Article

Using FindBugs on production software

Authors:

Nathaniel Ayewah,

William Pugh,

J. David Morgenthaler,

John Penix,

YuQian ZhouAuthors Info & Claims

OOPSLA '07: Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion

Pages 805 - 806

https://doi.org/10.1145/1297846.1297897

Published: 20 October 2007 Publication History

Get Access

Abstract

This poster will present our experiences using FindBugs in production software development environments, including both open source efforts and Google's internal code base. We summarize the defects found, describe the issue of real but trivial defects, and discuss the integration of FindBugs into Google's Mondrian code review system.

References

[1]

N. Ayewah, W. Pugh, J. D. Morgenthaler, J. Penix, and Y. Zhou. Evaluating static analysis defect warnings on production software. In PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 1--8, New York, NY, USA, 2007. ACM Press.

Digital Library

Google Scholar

[2]

J. Spacco, D. Hovemeyer, and W. Pugh. Tracking defect warnings across versions. In MSR '06: Proceedings of the 2006 international workshop on Mining software repositories, pages 133--136, New York, NY, USA, 2006. ACM Press.

Digital Library

Google Scholar

Cited By

View all

Imran AKosar TZola JBulut M(2024)Towards Sustainable Cloud Software Systems through Energy-Aware Code Smell Refactoring2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00034(223-234)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00034
Mashhadi EChowdhury SModaberi SHemmati HUddin G(2024)An empirical study on bug severity estimation using source code metrics and static analysisJournal of Systems and Software10.1016/j.jss.2024.112179(112179)Online publication date: Aug-2024
https://doi.org/10.1016/j.jss.2024.112179
Maes-Bermejo MGallego MGortázar FRobles GGonzalez-Barahona J(2024)Testing the past: can we still run tests in past snapshots for Java projects?Empirical Software Engineering10.1007/s10664-024-10530-z29:5Online publication date: 30-Jul-2024
https://doi.org/10.1007/s10664-024-10530-z
Show More Cited By

Index Terms

Using FindBugs on production software

Recommendations

Evaluating static analysis defect warnings on production software
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

Static analysis tools for software defect detection are becoming widely used in practice. However, there is little public information regarding the experimental evaluation of the accuracy and value of the warnings these tools report. In this paper, we ...
Improving your software using static analysis to find bugs
OOPSLA '06: Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons, such as difficult language features, misunderstood API semantics, ...
The Google FindBugs fixit
ISSTA '10: Proceedings of the 19th international symposium on Software testing and analysis

In May 2009, Google conducted a company wide FindBugs "fixit". Hundreds of engineers reviewed thousands of FindBugs warnings, and fixed or filed reports against many of them. In this paper, we discuss the lessons learned from this exercise, and analyze ...

Comments

Information & Contributors

Information

Published In

OOPSLA '07: Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion

October 2007

241 pages

ISBN:9781595938657

DOI:10.1145/1297846

General Chair:
Richard P. Gabriel
IBM Research, USA
,
Program Chairs:
David F. Bacon
IBM Research, USA
,
Cristina Videira Lopes
University of California, Irvine, USA
,
Guy L. Steele
Sun Labs, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

OOPSLA07

Sponsor:

OOPSLA07: ACM SIGPLAN Object Oriented Programming Systems and Applications Conference

October 21 - 25, 2007

Quebec, Montreal, Canada

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
935
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Imran AKosar TZola JBulut M(2024)Towards Sustainable Cloud Software Systems through Energy-Aware Code Smell Refactoring2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00034(223-234)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00034
Mashhadi EChowdhury SModaberi SHemmati HUddin G(2024)An empirical study on bug severity estimation using source code metrics and static analysisJournal of Systems and Software10.1016/j.jss.2024.112179(112179)Online publication date: Aug-2024
https://doi.org/10.1016/j.jss.2024.112179
Maes-Bermejo MGallego MGortázar FRobles GGonzalez-Barahona J(2024)Testing the past: can we still run tests in past snapshots for Java projects?Empirical Software Engineering10.1007/s10664-024-10530-z29:5Online publication date: 30-Jul-2024
https://doi.org/10.1007/s10664-024-10530-z
Pujar SZheng YBuratti LLewis BChen YLaredo JMorari AEpstein ELin TYang BSu Z(2024)Analyzing source code vulnerabilities in the D2A dataset with ML ensembles and C-BERTEmpirical Software Engineering10.1007/s10664-023-10405-929:2Online publication date: 22-Feb-2024
https://doi.org/10.1007/s10664-023-10405-9
Hassan FMeng NWang X(2023)UniLoc: Unified Fault Localization of Continuous Integration FailuresACM Transactions on Software Engineering and Methodology10.1145/359379932:6(1-31)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3593799
Kharkar AMoghaddam RJin MLiu XShi XClement CSundaresan NDwyer MDamian DZeller A(2022)Learning to reduce false positives in analytic bug detectorsProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510153(1307-1316)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510153
Zhang HBi YGuo HSun WLi J(2022)ISVSF: Intelligent Vulnerability Detection Against Java via Sentence-Level Pattern ExploringIEEE Systems Journal10.1109/JSYST.2021.307215416:1(1032-1043)Online publication date: Mar-2022
https://doi.org/10.1109/JSYST.2021.3072154
Zheng YPujar SLewis BBuratti LEpstein EYang BLaredo JMorari ASu ZEldh SFalessi D(2021)D2AProceedings of the 43rd International Conference on Software Engineering: Software Engineering in Practice10.1109/ICSE-SEIP52600.2021.00020(111-120)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-SEIP52600.2021.00020
Ju XQian JChen ZZhao CQian J(2020)Mulr4FL: Effective Fault Localization of Evolution Software Based on Multivariate Logistic Regression ModelIEEE Access10.1109/ACCESS.2020.30372358(207858-207870)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3037235
De Cremer PDesmet NMadou MDe Sutter B(2020)Sensei: Enforcing secure coding guidelines in the integrated development environmentSoftware: Practice and Experience10.1002/spe.284450:9(1682-1718)Online publication date: 4-Jun-2020
https://doi.org/10.1002/spe.2844
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Evaluating static analysis defect warnings on production software

Improving your software using static analysis to find bugs

The Google FindBugs fixit

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations