put <literal>Method</literal> clauses in the <literal>Match</literal> element and they should work
1753 <title>Examples</title>
1756 1. Match all bug reports for a class.
1761 <Class name="com.foobar.MyClass" />
1769 2. Match certain tests from a class by specifying their abbreviations.
1773 <Class name="com.foobar.MyClass"/ >
1774 <Bug code="DE,UrF,SIC" />
1781 3. Match certain tests from all classes by specifying their abbreviations.
1786 <Bug code="DE,UrF,SIC" />
1793 4. Match certain tests from all classes by specifying their category.
1798 <Bug category="PERFORMANCE" />
1805 5. Match bug types from specified methods of a class by their abbreviations.
1810 <Class name="com.foobar.MyClass" />
1812 <Method name="frob" params="int,java.lang.String" returns="void" />
1813 <Method name="blat" params="" returns="boolean" />
1822 6. Match a particular bug pattern in a particular method.
1826 <!-- A method with an open stream false positive. -->
1828 <Class name="com.foobar.MyClass" />
1829 <Method name="writeDataToFile" />
1830 <Bug pattern="OS_OPEN_STREAM" />
1837 7. Match a particular bug pattern with a given priority in a particular method.
1841 <!-- A method with a dead local store false positive (medium priority). -->
1843 <Class name="com.foobar.MyClass" />
1844 <Method name="someMethod" />
1845 <Bug pattern="DLS_DEAD_LOCAL_STORE" />
1846 <Priority value="2" />
1853 8. Match minor bugs introduced by AspectJ compiler (you are probably not interested in these unless
1854 you are an AspectJ developer).
1859 <Class name="~.*\$AjcClosure\d+" />
1860 <Bug pattern="DLS_DEAD_LOCAL_STORE" />
1861 <Method name="run" />
1864 <Bug pattern="UUF_UNUSED_FIELD" />
1865 <Field name="~ajc\$.*" />
1872 9. Match bugs in specific parts of the code base
1876 <!-- match unused fields warnings in Messages classes in all packages -->
1878 <Class name="~.*\.Messages" />
1881 <!-- match mutable statics warnings in all internal packages -->
1883 <Package name="~.*\.internal" />
1886 <!-- match anonymoous inner classes warnings in ui package hierarchy -->
1888 <Package name="~com\.foobar\.fooproject\.ui.*" />
1889 <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON" />
1896 10. Match bugs on fieds or methods with specific signatures
1899 <!-- match System.exit(...) usage warnings in void main(String[]) methods in all classes -->
1901 <Method returns="void" name="main" params="java.lang.String[]" />
1902 <Method pattern="DM_EXIT" />
1904 <!-- match UuF warnings on fields of type com.foobar.DebugInfo on all classes -->
1906 <Field type="com.foobar.DebugInfo" />
1917 <title>Complete Example</title>
1923 <Class name="com.foobar.ClassNotToBeAnalyzed" />
1927 <Class name="com.foobar.ClassWithSomeBugsMatched" />
1928 <Bug code="DE,UrF,SIC" />
1931 <!-- Match all XYZ violations. -->
1936 <!-- Match all doublecheck violations in these methods of "AnotherClass". -->
1938 <Class name="com.foobar.AnotherClass" />
1940 <Method name="nonOverloadedMethod" />
1941 <Method name="frob" params="int,java.lang.String" returns="void" />
1942 <Method name="blat" params="" returns="boolean" />
1947 <!-- A method with a dead local store false positive (medium priority). -->
1949 <Class name="com.foobar.MyClass" />
1950 <Method name="someMethod" />
1951 <Bug code="DLS_DEAD_LOCAL_STORE" />
1952 <Priority value="2" />
1954 </FindBugsFilter>
1965 **************************************************************************
1967 **************************************************************************
1970 <chapter id="analysisprops">
1971 <title>Analysis Properties</title>
1974 &FindBugs; allows several aspects of the analyses it performs to be
1975 customized. System properties are used to configure these options.
1976 This chapter describes the configurable analysis options.
1980 The analysis options have two main purposes. First, they allow you
1981 to inform &FindBugs; about the meaning of methods in your application,
1982 so that it can produce more accurate results, or produce fewer
1983 false warnings. Second, they allow you to configure the precision
1984 of the analysis performed. Reducing analysis precision can save
1985 memory and analysis time, at the expense of missing some real bugs,
1986 or producing more false warnings.
1990 The analysis options are set using the <command>-property</command>
1991 command line option. For example:
1993 <prompt>$ </prompt><command>findbugs -textui -property "cfg.noprune=true" <replaceable>myApp.jar</replaceable></command>
1998 The list of configurable analysis properties is shown in
1999 <xref linkend="analysisproptable"/>.
2002 <table id="analysisproptable">
2003 <title>Configurable Analysis Properties</title>
2004 <tgroup cols="3" align="left">
2007 <entry>Property Name</entry>
2008 <entry>Value</entry>
2009 <entry>Meaning</entry>
2015 <entry>cfg.noprune</entry>
2016 <entry>true or false</entry>
2017 <entry>If true, infeasible exception edges are not pruned from
2018 the control flow graphs of analyzed methods. This option
2019 increases the speed of the analysis (by about 20%-30%),
2020 but causes some detectors to produce more false warnings.</entry>
2024 <entry>findbugs.assertionmethods</entry>
2025 <entry>Comma-separated list of fully qualified method names:
2026 e.g., "com.foo.MyClass.checkAssertion"</entry>
2027 <entry>This property specifies the names of methods that are used
2028 to check program assertions. Specifying these methods allows
2029 the null pointer dereference bug detector to avoid reporting
2030 false warnings for values which are checked by assertion
2034 <entry>findbugs.de.comment</entry>
2035 <entry>true or false</entry>
2036 <entry>If true, the DroppedException detector scans source code
2037 for empty catch blocks for a comment, and if one is found, does
2038 not report a warning.</entry>
2041 <entry>findbugs.maskedfields.locals</entry>
2042 <entry>true or false</entry>
2043 <entry>If true, emit low priority warnings for local variables
2044 which obscure fields. Default is false.</entry>
2047 <entry>findbugs.nullderef.assumensp</entry>
2048 <entry>true or false</entry>
2050 (intention: If true, the null dereference detector assumes that any
2051 reference value returned from a method or passed to a method
2052 in a parameter might be null. Default is false. Note that
2053 enabling this property will very likely cause a large number
2054 of false warnings to be produced.)</entry>
2057 <entry>findbugs.refcomp.reportAll</entry>
2058 <entry>true or false</entry>
2059 <entry>If true, all suspicious reference comparisons
2060 using the == and != operators are reported. If false,
2061 only one such warning is issued per method. Default
2065 <entry>findbugs.sf.comment</entry>
2066 <entry>true or false</entry>
2067 <entry>If true, the SwitchFallthrough detector will only report
2068 warnings for cases where the source code does not have a comment
2069 containing the words "fall" or "nobreak". (An accurate source
2070 path must be used for this feature to work correctly.)
2071 This helps find cases where the switch fallthrough is likely
2072 to be unintentional.</entry>
2074 <!-- see others at src/doc/manual/sysprops.html
2088 **************************************************************************
2090 ***************************************************************************
2093 <chapter id="annotations">
2094 <title>Annotations</title>
2097 &FindBugs; supports several annotations to express the developer's intent
2098 so that FindBugs can issue warnings more appropriately. You need to use
2099 Java 5 to use annotations, and must place the annotations.jar on the
2100 classpath while compiling your program.
2105 <term><command>edu.umd.cs.findbugs.annotations.CheckForNull</command></term>
2107 <command>[Target]</command> Field, Method, Parameter, Local variable
2111 The annotated element might be null, and uses of the element should check for null.
2112 When this annotation is applied to a method it applies to the method return value.
2118 <term><command>edu.umd.cs.findbugs.annotations.CheckReturnValue</command></term>
2120 <command>[Target]</command> Method, Constructor
2125 <term><command>[Parameter]</command></term>
2128 <command>priority:</command>The priority of the warning (HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM.
2133 <command>explanation:</command>A textual explaination of why the return value should be checked. Default value:"".
