---

FindBugs is an open-source static analysis package for Java code, and is used for identifying bugs, unsafe code and dubious programming practices. It's available as a standalone jar, as an Eclipse plug-in or via Java web start, though this review focuses primarily on the Eclipse version.

Installation is very straightforward from within Eclipse. Simply point the Software Updates wizard to http://findbugs.cs.umd.edu/eclipse and let it do its stuff. Once installed using FindBugs is incredibly straightforward. Select a project, in the Package Explorer for example, right-click and choose Find Bugs from the menu, the same process can be used to select an individual class.

FindBugs will analyse the class or package and produce a list of problems, which are displayed in the normal Problems window. Unlike normal compiler errors, the problems flagged by FindBugs are identified with a two or three-character code, along with some descriptive text. Clicking on one of these problems high-lights the offending line in the source editor, and right-clicking gives a Show Bug Details option, which opens a window that gives a one or two sentence description of the problem.

Because the issues flagged by FindBugs are at a higher level that those picked up Eclipse's internal compiler, there's not a quick-fix option that eradicates the problem in a couple of mouse-clicks. At times the issues it identifies come down to class design rather than simple coding issues. FindBugs works by looking at common bug patterns - in other words Java idioms that are associated with defects. The listing of these bug idioms is included on the FindBugs web site (http://findbugs.sourceforge.net/bugDescriptions.html).

FindBugs is fully configurable, and it is possible to select which types of errors to include/exclude, and to set a severity level for reporting them. In Eclipse it's possible to do this via the Project properties, where the Find Bugs option gives a full listing of all of the bugs it looks for along with a check-box to select/deselect them. It's also possible to control whether it runs automatically in the background or whether it has to be kicked off manually. In use the plug-in soon feels like a natural part of Java development.

The Java web start version, which can be found here: http://findbugs.sourceforge.net/jnlp/findbugs.jnlp, features a simple Swing GUI for creating projects. A project in this context is just a collection of jar files, source directories and classpaths. Once a project has been defined Find Bugs can be kicked off and the code analysed. A tabbed display is used to show bugs organised by class, by package, by bug type and bug category. Clicking on a bug in any view brings up the source code as well as more details of the bug.

The extra help in picking up design issues can be a real boon. Trying it out on your own code can be a salutary experience. Recommended.