diff options
Diffstat (limited to 'tools/findbugs/doc/manual.xml')
| -rw-r--r-- | tools/findbugs/doc/manual.xml | 3990 |
1 files changed, 0 insertions, 3990 deletions
diff --git a/tools/findbugs/doc/manual.xml b/tools/findbugs/doc/manual.xml deleted file mode 100644 index e36db9d..0000000 --- a/tools/findbugs/doc/manual.xml +++ /dev/null @@ -1,3990 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?> -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "file:../etc/docbook/docbookx.dtd" [ -<!ENTITY FindBugs "<application>FindBugs</application>"> -<!ENTITY Ant "<application>Ant</application>"> -<!ENTITY Saxon "<application>Saxon</application>"> -<!ENTITY FBHome "<replaceable>$FINDBUGS_HOME</replaceable>"> -<!ENTITY FBHomeWin "<replaceable>%FINDBUGS_HOME%</replaceable>"> -<!ENTITY nbsp " "> -]> - -<book lang="en" id="findbugs-manual"> - -<bookinfo> -<title>&FindBugs;™ Manual</title> - -<authorgroup> - <author> - <firstname>David</firstname> - <othername>H.</othername> - <surname>Hovemeyer</surname> - </author> - <author> - <firstname>William</firstname> - <othername>W.</othername> - <surname>Pugh</surname> - </author> -</authorgroup> - -<copyright> - <year>2003 - 2012</year> - <holder>University of Maryland</holder> -</copyright> - -<legalnotice> -<para> -This manual is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. -To view a copy of this license, visit -<ulink url="http://creativecommons.org/licenses/by-nc-sa/1.0/">http://creativecommons.org/licenses/by-nc-sa/1.0/</ulink> -or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. -</para> -<para> -The name FindBugs and the FindBugs logo are trademarked by the University of Maryland. -</para> -</legalnotice> - -<edition>2.0.3</edition> - -<pubdate>17:16:15 EST, 22 November, 2013</pubdate> - -</bookinfo> - -<!-- - ************************************************************************** - Introduction - ************************************************************************** ---> - -<chapter id="introduction"> -<title>Introduction</title> - -<para> &FindBugs;™ is a program to find bugs in Java programs. It looks for instances -of "bug patterns" --- code instances that are likely to be errors.</para> - -<para> This document describes version 2.0.3 of &FindBugs;.We -are very interested in getting your feedback on &FindBugs;. Please visit -the <ulink url="http://findbugs.sourceforge.net">&FindBugs; web page</ulink> for -the latest information on &FindBugs;, contact information, and support resources such -as information about the &FindBugs; mailing lists.</para> - -<sect1> -<title>Requirements</title> -<para> To use &FindBugs;, you need a runtime environment compatible with -<ulink url="http://java.sun.com/j2se">Java 2 Standard Edition</ulink>, version 1.5 or later. -&FindBugs; is platform independent, and is known to run on GNU/Linux, Windows, and -MacOS X platforms.</para> - -<para>You should have at least 512 MB of memory to use &FindBugs;. -To analyze very large projects, more memory may be needed.</para> -</sect1> - -</chapter> - -<!-- - ************************************************************************** - Installing FindBugs - ************************************************************************** ---> - -<chapter id="installing"> -<title>Installing &FindBugs;™</title> - -<para> -This chapter explains how to install &FindBugs;. -</para> - -<sect1> -<title>Extracting the Distribution</title> - -<para> -The easiest way to install &FindBugs; is to download a binary distribution. -Binary distributions are available in -<ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-2.0.3.tar.gz?download">gzipped tar format</ulink> and -<ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-2.0.3.zip?download">zip format</ulink>. -Once you have downloaded a binary distribution, extract it into a directory of your choice. -</para> - -<para> -Extracting a gzipped tar format distribution: -<screen> -<prompt>$ </prompt><command>gunzip -c findbugs-2.0.3.tar.gz | tar xvf -</command> -</screen> -</para> - -<para> -Extracting a zip format distribution: -<screen> -<prompt>C:\Software></prompt><command>unzip findbugs-2.0.3.zip</command> -</screen> -</para> - -<para> -Usually, extracting a binary distribution will create a directory ending in -<filename class="directory">findbugs-2.0.3</filename>. For example, if you extracted -the binary distribution from the <filename class="directory">C:\Software</filename> -directory, then the &FindBugs; software will be extracted into the directory -<filename class="directory">C:\Software\findbugs-2.0.3</filename>. -This directory is the &FindBugs; home directory. We'll refer to it as -&FBHome; (or &FBHomeWin; for Windows) throughout this manual. -</para> -</sect1> - -</chapter> - -<!-- - ************************************************************************** - Compiling FindBugs from Source - ************************************************************************** ---> - -<chapter id="building"> -<title>Building &FindBugs;™ from Source</title> - -<para> -This chapter describes how to build &FindBugs; from source code. Unless you are -interesting in modifying &FindBugs;, you will probably want to skip to the -<link linkend="running">next chapter</link>. -</para> - -<sect1> -<title>Prerequisites</title> - -<para> -To compile &FindBugs; from source, you will need the following: -<itemizedlist> - <listitem> - <para> - The <ulink url="http://prdownloads.sourceforge.net/findbugs/findbugs-2.0.3-source.zip?download" - >&FindBugs; source distribution</ulink> - </para> - </listitem> - <listitem> - <para> - <ulink url="http://java.sun.com/j2se/">JDK 1.5.0 or later</ulink> - </para> - </listitem> - <listitem> - <para> - <ulink url="http://ant.apache.org/">Apache &Ant;</ulink>, version 1.6.3 or later - </para> - </listitem> -</itemizedlist> -</para> - -<warning> - <para> - The version of &Ant; included as <filename>/usr/bin/ant</filename> on - Redhat Linux systems will <emphasis>not</emphasis> work for compiling - &FindBugs;. We recommend you install a binary distribution of &Ant; - downloaded from the <ulink url="http://ant.apache.org/">&Ant; website</ulink>. - Make sure that when you run &Ant; your <replaceable>JAVA_HOME</replaceable> - environment variable points to the directory in which you installed - JDK 1.5 (or later). - </para> -</warning> - -<para> -If you want to be able to generate formatted versions of the &FindBugs; documentation, -you will also need the following software: -<itemizedlist> - <listitem> - <para> - The <ulink url="http://docbook.sourceforge.net/projects/xsl/index.html">DocBook XSL Stylesheets</ulink>. - These are required to convert the &FindBugs; manual into HTML format. - </para> - </listitem> - <listitem> - <para> - The <ulink url="http://saxon.sourceforge.net/">&Saxon; XSLT Processor</ulink>. - (Also required for converting the &FindBugs; manual to HTML.) - </para> - </listitem> -<!-- - <listitem> - <para> - </para> - </listitem> ---> -</itemizedlist> -</para> - -</sect1> - -<sect1> -<title>Extracting the Source Distribution</title> -<para> -After you download the source distribution, you'll need to extract it into -a working directory. A typical command to do this is: - -<screen> -<prompt>$ </prompt><command>unzip findbugs-2.0.3-source.zip</command> -</screen> - -</para> -</sect1> - -<sect1> -<title>Modifying <filename>local.properties</filename></title> -<para> -If you intend to build the FindBugs documentation, -you will need to modify the <filename>local.properties</filename> file -used by the <ulink url="http://ant.apache.org/">&Ant;</ulink> -<filename>build.xml</filename> file to build &FindBugs;. -If you do not want to build the FindBugs documentation, then you -can ignore this file. -</para> - -<para> -The <filename>local.properties</filename> overrides definitions -in the <filename>build.properties</filename> file. -The <filename>build.properties</filename> file looks something like this: -<programlisting> -<![CDATA[ -# User Configuration: -# This section must be modified to reflect your system. - -local.software.home =/export/home/daveho/linux - -# Set this to the directory containing the DocBook Modular XSL Stylesheets -# from http://docbook.sourceforge.net/projects/xsl/ - -xsl.stylesheet.home =${local.software.home}/docbook/docbook-xsl-1.71.1 - -# Set this to the directory where Saxon (http://saxon.sourceforge.net/) -# is installed. - -saxon.home =${local.software.home}/java/saxon-6.5.5 -]]> -</programlisting> -</para> - -<para> -The <varname>xsl.stylesheet.home</varname> property specifies the full -path to the directory where you have installed the -<ulink url="http://docbook.sourceforge.net/projects/xsl/">DocBook Modular XSL -Stylesheets</ulink>. You only need to specify this property if you will be -generating the &FindBugs; documentation. -</para> - -<para> -The <varname>saxon.home</varname> property is the full path to the -directory where you installed the <ulink url="http://saxon.sourceforge.net/">&Saxon; XSLT Processor</ulink>. -You only need to specify this property if you will be -generating the &FindBugs; documentation. -</para> - -</sect1> - -<sect1> -<title>Running &Ant;</title> - -<para> -Once you have extracted the source distribution, -made sure that &Ant; is installed, -modified <filename>build.properties</filename> (optional), -and configured the tools (such as &Saxon;), -you are ready to build &FindBugs;. Invoking &Ant; is a simple matter -of running the command -<screen> -<prompt>$ </prompt><command>ant <replaceable>target</replaceable></command> -</screen> -where <replaceable>target</replaceable> is one of the following: -<variablelist> - <varlistentry> - <term><command>build</command></term> - <listitem> - <para> - This target compiles the code for &FindBugs;. It is the default target. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>docs</command></term> - <listitem> - <para> - This target formats the documentation. (It also compiles some of - the source code as a side-effect.) - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>runjunit</command></term> - <listitem> - <para> - This target compiles and runs the internal JUnit tests included - in &FindBugs;. It will print an error message if any unit - tests fail. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>bindist</command></term> - <listitem> - <para> - Builds a binary distribution of &FindBugs;. - The target creates both <filename>.zip</filename> and - <filename>.tar.gz</filename> archives. - </para> - </listitem> - </varlistentry> -</variablelist> -</para> - -<para> -After running an &Ant; command, you should see output similar to -the following (after some other messages regarding the tasks that -&Ant; is running): -<screen> -<computeroutput> -BUILD SUCCESSFUL -Total time: 17 seconds -</computeroutput> -</screen> -</para> - -</sect1> - -<sect1> -<title>Running &FindBugs;™ from a source directory</title> -<para> -The &Ant; build script for &FindBugs; is written such that after -building the <command>build</command> target, the working directory -is set up just like a binary distribution. So, the information about -running &FindBugs; in <xref linkend="running" /> -applies to source distributions, too. -</para> -</sect1> - -</chapter> - - -<!-- - ************************************************************************** - Running FindBugs - ************************************************************************** ---> - -<chapter id="running"> -<title>Running &FindBugs;™</title> - -<para> -&FindBugs; has two user interfaces: a graphical user interface (GUI) and a -command line user interface. This chapter describes -how to run each of these user interfaces. -</para> - - <warning> - <para> - This chapter is in the process of being re-written. - The rewrite is not complete yet. - </para> - </warning> - -<!-- -<sect1> -<title>Executing the &FindBugs;™ GUI</title> -</sect1> ---> - -<sect1> - <title>Quick Start</title> - <para> - If you are running &FindBugs; on a Windows system, - double-click on the file <filename>&FBHomeWin;\lib\findbugs.jar</filename> to start the &FindBugs; GUI. - </para> - - <para> - On a Unix, Linux, or Mac OS X system, run the <filename>&FBHome;/bin/findbugs</filename> - script, or run the command <screen> -<command>java -jar &FBHome;/lib/findbugs.jar</command></screen> - to run the &FindBugs; GUI. - </para> - - <para> - Refer to <xref linkend="gui"/> for information on how to use the GUI. - </para> -</sect1> - -<sect1> - - <title>Executing &FindBugs;</title> - - <para> - This section describes how to invoke the &FindBugs; program. - There are two ways to invoke &FindBugs;: directly, or using a - wrapper script. - </para> - - - <sect2 id="directInvocation"> - <title>Direct invocation of &FindBugs;</title> - - <para> - The preferred method of running &FindBugs; is to directly execute - <filename>&FBHome;/lib/findbugs.jar</filename> using the <command>-jar</command> - command line switch of the JVM (<command>java</command>) executable. - (Versions of &FindBugs; prior to 1.3.5 required a wrapper script - to invoke &FindBugs;.) - </para> - - <para> - The general syntax of invoking &FindBugs; directly is the following: -<screen> - <command>java <replaceable>[JVM arguments]</replaceable> -jar &FBHome;/lib/findbugs.jar <replaceable>options...</replaceable></command> -</screen> - </para> - -<!-- - <para> - By default, executing <filename>findbugs.jar</filename> runs the - &FindBugs; graphical user interface (GUI). On windows systems, - you can double-click on <filename>findbugs.jar</filename> to launch - the GUI. From a command line, the command - <screen> -java -jar <replaceable>&FBHome;</replaceable>/lib/findbugs.jar</screen> - will launch the GUI. - </para> ---> - - <sect3 id="chooseUI"> - <title>Choosing the User Interface</title> - - <para> - The first command line option chooses the &FindBugs; user interface to execute. - Possible values are: - </para> - <itemizedlist> - <listitem> - <para> - <command>-gui</command>: runs the graphical user interface (GUI) - </para> - </listitem> - - <listitem> - <para> - <command>-textui</command>: runs the command line user interface - </para> - </listitem> - - <listitem> - <para> - <command>-version</command>: displays the &FindBugs; version number - </para> - </listitem> - - <listitem> - <para> - <command>-help</command>: displays help information for the - &FindBugs; command line user interface - </para> - </listitem> - - <listitem> - <para> - <command>-gui1</command>: executes the original (obsolete) - &FindBugs; graphical user interface - </para> - </listitem> - </itemizedlist> - - </sect3> - - <sect3 id="jvmArgs"> - <title>Java Virtual Machine (JVM) arguments</title> - - <para> - Several Java Virtual Machine arguments are useful when invoking - &FindBugs;. - </para> - - <variablelist> - <varlistentry> - <term><command>-Xmx<replaceable>NN</replaceable>m</command></term> - <listitem> - <para> - Set the maximum Java heap size to <replaceable>NN</replaceable> - megabytes. &FindBugs; generally requires a large amount of - memory. For a very large project, using 1500 megabytes - is not unusual. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-D<replaceable>name</replaceable>=<replaceable>value</replaceable></command></term> - <listitem> - <para> - Set a Java system property. For example, you might use the - argument <command>-Duser.language=ja</command> to display - GUI messages in Japanese. - </para> - </listitem> - </varlistentry> - - <!-- - <varlistentry> - <term></term> - <listitem> - <para> - </para> - </listitem> - </varlistentry> - --> - </variablelist> - </sect3> - - </sect2> - - <sect2 id="wrapperScript"> - <title>Invocation of &FindBugs; using a wrapper script</title> - - <para> - Another way to run &FindBugs; is to use a wrapper script. - </para> - -<para> -On Unix-like systems, use the following command to invoke the wrapper script: -<screen> -<prompt>$ </prompt><command>&FBHome;/bin/findbugs <replaceable>options...</replaceable></command> -</screen> -</para> - -<para> -On Windows systems, the command to invoke the wrapper script is -<screen> -<prompt>C:\My Directory></prompt><command>&FBHomeWin;\bin\findbugs.bat <replaceable>options...