2141 This annotation is used to denote a method whose return value should always be checked after invoking the method.
2147 <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotation</command></term>
2149 <command>[Target]</command> Type, Package
2154 <term><command>[Parameter]</command></term>
2157 <command>value:</command>Annotation class objects. More than one class can be specified.
2162 <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM.
2170 Indicates that all members of the class or package should be annotated with the default
2171 value of the supplied annotation classes. This would be used for behavior annotations
2172 such as @NonNull, @CheckForNull, or @CheckReturnValue. In particular, you can use
2173 @DefaultAnnotation(NonNull.class) on a class or package, and then use @Nullable only
2174 on those parameters, methods or fields that you want to allow to be null.
2180 <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields</command></term>
2182 <command>[Target]</command> Type, Package
2187 <term><command>[Parameter]</command></term>
2190 <command>value:</command>Annotation class objects. More than one class can be specified.
2195 <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM.
2203 This is same as the DefaultAnnotation except it only applys to fields.
2209 <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForMethods</command></term>
2211 <command>[Target]</command> Type, Package
2216 <term><command>[Parameter]</command></term>
2219 <command>value:</command>Annotation class objects. More than one class can be specified.
2224 <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM.
2232 This is same as the DefaultAnnotation except it only applys to methods.
2238 <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters</command></term>
2240 <command>[Target]</command> Type, Package
2245 <term><command>[Parameter]</command></term>
2248 <command>value:</command>Annotation class objects. More than one class can be specified.
2253 <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM.
2261 This is same as the DefaultAnnotation except it only applys to method parameters.
2267 <term><command>edu.umd.cs.findbugs.annotations.NonNull</command></term>
2269 <command>[Target]</command> Field, Method, Parameter, Local variable
2273 The annotated element must not be null.
2274 Annotated fields must not be null after construction has completed. Annotated methods must have non-null return values.
2280 <term><command>edu.umd.cs.findbugs.annotations.Nullable</command></term>
2282 <command>[Target]</command> Field, Method, Parameter, Local variable
2286 The annotated element could be null under some circumstances. In general, this means
2287 developers will have to read the documentation to determine when a null value is
2288 acceptable and whether it is neccessary to check for a null value.
2294 <term><command>edu.umd.cs.findbugs.annotations.OverrideMustInvoke</command></term>
2296 <command>[Target]</command> Method
2301 <term><command>[Parameter]</command></term>
2304 <command>value:</command>Specify when the super invocation should be
2305 performed (FIRST, ANYTIME, LAST). Default value:ANYTIME.
2313 Used to annotate a method that, if overridden, must (or should) be invoke super
2314 in the overriding method. Examples of such methods include finalize() and clone().
2315 The argument to the method indicates when the super invocation should occur:
2316 at any time, at the beginning of the overriding method, or at the end of the overriding method.
2317 (This anotation is not implmemented in FindBugs as of September 8, 2006).
2323 <term><command>edu.umd.cs.findbugs.annotations.PossiblyNull</command></term>
2326 This annotation is deprecated. Use CheckForNull instead.
2332 <term><command>edu.umd.cs.findbugs.annotations.SuppressWarnings</command></term>
2334 <command>[Target]</command> Type, Field, Method, Parameter, Constructor, Local variable, Package
2339 <term><command>[Parameter]</command></term>
2342 <command>value:</command>The name of the warning. More than one name can be specified.
2347 <command>justification:</command>Reason why the warning should be ignored. Default value:"".
2355 The set of warnings that are to be suppressed by the compiler in the annotated element.
2356 Duplicate names are permitted. The second and successive occurrences of a name are ignored.
2357 The presence of unrecognized warning names is <emphasis>not</emphasis> an error: Compilers
2358 must ignore any warning names they do not recognize. They are, however, free to emit a
2359 warning if an annotation contains an unrecognized warning name. Compiler vendors should
2360 document the warning names they support in conjunction with this annotation type. They
2361 are encouraged to cooperate to ensure that the same names work across multiple compilers.
2367 <term><command>edu.umd.cs.findbugs.annotations.UnknownNullness</command></term>
2369 <command>[Target]</command> Field, Method, Parameter, Local variable
2373 Used to indicate that the nullness of the target is unknown, or my vary in unknown ways in subclasses.
2379 <term><command>edu.umd.cs.findbugs.annotations.UnknownNullness</command></term>
2381 <command>[Target]</command> Field, Method, Parameter, Local variable
2385 Used to indicate that the nullness of the target is unknown, or my vary in unknown ways in subclasses.
2392 &FindBugs; also supports the following annotations:
2394 <listitem>net.jcip.annotations.GuardedBy</listitem>
2395 <listitem>net.jcip.annotations.Immutable</listitem>
2396 <listitem>net.jcip.annotations.NotThreadSafe</listitem>
2397 <listitem>net.jcip.annotations.ThreadSafe</listitem>
2401 You can refer the JCIP annotation <ulink url="http://jcip.net/annotations/doc/index.html">
2402 API documentation</ulink> at <ulink url="http://jcip.net/">Java Concurrency in Practice</ulink>.
2407 **************************************************************************
2408 Using rejarForAnalysis
2409 **************************************************************************
2413 <title>Using rejarForAnalysis</title>
2416 If your project consists of many jarfiles or the jarfiles are scattered
2417 over many directories, you may wish to use the <command>rejarForAnalysis
2418 </command> script to make
2419 FindBugs invocation easier. The script collects many jarfiles and combines them
2420 into a single, large jarfile that can then be easily passed to FindBugs for
2421 analysis. This can be particularly useful in combination with the 'find' command
2422 on unix systems; e.g. <command>find . -name '*.jar' | xargs rejarForAnalysis
2427 The <command>rejarForAnalysis</command> script
2428 can also be used to split a very large project up into a set of jarfiles with
2429 the project classfiles evenly divided between them. This is useful when running
2430 FindBugs on the entire project is not practical due to time or memory consumption.
2431 Instead of running FindBugs on the entire project, you may use <command>
2432 rejarForAnalysis</command> build one large, all-inclusive jarfile
2433 containing all classes, invoke <command>rejarForAnalysis</command>
2434 again to split the project into multiple jarfiles, then run FindBugs
2435 on each divided jarfiles in turn, specifying the the all-inclusive jarfile in
2436 the <command>-auxclasspath</command>.
2440 These are the options accepted by the <command>rejarForAnalysis</command> script:
2445 <term><command>-maxAge</command> <replaceable>days</replaceable></term>
2448 Maximum age in days (ignore jar files older than this).
2453 <term><command>-inputFileList</command> <replaceable>filename</replaceable></term>
2456 Text file containing names of jar files.
2461 <term><command>-maxClasses</command> <replaceable>num</replaceable></term>
2464 Maximum number of classes per analysis*.jar file.
2469 <term><command>-prefix</command> <replaceable>class name prefix</replaceable></term>
2472 Prefix of class names that should be analyzed (e.g., edu.umd.cs.).
2480 **************************************************************************
2482 **************************************************************************
2485 <chapter id="datamining">
2486 <title>Data mining of bugs with &FindBugs;™</title>
2489 FindBugs incorporates an ability to perform sophisticated queries on bug
2490 databases and track warnings across multiple versions of code being
2491 studied, allowing you to do things such as seeing when a bug was first introduced, examining
2492 just the warnings that have been introduced since the last release, or graphing the number
2493 of infinite recursive loops in your code over time.</para>
2496 These techniques all depend upon the XML format used by FindBugs for storing warnings.
2497 These XML files usually contain just the warnings from one particular analysis run, but
2498 they can also store the results from analyzing a sequence of software builds or versions.
2502 Any FindBugs XML bug database contains a version name and timestamp.
2503 FindBugs tries to compute a timestamp from the timestamps of the files that
2504 are analyzed (e.g., the timestamp is intended to be the time the class files
2505 were generated, not analyzed). Each bug database also contains a version name.
2506 Both the version name and timestamp can be set manually using the
2507 <command>setBugDatabaseInfo</command> (<xref linkend="setBugDatabaseInfo" />) command.
