Notes from the FindBugs BOF9231 at JavaOne 2007

NOTE: These are my incomplete notes from the FindBugs BOF at JavaOne 2007. I got in late due to the crush outside so missed the start of the session.

The latest release has some new(ish) features:

• Annotations for @NotNull, @CheckForNull, @CheckReturnValue
• JSR 305 (Annotations for Software Defect Detection) will standardise these annotations so that they can be used in multiple tools.
• They will be released in a javax package
• The EG has a google group for discussions and there is already unofficial output: annotated versions of standard libraries.

Using Findbugs to Compute a Bug's History

• Findbugs can keep track of when a bug was introduced and when it was resolved. This is recorded in histotical data (xml format)
• Bugs can be audted by a user and annotated in the history (e.g. must fix, not bug, etc. plus a free text area for more notes)
• This functionality is integrated with various IDEs. (IDEA, Eclipse, Netbeans)

Ways to Use FindBugs

• Command Line Interface
• FindBugs Tool (a Swing UI)
  
• Ant
• Maven
• Other IDEs

Using Findbugs Well

• Run it every night or at least every build
• The results of audits should be remembered (i.e. once a bug is marked, don't forget it)
• You should be able to identify which bugs are new in the build and which have been there since the last release
• You should be able to identify bug patterns which are of concern to your project
• Google are using it and have a paper (which I can't find at the moment) describing their experiences and how to incorporate it into a production development environment

Future of the Project

• There are currently 1.3 developers (as of the BOF)
• There is a need to build a better OSS community
• The "documentation sucks"
• Mailing Lists
• findbugs-announce
• findbugs-discuss
• findbugs-core
• There is also a google group

Update - It seems as if FundBugs may be moving to GoogleCode for its hosting