</replaceable></command> -</screen> -</para> - -<para> -On both Unix-like and Windows systems, you can simply add the <filename><replaceable>$FINDBUGS_HOME</replaceable>/bin</filename> -directory to your <filename>PATH</filename> environment variable and then invoke -FindBugs using the <command>findbugs</command> command. -</para> - - <sect3 id="wrapperOptions"> - <title>Wrapper script command line options</title> - <para>The &FindBugs; wrapper scripts support the following command-line options. - Note that these command line options are <emphasis>not</emphasis> handled by - the &FindBugs; program per se; rather, they are handled by the wrapper - script. - </para> - <variablelist> - <varlistentry> - <term><command>-jvmArgs <replaceable>args</replaceable></command></term> - <listitem> - <para> - Specifies arguments to pass to the JVM. For example, you might want - to set a JVM property: -<screen> -<prompt>$ </prompt><command>findbugs -textui -jvmArgs "-Duser.language=ja" <replaceable>myApp.jar</replaceable></command> -</screen> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-javahome <replaceable>directory</replaceable></command></term> - <listitem> - <para> - Specifies the directory containing the JRE (Java Runtime Environment) to - use to execute &FindBugs;. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-maxHeap <replaceable>size</replaceable></command></term> - <listitem> - <para> - Specifies the maximum Java heap size in megabytes. The default is 256. - More memory may be required to analyze very large programs or libraries. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-debug</command></term> - <listitem> - <para> - Prints a trace of detectors run and classes analyzed to standard output. - Useful for troubleshooting unexpected analysis failures. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-property</command> <replaceable>name=value</replaceable></term> - <listitem> - <para> - This option sets a system property. &FindBugs; uses system properties - to configure analysis options. See <xref linkend="analysisprops"/>. - You can use this option multiple times in order to set multiple properties. - Note: In most versions of Windows, the <replaceable>name=value</replaceable> - string must be in quotes. - </para> - </listitem> - </varlistentry> - - </variablelist> - - </sect3> - -</sect2> - -</sect1> - -<sect1 id="commandLineOptions"> -<title>Command-line Options</title> - -<!-- -<para> - -There are two ways to invoke &FindBugs;. The first invokes the the Graphical User Interface (GUI): - -<screen> -<prompt>$ </prompt><command>findbugs <replaceable>[standard options]</replaceable> <replaceable>[GUI options]</replaceable></command> -</screen> - -The second invokes the Command Line Interface (Text UI): - -<screen> -<prompt>$ </prompt><command>findbugs -textui <replaceable>[standard options]</replaceable> <replaceable>[Text UI options]</replaceable></command> -</screen> -</para> ---> - -<para> - This section describes the command line options supported by &FindBugs;. - These command line options may be used when invoking &FindBugs; directly, - or when using a wrapper script. -</para> - -<sect2> -<title>Common command-line options</title> - -<para> -These options may be used with both the GUI and command-line interfaces. -</para> - -<variablelist> - - <varlistentry> - <term><command>-effort:min</command></term> - <listitem> - <para> - This option disables analyses that increase precision but also - increase memory consumption. You may want to try this option if - you find that &FindBugs; runs out of memory, or takes an unusually - long time to complete its analysis. - </para> - </listitem> - </varlistentry> - - - <varlistentry> - <term><command>-effort:max</command></term> - <listitem> - <para> - Enable analyses which increase precision and find more bugs, but which - may require more memory and take more time to complete. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-project</command> <replaceable>project</replaceable></term> - <listitem> - <para> - Specify a project to be analyzed. The project file you specify should - be one that was created using the GUI interface. It will typically end - in the extension <filename>.fb</filename> or <filename>.fbp</filename>. - </para> - </listitem> - </varlistentry> - - <!-- - <varlistentry> - <term><command></command></term> - <listitem> - <para> - - </para> - </listitem> - </varlistentry> - --> - -</variablelist> - -</sect2> - -<sect2> -<title>GUI Options</title> - -<para> -These options are only accepted by the Graphical User Interface. - -<variablelist> - <varlistentry> - <term><command>-look:</command><replaceable>plastic|gtk|native</replaceable></term> - <listitem> - <para> - Set Swing look and feel. - </para> - </listitem> - </varlistentry> - -</variablelist> -</para> -</sect2> - -<sect2> -<title>Text UI Options</title> - -<para> -These options are only accepted by the Text User Interface. -</para> - -<variablelist> - <varlistentry> - <term><command>-sortByClass</command></term> - <listitem> - <para> - Sort reported bug instances by class name. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command >-include</command> <replaceable>filterFile.xml</replaceable></term> - <listitem> - <para> - Only report bug instances that match the filter specified by <replaceable>filterFile.xml</replaceable>. - See <xref linkend="filter" />. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command >-exclude</command> <replaceable>filterFile.xml</replaceable></term> - <listitem> - <para> - Report all bug instances except those matching the filter specified by <replaceable>filterFile.xml</replaceable>. - See <xref linkend="filter" />. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-onlyAnalyze</command> <replaceable>com.foobar.MyClass,com.foobar.mypkg.*</replaceable></term> - <listitem> - <para> - Restrict analysis to find bugs to given comma-separated list of - classes and packages. - Unlike filtering, this option avoids running analysis on - classes and packages that are not explicitly matched: - for large projects, this may greatly reduce the amount of time - needed to run the analysis. (However, some detectors may produce - inaccurate results if they aren't run on the entire application.) - Classes should be specified using their full classnames (including - package), and packages should be specified in the same way - they would in a Java <literal>import</literal> statement to - import all classes in the package (i.e., add <literal>.*</literal> - to the full name of the package). - Replace <literal>.*</literal> with <literal>.-</literal> to also - analyze all subpackages. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-low</command></term> - <listitem> - <para> - Report all bugs. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-medium</command></term> - <listitem> - <para> - Report medium and high priority bugs. This is the default setting. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-high</command></term> - <listitem> - <para> - Report only high priority bugs. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-relaxed</command></term> - <listitem> - <para> - Relaxed reporting mode. For many detectors, this option - suppresses the heuristics used to avoid reporting false positives. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-xml</command></term> - <listitem> - <para> - Produce the bug reports as XML. The XML data produced may be - viewed in the GUI at a later time. You may also specify this - option as <command>-xml:withMessages</command>; when this variant - of the option is used, the XML output will contain human-readable - messages describing the warnings contained in the file. - XML files generated this way are easy to transform into reports. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-html</command></term> - <listitem> - <para> - Generate HTML output. By default, &FindBugs; will use the <filename>default.xsl</filename> - <ulink url="http://www.w3.org/TR/xslt">XSLT</ulink> - stylesheet to generate the HTML: you can find this file in <filename>findbugs.jar</filename>, - or in the &FindBugs; source or binary distributions. Variants of this option include - <command>-html:plain.xsl</command>, <command>-html:fancy.xsl</command> and <command>-html:fancy-hist.xsl</command>. - The <filename>plain.xsl</filename> stylesheet does not use Javascript or DOM, - and may work better with older web browsers, or for printing. The <filename>fancy.xsl</filename> - stylesheet uses DOM and Javascript for navigation and CSS for - visual presentation. The <command>fancy-hist.xsl</command> an evolution of <command>fancy.xsl</command> stylesheet. - It makes an extensive use of DOM and Javascript for dynamically filtering the lists of bugs. - </para> - - <para> - If you want to specify your own - XSLT stylesheet to perform the transformation to HTML, specify the option as - <command>-html:<replaceable>myStylesheet.xsl</replaceable></command>, - where <replaceable>myStylesheet.xsl</replaceable> is the filename of the - stylesheet you want to use. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-emacs</command></term> - <listitem> - <para> - Produce the bug reports in Emacs format. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-xdocs</command></term> - <listitem> - <para> - Produce the bug reports in xdoc XML format for use with Apache Maven. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-output</command> <replaceable>filename</replaceable></term> - <listitem> - <para> - Produce the output in the specified file. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-outputFile</command> <replaceable>filename</replaceable></term> - <listitem> - <para> - This argument is deprecated. Use <command>-output</command> instead. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-nested</command><replaceable>[:true|false]</replaceable></term> - <listitem> - <para> - This option enables or disables scanning of nested jar and zip files found in - the list of files and directories to be analyzed. - By default, scanning of nested jar/zip files is enabled. - To disable it, add <command>-nested:false</command> to the command line - arguments. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-auxclasspath</command> <replaceable>classpath</replaceable></term> - <listitem> - <para> - Set the auxiliary classpath for analysis. This classpath should include all - jar files and directories containing classes that are part of the program - being analyzed but you do not want to have analyzed for bugs. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>-userPrefs</command> <replaceable>edu.umd.cs.findbugs.core.prefs</replaceable></term> - <listitem> - <para> - Set the path of the user preferences file to use, which might override some of the options abobe. - Specifying <literal>userPrefs</literal> as first argument would mean some later - options will override them, as last argument would mean they will override some previous options). - This rationale behind this option is to reuse FindBugs Eclipse project settings for command - line execution. - </para> - </listitem> - </varlistentry> - -<!-- - <varlistentry> - <term><command></command> <replaceable></replaceable></term> - <listitem> - <para> - </para> - </listitem> - </varlistentry> ---> - -</variablelist> - -</sect2> -</sect1> - - -</chapter> - -<chapter id="gui"> - <title>Using the &FindBugs; GUI</title> - - <para> - This chapter describes how to use the &FindBugs; graphical user interface (GUI). - </para> - -<sect1> -<title>Creating a Project</title> -<para> -After you have started &FindBugs; using the <command>findbugs</command> command, -choose the <menuchoice><guimenu>File</guimenu><guimenuitem>New Project</guimenuitem></menuchoice> -menu item. You will see a dialog which looks like this: -<mediaobject> -<imageobject> -<imagedata fileref="project-dialog.png" /> -</imageobject> -</mediaobject> -</para> - -<para> -Use the "Add" button next to "Classpath to analyze" to select a Java archive -file (zip, jar, ear, or war file) or directory containing java classes to analyze for bugs. You may add multiple -archives/directories. -</para> - -<para> -You can also add the source directories which contain -the source code for the Java archives you are analyzing. This will enable -&FindBugs; to highlight the source code which contains a possible error. -The source directories you add should be the roots of the Java -package hierarchy. For example, if your application is contained in the -<varname>org.foobar.myapp</varname> package, you should add the -parent directory of the <filename class="directory">org</filename> directory -to the source directory list for the project. -</para> - -<para> -Another optional step is to add additional Jar files or directories as -"Auxiliary classpath locations" entries. You should do this if the archives and directories you are analyzing -have references to other classes which are not included in the analyzed -archives/directories and are not in the standard runtime classpath. Some of the bug -pattern detectors in &FindBugs; make use of class hierarchy information, -so you will get more accurate results if the entire class hierarchy is -available which &FindBugs; performs its analysis. -</para> - -</sect1> - -<sect1> -<title>Running the Analysis</title> -<para> -Once you have added all of the archives, directories, and source directories, -click the "Analyze" button to analyze the classes contained in the -Jar files. Note that for a very large program on an older computer, -this may take quite a while (tens of minutes). A recent computer with -ample memory will typically be able to analyze a large program in only a -few minutes. -</para> -</sect1> - -<sect1> -<title>Browsing Results</title> - -<para> -When the analysis completes, you will see a screen like the following: -<mediaobject> - <imageobject> - <imagedata fileref="example-details.png" /> - </imageobject> -</mediaobject> -</para> - -<para> -The upper left-hand pane of the window shows the bug tree; this is a hierarchical -representation of all of the potential bugs detected in the analyzed -Jar files. -</para> - -<para> -When you select a particular bug instance in the top pane, you will -see a description of the bug in the "Details" tab of the bottom pane. -In addition, the source code pane on the upper-right will show the -program source code where the potential bug occurs, if source is available. -In the above example, the bug is a stream object that is not closed. The -source code window highlights the line where the stream object is created. -</para> - -<para> -You may add a textual annotations to bug instances. To do so, type them -into the text box just below the hierarchical view. You can type any -information which you would like to record. When you load and save bug -results files, the annotations are preserved. -</para> - -</sect1> - -<sect1> -<title>Saving and Opening</title> - -<para> -You may use the <menuchoice><guimenu>File</guimenu><guimenuitem>Save as...</guimenuitem></menuchoice> -menu option to save your work. To save your work, including the jar -file lists you specified and all bug results, choose -"FindBugs analysis results (.xml)" from the drop-down list in the -"Save as..." dialog. There are also options for saving just the jar -file lists ("FindBugs project file (.fbp)") or just the results -("FindBugs analysis file (.fba)"). -A saved file may be loaded with the -<menuchoice><guimenu>File</guimenu><guimenuitem>Open...</guimenuitem></menuchoice> -menu option. -</para> - -</sect1> - -<!-- -<sect1 id="textui"> -<title>Using the &FindBugs;™ Command Line Interface</title> - -<para> -The &FindBugs; Command Line Interface (or Text UI) can be used to -analyze an application for bugs non-interactively. Each bug instance will be -reported on a single line. All output is written to the standard output file descriptor. -<xref linkend="filter" /> explains how bug reports may be filtered in order -to get only the output you're interested in. -</para> - -<para> -See <xref linkend="commandLineOptions" /> for a description of how to invoke the -Command Line Interface. -</para> -</sect1> ---> - -</chapter> - -<!