2510 <para>A multiversion bug database assigns a sequence number to each version of
2511 the analyzed code. These sequence numbers are simply successive integers,
2512 starting at 0 (e.g., a bug database for 4 versions of the code will contain
2513 versions 0..3). The bug database will also record the name and timestamp for
2514 each version. The <command>filterBugs</command> command allows you to refer
2515 to a version by sequence number, name or timestamp.</para>
2518 You can take a sequence (or pair) of single version bug databases and create
2519 from them a multiversion bug database, or combine a multiversion bug database
2520 with a sequence of later single-version bug databases.</para>
2523 Some of these commands can be invoked as ant tasks. See below for specifics
2524 on how to invoke them and what attributes and arguments they take. All of
2525 the examples assume that the <literal>findbugs.lib</literal>
2526 <literal>refid</literal> is set correctly. Here is one way to set it:
2531 <!-- findbugs task definition -->
2532 <property name="findbugs.home" value="/your/path/to/findbugs" />
2533 <path id="findbugs.lib">
2534 <fileset dir="${findbugs.home}/lib">
2535 <include name="findbugs-ant.jar"/>
2541 <sect1 id="commands">
2542 <title>Commands</title>
2545 All tools for FindBugs data mining are can be invoked from the command line,
2546 and some of the more useful tools can also be invoked from an
2547 ant build file.</para>
2550 Briefly, the command-line tools are:</para>
2554 <term><command><link linkend="unionBugs">unionBugs</link></command></term>
2557 combine the results from separate analysis of disjoint
2563 <term><command><link linkend="computeBugHistory">computeBugHistory</link></command></term>
2565 <para>Merge bug warnings from multiple versions of
2567 a single multiversion bug database. This can either be used
2568 to add more versions to an existing multiversion database,
2569 or to create a multiversion database from a sequence of single version
2570 bug warning databases.</para>
2574 <term><command><link linkend="setBugDatabaseInfo">setBugDatabaseInfo</link></command></term>
2576 <para>Set information such as the revision name or
2577 timestamp in an XML bug database</para>
2581 <term><command><link linkend="listBugDatabaseInfo">listBugDatabaseInfo</link></command></term>
2583 <para>List information such as the revision name and
2584 timestamp for a list of XML bug databases</para>
2588 <term><command><link linkend="filterBugs">filterBugs</link></command></term>
2590 <para>Select a subset of a bug database</para>
2594 <term><command><link linkend="mineBugHistory">mineBugHistory</link></command></term>
2596 <para>Generate a tabular listing of the number of warnings in each
2597 version of a multiversion bug database</para>
2601 <term><command><link linkend="defectDensity">defectDensity</link></command></term>
2603 <para>List information about defect density
2604 (warnings per 1000 NCSS)
2605 for the entire project and each class and package</para>
2609 <term><command><link linkend="convertXmlToText">convertXmlToText</link></command></term>
2611 <para>Convert bug warnings in XML format to
2612 a textual one-line-per-bug format, or to HTML</para>
2618 <sect2 id="unionBugs">
2619 <title>unionBugs</title>
2622 If you have, for example, separately analyzing each jar file used in an application,
2623 you can use this command to combine the separately generated xml bug warning files into
2624 a single file containing all of the warnings.</para>
2626 <para>Do <emphasis>not</emphasis> use this command to combine results from analyzing different versions of the same
2627 file; use <command>computeBugHistory</command> instead.</para>
2629 <para>Specify the xml files on the command line. The result is sent to standard output.</para>
2632 <sect2 id="computeBugHistory">
2633 <title>computeBugHistory</title>
2635 <para>Use this command to generate a bug database containing information from different builds or versions
2636 of software you are analyzing.
2637 History is taken from the first file provided as input; any following
2638 files should be single version bug databases (if they contain history, the history in those
2639 files will be ignored).</para>
2640 <para>By default, output is written to the standard output.
2643 <para>This functionality may also can be accessed from ant.
2644 First create a taskdef for <command>computeBugHistory</command> in your
2650 <taskdef name="computeBugHistory" classname="edu.umd.cs.findbugs.anttask.ComputeBugHistoryTask">
2651 <classpath refid="findbugs.lib" />
2656 <para>Attributes for this ant task are listed in the following table.
2657 To specify input files, nest them inside with a
2658 <literal><datafile></literal> element. For example:
2663 <computeBugHistory home="${findbugs.home}" ...>
2664 <datafile name="analyze1.xml"/>
2665 <datafile name="analyze2.xml"/>
2666 </computeBugHistory>
2670 <table id="computeBugHistoryTable">
2671 <title>Options for computeBugHistory command</title>
2672 <tgroup cols="3" align="left">
2675 <entry>Command-line option</entry>
2676 <entry>Ant attribute</entry>
2677 <entry>Meaning</entry>
2681 <row><entry>-output <file></entry> <entry>output="<file>"</entry> <entry>save output in the named file (may also be an input file)</entry></row>
2682 <row><entry>-overrideRevisionNames[:truth]</entry> <entry>overrideRevisionNames="[true|false]"</entry><entry>override revision names for each version with names computed from the filenames</entry></row>
2683 <row><entry>-noPackageMoves[:truth]</entry> <entry>noPackageMoves="[true|false]"</entry><entry>if a class has moved to another package, treat warnings in that class as seperate</entry></row>
2684 <row><entry>-preciseMatch[:truth]</entry> <entry>preciseMatch="[true|false]"</entry><entry>require bug patterns to match precisely</entry></row>
2685 <row><entry>-precisePriorityMatch[:truth]</entry> <entry>precisePriorityMatch="[true|false]"</entry><entry>consider two warnings as the same only if priorities match exactly</entry></row>
2686 <row><entry>-quiet[:truth]</entry> <entry>quiet="[true|false]"</entry><entry>don't generate any output to standard out unless there is an error</entry></row>
2687 <row><entry>-withMessages[:truth]</entry> <entry>withMessages="[true|false]"</entry><entry>include human-readable messages describing the warnings in XML output</entry></row>
2693 <sect2 id="filterBugs">
2694 <title>filterBugs</title>
2695 <para>This command is used to select a subset of warnings from a FindBugs XML warning file
2696 and write the selected subset to a new FindBugs warning file.</para>
2698 This command takes a sequence of options, and either zero, one or two
2699 filenames of findbugs xml bug files on the command line.</para>
2700 <para>If no file names are provided, the command reads from standard input
2701 and writes to standard output. If one file name is provided,
2702 it reads from the file and writes to standard output.
2703 If two file names are provided, it reads from the first and writes the output
2704 to the second file name.</para>
2706 <para>This functionality may also can be accessed from ant.
2707 First create a taskdef for <command>filterBugs</command> in your
2713 <taskdef name="filterBugs" classname="edu.umd.cs.findbugs.anttask.FilterBugsTask">
2714 <classpath refid="findbugs.lib" />
2719 <para>Attributes for this ant task are listed in the following table.
