What is Findbugs and its advantages / disadvantages ?

FindBugs

FindBugs is a static analysis tool that examines your class or JAR files looking for potential problems by matching your bytecodes against a list of bug patterns.

With static analysis tools, you can analyze software without actually running the program. These tools promise to find existing bugs in your code without requiring much effort on the part of the developer

FindBugs tool looks for something like 200 known patterns in your code that suggest something could be wrong. These range from the ability to trigger a nullpointer exception to a JSP reflected cross site scripting vulnerability.

These bugs are classified into 6 categories :

  1. Correctness

  2. Internationalization

  3. Maliciouscode vulnerabilities

  4. Multithreadedcorrectness

  5. Performance

  6. Style

FindBugs can be run from the command line or integrated into your build system using ANT, Maven and there is a plugin.

Requirements

• Eclipse 3.3 or later
• JRE/JDK1.5 or later

Advantages and disadvantages of FindBugs

Advantages

1.   Improves the quality of your code

2.   Allow you to analyze code without executing

3.   Help in eliminating common bugs lying incode.

      May spare a lot of yourtime. (quickly provide a list of points)

4.   Usually present well-structured results.

5.   Free of cost

6.   Ready to use plugin integration

Disadvantages

1.   May detect "well structured"errors.

2.   Generate numerous false positives.

      (Developers have to waste their time for reviewing)

3.   Sometimes, only find a subset of issues.

4.   Sense of context is extremely limited. 

      (Don't understand what your software is trying to do)