-- - ************************************************************************** - Using the FindBugs Ant task - ************************************************************************** ---> - -<chapter id="anttask"> -<title>Using the &FindBugs;™ &Ant; task</title> - -<para> -This chapter describes how to integrate &FindBugs; into a build script -for <ulink url="http://ant.apache.org/">&Ant;</ulink>, which is a popular Java build -and deployment tool. Using the &FindBugs; &Ant; task, your build script can -automatically run &FindBugs; on your Java code. -</para> - -<para> -The &Ant; task was generously contributed by Mike Fagan. -</para> - -<sect1> -<title>Installing the &Ant; task</title> - -<para> -To install the &Ant; task, simply copy <filename>&FBHome;/lib/findbugs-ant.jar</filename> -into the <filename>lib</filename> subdirectory of your &Ant; installation. - -<note> -<para>It is strongly recommended that you use the &Ant; task with the version -of &FindBugs; it was included with. We do not guarantee that the &Ant; task Jar file -will work with any version of &FindBugs; other than the one it was included with.</para> -</note> -</para> - -</sect1> - -<sect1> -<title>Modifying build.xml</title> - -<para> -To incorporate &FindBugs; into <filename>build.xml</filename> (the build script -for &Ant;), you first need to add a task definition. This should appear as follows: - -<screen> - <taskdef name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask"/> -</screen> - -The task definition specifies that when a <literal>findbugs</literal> element is -seen in <filename>build.xml</filename>, it should use the indicated class to execute the task. -</para> - -<para> -After you have added the task definition, you can define a target -which uses the <literal>findbugs</literal> task. Here is an example -which could be added to the <filename>build.xml</filename> for the -Apache <ulink url="http://jakarta.apache.org/bcel/">BCEL</ulink> library. - -<screen> - <property name="findbugs.home" value="/export/home/daveho/work/findbugs" /> - - <target name="findbugs" depends="jar"> - <findbugs home="${findbugs.home}" - output="xml" - outputFile="bcel-fb.xml" > - <auxClasspath path="${basedir}/lib/Regex.jar" /> - <sourcePath path="${basedir}/src/java" /> - <class location="${basedir}/bin/bcel.jar" /> - </findbugs> - </target> -</screen> - -The <literal>findbugs</literal> element must have the <literal>home</literal> -attribute set to the directory in which &FindBugs; is installed; in other words, -&FBHome;. See <xref linkend="installing" />. -</para> - -<para> -This target will execute &FindBugs; on <filename>bcel.jar</filename>, which is the -Jar file produced by BCEL's build script. (By making it depend on the "jar" -target, we ensure that the library is fully compiled before running &FindBugs; on it.) -The output of &FindBugs; will be saved in XML format to a file called -<filename>bcel-fb.xml</filename>. -An auxiliary Jar file, <filename>Regex.jar</filename>, is added to the aux classpath, -because it is referenced by the main BCEL library. A source path is specified -so that the saved bug data will have accurate references to the BCEL source code. -</para> -</sect1> - -<sect1> -<title>Executing the task</title> - -<para> -Here is an example of invoking &Ant; from the command line, using the <literal>findbugs</literal> -target defined above. - -<screen> - <prompt>[daveho@noir]$</prompt> <command>ant findbugs</command> - Buildfile: build.xml - - init: - - compile: - - examples: - - jar: - - findbugs: - [findbugs] Running FindBugs... - [findbugs] Bugs were found - [findbugs] Output saved to bcel-fb.xml - - BUILD SUCCESSFUL - Total time: 35 seconds -</screen> - -In this case, because we saved the bug results in an XML file, we can -use the &FindBugs; GUI to view the results; see <xref linkend="running"/>. -</para> - -</sect1> - -<sect1> -<title>Parameters</title> - -<para>This section describes the parameters that may be specified when -using the &FindBugs; task. - -<variablelist> - - <varlistentry> - <term><literal>class</literal></term> - <listitem> - <para> - A optional nested element specifying which classes to analyze. The <literal>class</literal> - element must specify a <literal>location</literal> attribute which names the - archive file (jar, zip, etc.), directory, or class file to be analyzed. Multiple <literal>class</literal> - elements may be specified as children of a single <literal>findbugs</literal> element. - </para> - <para>In addition to or instead of specifying a <literal>class</literal> element, - the &FindBugs; task can contain one or more <literal>fileset</literal> element(s) that - specify files to be analyzed. - For example, you might use a fileset to specify that all of the jar files in a directory - should be analyzed. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>auxClasspath</literal></term> - <listitem> - <para> - An optional nested element which specifies a classpath (Jar files or directories) - containing classes used by the analyzed library or application, but which - you don't want to analyze. It is specified the same way as - &Ant;'s <literal>classpath</literal> element for the Java task. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>sourcePath</literal></term> - <listitem> - <para> - An optional nested element which specifies a source directory path - containing source files used to compile the Java code being analyzed. - By specifying a source path, any generated XML bug output will have - complete source information, which allows later viewing in the - GUI. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>home</literal></term> - <listitem> - <para> - A required attribute. - It must be set to the name of the directory where &FindBugs; is installed. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>quietErrors</literal></term> - <listitem> - <para> - An optional boolean attribute. - If true, reports of serious analysis errors and missing classes will - be suppressed in the &FindBugs; output. Default is false. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>reportLevel</literal></term> - <listitem> - <para> - An optional attribute. It specifies - the confidence/priority threshold for reporting issues. If set to "low", confidence is not used to filter bugs. - If set to "medium" (the default), low confidence issues are supressed. - If set to "high", only high confidence bugs are reported. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>output</literal></term> - <listitem> - <para> - Optional attribute. - It specifies the output format. If set to "xml" (the default), output - is in XML format. - If set to "xml:withMessages", output is in XML format augmented with - human-readable messages. (You should use this format if you plan - to generate a report using an XSL stylesheet.) - If set to "html", output is in HTML formatted (default stylesheet is default.xsl). - If set to "text", output is in ad-hoc text format. - If set to "emacs", output is in <ulink url="http://www.gnu.org/software/emacs/">Emacs</ulink> error message format. - If set to "xdocs", output is xdoc XML for use with Apache Maven. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><literal>stylesheet</literal></term> - <listitem> - <para> - Optional attribute. - It specifies the stylesheet to use to generate html output when the output is set to html. - Stylesheets included in the FindBugs distribution include default.xsl, fancy.xsl, fancy-hist.xsl, plain.xsl, and summary.xsl. - The default value, if no stylesheet attribute is provided, is default.xsl. - - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>sort</literal></term> - <listitem> - <para> - Optional attribute. If the <literal>output</literal> attribute - is set to "text", then the <literal>sort</literal> attribute specifies - whether or not reported bugs are sorted by class. Default is true. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>outputFile</literal></term> - <listitem> - <para> - Optional attribute. If specified, names the output file in which the - &FindBugs; output will be saved. By default, the output is displayed - directly by &Ant;. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>debug</literal></term> - <listitem> - <para> - Optional boolean attribute. If set to true, &FindBugs; prints diagnostic - information about which classes are being analyzed, and which bug pattern - detectors are being run. Default is false. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>effort</literal></term> - <listitem> - <para> - Set the analysis effort level. The value specified should be - one of <literal>min</literal>, <literal>default</literal>, - or <literal>max</literal>. See <xref linkend="commandLineOptions"/> - for more information about setting the analysis level. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>conserveSpace</literal></term> - <listitem> - <para>Synonym for effort="min".</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>workHard</literal></term> - <listitem> - <para>Synonym for effort="max".</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>visitors</literal></term> - <listitem> - <para> - Optional attribute. It specifies a comma-separated list of bug detectors - which should be run. The bug detectors are specified by their class names, - without any package qualification. By default, all detectors which are - not disabled by default are run. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>omitVisitors</literal></term> - <listitem> - <para> - Optional attribute. It is like the <literal>visitors</literal> attribute, - except it specifies detectors which will <emphasis>not</emphasis> be run. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>excludeFilter</literal></term> - <listitem> - <para> - Optional attribute. It specifies the filename of a filter specifying bugs - to exclude from being reported. See <xref linkend="filter" />. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>includeFilter</literal></term> - <listitem> - <para> - Optional attribute. It specifies the filename of a filter specifying - which bugs are reported. See <xref linkend="filter" />. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>projectFile</literal></term> - <listitem> - <para> - Optional attribute. It specifies the name of a project file. - Project files are created by the &FindBugs; GUI, and specify classes, - aux classpath entries, and source directories. By naming a project, - you don't need to specify any <literal>class</literal> elements, - nor do you need to specify <literal>auxClasspath</literal> or - <literal>sourcePath</literal> attributes. - See <xref linkend="running"/> for how to create a project. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>jvmargs</literal></term> - <listitem> - <para> - Optional attribute. It specifies any arguments that should be passed - to the Java virtual machine used to run &FindBugs;. You may need to - use this attribute to specify flags to increase the amount of memory - the JVM may use if you are analyzing a very large program. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>systemProperty</literal></term> - <listitem> - <para> - Optional nested element. If specified, defines a system property. - The <literal>name</literal> attribute specifies the name of the - system property, and the <literal>value</literal> attribute specifies - the value of the system property. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>timeout</literal></term> - <listitem> - <para> - Optional attribute. It specifies the amount of time, in milliseconds, - that the Java process executing &FindBugs; may run before it is - assumed to be hung and is terminated. The default is 600,000 - milliseconds, which is ten minutes. Note that for very large - programs, &FindBugs; may require more than ten minutes to complete its - analysis. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>failOnError</literal></term> - <listitem> - <para> - Optional boolean attribute. Whether to abort the build process if there is an - error running &FindBugs;. Defaults to "false" - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>errorProperty</literal></term> - <listitem> - <para> - Optional attribute which specifies the name of a property that - will be set to "true" if an error occurs while running &FindBugs;. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>warningsProperty</literal></term> - <listitem> - <para> - Optional attribute which specifies the name of a property - that will be set to "true" if any warnings are reported by - &FindBugs; on the analyzed program. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>userPreferencesFile</literal></term> - <listitem> - <para> - Optional attribute. Set the path of the user preferences file to use, which might override some of the options abobe. - Specifying <literal>userPreferencesFile</literal> as first argument would mean some later - options will override them, as last argument would mean they will override some previous options). - This rationale behind this option is to reuse FindBugs Eclipse project settings for command - line execution. - </para> - </listitem> - </varlistentry> - -</variablelist> - - -</para> - -<!-- - ---> - -</sect1> - -</chapter> - -<!-- - ************************************************************************** - Using the FindBugs Eclipse plugin - ************************************************************************** ---> - -<chapter id="eclipse"> -<title>Using the &FindBugs;™ Eclipse plugin</title> - -<para> -The FindBugs Eclipse plugin allows &FindBugs; to be used within -the <ulink url="http://www.eclipse.org/">Eclipse</ulink> IDE. -The FindBugs Eclipse plugin was generously contributed by Peter Friese. -Phil Crosby and Andrei Loskutov contributed major improvements -to the plugin. -</para> - -<sect1> -<title>Requirements</title> - -<para> -To use the &FindBugs; Plugin for Eclipse, you need Eclipse 3.3 or later, -and JRE/JDK 1.5 or later. -</para> - -</sect1> - -<sect1> -<title>Installation</title> - -<para> - We provide update sites that allow you to automatically install FindBugs into Eclipse and also query and install updates. - There are three different update sites</para> - - <variablelist><title>FindBugs Eclipse update sites</title> - <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</ulink></term> - - <listitem> - <para> - Only provides official releases of FindBugs. - </para> - </listitem> - </varlistentry> - - <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse-candidate/">http://findbugs.cs.umd.edu/eclipse-candidate/</ulink></term> - - <listitem> - <para> - Provides official releases and release candidates of FindBugs. - </para> - </listitem> - </varlistentry> - - <varlistentry><term><ulink url="http://findbugs.cs.umd.edu/eclipse-daily/">http://findbugs.cs.umd.edu/eclipse-daily/</ulink></term> - - <listitem> - <para> - Provides the daily build of FindBugs. No testing other than that it compiles. - </para> - </listitem> - </varlistentry> - </variablelist> - -<para>You can also manually -download the plugin from the following link: -<ulink url="http://prdownloads.sourceforge.net/findbugs/edu.umd.cs.findbugs.plugin.eclipse_2.0.3.20131122.zip?download" ->http://prdownloads.sourceforge.net/findbugs/edu.umd.cs.findbugs.plugin.eclipse_2.0.3.20131122.zip?download</ulink>. -Extract it in Eclipse's "plugins" subdirectory. -(So <eclipse_install_dir>/plugins/edu.umd.cs.findbugs.plugin.eclipse_2.0.3.20131122/findbugs.png -should be the path to the &FindBugs; logo.) - -</para> - -<para> -Once the plugin is extracted, start Eclipse and choose -<menuchoice> - <guimenu>Help</guimenu> - <guimenuitem>About Eclipse Platform</guimenuitem> - <guimenuitem>Plug-in Details</guimenuitem> -</menuchoice>. -You should find a plugin called "FindBugs Plug-in" provided by "FindBugs Project". -</para> -</sect1> - -<sect1> -<title>Using the Plugin</title> - -<para> -To get started, right click on a Java project in Package Explorer, -and select the option labeled "Find Bugs". -&FindBugs; will run, and problem markers (displayed in source -windows, and also in the Eclipse Problems view) will point to -locations in your code which have been identified as potential instances -of bug patterns. -</para> -<para> -You can also run &FindBugs; on existing java archives (jar, ear, zip, war etc). Simply -create an empty Java project and attach archives to the project classpath. Having that, you -can now right click the archive node in Package Explorer and select the option labeled -"Find Bugs". If you additionally configure the source code locations for the binaries, -&FindBugs; will also link the generated warnings to the right source files. -</para> -<para> -You may customize how &FindBugs; runs by opening the Properties -dialog for a Java project, and choosing the "Findbugs" property page. -Options you may choose include: -</para> - -<itemizedlist> - <listitem> - <para> - Enable or disable the "Run FindBugs Automatically" checkbox. - When enabled, FindBugs will run every time you modify a Java class - within the project. - </para> - </listitem> - - <listitem> - <para> - Choose minimum warning priority and enabled bug categories. - These options will choose which warnings are shown. - For example, if you select the "Medium" warning priority, - only Medium and High priority warnings will be shown. - Similarly, if you uncheck the "Style" checkbox, no warnings - in the Style category will be displayed. - </para> - </listitem> - - <listitem> - <para> - Select detectors. The table allows you to select which detectors - you want to enable for your project. - </para> - </listitem> -</itemizedlist> - -</sect1> - -<sect1> -<title>Extending the Eclipse Plugin (since 2.0.0)</title> -<para> -Eclipse plugin supports contribution of custom &FindBugs; detectors (see also -<ulink url="http://code.google.com/p/findbugs/source/browse/trunk/findbugs/src/doc/AddingDetectors.txt">AddingDetectors.txt</ulink> -for more information). There are two ways to contribute custom plugins to the Eclipse: -</para> -<itemizedlist> - <listitem> - <para> - Existing standard &FindBugs; detector packages can be configured via - <menuchoice> - <guimenu>Window</guimenu> - <guimenuitem>Preferences</guimenuitem> - <guimenuitem>Java</guimenuitem> - <guimenuitem>&FindBugs;</guimenuitem> - <guimenuitem>Misc. Settings</guimenuitem> - <guimenuitem>Custom Detectors</guimenuitem> - </menuchoice>. - Simply specify there locations of any additional plugin libraries. - </para> - - <para> - The benefit of this solution is that already existing detector packages can be - used "as is", and that you can quickly verify the quality of third party detectors. - The drawback is that you have to apply this settings in each - new Eclipse workspace, and this settings can't be shared between team members. - </para> - </listitem> - - <listitem> - <para> - It is possible to contribute custom detectors via standard Eclipse extensions mechanism. - </para> - - <para> - Please check the documentation of the - <ulink url="http://code.google.com/p/findbugs/source/browse/trunk/eclipsePlugin/schema/detectorPlugins.exsd"> - findBugsEclipsePlugin/schema/detectorPlugins.exsd</ulink> - extension point how to update the plugin.xml. Existing &FindBugs; detector plugins can - be easily "extended" to be full featured &FindBugs; AND Eclipse detector plugins. - Usually you only need to add META-INF/MANIFEST.MF and plugin.xml to the jar and - update your build scripts to not to override the MANIFEST.MF during the build. - </para> - - <para> - The benefit of this solution is that for given (shared) Eclipse installation - each team member has exactly same detectors set, and there is no need to configure - anything anymore. The (really small) precondition - is that you have to convert your existing detectors package to the valid - Eclipse plugin. You can do this even for third-party detector packages. - Another major differentiator is the ability to extend the default FindBugs - classpath at runtime with required third party libraries (see - <ulink url="http://code.google.com/p/findbugs/source/browse/trunk/findbugs/src/doc/AddingDetectors.txt">AddingDetectors.txt</ulink> - for more information). - </para> - </listitem> - -</itemizedlist> - -</sect1> - -<sect1> -<title>Troubleshooting</title> - -<para> -This section lists common problems with the plugin and (if known) how to resolve them. -</para> - -<itemizedlist> - <listitem> - <para> - If you see OutOfMemory error dialogs after starting &FindBugs; analysis in Eclipse, - please increase JVM available memory: change eclipse.ini and add the lines below - to the end of the file: - <programlisting> - -vmargs - -Xmx1000m - </programlisting> - Important: the configuration arguments starting with the line "-vmargs" must - be last lines in the eclipse.ini file, and only one argument per line is allowed! - </para> - </listitem> - <listitem> - <para> - If you do not see any &FindBugs; problem markers (in your source - windows or in the Problems View), you may need to change your - Problems View filter settings. See - <ulink url="http://findbugs.sourceforge.net/FAQ.html#q7">http://findbugs.sourceforge.net/FAQ.html#q7</ulink> for more information. - </para> - </listitem> - -</itemizedlist> - -</sect1> - - -</chapter> - - -<!-- - ************************************************************************** - Filter files - ************************************************************************** ---> - -<chapter id="filter"> -<title>Filter Files</title> - -<para> -Filter files may be used to include or exclude bug reports for particular classes -and methods. This chapter explains how to use filter files. - -<note> -<title>Planned Features</title> -<para> - Filters are currently only supported by the Command Line interface. - Eventually, filter support will be added to the GUI. -</para> -</note> -</para> - - -<sect1> -<title>Introduction to Filter Files</title> - -<para> -Conceptually, a filter matches bug instances against a set of criteria. -By defining a filter, you can select bug instances for special treatment; -for example, to exclude or include them in a report. -</para> - -<para> -A filter file is an <ulink url="http://www.w3.org/XML/">XML</ulink> document with a top-level <literal>FindBugsFilter</literal> element -which has some number of <literal>Match</literal> elements as children. Each <literal>Match</literal> -element represents a predicate which is applied to generated bug instances. -Usually, a filter will be used to exclude bug instances. For example: - -<screen> -<prompt>$ </prompt><command>findbugs -textui -exclude <replaceable>myExcludeFilter.xml</replaceable> <replaceable>myApp.jar</replaceable></command> -</screen> - -However, a filter could also be used to select bug instances to specifically -report: - -<screen> -<prompt>$ </prompt><command>findbugs -textui -include <replaceable>myIncludeFilter.xml</replaceable> <replaceable>myApp.jar</replaceable></command> -</screen> -</para> - -<para> -<literal>Match</literal> elements contain children, which are conjuncts of the predicate. -In other words, each of the children must be true for the predicate to be true. -</para> - -</sect1> - -<sect1> -<title>Types of Match clauses</title> - -<variablelist> - <varlistentry> - <term><literal><Bug></literal></term> - <listitem><para> - This element specifies a particular bug pattern or patterns to match. - The <literal>pattern</literal> attribute is a comma-separated list of - bug pattern types. You can find the bug pattern types for particular - warnings by looking at the output produced by the <command>-xml</command> - output option (the <literal>type</literal> attribute of <literal>BugInstance</literal> - elements), or from the <ulink url="../bugDescriptions.html">bug - descriptions document</ulink>. - </para><para> - For more coarse-grained matching, use <literal>code</literal> attribute. It takes - a comma-separated list of bug abbreviations. For most-coarse grained matching use - <literal>category</literal> attriute, that takes a comma separated list of bug category names: - <literal>CORRECTNESS</literal>, <literal>MT_CORRECTNESS</literal>, - <literal>BAD_PRACTICICE</literal>, <literal>PERFORMANCE</literal>, <literal>STYLE</literal>. - </para><para> - If more than one of the attributes mentioned above are specified on the same - <literal><Bug></literal> element, all bug patterns that match either one of specified - pattern names, or abreviations, or categories will be matched. - </para><para> - As a backwards compatibility measure, <literal><BugPattern></literal> and - <literal><BugCode></literal> elements may be used instead of - <literal><Bug></literal> element. Each of these uses a - <literal>name</literal> attribute for specifying accepted values list. Support for these - elements may be removed in a future release. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><literal><Confidence></literal></term> - <listitem> - <para> - This element matches warnings with a particular bug confidence. - The <literal>value</literal> attribute should be an integer value: - 1 to match high-confidence warnings, 2 to match normal-confidence warnings, - or 3 to match low-confidence warnings. <Confidence> replaced - <Priority> in 2.0.0 release. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal><Priority></literal></term> - <listitem> - <para> - Same as <literal><Confidence></literal>, exists for backward compatibility. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal><Rank></literal></term> - <listitem> - <para> - This element matches warnings with a particular bug rank. - The <literal>value</literal> attribute should be an integer value - between 1 and 20, where 1 to 4 are scariest, 5 to 9 scary, 10 to 14 troubling, - and 15 to 20 of concern bugs. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal><Package></literal></term> - <listitem> - <para> - This element matches warnings associated with classes within the package specified - using <literal>name</literal> attribute. Nested packages are not included (along the - lines of Java import statement). However matching multiple packages can be achieved - easily using regex name match. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal><Class></literal></term> - <listitem> - <para> - This element matches warnings associated with a particular class. The - <literal>name</literal> attribute is used to specify the exact or regex match pattern - for the class name. - </para> - - <para> - As a backward compatibility measure, instead of element of this type, you can use - <literal>class</literal> attribute on a <literal>Match</literal> element to specify - exact an class name or <literal>classregex</literal> attribute to specify a regular - expression to match the class name against. - </para> - - <para> - If the <literal>Match</literal> element contains neither a <literal>Class</literal> element, - nor a <literal>class</literal> / <literal>classregex</literal> attribute, the predicate will apply - to all classes. Such predicate is likely to match more bug instances than you want, unless it is - refined further down with apropriate method or field predicates. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal><Method></literal></term> - - <listitem><para>This element specifies a method. The <literal>name</literal> is used to specify - the exact or regex match pattern for the method name. - The <literal>params</literal> attribute is a comma-separated list - of the types of the method's parameters. The <literal>returns</literal> attribute is - the method's return type. In <literal>params</literal> and <literal>returns</literal>, class names - must be fully qualified. (E.g., "java.lang.String" instead of just - "String".) If one of the latter attributes is specified the other is required for creating a method signature. - Note that you can provide either <literal>name</literal> attribute or <literal>params</literal> - and <literal>returns</literal> attributes or all three of them. This way you can provide various kinds of - name and signature based matches. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><literal><Field></literal></term> - - <listitem><para>This element specifies a field. The <literal>name</literal> attribute is is used to specify - the exact or regex match pattern for the field name. You can also filter fields according to their signature - - use <literal>type</literal> attribute to specify fully qualified type of the field. You can specify eiter or both - of these attributes in order to perform name / signature based matches. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><literal><Local></literal></term> - - <listitem><para>This element specifies a local variable. The <literal>name</literal> attribute is is used to specify - the exact or regex match pattern for the local variable name. Local variables are variables defined within a method. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><literal><Or></literal></term> - <listitem><para> - This element combines <literal>Match</literal> clauses as disjuncts. I.e., you can put two - <literal>Method</literal> elements in an <literal>Or</literal> clause in order to match either method. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal><And></literal></term> - <listitem><para> - This element combines <literal>Match</literal> clauses which both must evaluate to true. I.e., you can put - <literal>Bug</literal> and <literal>Priority</literal> elements in an <literal>And</literal> clause in order - to match specific bugs with given priority only. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal><Not></literal></term> - <listitem><para> - This element inverts the included child <literal>Match</literal>. I.e., you can put a - <literal>Bug</literal> element in a <literal>Not</literal> clause in order to match any bug - excluding the given one. - </para></listitem> - </varlistentry> -</variablelist> - -</sect1> - -<sect1> -<title>Java element name matching</title> - -<para> -If the <literal>name</literal> attribute of <literal>Class</literal>, <literal>Method</literal> or -<literal>Field</literal> starts with the ~ character the rest of attribute content is interpreted as -a Java regular expression that is matched against the names of the Java element in question. -</para> - -<para> -Note that the pattern is matched against whole element name and therefore .* clauses need to be used -at pattern beginning and/or end to perform substring matching. -</para> - -<para> -See <ulink url="http://java.sun.com/j2se/1.5.0/docs/api/java/util/regex/Pattern.html"><literal>java.util.regex.Pattern</literal></ulink> -documentation for pattern syntax. -</para> -</sect1> - -<sect1> -<title>Caveats</title> - -<para> -<literal>Match</literal> clauses can only match information that is actually contained in the -bug instances. Every bug instance has a class, so in general, excluding -bugs by class will work. -</para> - -<para> -Some bug instances have two (or more) classes. For example, the DE (dropped exception) -bugs report both the class containing the method where the dropped exception -happens, and the class which represents the type of the dropped exception. -Only the <emphasis>first</emphasis> (primary) class is matched against <literal>Match</literal> clauses. -So, for example, if you want to suppress IC (initialization circularity) -reports for classes "com.foobar.A" and "com.foobar.B", you would use -two <literal>Match</literal> clauses: - -<programlisting> - <Match> - <Class name="com.foobar.A" /> - <Bug code="IC" /> - </Match> - - <Match> - <Class name="com.foobar.B" /> - <Bug code="IC" /> - </Match> -</programlisting> - -By explicitly matching both classes, you ensure that the IC bug instance will be -matched regardless of which class involved in the circularity happens to be -listed first in the bug instance. (Of course, this approach might accidentally -supress circularities involving "com.foobar.A" or "com.foobar.B" and a third -class.) -</para> - -<para> -Many kinds of bugs report what method they occur in. For those bug instances, -you can put <literal>Method</literal> clauses in the <literal>Match</literal> element and they should work -as expected. -</para> - -</sect1> - -<sect1> -<title>Examples</title> - -<para> - 1. Match all bug reports for a class. - -<programlisting> -<![CDATA[ - <Match> - <Class name="com.foobar.MyClass" /> - </Match> -]]> -</programlisting> - -</para> - -<para> - 2. Match certain tests from a class by specifying their abbreviations. -<programlisting> -<![CDATA[ - <Match> - <Class name="com.foobar.MyClass"/ > - <Bug code="DE,UrF,SIC" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 3. Match certain tests from all classes by specifying their abbreviations. - -<programlisting> -<![CDATA[ - <Match> - <Bug code="DE,UrF,SIC" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 4. Match certain tests from all classes by specifying their category. - -<programlisting> -<![CDATA[ - <Match> - <Bug category="PERFORMANCE" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 5. Match bug types from specified methods of a class by their abbreviations. - -<programlisting> -<![CDATA[ - <Match> - <Class name="com.foobar.MyClass" /> - <Or> - <Method name="frob" params="int,java.lang.String" returns="void" /> - <Method name="blat" params="" returns="boolean" /> - </Or> - <Bug code="DC" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 6. Match a particular bug pattern in a particular method. - -<programlisting> -<![CDATA[ - <!