2720 To specify an input file either use the input attribute or nest it inside
2721 the ant call with a <literal><datafile></literal> element. For example:
2726 <filterBugs home="${findbugs.home}" ...>
2727 <datafile name="analyze.xml"/>
2732 <table id="filterOptionsTable">
2733 <title>Options for filterBugs command</title>
2734 <tgroup cols="3" align="left">
2737 <entry>Command-line option</entry>
2738 <entry>Ant attribute</entry>
2739 <entry>Meaning</entry>
2743 <row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row>
2744 <row><entry></entry> <entry>output="<file>"</entry> <entry>output results to file</entry></row>
2745 <row><entry>-not</entry> <entry>not="[true|false]"</entry> <entry>reverse (all) switches for the filter</entry></row>
2746 <row><entry>-withSource[:truth]</entry> <entry>withSource="[true|false]"</entry> <entry>only warnings for switch source is available</entry></row>
2747 <row><entry>-exclude <filter file></entry><entry>exclude="<filter file>"</entry> <entry>exclude bugs matching given filter</entry></row>
2748 <row><entry>-include <filter file></entry><entry>include="<filter file>"</entry> <entry>include only bugs matching given filter</entry></row>
2749 <row><entry>-annotation <text></entry> <entry>annotation="<text>"</entry> <entry>allow only warnings containing this text in a manual annotation</entry></row>
2750 <row><entry>-after <when></entry> <entry>after="<when>"</entry> <entry>allow only warnings that first occurred after this version</entry></row>
2751 <row><entry>-before <when></entry> <entry>before="<when>"</entry> <entry>allow only warnings that first occurred before this version</entry></row>
2752 <row><entry>-first <when></entry> <entry>first="<when>"</entry> <entry>allow only warnings that first occurred in this version</entry></row>
2753 <row><entry>-last <when></entry> <entry>last="<when>"</entry> <entry>allow only warnings that last occurred in this version</entry></row>
2754 <row><entry>-fixed <when></entry> <entry>fixed="<when>"</entry> <entry>allow only warnings that last occurred in the previous version (clobbers <option>-last</option>)</entry></row>
2755 <row><entry>-present <when></entry> <entry>present="<when>"</entry> <entry>allow only warnings present in this version</entry></row>
2756 <row><entry>-absent <when></entry> <entry>absent="<when>"</entry> <entry>allow only warnings absent in this version</entry></row>
2757 <row><entry>-active[:truth]</entry> <entry>active="[true|false]"</entry> <entry>allow only warnings alive in the last sequence number</entry></row>
2758 <row><entry>-introducedByChange[:truth]</entry> <entry>introducedByChange="[true|false]"</entry><entry>allow only warnings introduced by a change of an existing class</entry></row>
2759 <row><entry>-removedByChange[:truth]</entry> <entry>removedByChange="[true|false]"</entry> <entry>allow only warnings removed by a change of a persisting class</entry></row>
2760 <row><entry>-newCode[:truth]</entry> <entry>newCode="[true|false]"</entry> <entry>allow only warnings introduced by the addition of a new class</entry></row>
2761 <row><entry>-removedCode[:truth]</entry> <entry>removedCode="[true|false]"</entry> <entry>allow only warnings removed by removal of a class</entry></row>
2762 <row><entry>-priority <level></entry> <entry>priority="<level>"</entry> <entry>allow only warnings with this priority or higher</entry></row>
2763 <row><entry>-class <pattern></entry> <entry>class="<class>"</entry> <entry>allow only bugs whose primary class name matches this pattern</entry></row>
2764 <row><entry>-bugPattern <pattern></entry> <entry>bugPattern="<pattern>"</entry> <entry>allow only bugs whose type matches this pattern</entry></row>
2765 <row><entry>-category <category></entry> <entry>category="<category>"</entry> <entry>allow only warnings with a category that starts with this string</entry></row>
2766 <row><entry>-designation <designation></entry> <entry>designation="<designation>"</entry> <entry>allow only warnings with this designation (e.g., -designation SHOULD_FIX)</entry></row>
2767 <row><entry>-withMessages[:truth] </entry> <entry>withMessages="[true|false]"</entry> <entry>the generated XML should contain textual messages</entry></row>
2774 <sect2 id="mineBugHistory">
2775 <title>mineBugHistory</title>
2776 <para>This command generates a table containing counts of the numbers of warnings
2777 in each version of a multiversion bug database.</para>
2780 <para>This functionality may also can be accessed from ant.
2781 First create a taskdef for <command>mineBugHistory</command> in your
2787 <taskdef name="mineBugHistory" classname="edu.umd.cs.findbugs.anttask.MineBugHistoryTask">
2788 <classpath refid="findbugs.lib" />
2793 <para>Attributes for this ant task are listed in the following table.
2794 To specify an input file either use the <literal>input</literal>
2795 attribute or nest it inside the ant call with a
2796 <literal><datafile></literal> element. For example:
2801 <mineBugHistory home="${findbugs.home}" ...>
2802 <datafile name="analyze.xml"/>
2807 <table id="mineBugHistoryOptionsTable">
2808 <title>Options for mineBugHistory command</title>
2809 <tgroup cols="3" align="left">
2812 <entry>Command-line option</entry>
2813 <entry>Ant attribute</entry>
2814 <entry>Meaning</entry>
2818 <row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row>
2819 <row><entry></entry> <entry>output="<file>"</entry> <entry>write output to file</entry></row>
2820 <row><entry>-formatDates</entry> <entry>formatDates="[true|false]"</entry> <entry>render dates in textual form</entry></row>
2821 <row><entry>-noTabs</entry> <entry>noTabs="[true|false]"</entry> <entry>delimit columns with groups of spaces instead of tabs (see below)</entry></row>
2822 <row><entry>-summary</entry> <entry>summary="[true|false]"</entry> <entry>output terse summary of changes over the last ten entries</entry></row>
2828 The <option>-noTabs</option> output can be easier to read from a shell
2829 with a fixed-width font.
2830 Because numeric columns are right-justified, spaces may precede the
2831 first column value. This option also causes <option>-formatDates</option>
2832 to render dates in terser format without embedded whitespace.
2835 <para>The table is a tab-separated (barring <option>-noTabs</option>)
2836 table with the following columns:</para>
2838 <table id="mineBugHistoryColumns">
2839 <title>Columns in mineBugHistory output</title>
2840 <tgroup cols="2" align="left">
2843 <entry>Title</entry>
2844 <entry>Meaning</entry>
2848 <row><entry>seq</entry><entry>Sequence number (successive integers, starting at 0)</entry></row>
2849 <row><entry>version</entry><entry>Version name</entry></row>
2850 <row><entry>time</entry><entry>Release timestamp</entry></row>
2851 <row><entry>classes</entry><entry>Number of classes analyzed</entry></row>
2852 <row><entry>NCSS</entry><entry>Non Commenting Source Statements</entry></row>
2853 <row><entry>added</entry><entry>Count of new warnings for a class that existed in the previous version</entry></row>
2854 <row><entry>newCode</entry><entry>Count of new warnings for a class that did not exist in the previous version</entry></row>
2855 <row><entry>fixed</entry><entry>Count of warnings removed from a class that remains in the current version</entry></row>
2856 <row><entry>removed</entry><entry>Count of warnings in the previous version for a class that is not present in the current version</entry></row>
2857 <row><entry>retained</entry><entry>Count of warnings that were in both the previous and current version</entry></row>
2858 <row><entry>dead</entry><entry>Warnings that were present in earlier versions but in neither the current version or the immediately preceeding version</entry></row>
2859 <row><entry>active</entry><entry>Total warnings present in the current version</entry></row>
2865 <sect2 id="defectDensity">
2866 <title>defectDensity</title>
2868 This command lists information about defect density (warnings per 1000 NCSS) for the entire project and each class and package.
2869 In can either be invoked with no files specified on the command line (in which case it reads from standard input)
2870 or with one file specified on the command line.</para>
2871 <para>It generates a table with the following columns, and with one
2872 row for the entire project, and one row for each package or class that contains at least
2874 <table id="defectDensityColumns">
2875 <title>Columns in defectDensity output</title>
2876 <tgroup cols="2" align="left">
2879 <entry>Title</entry>
2880 <entry>Meaning</entry>
2884 <row><entry>kind</entry><entry>project, package or class</entry></row>
2885 <row><entry>name</entry><entry>The name of the project, package or class</entry></row>
2886 <row><entry>density</entry><entry>Number of warnings generated per 1000 lines of NCSS.</entry></row>
2887 <row><entry>bugs</entry><entry>Number of warnings</entry></row>
2888 <row><entry>NCSS</entry><entry>Calculated number of NCSS</entry></row>
2894 <sect2 id="convertXmlToText">
2895 <title>convertXmlToText</title>
2898 This command converts a warning collection in XML format to a text
2899 format with one line per warning, or to HTML.
2902 <para>This functionality may also can be accessed from ant.
