As we all know bugs in a software could be difficult to find and fix. Therefore many tools and techniques have been developed in past years that can find bugs automatically. At IDR Solutions we are using two of those testing tools: FindBugs and PMD for testing in our Java PDF Library and PDF to HTML5 and SVG Converter. In this article I will explain about these two and say why it is worth using them both.
What is FindBugs?
FindBugs is an open source defect detection tool designed to find bugs in Java programs. FindBugs is looking for code instances that are likely to be errors called “bug patterns”. FindBugs uses static analysis to examine the code by matching bytecodes against a list of more than 200 bug patterns, such as null pointer dereferences, infinite recursive loops, bad uses of the Java libraries and deadlocks. The current version of FindBugs is 3.0.0 that has been released on 06 July 2014.
FindBugs in NetBeans
Running FindBugs in NetBeans is very easy as there is FindBugs plugin built into NetBeans. All you have to do to run it is to click on Source from the menu bar in NetBeans and select Inspect. Than you will be presented with the following window.
The installation process is very simple just select FindBugs from the Configuration options and click Install.
Install -> Next -> Accept the terms of the license agreements -> Install ->Finish
Once that is done select the project or class that you want to inspect and click on Inspect button.
FindBugs will run the inspection automatically outputting all the errors encountered.
As you can see on the image bellow I have 15 errors in the Viewer class alone.
What I like about FindBugs is that it gives you all the information needed starting from number of errors, name, description and the line it is on, so it is easy to spot and fix.
FindBugs Category:
All the bug patterns of FindBugs can be found under the following category:
Bad practice, Correctness, Experimental, Internationalization, Malicious code vulnerability, Multithreaded correctness, Performance, Security and Dodgy code.
For more information on FindBugs please visit the website: http://findbugs.sourceforge.net/
What is PMD?
PMD is an open source code analyzer that scans Java source code looking for over 400 potential problems. PMD detects bad practices in code such as: empty try/catch blocks, unused methods, braces. The current version of PMD is 5.2.3 that has been released on 21 December 2014.
PMD in NetBeans
Unlike FindBugs, PMD plugin isn’t built into the NetBeans IDE but the installation process is also very simple. Just select Tools from the menu bar in NetBeans and click Plugins. you will be presented with the following window:
Next select the Available Plugins tab -> type EasyPmd in the search -> tick the box next to the plugin -> Install
The installation process will start automatically
Install -> Next -> Accept the terms of the license agreements -> Install ->Continue -> choose Restart IDE Now -> Finish
Once that is done select the project or class that you want to inspect than select Window from the menu bar and click on Action Items.
Similar to FindBugs, PMD also gives you all the information needed about the error starting from number of errors, name, description, category and the line it is on. additionally PMD gives you information about the weight of the error so you know witch error to fix first.
PMD category:
All the bug of PMD can be find under the following category:
Android, Basic, Braces, Clone implementation, Code size, Comments, Controversial, Coupling, Design, Empty code, Finalizer, ImportStatement, J2EE, Java beans, JUnit, Jakarta Commons Logging, Java Logging, Migration, Naming, Optimization, Strict Exceptions, String and StringBuffer, Security Code Guidelines, Type Resolution, Unnecessary and Unused Code.
For more information about PMD please visit the website: http://pmd.sourceforge.net/
PMD vs FindBugs
I cannot say whether one of these tools are better than the other as they both complement each other in finding different sets of problems. Even though there is a lot of overlap between FindBugs and PMD each of the two has its own purpose, strength and weaknesses.
However the biggest difference between them two is that PMD works on source code where FindBugs works on bytecode. So the potential issues that are found by FindBugs in byte code level won’t be detected by PMD while scanning source code. Therefore we need those two tools. And also using FindBugs and PMD you can learn a lot about how to write better Java code in the first place.
Hopefully you find this article useful, what tools do you use?