-- A method with an open stream false positive. --> - <Match> - <Class name="com.foobar.MyClass" /> - <Method name="writeDataToFile" /> - <Bug pattern="OS_OPEN_STREAM" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 7. Match a particular bug pattern with a given priority in a particular method. - -<programlisting> -<![CDATA[ - <!-- A method with a dead local store false positive (medium priority). --> - <Match> - <Class name="com.foobar.MyClass" /> - <Method name="someMethod" /> - <Bug pattern="DLS_DEAD_LOCAL_STORE" /> - <Priority value="2" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 8. Match minor bugs introduced by AspectJ compiler (you are probably not interested in these unless - you are an AspectJ developer). - -<programlisting> -<![CDATA[ - <Match> - <Class name="~.*\$AjcClosure\d+" /> - <Bug pattern="DLS_DEAD_LOCAL_STORE" /> - <Method name="run" /> - </Match> - <Match> - <Bug pattern="UUF_UNUSED_FIELD" /> - <Field name="~ajc\$.*" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 9. Match bugs in specific parts of the code base - -<programlisting> -<![CDATA[ - <!-- match unused fields warnings in Messages classes in all packages --> - <Match> - <Class name="~.*\.Messages" /> - <Bug code="UUF" /> - </Match> - <!-- match mutable statics warnings in all internal packages --> - <Match> - <Package name="~.*\.internal" /> - <Bug code="MS" /> - </Match> - <!-- match anonymoous inner classes warnings in ui package hierarchy --> - <Match> - <Package name="~com\.foobar\.fooproject\.ui.*" /> - <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON" /> - </Match> -]]> -</programlisting> -</para> - -<para> - 10. Match bugs on fields or methods with specific signatures -<programlisting> -<![CDATA[ - <!-- match System.exit(...) usage warnings in void main(String[]) methods in all classes --> - <Match> - <Method returns="void" name="main" params="java.lang.String[]" /> - <Bug pattern="DM_EXIT" /> - </Match> - <!-- match UuF warnings on fields of type com.foobar.DebugInfo on all classes --> - <Match> - <Field type="com.foobar.DebugInfo" /> - <Bug code="UuF" /> - </Match> -]]> -</programlisting> -</para> - - -<para> - 11. Match bugs using the Not filter operator -<programlisting> -<![CDATA[ -<!-- ignore all bugs in test classes, except for those bugs specifically relating to JUnit tests --> -<!-- i.e. filter bug if ( classIsJUnitTest && ! bugIsRelatedToJUnit ) --> -<Match> - <!-- the Match filter is equivalent to a logical 'And' --> - - <Class name="~.*\.*Test" /> - <!-- test classes are suffixed by 'Test' --> - - <Not> - <Bug code="IJU" /> <!-- 'IJU' is the code for bugs related to JUnit test code --> - </Not> -</Match> -]]> -</programlisting> -</para> - -</sect1> - -<sect1> -<title>Complete Example</title> - -<programlisting> -<![CDATA[ -<FindBugsFilter> - <Match> - <Class name="com.foobar.ClassNotToBeAnalyzed" /> - </Match> - - <Match> - <Class name="com.foobar.ClassWithSomeBugsMatched" /> - <Bug code="DE,UrF,SIC" /> - </Match> - - <!-- Match all XYZ violations. --> - <Match> - <Bug code="XYZ" /> - </Match> - - <!-- Match all doublecheck violations in these methods of "AnotherClass". --> - <Match> - <Class name="com.foobar.AnotherClass" /> - <Or> - <Method name="nonOverloadedMethod" /> - <Method name="frob" params="int,java.lang.String" returns="void" /> - <Method name="blat" params="" returns="boolean" /> - </Or> - <Bug code="DC" /> - </Match> - - <!-- A method with a dead local store false positive (medium priority). --> - <Match> - <Class name="com.foobar.MyClass" /> - <Method name="someMethod" /> - <Bug pattern="DLS_DEAD_LOCAL_STORE" /> - <Priority value="2" /> - </Match> - - <!-- All bugs in test classes, except for JUnit-specific bugs --> - <Match> - <Class name="~.*\.*Test" /> - <Not> - <Bug code="IJU" /> - </Not> - </Match> - -</FindBugsFilter> -]]> -</programlisting> - -</sect1> - - -</chapter> - - -<!-- - ************************************************************************** - Analysis properties - ************************************************************************** ---> - -<chapter id="analysisprops"> -<title>Analysis Properties</title> - -<para> -&FindBugs; allows several aspects of the analyses it performs to be -customized. System properties are used to configure these options. -This chapter describes the configurable analysis options. -</para> - -<para> -The analysis options have two main purposes. First, they allow you -to inform &FindBugs; about the meaning of methods in your application, -so that it can produce more accurate results, or produce fewer -false warnings. Second, they allow you to configure the precision -of the analysis performed. Reducing analysis precision can save -memory and analysis time, at the expense of missing some real bugs, -or producing more false warnings. -</para> - -<para> -The analysis options are set using the <command>-property</command> -command line option. For example: -<screen> -<prompt>$ </prompt><command>findbugs -textui -property "cfg.noprune=true" <replaceable>myApp.jar</replaceable></command> -</screen> -</para> - -<para> -The list of configurable analysis properties is shown in -<xref linkend="analysisproptable"/>. -</para> - -<table id="analysisproptable"> -<title>Configurable Analysis Properties</title> -<tgroup cols="3" align="left"> - <thead> - <row> - <entry>Property Name</entry> - <entry>Value</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> -<!-- - <row> - <entry>cfg.noprune</entry> - <entry>true or false</entry> - <entry>If true, infeasible exception edges are not pruned from - the control flow graphs of analyzed methods. This option - increases the speed of the analysis (by about 20%-30%), - but causes some detectors to produce more false warnings.</entry> - </row> ---> - <row> - <entry>findbugs.assertionmethods</entry> - <entry>Comma-separated list of fully qualified method names: - e.g., "com.foo.MyClass.checkAssertion"</entry> - <entry>This property specifies the names of methods that are used - to check program assertions. Specifying these methods allows - the null pointer dereference bug detector to avoid reporting - false warnings for values which are checked by assertion - methods.</entry> - </row> - <row> - <entry>findbugs.de.comment</entry> - <entry>true or false</entry> - <entry>If true, the DroppedException detector scans source code - for empty catch blocks for a comment, and if one is found, does - not report a warning.</entry> - </row> - <row> - <entry>findbugs.maskedfields.locals</entry> - <entry>true or false</entry> - <entry>If true, emit low priority warnings for local variables - which obscure fields. Default is false.</entry> - </row> - <row> - <entry>findbugs.nullderef.assumensp</entry> - <entry>true or false</entry> - <entry>not used - (intention: If true, the null dereference detector assumes that any - reference value returned from a method or passed to a method - in a parameter might be null. Default is false. Note that - enabling this property will very likely cause a large number - of false warnings to be produced.)</entry> - </row> - <row> - <entry>findbugs.refcomp.reportAll</entry> - <entry>true or false</entry> - <entry>If true, all suspicious reference comparisons - using the == and != operators are reported. If false, - only one such warning is issued per method. Default - is false.</entry> - </row> - <row> - <entry>findbugs.sf.comment</entry> - <entry>true or false</entry> - <entry>If true, the SwitchFallthrough detector will only report - warnings for cases where the source code does not have a comment - containing the words "fall" or "nobreak". (An accurate source - path must be used for this feature to work correctly.) - This helps find cases where the switch fallthrough is likely - to be unintentional.</entry> - </row> -<!-- see others at src/doc/manual/sysprops.html - <row> - <entry></entry> - <entry></entry> - <entry></entry> - </row> ---> - </tbody> -</tgroup> -</table> - -</chapter> - -<!-- - ************************************************************************** - Annotations - *************************************************************************** ---> - -<chapter id="annotations"> -<title>Annotations</title> - -<para> -&FindBugs; supports several annotations to express the developer's intent -so that FindBugs can issue warnings more appropriately. You need to use -Java 5 to use annotations, and must place the annotations.jar and jsr305.jar -files in the classpath while compiling your program. -</para> - -<variablelist> - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.CheckForNull</command></term> - <listitem> -<command>[Target]</command> Field, Method, Parameter - </listitem> - <listitem> - <para> -The annotated element might be null, and uses of the element should check for null. -When this annotation is applied to a method it applies to the method return value. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.CheckReturnValue</command></term> - <listitem> - <command>[Target]</command> Method, Constructor - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>priority:</command>The priority of the warning (HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM. - </para> - </listitem> - <listitem> - <para> - <command>explanation:</command>A textual explaination of why the return value should be checked. Default value:"". - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -This annotation is used to denote a method whose return value should always be checked after invoking the method. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotation</command></term> - <listitem> - <command>[Target]</command> Type, Package - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>Annotation class objects. More than one class can be specified. - </para> - </listitem> - <listitem> - <para> - <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -Indicates that all members of the class or package should be annotated with the default -value of the supplied annotation classes. This would be used for behavior annotations -such as @NonNull, @CheckForNull, or @CheckReturnValue. In particular, you can use -@DefaultAnnotation(NonNull.class) on a class or package, and then use @Nullable only -on those parameters, methods or fields that you want to allow to be null. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields</command></term> - <listitem> - <command>[Target]</command> Type, Package - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>Annotation class objects. More than one class can be specified. - </para> - </listitem> - <listitem> - <para> - <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -This is same as the DefaultAnnotation except it only applys to fields. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForMethods</command></term> - <listitem> - <command>[Target]</command> Type, Package - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>Annotation class objects. More than one class can be specified. - </para> - </listitem> - <listitem> - <para> - <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -This is same as the DefaultAnnotation except it only applys to methods. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters</command></term> - <listitem> - <command>[Target]</command> Type, Package - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>Annotation class objects. More than one class can be specified. - </para> - </listitem> - <listitem> - <para> - <command>priority:</command>Default priority(HIGH, MEDIUM, LOW, IGNORE). Default value:MEDIUM. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -This is same as the DefaultAnnotation except it only applys to method parameters. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.NonNull</command></term> - <listitem> - <command>[Target]</command> Field, Method, Parameter - </listitem> - <listitem> - <para> -The annotated element must not be null. -Annotated fields must not be null after construction has completed. Annotated methods must have non-null return values. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.Nullable</command></term> - <listitem> - <command>[Target]</command> Field, Method, Parameter - </listitem> - <listitem> - <para> -The annotated element could be null under some circumstances. In general, this means -developers will have to read the documentation to determine when a null value is -acceptable and whether it is neccessary to check for a null value. FindBugs will -treat the annotated items as though they had no annotation. - </para> - <para> -In pratice this annotation is useful only for overriding an overarching NonNull -annotation. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.OverrideMustInvoke</command></term> - <listitem> - <command>[Target]</command> Method - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>Specify when the super invocation should be - performed (FIRST, ANYTIME, LAST). Default value:ANYTIME. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -Used to annotate a method that, if overridden, must (or should) be invoke super -in the overriding method. Examples of such methods include finalize() and clone(). -The argument to the method indicates when the super invocation should occur: -at any time, at the beginning of the overriding method, or at the end of the overriding method. -(This anotation is not implmemented in FindBugs as of September 8, 2006). - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.PossiblyNull</command></term> - <listitem> - <para> -This annotation is deprecated. Use CheckForNull instead. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.SuppressWarnings</command></term> - <listitem> - <command>[Target]</command> Type, Field, Method, Parameter, Constructor, Package - </listitem> - <listitem> - <variablelist> - <varlistentry> - <term><command>[Parameter]</command></term> - <listitem> - <para> - <command>value:</command>The name of the warning. More than one name can be specified. - </para> - </listitem> - <listitem> - <para> - <command>justification:</command>Reason why the warning should be ignored. Default value:"". - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - <listitem> - <para> -The set of warnings that are to be suppressed by the compiler in the annotated element. -Duplicate names are permitted. The second and successive occurrences of a name are ignored. -The presence of unrecognized warning names is <emphasis>not</emphasis> an error: Compilers -must ignore any warning names they do not recognize. They are, however, free to emit a -warning if an annotation contains an unrecognized warning name. Compiler vendors should -document the warning names they support in conjunction with this annotation type. They -are encouraged to cooperate to ensure that the same names work across multiple compilers. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.UnknownNullness</command></term> - <listitem> - <command>[Target]</command> Field, Method, Parameter - </listitem> - <listitem> - <para> -Used to indicate that the nullness of the target is unknown, or my vary in unknown ways in subclasses. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><command>edu.umd.cs.findbugs.annotations.UnknownNullness</command></term> - <listitem> - <command>[Target]</command> Field, Method, Parameter - </listitem> - <listitem> - <para> -Used to indicate that the nullness of the target is unknown, or my vary in unknown ways in subclasses. - </para> - </listitem> - </varlistentry> -</variablelist> - -<para> - &FindBugs; also supports the following annotations: -<itemizedlist> - <listitem>net.jcip.annotations.GuardedBy</listitem> - <listitem>net.jcip.annotations.Immutable</listitem> - <listitem>net.jcip.annotations.NotThreadSafe</listitem> - <listitem>net.jcip.annotations.ThreadSafe</listitem> -</itemizedlist> -</para> -<para> -You can refer the JCIP annotation <ulink url="http://jcip.net/annotations/doc/index.html"> -API documentation</ulink> at <ulink url="http://jcip.net/">Java Concurrency in Practice</ulink>. -</para> -</chapter> - -<!