2903 First create a taskdef for <command>convertXmlToText</command> in your
2909 <taskdef name="convertXmlToText" classname="edu.umd.cs.findbugs.anttask.ConvertXmlToTextTask">
2910 <classpath refid="findbugs.lib" />
2915 <para>Attributes for this ant task are listed in the following table.</para>
2917 <table id="convertXmlToTextTable">
2918 <title>Options for convertXmlToText command</title>
2919 <tgroup cols="3" align="left">
2922 <entry>Command-line option</entry>
2923 <entry>Ant attribute</entry>
2924 <entry>Meaning</entry>
2928 <row><entry></entry> <entry>input="<filename>"</entry> <entry>use file as input</entry></row>
2929 <row><entry></entry> <entry>output="<filename>"</entry> <entry>output results to file</entry></row>
2930 <row><entry>-longBugCodes</entry> <entry>longBugCodes="[true|false]"</entry> <entry>use the full bug pattern code instead of two-letter abbreviation</entry></row>
2931 <row><entry>-html[:stylesheet]</entry> <entry>format="html:<stylesheet>"</entry> <entry>generate output with specified stylesheet (see below), or default.xsl if unspecified</entry></row>
2937 You may specify plain.xsl, default.xsl, fancy.xsl, fancy-hist.xsl,
2938 or your own XSL stylesheet for the -html/format option.
2939 Despite the name of this option, you may specify
2940 a stylesheet that emits something other than html.
2944 <sect2 id="setBugDatabaseInfo">
2945 <title>setBugDatabaseInfo</title>
2948 This command sets meta-information in a specified warning collection.
2949 It takes the following options:
2952 <para>This functionality may also can be accessed from ant.
2953 First create a taskdef for <command>setBugDatabaseInfo</command> in your
2959 <taskdef name="setBugDatabaseInfo" classname="edu.umd.cs.findbugs.anttask.SetBugDatabaseInfoTask">
2960 <classpath refid="findbugs.lib" />
2965 <para>Attributes for this ant task are listed in the following table.
2966 To specify an input file either use the <literal>input</literal>
2967 attribute or nest it inside the ant call with a
2968 <literal><datafile></literal> element. For example:
2973 <setBugDatabaseInfo home="${findbugs.home}" ...>
2974 <datafile name="analyze.xml"/>
2975 </setBugDatabaseInfo>
2979 <table id="setBugDatabaseInfoOptions">
2980 <title>setBugDatabaseInfo Options</title>
2981 <tgroup cols="3" align="left">
2984 <entry>Command-line option</entry>
2985 <entry>Ant attribute</entry>
2986 <entry>Meaning</entry>
2990 <row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row>
2991 <row><entry></entry> <entry>output="<file>"</entry> <entry>write output to file</entry></row>
2992 <row><entry>-name <name></entry> <entry>name="<name>"</entry> <entry>set name for (last) revision</entry></row>
2993 <row><entry>-timestamp <when></entry> <entry>timestamp="<when>"</entry> <entry>set timestamp for (last) revision</entry></row>
2994 <row><entry>-source <directory></entry> <entry>source="<directory>"</entry> <entry>add specified directory to the source search path</entry></row>
2995 <row><entry>-findSource <directory></entry> <entry>findSource="<directory>"</entry> <entry>find and add all relevant source directions contained within specified directory</entry></row>
2996 <row><entry>-suppress <filter file></entry> <entry>suppress="<filter file>"</entry> <entry>suppress warnings matched by this file (replaces previous suppressions)</entry></row>
2997 <row><entry>-withMessages</entry> <entry>withMessages="[true|false]"</entry> <entry>add textual messages to XML</entry></row>
2998 <row><entry>-resetSource</entry> <entry>resetSource="[true|false]"</entry> <entry>remove all source search paths</entry></row>
3004 <sect2 id="listBugDatabaseInfo">
3005 <title>listBugDatabaseInfo</title>
3007 <para>This command takes a list of zero or more xml bug database filenames on the command line.
3008 If zero file names are provided, it reads from standard input and does not generate
3009 a table header.</para>
3011 <para>There is only one option: <option>-formatDates</option> renders dates
3015 <para>The output is a table one row per bug database and the following columns:</para>
3016 <table id="listBugDatabaseInfoColumns">
3017 <title>listBugDatabaseInfo Columns</title>
3018 <tgroup cols="2" align="left">
3021 <entry>Column</entry>
3022 <entry>Meaning</entry>
3026 <row><entry>version</entry><entry>version name</entry></row>
3027 <row><entry>time</entry><entry>Release timestamp</entry></row>
3028 <row><entry>classes</entry><entry>Number of classes analyzed</entry></row>
3029 <row><entry>NCSS</entry><entry>Non Commenting Source Statements analyzed</entry></row>
3030 <row><entry>total</entry><entry>Total number of warnings of all kinds</entry></row>
3031 <row><entry>high</entry><entry>Total number of high priority warnings of all kinds</entry></row>
3032 <row><entry>medium</entry><entry>Total number of medium/normal priority warnings of all kinds</entry></row>
3033 <row><entry>low</entry><entry>Total number of low priority warnings of all kinds</entry></row>
3034 <row><entry>filename</entry><entry>filename of database</entry></row>
3036 <row><entry></entry><entry></entry></row>
3037 <row><entry></entry><entry></entry></row>
3038 <row><entry></entry><entry></entry></row>
3039 <row><entry></entry><entry></entry></row>
3040 <row><entry></entry><entry></entry></row>
3041 <row><entry></entry><entry></entry></row>
3051 <sect1 id="examples">
3052 <title>Examples</title>
3053 <sect2 id="unixscriptsexemples">
3054 <title>Mining history using proveded shell scrips</title>
3055 <para>In all of the following, the commands are given in a directory that contains
3056 directories jdk1.6.0-b12, jdk1.6.0-b13, ..., jdk1.6.0-b60.</para>
3058 <para>You can use the command:</para>
3060 computeBugHistory jdk1.6.0-b* | filterBugs -bugPattern IL_ | mineBugHistory -formatDates
3062 <para>to generate the following output:</para>
3065 seq version time classes NCSS added newCode fixed removed retained dead active
3066 0 jdk1.6.0-b12 "Thu Nov 11 09:07:20 EST 2004" 13128 811569 0 4 0 0 0 0 4
3067 1 jdk1.6.0-b13 "Thu Nov 18 06:02:06 EST 2004" 13128 811570 0 0 0 0 4 0 4
3068 2 jdk1.6.0-b14 "Thu Dec 02 06:12:26 EST 2004" 13145 811786 0 0 2 0 2 0 2
3069 3 jdk1.6.0-b15 "Thu Dec 09 06:07:04 EST 2004" 13174 811693 0 0 1 0 1 2 1
