Improve SAKS.com Software Quality through Static Analysis Even before Testing
Comparison of costs to fix defects at different stages
Code Analysis Strategy Code Static Analysis tool review source code Static Analysis and Data Flow Analysis Tool review byte code Automate build and code review process Continuous Integration
What is FindBugs FindBugs uses the Apache BCEL library to analyze the classes in your application and detect potential bugs. FindBugs rules (or &quot;detectors&quot;) use a variety of inspection techniques, from examining the structure of the class right through to studying the detailed dataflow through the class. In addition to the detectors provided by FindBugs, with a bit of work, you can write your own custom-built detectors. http:// findbugs.sourceforge.net /
FindBugs in Action FindBugs is an open source static analysis tool, developed at the University of Maryland Looks for bug patterns, inspired by real problems in real code Held FindBugs ﬁxit at Google May 13-14th , 2009 • 300 engineers provided 8,000 reviews of 4,000 issues • 75+% were marked should ﬁx or must ﬁx more than 1,500 of the issues have already been removed
Static Analysis really useful? Static analysis typically ﬁnds mistakes but some mistakes don ’t matter The bug that matter depend on context Static analysis, at best , might catch 5-10% of your software quality problems Used effectively, static analysis is cheaper than other techniques for catching the same bugs
What is the difference FindBugs with Checkstyle and PMD Checkstyle has traditionally focused on coding standards such as naming conventions and spacing, and the presence of Javadocs. PMD is more focused on best practices, sub-optimal code, and potential errors. FindBugs' tendency to focus on potential bugs. in practice, a high proportion of the issues raised by FindBugs turn out to be real bugs.