-- - ************************************************************************** - Using rejarForAnalysis - ************************************************************************** ---> - -<chapter id="rejarForAnalysis"> -<title>Using rejarForAnalysis</title> - -<para> -If your project consists of many jarfiles or the jarfiles are scattered -over many directories, you may wish to use the <command>rejarForAnalysis -</command> script to make -FindBugs invocation easier. The script collects many jarfiles and combines them -into a single, large jarfile that can then be easily passed to FindBugs for -analysis. This can be particularly useful in combination with the 'find' command -on unix systems; e.g. <command>find . -name '*.jar' | xargs rejarForAnalysis -</command>. -</para> - -<para> -The <command>rejarForAnalysis</command> script -can also be used to split a very large project up into a set of jarfiles with -the project classfiles evenly divided between them. This is useful when running -FindBugs on the entire project is not practical due to time or memory consumption. -Instead of running FindBugs on the entire project, you may use <command> -rejarForAnalysis</command> build one large, all-inclusive jarfile -containing all classes, invoke <command>rejarForAnalysis</command> -again to split the project into multiple jarfiles, then run FindBugs -on each divided jarfiles in turn, specifying the the all-inclusive jarfile in -the <command>-auxclasspath</command>. -</para> - -<para> -These are the options accepted by the <command>rejarForAnalysis</command> script: -</para> - -<variablelist> - <varlistentry> - <term><command>-maxAge</command> <replaceable>days</replaceable></term> - <listitem> - <para> - Maximum age in days (ignore jar files older than this). - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><command>-inputFileList</command> <replaceable>filename</replaceable></term> - <listitem> - <para> - Text file containing names of jar files. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><command>-maxClasses</command> <replaceable>num</replaceable></term> - <listitem> - <para> - Maximum number of classes per analysis*.jar file. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><command>-prefix</command> <replaceable>class name prefix</replaceable></term> - <listitem> - <para> - Prefix of class names that should be analyzed (e.g., edu.umd.cs.). - </para> - </listitem> - </varlistentry> -</variablelist> -</chapter> - -<!-- - ************************************************************************** - Data mining - ************************************************************************** ---> - -<chapter id="datamining"> - <title>Data mining of bugs with &FindBugs;™</title> - -<para> -FindBugs incorporates an ability to perform sophisticated queries on bug -databases and track warnings across multiple versions of code being -studied, allowing you to do things such as seeing when a bug was first introduced, examining -just the warnings that have been introduced since the last release, or graphing the number -of infinite recursive loops in your code over time.</para> - -<para> -These techniques all depend upon the XML format used by FindBugs for storing warnings. -These XML files usually contain just the warnings from one particular analysis run, but -they can also store the results from analyzing a sequence of software builds or versions. - </para> - -<para> -Any FindBugs XML bug database contains a version name and timestamp. -FindBugs tries to compute a timestamp from the timestamps of the files that -are analyzed (e.g., the timestamp is intended to be the time the class files -were generated, not analyzed). Each bug database also contains a version name. -Both the version name and timestamp can be set manually using the -<command>setBugDatabaseInfo</command> (<xref linkend="setBugDatabaseInfo" />) command. - </para> - -<para>A multiversion bug database assigns a sequence number to each version of -the analyzed code. These sequence numbers are simply successive integers, -starting at 0 (e.g., a bug database for 4 versions of the code will contain -versions 0..3). The bug database will also record the name and timestamp for -each version. The <command>filterBugs</command> command allows you to refer -to a version by sequence number, name or timestamp.</para> - -<para> -You can take a sequence (or pair) of single version bug databases and create -from them a multiversion bug database, or combine a multiversion bug database -with a sequence of later single-version bug databases.</para> - -<para> -Some of these commands can be invoked as ant tasks. See below for specifics -on how to invoke them and what attributes and arguments they take. All of -the examples assume that the <literal>findbugs.lib</literal> -<literal>refid</literal> is set correctly. Here is one way to set it: -</para> - -<programlisting> -<![CDATA[ - <!-- findbugs task definition --> - <property name="findbugs.home" value="/your/path/to/findbugs" /> - <path id="findbugs.lib"> - <fileset dir="${findbugs.home}/lib"> - <include name="findbugs-ant.jar"/> - </fileset> - </path> -]]> -</programlisting> - - <sect1 id="commands"> - <title>Commands</title> - - <para> -All tools for FindBugs data mining are can be invoked from the command line, -and some of the more useful tools can also be invoked from an -ant build file.</para> - -<para> -Briefly, the command-line tools are:</para> - - <variablelist> - <varlistentry> - <term><command><link linkend="unionBugs">unionBugs</link></command></term> - <listitem> - <para> - combine the results from separate analysis of disjoint - classes - </para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="computeBugHistory">computeBugHistory</link></command></term> - <listitem> - <para>Merge bug warnings from multiple versions of - analyzed code into - a single multiversion bug database. This can either be used - to add more versions to an existing multiversion database, - or to create a multiversion database from a sequence of single version - bug warning databases.</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="setBugDatabaseInfo">setBugDatabaseInfo</link></command></term> - <listitem> - <para>Set information such as the revision name or -timestamp in an XML bug database</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="listBugDatabaseInfo">listBugDatabaseInfo</link></command></term> - <listitem> - <para>List information such as the revision name and -timestamp for a list of XML bug databases</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="filterBugs">filterBugs</link></command></term> - <listitem> - <para>Select a subset of a bug database</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="mineBugHistory">mineBugHistory</link></command></term> - <listitem> - <para>Generate a tabular listing of the number of warnings in each - version of a multiversion bug database</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="defectDensity">defectDensity</link></command></term> - <listitem> - <para>List information about defect density - (warnings per 1000 NCSS) - for the entire project and each class and package</para> - </listitem> - </varlistentry> - <varlistentry> - <term><command><link linkend="convertXmlToText">convertXmlToText</link></command></term> - <listitem> - <para>Convert bug warnings in XML format to - a textual one-line-per-bug format, or to HTML</para> - </listitem> - </varlistentry> - </variablelist> - - - <sect2 id="unionBugs"> - <title>unionBugs</title> - - <para> - If you have, for example, separately analyzing each jar file used in an application, - you can use this command to combine the separately generated xml bug warning files into - a single file containing all of the warnings.</para> - - <para>Do <emphasis>not</emphasis> use this command to combine results from analyzing different versions of the same - file; use <command>computeBugHistory</command> instead.</para> - - <para>Specify the xml files on the command line. The result is sent to standard output.</para> - </sect2> - - <sect2 id="computeBugHistory"> - <title>computeBugHistory</title> - -<para>Use this command to generate a bug database containing information from different builds or versions -of software you are analyzing. -History is taken from the first file provided as input; any following -files should be single version bug databases (if they contain history, the history in those -files will be ignored).</para> -<para>By default, output is written to the standard output. -</para> - -<para>This functionality may also can be accessed from ant. -First create a taskdef for <command>computeBugHistory</command> in your -build file: -</para> - -<programlisting> -<![CDATA[ -<taskdef name="computeBugHistory" classname="edu.umd.cs.findbugs.anttask.ComputeBugHistoryTask"> - <classpath refid="findbugs.lib" /> -</taskdef> -]]> -</programlisting> - -<para>Attributes for this ant task are listed in the following table. -To specify input files, nest them inside with a -<literal><datafile></literal> element. For example: -</para> - -<programlisting> -<![CDATA[ -<computeBugHistory home="${findbugs.home}" ...> - <datafile name="analyze1.xml"/> - <datafile name="analyze2.xml"/> -</computeBugHistory> -]]> -</programlisting> - - <table id="computeBugHistoryTable"> - <title>Options for computeBugHistory command</title> - <tgroup cols="3" align="left"> - <thead> - <row> - <entry>Command-line option</entry> - <entry>Ant attribute</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> -<row><entry>-output <file></entry> <entry>output="<file>"</entry> <entry>save output in the named file (may also be an input file)</entry></row> -<row><entry>-overrideRevisionNames[:truth]</entry> <entry>overrideRevisionNames="[true|false]"</entry><entry>override revision names for each version with names computed from the filenames</entry></row> -<row><entry>-noPackageMoves[:truth]</entry> <entry>noPackageMoves="[true|false]"</entry><entry>if a class has moved to another package, treat warnings in that class as seperate</entry></row> -<row><entry>-preciseMatch[:truth]</entry> <entry>preciseMatch="[true|false]"</entry><entry>require bug patterns to match precisely</entry></row> -<row><entry>-precisePriorityMatch[:truth]</entry> <entry>precisePriorityMatch="[true|false]"</entry><entry>consider two warnings as the same only if priorities match exactly</entry></row> -<row><entry>-quiet[:truth]</entry> <entry>quiet="[true|false]"</entry><entry>don't generate any output to standard out unless there is an error</entry></row> -<row><entry>-withMessages[:truth]</entry> <entry>withMessages="[true|false]"</entry><entry>include human-readable messages describing the warnings in XML output</entry></row> - </tbody> - </tgroup> - </table> - - </sect2> - <sect2 id="filterBugs"> - <title>filterBugs</title> -<para>This command is used to select a subset of warnings from a FindBugs XML warning file -and write the selected subset to a new FindBugs warning file.</para> -<para> -This command takes a sequence of options, and either zero, one or two -filenames of findbugs xml bug files on the command line.</para> -<para>If no file names are provided, the command reads from standard input -and writes to standard output. If one file name is provided, -it reads from the file and writes to standard output. -If two file names are provided, it reads from the first and writes the output -to the second file name.</para> - -<para>This functionality may also can be accessed from ant. -First create a taskdef for <command>filterBugs</command> in your -build file: -</para> - -<programlisting> -<![CDATA[ -<taskdef name="filterBugs" classname="edu.umd.cs.findbugs.anttask.FilterBugsTask"> - <classpath refid="findbugs.lib" /> -</taskdef> -]]> -</programlisting> - -<para>Attributes for this ant task are listed in the following table. -To specify an input file either use the input attribute or nest it inside -the ant call with a <literal><datafile></literal> element. For example: -</para> - -<programlisting> -<![CDATA[ -<filterBugs home="${findbugs.home}" ...> - <datafile name="analyze.xml"/> -</filterBugs> -]]> -</programlisting> - - <table id="filterOptionsTable"> - <title>Options for filterBugs command</title> - <tgroup cols="3" align="left"> - <thead> - <row> - <entry>Command-line option</entry> - <entry>Ant attribute</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> -<row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row> -<row><entry></entry> <entry>output="<file>"</entry> <entry>output results to file</entry></row> -<row><entry>-not</entry> <entry>not="[true|false]"</entry> <entry>reverse (all) switches for the filter</entry></row> -<row><entry>-withSource[:truth]</entry> <entry>withSource="[true|false]"</entry> <entry>only warnings for switch source is available</entry></row> -<row><entry>-exclude <filter file></entry><entry>exclude="<filter file>"</entry> <entry>exclude bugs matching given filter</entry></row> -<row><entry>-include <filter file></entry><entry>include="<filter file>"</entry> <entry>include only bugs matching given filter</entry></row> -<row><entry>-annotation <text></entry> <entry>annotation="<text>"</entry> <entry>allow only warnings containing this text in a manual annotation</entry></row> -<row><entry>-after <when></entry> <entry>after="<when>"</entry> <entry>allow only warnings that first occurred after this version</entry></row> -<row><entry>-before <when></entry> <entry>before="<when>"</entry> <entry>allow only warnings that first occurred before this version</entry></row> -<row><entry>-first <when></entry> <entry>first="<when>"</entry> <entry>allow only warnings that first occurred in this version</entry></row> -<row><entry>-last <when></entry> <entry>last="<when>"</entry> <entry>allow only warnings that last occurred in this version</entry></row> -<row><entry>-fixed <when></entry> <entry>fixed="<when>"</entry> <entry>allow only warnings that last occurred in the previous version (clobbers <option>-last</option>)</entry></row> -<row><entry>-present <when></entry> <entry>present="<when>"</entry> <entry>allow only warnings present in this version</entry></row> -<row><entry>-absent <when></entry> <entry>absent="<when>"</entry> <entry>allow only warnings absent in this version</entry></row> -<row><entry>-active[:truth]</entry> <entry>active="[true|false]"</entry> <entry>allow only warnings alive in the last sequence number</entry></row> -<row><entry>-introducedByChange[:truth]</entry> <entry>introducedByChange="[true|false]"</entry><entry>allow only warnings introduced by a change of an existing class</entry></row> -<row><entry>-removedByChange[:truth]</entry> <entry>removedByChange="[true|false]"</entry> <entry>allow only warnings removed by a change of a persisting class</entry></row> -<row><entry>-newCode[:truth]</entry> <entry>newCode="[true|false]"</entry> <entry>allow only warnings introduced by the addition of a new class</entry></row> -<row><entry>-removedCode[:truth]</entry> <entry>removedCode="[true|false]"</entry> <entry>allow only warnings removed by removal of a class</entry></row> -<row><entry>-priority <level></entry> <entry>priority="<level>"</entry> <entry>allow only warnings with this priority or higher</entry></row> -<row><entry>-maxRank <rank></entry> <entry>rank="[1..20]"</entry> <entry>allow only warnings with this rank or lower</entry></row> -<row><entry>-class <pattern></entry> <entry>class="<class>"</entry> <entry>allow only bugs whose primary class name matches this pattern</entry></row> -<row><entry>-bugPattern <pattern></entry> <entry>bugPattern="<pattern>"</entry> <entry>allow only bugs whose type matches this pattern</entry></row> -<row><entry>-category <category></entry> <entry>category="<category>"</entry> <entry>allow only warnings with a category that starts with this string</entry></row> -<row><entry>-designation <designation></entry> <entry>designation="<designation>"</entry> <entry>allow only warnings with this designation (e.g., -designation SHOULD_FIX)</entry></row> -<row><entry>-withMessages[:truth] </entry> <entry>withMessages="[true|false]"</entry> <entry>the generated XML should contain textual messages</entry></row> - </tbody> - </tgroup> - </table> - - </sect2> - - <sect2 id="mineBugHistory"> - <title>mineBugHistory</title> -<para>This command generates a table containing counts of the numbers of warnings -in each version of a multiversion bug database.