3070 4 jdk1.6.0-b16 "Thu Dec 16 06:21:28 EST 2004" 13175 811715 0 0 0 0 1 3 1
3071 5 jdk1.6.0-b17 "Thu Dec 23 06:27:22 EST 2004" 13176 811974 0 0 0 0 1 3 1
3072 6 jdk1.6.0-b19 "Thu Jan 13 06:41:16 EST 2005" 13176 812011 0 0 0 0 1 3 1
3073 7 jdk1.6.0-b21 "Thu Jan 27 05:57:52 EST 2005" 13177 812173 0 0 0 0 1 3 1
3074 8 jdk1.6.0-b23 "Thu Feb 10 05:44:36 EST 2005" 13179 812188 0 0 0 0 1 3 1
3075 9 jdk1.6.0-b26 "Thu Mar 03 06:04:02 EST 2005" 13199 811770 0 0 0 0 1 3 1
3076 10 jdk1.6.0-b27 "Thu Mar 10 04:48:38 EST 2005" 13189 812440 0 0 0 0 1 3 1
3077 11 jdk1.6.0-b28 "Thu Mar 17 02:54:22 EST 2005" 13185 812056 0 0 0 0 1 3 1
3078 12 jdk1.6.0-b29 "Thu Mar 24 03:09:20 EST 2005" 13117 809468 0 0 0 0 1 3 1
3079 13 jdk1.6.0-b30 "Thu Mar 31 02:53:32 EST 2005" 13118 809501 0 0 0 0 1 3 1
3080 14 jdk1.6.0-b31 "Thu Apr 07 03:00:14 EDT 2005" 13117 809572 0 0 0 0 1 3 1
3081 15 jdk1.6.0-b32 "Thu Apr 14 02:56:56 EDT 2005" 13169 811096 0 0 0 0 1 3 1
3082 16 jdk1.6.0-b33 "Thu Apr 21 02:46:22 EDT 2005" 13187 811942 0 0 0 0 1 3 1
3083 17 jdk1.6.0-b34 "Thu Apr 28 02:49:00 EDT 2005" 13195 813488 0 1 0 0 1 3 2
3084 18 jdk1.6.0-b35 "Thu May 05 02:49:04 EDT 2005" 13457 829837 0 0 0 0 2 3 2
3085 19 jdk1.6.0-b36 "Thu May 12 02:59:46 EDT 2005" 13462 831278 0 0 0 0 2 3 2
3086 20 jdk1.6.0-b37 "Thu May 19 02:55:08 EDT 2005" 13464 831971 0 0 0 0 2 3 2
3087 21 jdk1.6.0-b38 "Thu May 26 03:08:16 EDT 2005" 13564 836565 0 0 0 0 2 3 2
3088 22 jdk1.6.0-b39 "Fri Jun 03 03:10:48 EDT 2005" 13856 849992 0 1 0 0 2 3 3
3089 23 jdk1.6.0-b40 "Thu Jun 09 03:30:28 EDT 2005" 15972 959619 0 2 0 0 3 3 5
3090 24 jdk1.6.0-b41 "Thu Jun 16 03:19:22 EDT 2005" 15972 959619 0 0 0 0 5 3 5
3091 25 jdk1.6.0-b42 "Fri Jun 24 03:38:54 EDT 2005" 15966 958581 0 0 0 0 5 3 5
3092 26 jdk1.6.0-b43 "Thu Jul 14 03:09:34 EDT 2005" 16041 960544 0 0 0 0 5 3 5
3093 27 jdk1.6.0-b44 "Thu Jul 21 03:05:54 EDT 2005" 16041 960547 0 0 0 0 5 3 5
3094 28 jdk1.6.0-b45 "Thu Jul 28 03:26:10 EDT 2005" 16037 960606 0 0 1 0 4 3 4
3095 29 jdk1.6.0-b46 "Thu Aug 04 03:02:48 EDT 2005" 15936 951355 0 0 0 0 4 4 4
3096 30 jdk1.6.0-b47 "Thu Aug 11 03:18:56 EDT 2005" 15964 952387 0 0 1 0 3 4 3
3097 31 jdk1.6.0-b48 "Thu Aug 18 08:10:40 EDT 2005" 15970 953421 0 0 0 0 3 5 3
3098 32 jdk1.6.0-b49 "Thu Aug 25 03:24:38 EDT 2005" 16048 958940 0 0 0 0 3 5 3
3099 33 jdk1.6.0-b50 "Thu Sep 01 01:52:40 EDT 2005" 16287 974937 1 0 0 0 3 5 4
3100 34 jdk1.6.0-b51 "Thu Sep 08 01:55:36 EDT 2005" 16362 979377 0 0 0 0 4 5 4
3101 35 jdk1.6.0-b52 "Thu Sep 15 02:04:08 EDT 2005" 16477 979399 0 0 0 0 4 5 4
3102 36 jdk1.6.0-b53 "Thu Sep 22 02:00:28 EDT 2005" 16019 957900 0 0 1 0 3 5 3
3103 37 jdk1.6.0-b54 "Thu Sep 29 01:54:34 EDT 2005" 16019 957900 0 0 0 0 3 6 3
3104 38 jdk1.6.0-b55 "Thu Oct 06 01:54:14 EDT 2005" 16051 959014 0 0 0 0 3 6 3
3105 39 jdk1.6.0-b56 "Thu Oct 13 01:54:12 EDT 2005" 16211 970835 0 0 0 0 3 6 3
3106 40 jdk1.6.0-b57 "Thu Oct 20 01:55:26 EDT 2005" 16279 971627 0 0 0 0 3 6 3
3107 41 jdk1.6.0-b58 "Thu Oct 27 01:56:30 EDT 2005" 16283 971945 0 0 0 0 3 6 3
3108 42 jdk1.6.0-b59 "Thu Nov 03 01:56:58 EST 2005" 16232 972193 0 0 0 0 3 6 3
3109 43 jdk1.6.0-b60 "Thu Nov 10 01:54:18 EST 2005" 16235 972346 0 0 0 0 3 6 3
3113 We could also generate that information directly, without creating an intermediate db.xml file, using the command
3117 computeBugHistory jdk1.6.0-b*/jre/lib/rt.xml | filterBugs -bugPattern IL_ db.xml | mineBugHistory -formatDates
3120 <para>We can then use that information to display a graph showing the number of infinite recursive loops
3121 found by FindBugs in each build of Sun's JDK1.6.0. The blue area indicates the number of infinite
3122 recursive loops in that build, the red area above it indicates the number of infinite recursive loops that existed
3123 in some previous version but not in the current version (thus, the combined height of the red and blue areas
3124 is guaranteed to never decrease, and goes up whenever a new infinite recursive loop bug is introduced). The height
3125 of the red area is computed as the sum of the fixed, removed and dead values for each version.
3126 The reductions in builds 13 and 14 came after Sun was notified about the bugs found by FindBugs in the JDK.
3130 <imagedata fileref="infiniteRecursiveLoops.png" />
3135 Given the db.xml file that contains the results for all the jdk1.6.0 builds, the following command will show the history of high and medium priority correctness warnings:
3139 filterBugs -priority M -category C db.xml | mineBugHistory -formatDates
3143 generating the table:
3147 seq version time classes NCSS added newCode fixed removed retained dead active
3148 0 jdk1.6.0-b12 "Thu Nov 11 09:07:20 EST 2004" 13128 811569 0 1075 0 0 0 0 1075
3149 1 jdk1.6.0-b13 "Thu Nov 18 06:02:06 EST 2004" 13128 811570 0 0 0 0 1075 0 1075
3150 2 jdk1.6.0-b14 "Thu Dec 02 06:12:26 EST 2004" 13145 811786 3 0 6 0 1069 0 1072
3151 3 jdk1.6.0-b15 "Thu Dec 09 06:07:04 EST 2004" 13174 811693 2 1 3 0 1069 6 1072
3152 4 jdk1.6.0-b16 "Thu Dec 16 06:21:28 EST 2004" 13175 811715 0 0 1 0 1071 9 1071
3153 5 jdk1.6.0-b17 "Thu Dec 23 06:27:22 EST 2004" 13176 811974 0 0 1 0 1070 10 1070
3154 6 jdk1.6.0-b19 "Thu Jan 13 06:41:16 EST 2005" 13176 812011 0 0 0 0 1070 11 1070
3155 7 jdk1.6.0-b21 "Thu Jan 27 05:57:52 EST 2005" 13177 812173 0 0 1 0 1069 11 1069
3156 8 jdk1.6.0-b23 "Thu Feb 10 05:44:36 EST 2005" 13179 812188 0 0 0 0 1069 12 1069
3157 9 jdk1.6.0-b26 "Thu Mar 03 06:04:02 EST 2005" 13199 811770 0 0 2 1 1066 12 1066
3158 10 jdk1.6.0-b27 "Thu Mar 10 04:48:38 EST 2005" 13189 812440 1 0 1 1 1064 15 1065
3159 11 jdk1.6.0-b28 "Thu Mar 17 02:54:22 EST 2005" 13185 812056 0 0 0 0 1065 17 1065
3160 12 jdk1.6.0-b29 "Thu Mar 24 03:09:20 EST 2005" 13117 809468 3 0 8 26 1031 17 1034
3161 13 jdk1.6.0-b30 "Thu Mar 31 02:53:32 EST 2005" 13118 809501 0 0 0 0 1034 51 1034
3162 14 jdk1.6.0-b31 "Thu Apr 07 03:00:14 EDT 2005" 13117 809572 0 0 0 0 1034 51 1034
3163 15 jdk1.6.0-b32 "Thu Apr 14 02:56:56 EDT 2005" 13169 811096 1 1 0 1 1033 51 1035
3164 16 jdk1.6.0-b33 "Thu Apr 21 02:46:22 EDT 2005" 13187 811942 3 0 2 1 1032 52 1035
3165 17 jdk1.6.0-b34 "Thu Apr 28 02:49:00 EDT 2005" 13195 813488 0 1 0 0 1035 55 1036
3166 18 jdk1.6.0-b35 "Thu May 05 02:49:04 EDT 2005" 13457 829837 0 36 2 0 1034 55 1070