</para> - - -<para>This functionality may also can be accessed from ant. -First create a taskdef for <command>mineBugHistory</command> in your -build file: -</para> - -<programlisting> -<![CDATA[ -<taskdef name="mineBugHistory" classname="edu.umd.cs.findbugs.anttask.MineBugHistoryTask"> - <classpath refid="findbugs.lib" /> -</taskdef> -]]> -</programlisting> - -<para>Attributes for this ant task are listed in the following table. -To specify an input file either use the <literal>input</literal> -attribute or nest it inside the ant call with a -<literal><datafile></literal> element. For example: -</para> - -<programlisting> -<![CDATA[ -<mineBugHistory home="${findbugs.home}" ...> - <datafile name="analyze.xml"/> -</mineBugHistory> -]]> -</programlisting> - - <table id="mineBugHistoryOptionsTable"> - <title>Options for mineBugHistory command</title> - <tgroup cols="3" align="left"> - <thead> - <row> - <entry>Command-line option</entry> - <entry>Ant attribute</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> -<row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row> -<row><entry></entry> <entry>output="<file>"</entry> <entry>write output to file</entry></row> -<row><entry>-formatDates</entry> <entry>formatDates="[true|false]"</entry> <entry>render dates in textual form</entry></row> -<row><entry>-noTabs</entry> <entry>noTabs="[true|false]"</entry> <entry>delimit columns with groups of spaces instead of tabs (see below)</entry></row> -<row><entry>-summary</entry> <entry>summary="[true|false]"</entry> <entry>output terse summary of changes over the last ten entries</entry></row> - </tbody> - </tgroup> - </table> - - <para> - The <option>-noTabs</option> output can be easier to read from a shell - with a fixed-width font. - Because numeric columns are right-justified, spaces may precede the - first column value. This option also causes <option>-formatDates</option> - to render dates in terser format without embedded whitespace. - </para> - - <para>The table is a tab-separated (barring <option>-noTabs</option>) - table with the following columns:</para> - - <table id="mineBugHistoryColumns"> - <title>Columns in mineBugHistory output</title> - <tgroup cols="2" align="left"> - <thead> - <row> - <entry>Title</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row><entry>seq</entry><entry>Sequence number (successive integers, starting at 0)</entry></row> - <row><entry>version</entry><entry>Version name</entry></row> - <row><entry>time</entry><entry>Release timestamp</entry></row> - <row><entry>classes</entry><entry>Number of classes analyzed</entry></row> - <row><entry>NCSS</entry><entry>Non Commenting Source Statements</entry></row> - <row><entry>added</entry><entry>Count of new warnings for a class that existed in the previous version</entry></row> - <row><entry>newCode</entry><entry>Count of new warnings for a class that did not exist in the previous version</entry></row> - <row><entry>fixed</entry><entry>Count of warnings removed from a class that remains in the current version</entry></row> - <row><entry>removed</entry><entry>Count of warnings in the previous version for a class that is not present in the current version</entry></row> - <row><entry>retained</entry><entry>Count of warnings that were in both the previous and current version</entry></row> - <row><entry>dead</entry><entry>Warnings that were present in earlier versions but in neither the current version or the immediately preceeding version</entry></row> - <row><entry>active</entry><entry>Total warnings present in the current version</entry></row> - </tbody> - </tgroup> - </table> - </sect2> - - <sect2 id="defectDensity"> - <title>defectDensity</title> -<para> -This command lists information about defect density (warnings per 1000 NCSS) for the entire project and each class and package. -It can either be invoked with no files specified on the command line (in which case it reads from standard input) -or with one file specified on the command line.</para> -<para>It generates a table with the following columns, and with one -row for the entire project, and one row for each package or class that contains at least -4 warnings.</para> - <table id="defectDensityColumns"> - <title>Columns in defectDensity output</title> - <tgroup cols="2" align="left"> - <thead> - <row> - <entry>Title</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row><entry>kind</entry><entry>project, package or class</entry></row> - <row><entry>name</entry><entry>The name of the project, package or class</entry></row> - <row><entry>density</entry><entry>Number of warnings generated per 1000 lines of NCSS.</entry></row> - <row><entry>bugs</entry><entry>Number of warnings</entry></row> - <row><entry>NCSS</entry><entry>Calculated number of NCSS</entry></row> - </tbody> - </tgroup> - </table> - </sect2> - - <sect2 id="convertXmlToText"> - <title>convertXmlToText</title> - - <para> - This command converts a warning collection in XML format to a text - format with one line per warning, or to HTML. - </para> - -<para>This functionality may also can be accessed from ant. -First create a taskdef for <command>convertXmlToText</command> in your -build file: -</para> - -<programlisting> -<![CDATA[ -<taskdef name="convertXmlToText" classname="edu.umd.cs.findbugs.anttask.ConvertXmlToTextTask"> - <classpath refid="findbugs.lib" /> -</taskdef> -]]> -</programlisting> - -<para>Attributes for this ant task are listed in the following table.</para> - - <table id="convertXmlToTextTable"> - <title>Options for convertXmlToText command</title> - <tgroup cols="3" align="left"> - <thead> - <row> - <entry>Command-line option</entry> - <entry>Ant attribute</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> -<row><entry></entry> <entry>input="<filename>"</entry> <entry>use file as input</entry></row> -<row><entry></entry> <entry>output="<filename>"</entry> <entry>output results to file</entry></row> -<row><entry>-longBugCodes</entry> <entry>longBugCodes="[true|false]"</entry> <entry>use the full bug pattern code instead of two-letter abbreviation</entry></row> -<row><entry></entry> <entry>format="text"</entry> <entry>generate plain text output with one bug per line (command-line default)</entry></row> -<row><entry>-html[:stylesheet]</entry> <entry>format="html:<stylesheet>"</entry> <entry>generate output with specified stylesheet (see below), or default.xsl if unspecified</entry></row> - </tbody> - </tgroup> - </table> - - <para> - You may specify plain.xsl, default.xsl, fancy.xsl, fancy-hist.xsl, - or your own XSL stylesheet for the -html/format option. - Despite the name of this option, you may specify - a stylesheet that emits something other than html. - When applying a stylesheet other than those included - with FindBugs (listed above), the -html/format option should be used - with a path or URL to the stylesheet. - </para> - </sect2> - - <sect2 id="setBugDatabaseInfo"> - <title>setBugDatabaseInfo</title> - - <para> - This command sets meta-information in a specified warning collection. - It takes the following options: - </para> - -<para>This functionality may also can be accessed from ant. -First create a taskdef for <command>setBugDatabaseInfo</command> in your -build file: -</para> - -<programlisting> -<![CDATA[ -<taskdef name="setBugDatabaseInfo" classname="edu.umd.cs.findbugs.anttask.SetBugDatabaseInfoTask"> - <classpath refid="findbugs.lib" /> -</taskdef> -]]> -</programlisting> - -<para>Attributes for this ant task are listed in the following table. -To specify an input file either use the <literal>input</literal> -attribute or nest it inside the ant call with a -<literal><datafile></literal> element. For example: -</para> - -<programlisting> -<![CDATA[ -<setBugDatabaseInfo home="${findbugs.home}" ...> - <datafile name="analyze.xml"/> -</setBugDatabaseInfo> -]]> -</programlisting> - - <table id="setBugDatabaseInfoOptions"> - <title>setBugDatabaseInfo Options</title> - <tgroup cols="3" align="left"> - <thead> - <row> - <entry>Command-line option</entry> - <entry>Ant attribute</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row><entry></entry> <entry>input="<file>"</entry> <entry>use file as input</entry></row> - <row><entry></entry> <entry>output="<file>"</entry> <entry>write output to file</entry></row> - <row><entry>-name <name></entry> <entry>name="<name>"</entry> <entry>set name for (last) revision</entry></row> - <row><entry>-timestamp <when></entry> <entry>timestamp="<when>"</entry> <entry>set timestamp for (last) revision</entry></row> - <row><entry>-source <directory></entry> <entry>source="<directory>"</entry> <entry>add specified directory to the source search path</entry></row> - <row><entry>-findSource <directory></entry> <entry>findSource="<directory>"</entry> <entry>find and add all relevant source directions contained within specified directory</entry></row> - <row><entry>-suppress <filter file></entry> <entry>suppress="<filter file>"</entry> <entry>suppress warnings matched by this file (replaces previous suppressions)</entry></row> - <row><entry>-withMessages</entry> <entry>withMessages="[true|false]"</entry> <entry>add textual messages to XML</entry></row> - <row><entry>-resetSource</entry> <entry>resetSource="[true|false]"</entry> <entry>remove all source search paths</entry></row> - </tbody> - </tgroup> - </table> - </sect2> - - <sect2 id="listBugDatabaseInfo"> - <title>listBugDatabaseInfo</title> - - <para>This command takes a list of zero or more xml bug database filenames on the command line. -If zero file names are provided, it reads from standard input and does not generate -a table header.</para> - -<para>There is only one option: <option>-formatDates</option> renders dates - in textual form. - </para> - -<para>The output is a table one row per bug database and the following columns:</para> - <table id="listBugDatabaseInfoColumns"> - <title>listBugDatabaseInfo Columns</title> - <tgroup cols="2" align="left"> - <thead> - <row> - <entry>Column</entry> - <entry>Meaning</entry> - </row> - </thead> - <tbody> - <row><entry>version</entry><entry>version name</entry></row> - <row><entry>time</entry><entry>Release timestamp</entry></row> - <row><entry>classes</entry><entry>Number of classes analyzed</entry></row> - <row><entry>NCSS</entry><entry>Non Commenting Source Statements analyzed</entry></row> - <row><entry>total</entry><entry>Total number of warnings of all kinds</entry></row> - <row><entry>high</entry><entry>Total number of high priority warnings of all kinds</entry></row> - <row><entry>medium</entry><entry>Total number of medium/normal priority warnings of all kinds</entry></row> - <row><entry>low</entry><entry>Total number of low priority warnings of all kinds</entry></row> - <row><entry>filename</entry><entry>filename of database</entry></row> -<!-- - <row><entry></entry><entry></entry></row> - <row><entry></entry><entry></entry></row> - <row><entry></entry><entry></entry></row> - <row><entry></entry><entry></entry></row> - <row><entry></entry><entry></entry></row> - <row><entry></entry><entry></entry></row> ---> - </tbody> - </tgroup> - </table> - - </sect2> - - </sect1> - - <sect1 id="examples"> - <title>Examples</title> -<sect2 id="unixscriptsexamples"> - <title>Mining history using proveded shell scrips</title> -<para>In all of the following, the commands are given in a directory that contains -directories jdk1.6.0-b12, jdk1.6.0-b13, ..., jdk1.6.0-b60.</para> - -<para>You can use the command:</para> -<screen> -computeBugHistory jdk1.6.0-b* | filterBugs -bugPattern IL_ | mineBugHistory -formatDates -</screen> -<para>to generate the following output:</para> - -<screen> -seq version time classes NCSS added newCode fixed removed retained dead active -0 jdk1.6.0-b12 "Thu Nov 11 09:07:20 EST 2004" 13128 811569 0 4 0 0 0 0 4 -1 jdk1.6.0-b13 "Thu Nov 18 06:02:06 EST 2004" 13128 811570 0 0 0 0 4 0 4 -2 jdk1.6.0-b14 "Thu Dec 02 06:12:26 EST 2004" 13145 811786 0 0 2 0 2 0 2 -3 jdk1.6.0-b15 "Thu Dec 09 06:07:04 EST 2004" 13174 811693 0 0 1 0 1 2 1 -4 jdk1.6.0-b16 "Thu Dec 16 06:21:28 EST 2004" 13175 811715 0 0 0 0 1 3 1 -5 jdk1.6.0-b17 "Thu Dec 23 06:27:22 EST 2004" 13176 811974 0 0 0 0 1 3 1 -6 jdk1.6.0-b19 "Thu Jan 13 06:41:16 EST 2005" 13176 812011 0 0 0 0 1 3 1 -7 jdk1.6.0-b21 "Thu Jan 27 05:57:52 EST 2005" 13177 812173 0 0 0 0 1 3 1 -8 jdk1.6.0-b23 "Thu Feb 10 05:44:36 EST 2005" 13179 812188 0 0 0 0 1 3 1 -9 jdk1.6.0-b26 "Thu Mar 03 06:04:02 EST 2005" 13199 811770 0 0 0 0 1 3 1 -10 jdk1.6.0-b27 "Thu Mar 10 04:48:38 EST 2005" 13189 812440 0 0 0 0 1 3 1 -11 jdk1.6.0-b28 "Thu Mar 17 02:54:22 EST 2005" 13185 812056 0 0 0 0 1 3 1 -12 jdk1.6.0-b29 "Thu Mar 24 03:09:20 EST 2005" 13117 809468 0 0 0 0 1 3 1 -13 jdk1.6.0-b30 "Thu Mar 31 02:53:32 EST 2005" 13118 809501 0 0 0 0 1 3 1 -14 jdk1.6.0-b31 "Thu Apr 07 03:00:14 EDT 2005" 13117 809572 0 0 0 0 1 3 1 -15 jdk1.6.0-b32 "Thu Apr 14 02:56:56 EDT 2005" 13169 811096 0 0 0 0 1 3 1 -16 jdk1.6.0-b33 "Thu Apr 21 02:46:22 EDT 2005" 13187 811942 0 0 0 0 1 3 1 -17 jdk1.6.0-b34 "Thu Apr 28 02:49:00 EDT 2005" 13195 813488 0 1 0 0 1 3 2 -18 jdk1.6.0-b35 "Thu May 05 02:49:04 EDT 2005" 13457 829837 0 0 0 0 2 3 2 -19 jdk1.6.0-b36 "Thu May 12 02:59:46 EDT 2005" 13462 831278 0 0 0 0 2 3 2 -20 jdk1.6.0-b37 "Thu May 19 02:55:08 EDT 2005" 13464 831971 0 0 0 0 2 3 2 -21 jdk1.6.0-b38 "Thu May 26 03:08:16 EDT 2005" 13564 836565 0 0 0 0 2 3 2 -22 jdk1.6.0-b39 "Fri Jun 03 03:10:48 EDT 2005" 13856 849992 0 1 0 0 2 3 3 -23 jdk1.6.0-b40 "Thu Jun 09 03:30:28 EDT 2005" 15972 959619 0 2 0 0 3 3 5 -24 jdk1.6.0-b41 "Thu Jun 16 03:19:22 EDT 2005" 15972 959619 0 0 0 0 5 3 5 -25 jdk1.6.0-b42 "Fri Jun 24 03:38:54 EDT 2005" 15966 958581 0 0 0 0 5 3 5 -26 jdk1.6.0-b43 "Thu Jul 14 03:09:34 EDT 2005" 16041 960544 0 0 0 0 5 3 5 -27 jdk1.6.0-b44 "Thu Jul 21 03:05:54 EDT 2005" 16041 960547 0 0 0 0 5 3 5 -28 jdk1.6.0-b45 "Thu Jul 28 03:26:10 EDT 2005" 16037 960606 0 0 1 0 4 3 4 -29 jdk1.6.0-b46 "Thu Aug 04 03:02:48 EDT 2005" 15936 951355 0 0 0 0 4 4 4 -30 jdk1.6.0-b47 "Thu Aug 11 03:18:56 EDT 2005" 15964 952387 0 0 1 0 3 4 3 -31 jdk1.6.0-b48 "Thu Aug 18 08:10:40 EDT 2005" 15970 953421 0 0 0 0 3 5 3 -32 jdk1.6.0-b49 "Thu Aug 25 03:24:38 EDT 2005" 16048 958940 0 0 0 0 3 5 3 -33 jdk1.6.0-b50 "Thu Sep 01 01:52:40 EDT 2005" 16287 974937 1 0 0 0 3 5 4 -34 jdk1.6.0-b51 "Thu Sep 08 01:55:36 EDT 2005" 16362 979377 0 0 0 0 4 5 4 -35 jdk1.6.0-b52 "Thu Sep 15 02:04:08 EDT 2005" 16477 979399 0 0 0 0 4 5 4 -36 jdk1.6.0-b53 "Thu Sep 22 02:00:28 EDT 2005" 16019 957900 0 0 1 0 3 5 3 -37 jdk1.6.0-b54 "Thu Sep 29 01:54:34 EDT 2005" 16019 957900 0 0 0 0 3 6 3 -38 jdk1.6.0-b55 "Thu Oct 06 01:54:14 EDT 2005" 16051 959014 0 0 0 0 3 6 3 -39 jdk1.6.0-b56 "Thu Oct 13 01:54:12 EDT 2005" 16211 970835 0 0 0 0 3 6 3 -40 jdk1.6.0-b57 "Thu Oct 20 01:55:26 EDT 2005" 16279 971627 0 0 0 0 3 6 3 -41 jdk1.6.0-b58 "Thu Oct 27 01:56:30 EDT 2005" 16283 971945 0 0 0 0 3 6 3 -42 jdk1.6.0-b59 "Thu Nov 03 01:56:58 EST 2005" 16232 972193 0 0 0 0 3 6 3 -43 jdk1.6.0-b60 "Thu Nov 10 01:54:18 EST 2005" 16235 972346 0 0 0 0 3 6 3 -</screen> - -<para> -We could also generate that information directly, without creating an intermediate db.xml file, using the command -</para> - -<screen> -computeBugHistory jdk1.6.0-b*/jre/lib/rt.xml | filterBugs -bugPattern IL_ db.xml | mineBugHistory -formatDates -</screen> - -<para>We can then use that information to display a graph showing the number of infinite recursive loops -found by FindBugs in each build of Sun's JDK1.6.0. The blue area indicates the number of infinite -recursive loops in that build, the red area above it indicates the number of infinite recursive loops that existed -in some previous version but not in the current version (thus, the combined height of the red and blue areas -is guaranteed to never decrease, and goes up whenever a new infinite recursive loop bug is introduced). The height -of the red area is computed as the sum of the fixed, removed and dead values for each version. -The reductions in builds 13 and 14 came after Sun was notified about the bugs found by FindBugs in the JDK. - </para> -<mediaobject> -<imageobject> -<imagedata fileref="infiniteRecursiveLoops.png" /> -</imageobject> -</mediaobject> - -<para> -Given the db.xml file that contains the results for all the jdk1.6.0 builds, the following command will show the history of high and medium priority correctness warnings: -</para> - -<screen> -filterBugs -priority M -category C db.xml | mineBugHistory -formatDates -</screen> - -<para> -generating the table: -</para> - -<screen> -seq