3167 19 jdk1.6.0-b36 "Thu May 12 02:59:46 EDT 2005" 13462 831278 0 0 0 0 1070 57 1070
3168 20 jdk1.6.0-b37 "Thu May 19 02:55:08 EDT 2005" 13464 831971 0 1 1 0 1069 57 1070
3169 21 jdk1.6.0-b38 "Thu May 26 03:08:16 EDT 2005" 13564 836565 1 7 2 6 1062 58 1070
3170 22 jdk1.6.0-b39 "Fri Jun 03 03:10:48 EDT 2005" 13856 849992 6 39 5 0 1065 66 1110
3171 23 jdk1.6.0-b40 "Thu Jun 09 03:30:28 EDT 2005" 15972 959619 7 147 11 0 1099 71 1253
3172 24 jdk1.6.0-b41 "Thu Jun 16 03:19:22 EDT 2005" 15972 959619 0 0 0 0 1253 82 1253
3173 25 jdk1.6.0-b42 "Fri Jun 24 03:38:54 EDT 2005" 15966 958581 3 0 1 2 1250 82 1253
3174 26 jdk1.6.0-b43 "Thu Jul 14 03:09:34 EDT 2005" 16041 960544 5 11 15 8 1230 85 1246
3175 27 jdk1.6.0-b44 "Thu Jul 21 03:05:54 EDT 2005" 16041 960547 0 0 0 0 1246 108 1246
3176 28 jdk1.6.0-b45 "Thu Jul 28 03:26:10 EDT 2005" 16037 960606 19 0 2 0 1244 108 1263
3177 29 jdk1.6.0-b46 "Thu Aug 04 03:02:48 EDT 2005" 15936 951355 13 1 1 32 1230 110 1244
3178 30 jdk1.6.0-b47 "Thu Aug 11 03:18:56 EDT 2005" 15964 952387 163 8 7 20 1217 143 1388
3179 31 jdk1.6.0-b48 "Thu Aug 18 08:10:40 EDT 2005" 15970 953421 0 0 0 0 1388 170 1388
3180 32 jdk1.6.0-b49 "Thu Aug 25 03:24:38 EDT 2005" 16048 958940 1 11 1 0 1387 170 1399
3181 33 jdk1.6.0-b50 "Thu Sep 01 01:52:40 EDT 2005" 16287 974937 19 27 16 7 1376 171 1422
3182 34 jdk1.6.0-b51 "Thu Sep 08 01:55:36 EDT 2005" 16362 979377 1 15 3 0 1419 194 1435
3183 35 jdk1.6.0-b52 "Thu Sep 15 02:04:08 EDT 2005" 16477 979399 0 0 1 1 1433 197 1433
3184 36 jdk1.6.0-b53 "Thu Sep 22 02:00:28 EDT 2005" 16019 957900 13 12 16 20 1397 199 1422
3185 37 jdk1.6.0-b54 "Thu Sep 29 01:54:34 EDT 2005" 16019 957900 0 0 0 0 1422 235 1422
3186 38 jdk1.6.0-b55 "Thu Oct 06 01:54:14 EDT 2005" 16051 959014 1 4 7 0 1415 235 1420
3187 39 jdk1.6.0-b56 "Thu Oct 13 01:54:12 EDT 2005" 16211 970835 6 8 37 0 1383 242 1397
3188 40 jdk1.6.0-b57 "Thu Oct 20 01:55:26 EDT 2005" 16279 971627 0 0 0 0 1397 279 1397
3189 41 jdk1.6.0-b58 "Thu Oct 27 01:56:30 EDT 2005" 16283 971945 0 1 1 0 1396 279 1397
3190 42 jdk1.6.0-b59 "Thu Nov 03 01:56:58 EST 2005" 16232 972193 6 0 5 0 1392 280 1398
3191 43 jdk1.6.0-b60 "Thu Nov 10 01:54:18 EST 2005" 16235 972346 0 0 0 0 1398 285 1398
3192 44 jdk1.6.0-b61 "Thu Nov 17 01:58:42 EST 2005" 16202 971134 2 0 4 0 1394 285 1396
3196 <sect2 id="incrementalhistory">
3197 <title>Incremental history maintenance</title>
3200 If db.xml contains the results of running findbugs over builds b12 - b60, we can update db.xml to include the results of analyzing b61 with the commands:
3203 computeBugHistory -output db.xml db.xml jdk1.6.0-b61/jre/lib/rt.xml
3209 <sect1 id="antexemple">
3210 <title>Ant exemple</title>
3212 Here is a complete ant script example for both running findbugs and running a chain of data-mining tools afterward:
3216 <project name="analyze_asm_util" default="findbugs">
3217 <!-- findbugs task definition -->
3218 <property name="findbugs.home" value="/Users/ben/Documents/workspace/findbugs/findbugs" />
3219 <property name="jvmargs" value="-server -Xss1m -Xmx800m -Duser.language=en -Duser.region=EN -Dfindbugs.home=${findbugs.home}" />
3221 <path id="findbugs.lib">
3222 <fileset dir="${findbugs.home}/lib">
3223 <include name="findbugs-ant.jar"/>
3227 <taskdef name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask">
3228 <classpath refid="findbugs.lib" />
3231 <taskdef name="computeBugHistory" classname="edu.umd.cs.findbugs.anttask.ComputeBugHistoryTask">
3232 <classpath refid="findbugs.lib" />
3235 <taskdef name="setBugDatabaseInfo" classname="edu.umd.cs.findbugs.anttask.SetBugDatabaseInfoTask">
3236 <classpath refid="findbugs.lib" />
3239 <taskdef name="mineBugHistory" classname="edu.umd.cs.findbugs.anttask.MineBugHistoryTask">
3240 <classpath refid="findbugs.lib" />
3243 <!-- findbugs task definition -->
3244 <target name="findbugs">
3245 <antcall target="analyze" />
3246 <antcall target="mine" />
3249 <!-- analyze task -->
3250 <target name="analyze">
3251 <!-- run findbugs against asm-util -->
3252 <findbugs home="${findbugs.home}"
3253 output="xml:withMessages"
3255 reportLevel="experimental"
3258 adjustExperimental="true"
3259 jvmargs="${jvmargs}"
3261 outputFile="out.xml"
3262 projectName="Findbugs"
3264 <class location="asm-util-3.0.jar" />
3268 <target name="mine">
3270 <!-- Set info to the latest analysis -->
3271 <setBugDatabaseInfo home="${findbugs.home}"
3273 name="asm-util-3.0.jar"
3275 output="out-rel.xml"/>
3277 <!-- Checking if history file already exists (findbugs-hist.xml) -->
3278 <condition property="mining.historyfile.available">
3279 <available file="out-hist.xml"/>
3281 <condition property="mining.historyfile.notavailable">
3283 <available file="out-hist.xml"/>
3287 <!-- this target is executed if the history file do not exist (first run) -->
3288 <antcall target="history-init">
3289 <param name="data.file" value="out-rel.xml" />
3290 <param name="hist.file" value="out-hist.xml" />
3292 <!-- else this one is executed -->
3293 <antcall target="history">
3294 <param name="data.file" value="out-rel.xml" />
3295 <param name="hist.file" value="out-hist.xml" />
3296 <param name="hist.summary.file" value="out-hist.txt" />
3300 <!-- Initializing history file -->
3301 <target name="history-init" if="mining.historyfile.notavailable">
3302 <copy file="${data.file}" tofile="${hist.file}" />
3305 <!-- Computing bug history -->
3306 <target name="history" if="mining.historyfile.available">
3307 <!-- Merging ${data.file} into ${hist.file} -->
3308 <computeBugHistory home="${findbugs.home}"
3310 output="${hist.file}">
3311 <dataFile name="${hist.file}"/>
3312 <dataFile name="${data.file}"/>
3313 </computeBugHistory>
3315 <!-- Compute history into ${hist.summary.file} -->
3316 <mineBugHistory home="${findbugs.home}"
3319 input="${hist.file}"
3320 output="${hist.summary.file}"/>
3331 **************************************************************************
3333 **************************************************************************
3336 <chapter id="license">
3337 <title>License</title>
3340 The name FindBugs and the FindBugs logo is trademarked by the University
3342 FindBugs is free software distributed under the terms of the
3343 <ulink url="http://www.gnu.org/licenses/lgpl.html">Lesser GNU Public License</ulink>.
3344 You should have received a copy of the license in the file <filename>LICENSE.txt</filename>
3345 in the &FindBugs; distribution.
3349 You can find the latest version of FindBugs, along with its source code, from the
3350 <ulink url="http://findbugs.sourceforge.net">FindBugs web page</ulink>.
3357 **************************************************************************
3359 **************************************************************************
3361 <chapter id="acknowledgments">
3362 <title>Acknowledgments</title>
3365 <title>Contributors</title>
3367 <para>&FindBugs; was originally written by Bill Pugh (<email>pugh@cs.umd.edu</email>).
3368 David Hovemeyer (<email>daveho@cs.umd.edu</email>) implemented some of the
3369 detectors, added the Swing GUI, and is a co-maintainer.</para>
3371 <para>Mike Fagan (<email>mfagan@tde.com</email>) contributed the &Ant; build script,
3372 the &Ant; task, and several enhancements and bug fixes to the GUI.</para>
3374 <para>Germano Leichsenring contributed Japanese translations of the bug
3377 <para>David Li contributed the Emacs bug report format.</para>
3379 <para>Peter D. Stout contributed recursive detection of Class-Path
3380 attributes in analyzed Jar files, German translations of
3381 text used in the Swing GUI, and other fixes.</para>
3383 <para>Peter Friese wrote the &FindBugs; Eclipse plugin.</para>
3385 <para>Rohan Lloyd contributed several Mac OS X enhancements,
3386 bug detector improvements,
3387 and maintains the Fink package for &FindBugs;.</para>
3389 <para>Hiroshi Okugawa translated the &FindBugs; manual and
3390 more of the bug summaries into Japanese.</para>
3392 <para>Phil Crosby enhanced the Eclipse plugin to add a view
3393 to display the bug details.</para>
3395 <para>Dave Brosius fixed a number of bugs, added user preferences
3396 to the Swing GUI, improved several bug detectors, and
3397 contributed the string concatenation detector.</para>
3399 <para>Thomas Klaeger contributed a number of bug fixes and
3400 bug detector improvements.</para>
3402 <para>Andrei Loskutov made a number of improvements to the
3403 Eclipse plugin.</para>
3405 <para>Brian Goetz contributed a major refactoring of the
3406 visitor classes to improve readability and understandability.</para>
3408 <para> Pete Angstadt fixed several problems in the Swing GUI.</para>
3410 <para>Francis Lalonde provided a task resource file for the
3411 FindBugs Ant task.</para>
3413 <para>Garvin LeClaire contributed support for output in
3414 Xdocs format, for use by Maven.</para>
3416 <para>Holger Stenzhorn contributed improved German translations of items
3417 in the Swing GUI.</para>
3419 <para>Juha Knuutila contributed Finnish translations of items
3420 in the Swing GUI.</para>
3422 <para>Tanel Lebedev contributed Estonian translations of items
3423 in the Swing GUI.</para>
3425 <para>Hanai Shisei (ruimo) contributed full Japanese translations of
3426 bug messages, and text used in the Swing GUI.</para>
3428 <para>David Cotton contributed Fresh translations for bug
3429 messages and for the Swing GUI.</para>
3431 <para>Michael Tamm contributed support for the "errorProperty" attribute
3432 in the Ant task.</para>
3434 <para>Thomas Kuehne improved the German translation of the Swing GUI.</para>
3436 <para>Len Trigg improved source file support for the Emacs output mode.</para>
3438 <para>Greg Bentz provided a fix for the hashcode/equals detector.</para>
3440 <para>K. Hashimoto contributed internationalization fixes and several other
3444 Glenn Boysko contributed support for ignoring specified local
3445 variables in the dead local store detector.
3449 Jay Dunning contributed a detector to find equality comparisons
3450 of floating-point values, and overhauled the analysis summary
3451 report and its representation in the saved XML format.
3455 Olivier Parent contributed updated French translations for bug descriptions and
3460 Chris Nappin contributed the <filename>plain.xsl</filename>
3465 Etienne Giraudy contributed the <filename>fancy.xsl</filename> and <filename>fancy-hist.xsl</filename>
3466 stylesheets, and made improvements to the <command>-xml:withMessages</command>
3471 Takashi Okamoto fixed bugs in the project preferences dialog
3472 in the Eclipse plugin, and contributed to its internationalization and localization.
3475 <para>Thomas Einwaller fixed bugs in the project preferences dialog in the Eclipse plugin.</para>
3477 <para>Jeff Knox contributed support for the warningsProperty attribute
3478 in the Ant task.</para>
3480 <para>Peter Hendriks extended the Eclipse plugin preferences,
3481 and fixed a bug related to renaming the Eclipse plugin ID.</para>
3483 <para>Mark McKay contributed an Ant task to launch the findbugs frame.</para>
3485 <para>Dieter von Holten (dvholten) contributed
3486 some German improvements to findbugs_de.properties.</para>
3489 <para>If you have contributed to &FindBugs;, but aren't mentioned above,
3490 please send email to <email>findbugs@cs.umd.edu</email> (and also accept
3491 our humble apologies).</para>
3496 <title>Software Used</title>
3498 <para>&FindBugs; uses several open-source software packages, without which its
3499 development would have been much more difficult.</para>
3503 <para>&FindBugs; includes software developed by the Apache Software Foundation
3504 (<ulink url="http://www.apache.org/">http://www.apache.org/</ulink>).
3505 Specifically, it uses the <ulink url="http://jakarta.apache.org/bcel/">Byte Code
3506 Engineering Library</ulink>.</para>
3511 <para>&FindBugs; uses the <ulink url="http://asm.objectweb.org/">ASM</ulink>
3512 bytecode framework, which is distributed under the following license:</para>
3516 Copyright (c) 2000-2005 INRIA, France Telecom
3517 All rights reserved.
3521 Redistribution and use in source and binary forms, with or without
3522 modification, are permitted provided that the following conditions
3526 <orderedlist numeration="arabic">
3528 Redistributions of source code must retain the above copyright
3529 notice, this list of conditions and the following disclaimer.
3532 Redistributions in binary form must reproduce the above copyright
3533 notice, this list of conditions and the following disclaimer in the
3534 documentation and/or other materials provided with the distribution.
3537 Neither the name of the copyright holders nor the names of its
3538 contributors may be used to endorse or promote products derived from
3539 this software without specific prior written permission.
3544 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
3545 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3546 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3547 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
3548 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3549 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
3550 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3551 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3552 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3553 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
3554 THE POSSIBILITY OF SUCH DAMAGE.
3560 <title>DOM4J</title>
3561 <para>&FindBugs; uses <ulink url="http://dom4j.org">DOM4J</ulink>, which is
3562 distributed under the following license:</para>
3566 Copyright 2001 (C) MetaStuff, Ltd. All Rights Reserved.
3570 Redistribution and use of this software and associated documentation
3571 ("Software"), with or without modification, are permitted provided that
3572 the following conditions are met:
3575 <orderedlist numeration="arabic">
3577 Redistributions of source code must retain copyright statements and
3578 notices. Redistributions must also contain a copy of this document.
3581 Redistributions in binary form must reproduce the above copyright
3582 notice, this list of conditions and the following disclaimer in the
3583 documentation and/or other materials provided with the distribution.
3586 The name "DOM4J" must not be used to endorse or promote products
3587 derived from this Software without prior written permission
3588 of MetaStuff, Ltd. For written permission, please contact
3589 <email>dom4j-info@metastuff.com</email>.
3592 Products derived from this Software may not be called "DOM4J" nor may
3593 "DOM4J" appear in their names without prior written permission of
3594 MetaStuff, Ltd. DOM4J is a registered trademark of MetaStuff, Ltd.
3597 Due credit should be given to the DOM4J Project (<ulink url="http://dom4j.org/">http://dom4j.org/</ulink>).
3602 THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS ``AS IS''
3603 AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
3604 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3605 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL METASTUFF, LTD. OR ITS
3606 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
3607 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3608 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
3609 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
3610 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
3611 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
3612 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.