version time classes NCSS added newCode fixed removed retained dead active -0 jdk1.6.0-b12 "Thu Nov 11 09:07:20 EST 2004" 13128 811569 0 1075 0 0 0 0 1075 -1 jdk1.6.0-b13 "Thu Nov 18 06:02:06 EST 2004" 13128 811570 0 0 0 0 1075 0 1075 -2 jdk1.6.0-b14 "Thu Dec 02 06:12:26 EST 2004" 13145 811786 3 0 6 0 1069 0 1072 -3 jdk1.6.0-b15 "Thu Dec 09 06:07:04 EST 2004" 13174 811693 2 1 3 0 1069 6 1072 -4 jdk1.6.0-b16 "Thu Dec 16 06:21:28 EST 2004" 13175 811715 0 0 1 0 1071 9 1071 -5 jdk1.6.0-b17 "Thu Dec 23 06:27:22 EST 2004" 13176 811974 0 0 1 0 1070 10 1070 -6 jdk1.6.0-b19 "Thu Jan 13 06:41:16 EST 2005" 13176 812011 0 0 0 0 1070 11 1070 -7 jdk1.6.0-b21 "Thu Jan 27 05:57:52 EST 2005" 13177 812173 0 0 1 0 1069 11 1069 -8 jdk1.6.0-b23 "Thu Feb 10 05:44:36 EST 2005" 13179 812188 0 0 0 0 1069 12 1069 -9 jdk1.6.0-b26 "Thu Mar 03 06:04:02 EST 2005" 13199 811770 0 0 2 1 1066 12 1066 -10 jdk1.6.0-b27 "Thu Mar 10 04:48:38 EST 2005" 13189 812440 1 0 1 1 1064 15 1065 -11 jdk1.6.0-b28 "Thu Mar 17 02:54:22 EST 2005" 13185 812056 0 0 0 0 1065 17 1065 -12 jdk1.6.0-b29 "Thu Mar 24 03:09:20 EST 2005" 13117 809468 3 0 8 26 1031 17 1034 -13 jdk1.6.0-b30 "Thu Mar 31 02:53:32 EST 2005" 13118 809501 0 0 0 0 1034 51 1034 -14 jdk1.6.0-b31 "Thu Apr 07 03:00:14 EDT 2005" 13117 809572 0 0 0 0 1034 51 1034 -15 jdk1.6.0-b32 "Thu Apr 14 02:56:56 EDT 2005" 13169 811096 1 1 0 1 1033 51 1035 -16 jdk1.6.0-b33 "Thu Apr 21 02:46:22 EDT 2005" 13187 811942 3 0 2 1 1032 52 1035 -17 jdk1.6.0-b34 "Thu Apr 28 02:49:00 EDT 2005" 13195 813488 0 1 0 0 1035 55 1036 -18 jdk1.6.0-b35 "Thu May 05 02:49:04 EDT 2005" 13457 829837 0 36 2 0 1034 55 1070 -19 jdk1.6.0-b36 "Thu May 12 02:59:46 EDT 2005" 13462 831278 0 0 0 0 1070 57 1070 -20 jdk1.6.0-b37 "Thu May 19 02:55:08 EDT 2005" 13464 831971 0 1 1 0 1069 57 1070 -21 jdk1.6.0-b38 "Thu May 26 03:08:16 EDT 2005" 13564 836565 1 7 2 6 1062 58 1070 -22 jdk1.6.0-b39 "Fri Jun 03 03:10:48 EDT 2005" 13856 849992 6 39 5 0 1065 66 1110 -23 jdk1.6.0-b40 "Thu Jun 09 03:30:28 EDT 2005" 15972 959619 7 147 11 0 1099 71 1253 -24 jdk1.6.0-b41 "Thu Jun 16 03:19:22 EDT 2005" 15972 959619 0 0 0 0 1253 82 1253 -25 jdk1.6.0-b42 "Fri Jun 24 03:38:54 EDT 2005" 15966 958581 3 0 1 2 1250 82 1253 -26 jdk1.6.0-b43 "Thu Jul 14 03:09:34 EDT 2005" 16041 960544 5 11 15 8 1230 85 1246 -27 jdk1.6.0-b44 "Thu Jul 21 03:05:54 EDT 2005" 16041 960547 0 0 0 0 1246 108 1246 -28 jdk1.6.0-b45 "Thu Jul 28 03:26:10 EDT 2005" 16037 960606 19 0 2 0 1244 108 1263 -29 jdk1.6.0-b46 "Thu Aug 04 03:02:48 EDT 2005" 15936 951355 13 1 1 32 1230 110 1244 -30 jdk1.6.0-b47 "Thu Aug 11 03:18:56 EDT 2005" 15964 952387 163 8 7 20 1217 143 1388 -31 jdk1.6.0-b48 "Thu Aug 18 08:10:40 EDT 2005" 15970 953421 0 0 0 0 1388 170 1388 -32 jdk1.6.0-b49 "Thu Aug 25 03:24:38 EDT 2005" 16048 958940 1 11 1 0 1387 170 1399 -33 jdk1.6.0-b50 "Thu Sep 01 01:52:40 EDT 2005" 16287 974937 19 27 16 7 1376 171 1422 -34 jdk1.6.0-b51 "Thu Sep 08 01:55:36 EDT 2005" 16362 979377 1 15 3 0 1419 194 1435 -35 jdk1.6.0-b52 "Thu Sep 15 02:04:08 EDT 2005" 16477 979399 0 0 1 1 1433 197 1433 -36 jdk1.6.0-b53 "Thu Sep 22 02:00:28 EDT 2005" 16019 957900 13 12 16 20 1397 199 1422 -37 jdk1.6.0-b54 "Thu Sep 29 01:54:34 EDT 2005" 16019 957900 0 0 0 0 1422 235 1422 -38 jdk1.6.0-b55 "Thu Oct 06 01:54:14 EDT 2005" 16051 959014 1 4 7 0 1415 235 1420 -39 jdk1.6.0-b56 "Thu Oct 13 01:54:12 EDT 2005" 16211 970835 6 8 37 0 1383 242 1397 -40 jdk1.6.0-b57 "Thu Oct 20 01:55:26 EDT 2005" 16279 971627 0 0 0 0 1397 279 1397 -41 jdk1.6.0-b58 "Thu Oct 27 01:56:30 EDT 2005" 16283 971945 0 1 1 0 1396 279 1397 -42 jdk1.6.0-b59 "Thu Nov 03 01:56:58 EST 2005" 16232 972193 6 0 5 0 1392 280 1398 -43 jdk1.6.0-b60 "Thu Nov 10 01:54:18 EST 2005" 16235 972346 0 0 0 0 1398 285 1398 -44 jdk1.6.0-b61 "Thu Nov 17 01:58:42 EST 2005" 16202 971134 2 0 4 0 1394 285 1396 -</screen> -</sect2> - -<sect2 id="incrementalhistory"> - <title>Incremental history maintenance</title> - -<para> -If db.xml contains the results of running findbugs over builds b12 - b60, we can update db.xml to include the results of analyzing b61 with the commands: -</para> -<screen> -computeBugHistory -output db.xml db.xml jdk1.6.0-b61/jre/lib/rt.xml -</screen> -</sect2> - - </sect1> - - <sect1 id="antexample"> - <title>Ant example</title> -<para> -Here is a complete ant script example for both running findbugs and running a chain of data-mining tools afterward: -</para> -<screen> -<![CDATA[ -<project name="analyze_asm_util" default="findbugs"> - <!-- findbugs task definition --> - <property name="findbugs.home" value="/Users/ben/Documents/workspace/findbugs/findbugs" /> - <property name="jvmargs" value="-server -Xss1m -Xmx800m -Duser.language=en -Duser.region=EN -Dfindbugs.home=${findbugs.home}" /> - - <path id="findbugs.lib"> - <fileset dir="${findbugs.home}/lib"> - <include name="findbugs-ant.jar"/> - </fileset> - </path> - - <taskdef name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask"> - <classpath refid="findbugs.lib" /> - </taskdef> - - <taskdef name="computeBugHistory" classname="edu.umd.cs.findbugs.anttask.ComputeBugHistoryTask"> - <classpath refid="findbugs.lib" /> - </taskdef> - - <taskdef name="setBugDatabaseInfo" classname="edu.umd.cs.findbugs.anttask.SetBugDatabaseInfoTask"> - <classpath refid="findbugs.lib" /> - </taskdef> - - <taskdef name="mineBugHistory" classname="edu.umd.cs.findbugs.anttask.MineBugHistoryTask"> - <classpath refid="findbugs.lib" /> - </taskdef> - - <!-- findbugs task definition --> - <target name="findbugs"> - <antcall target="analyze" /> - <antcall target="mine" /> - </target> - - <!-- analyze task --> - <target name="analyze"> - <!-- run findbugs against asm-util --> - <findbugs home="${findbugs.home}" - output="xml:withMessages" - timeout="90000000" - reportLevel="experimental" - workHard="true" - effort="max" - adjustExperimental="true" - jvmargs="${jvmargs}" - failOnError="true" - outputFile="out.xml" - projectName="Findbugs" - debug="false"> - <class location="asm-util-3.0.jar" /> - </findbugs> - </target> - - <target name="mine"> - - <!-- Set info to the latest analysis --> - <setBugDatabaseInfo home="${findbugs.home}" - withMessages="true" - name="asm-util-3.0.jar" - input="out.xml" - output="out-rel.xml"/> - - <!-- Checking if history file already exists (out-hist.xml) --> - <condition property="mining.historyfile.available"> - <available file="out-hist.xml"/> - </condition> - <condition property="mining.historyfile.notavailable"> - <not> - <available file="out-hist.xml"/> - </not> - </condition> - - <!-- this target is executed if the history file do not exist (first run) --> - <antcall target="history-init"> - <param name="data.file" value="out-rel.xml" /> - <param name="hist.file" value="out-hist.xml" /> - </antcall> - <!-- else this one is executed --> - <antcall target="history"> - <param name="data.file" value="out-rel.xml" /> - <param name="hist.file" value="out-hist.xml" /> - <param name="hist.summary.file" value="out-hist.txt" /> - </antcall> - </target> - - <!-- Initializing history file --> - <target name="history-init" if="mining.historyfile.notavailable"> - <copy file="${data.file}" tofile="${hist.file}" /> - </target> - - <!-- Computing bug history --> - <target name="history" if="mining.historyfile.available"> - <!-- Merging ${data.file} into ${hist.file} --> - <computeBugHistory home="${findbugs.home}" - withMessages="true" - output="${hist.file}"> - <dataFile name="${hist.file}"/> - <dataFile name="${data.file}"/> - </computeBugHistory> - - <!-- Compute history into ${hist.summary.file} --> - <mineBugHistory home="${findbugs.home}" - formatDates="true" - noTabs="true" - input="${hist.file}" - output="${hist.summary.file}"/> - </target> - -</project> -]]> -</screen> - </sect1> -</chapter> - - -<!-- - ************************************************************************** - License - ************************************************************************** ---> - -<chapter id="license"> -<title>License</title> - -<para> -The name FindBugs and the FindBugs logo is trademarked by the University -of Maryland. -FindBugs is free software distributed under the terms of the -<ulink url="http://www.gnu.org/licenses/lgpl.html">Lesser GNU Public License</ulink>. -You should have received a copy of the license in the file <filename>LICENSE.txt</filename> -in the &FindBugs; distribution. -</para> - -<para> -You can find the latest version of FindBugs, along with its source code, from the -<ulink url="http://findbugs.sourceforge.net">FindBugs web page</ulink>. -</para> - -</chapter> - - -<!-- - ************************************************************************** - Acknowledgments - ************************************************************************** ---> -<chapter id="acknowledgments"> -<title>Acknowledgments</title> - -<sect1> -<title>Contributors</title> - -<para>&FindBugs; was originally written by Bill Pugh (<email>pugh@cs.umd.edu</email>). -David Hovemeyer (<email>daveho@cs.umd.edu</email>) implemented some of the -detectors, added the Swing GUI, and is a co-maintainer.</para> - -<para>Mike Fagan (<email>mfagan@tde.com</email>) contributed the &Ant; build script, -the &Ant; task, and several enhancements and bug fixes to the GUI.</para> - -<para>Germano Leichsenring contributed Japanese translations of the bug -summaries.</para> - -<para>David Li contributed the Emacs bug report format.</para> - -<para>Peter D. Stout contributed recursive detection of Class-Path -attributes in analyzed Jar files, German translations of -text used in the Swing GUI, and other fixes.</para> - -<para>Peter Friese wrote the &FindBugs; Eclipse plugin.</para> - -<para>Rohan Lloyd contributed several Mac OS X enhancements, -bug detector improvements, -and maintains the Fink package for &FindBugs;.</para> - -<para>Hiroshi Okugawa translated the &FindBugs; manual and -more of the bug summaries into Japanese.</para> - -<para>Phil Crosby enhanced the Eclipse plugin to add a view -to display the bug details.</para> - -<para>Dave Brosius fixed a number of bugs, added user preferences -to the Swing GUI, improved several bug detectors, and -contributed the string concatenation detector.</para> - -<para>Thomas Klaeger contributed a number of bug fixes and -bug detector improvements.</para> - -<para>Andrei Loskutov made a number of improvements to the -Eclipse plugin.</para> - -<para>Brian Goetz contributed a major refactoring of the -visitor classes to improve readability and understandability.</para> - -<para> Pete Angstadt fixed several problems in the Swing GUI.</para> - -<para>Francis Lalonde provided a task resource file for the -FindBugs Ant task.</para> - -<para>Garvin LeClaire contributed support for output in -Xdocs format, for use by Maven.</para> - -<para>Holger Stenzhorn contributed improved German translations of items -in the Swing GUI.</para> - -<para>Juha Knuutila contributed Finnish translations of items -in the Swing GUI.</para> - -<para>Tanel Lebedev contributed Estonian translations of items -in the Swing GUI.</para> - -<para>Hanai Shisei (ruimo) contributed full Japanese translations of -bug messages, and text used in the Swing GUI.</para> - -<para>David Cotton contributed Fresh translations for bug -messages and for the Swing GUI.</para> - -<para>Michael Tamm contributed support for the "errorProperty" attribute -in the Ant task.</para> - -<para>Thomas Kuehne improved the German translation of the Swing GUI.</para> - -<para>Len Trigg improved source file support for the Emacs output mode.</para> - -<para>Greg Bentz provided a fix for the hashcode/equals detector.</para> - -<para>K. Hashimoto contributed internationalization fixes and several other - bug fixes.</para> - -<para> - Glenn Boysko contributed support for ignoring specified local - variables in the dead local store detector. -</para> - -<para> - Jay Dunning contributed a detector to find equality comparisons - of floating-point values, and overhauled the analysis summary - report and its representation in the saved XML format. -</para> - -<para> - Olivier Parent contributed updated French translations for bug descriptions and - Swing GUI. -</para> - -<para> - Chris Nappin contributed the <filename>plain.xsl</filename> - stylesheet. -</para> - -<para> - Etienne Giraudy contributed the <filename>fancy.xsl</filename> and <filename>fancy-hist.xsl</filename> - stylesheets, and made improvements to the <command>-xml:withMessages</command> - option. -</para> - -<para> - Takashi Okamoto fixed bugs in the project preferences dialog - in the Eclipse plugin, and contributed to its internationalization and localization. -</para> - -<para>Thomas Einwaller fixed bugs in the project preferences dialog in the Eclipse plugin.</para> - -<para>Jeff Knox contributed support for the warningsProperty attribute -in the Ant task.</para> - -<para>Peter Hendriks extended the Eclipse plugin preferences, -and fixed a bug related to renaming the Eclipse plugin ID.</para> - -<para>Mark McKay contributed an Ant task to launch the findbugs frame.</para> - -<para>Dieter von Holten (dvholten) contributed -some German improvements to findbugs_de.properties.</para> - - -<para>If you have contributed to &FindBugs;, but aren't mentioned above, -please send email to <email>findbugs@cs.umd.edu</email> (and also accept -our humble apologies).</para> - -</sect1> - -<sect1> -<title>Software Used</title> - -<para>&FindBugs; uses several open-source software packages, without which its -development would have been much more difficult.</para> - -<sect2> -<title>BCEL</title> -<para>&FindBugs; includes software developed by the Apache Software Foundation -(<ulink url="http://www.apache.org/">http://www.apache.org/</ulink>). -Specifically, it uses the <ulink url="http://jakarta.apache.org/bcel/">Byte Code -Engineering Library</ulink>.</para> -</sect2> - -<sect2> -<title>ASM</title> -<para>&FindBugs; uses the <ulink url="http://asm.objectweb.org/">ASM</ulink> -bytecode framework, which is distributed under the following license:</para> - -<blockquote> -<para> -Copyright (c) 2000-2005 INRIA, France Telecom -All rights reserved. -</para> - -<para> -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -</para> - -<orderedlist numeration="arabic"> - <listitem><para> - Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - </para></listitem> - <listitem><para> - Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - </para></listitem> - <listitem><para> - Neither the name of the copyright holders nor the names of its - contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - </para></listitem> -</orderedlist> - -<para> -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF -THE POSSIBILITY OF SUCH DAMAGE. -</para> -</blockquote> -</sect2> - -<sect2> -<title>DOM4J</title> -<para>&FindBugs; uses <ulink url="http://dom4j.org">DOM4J</ulink>, which is -distributed under the following license:</para> - -<blockquote> -<para> -Copyright 2001 (C) MetaStuff, Ltd. All Rights Reserved. -</para> - -<para> -Redistribution and use of this software and associated documentation -("Software"), with or without modification, are permitted provided that -the following conditions are met: -</para> - -<orderedlist numeration="arabic"> - <listitem><para> - Redistributions of source code must retain copyright statements and - notices. Redistributions must also contain a copy of this document. - </para></listitem> - <listitem><para> - Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - </para></listitem> - <listitem><para> - The name "DOM4J" must not be used to endorse or promote products - derived from this Software without prior written permission - of MetaStuff, Ltd. For written permission, please contact - <email>dom4j-info@metastuff.com</email>. - </para></listitem> - <listitem><para> - Products derived from this Software may not be called "DOM4J" nor may - "DOM4J" appear in their names without prior written permission of - MetaStuff, Ltd. DOM4J is a registered trademark of MetaStuff, Ltd. - </para></listitem> - <listitem><para> - Due credit should be given to the DOM4J Project (<ulink url="http://dom4j.org/">http://dom4j.org/</ulink>). - </para></listitem> -</orderedlist> - -<para> -THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS ``AS IS'' -AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL METASTUFF, LTD. OR ITS -CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -</para> -</blockquote> - -</sect2> - -</sect1> - -</chapter> - - -</book> |