Skip to Content
“Thy Software has bugs” is the 11th commandment in a developer’s life. Software bugs are the one constant feature of every software that has ever been developed. They do not spare any software provider – spanning the entire range of software makers from the operating system developers to the birthday reminder program developers. And, it begs a question. Why? It is not that software developers are a dumb set of people; it is just that we are not perfect.  A good software is one which manages to minimize the number of bugs it contains. Moreover, purely for cost reasons, it is better to find bugs earlier in the lifecycle of a product. This can be achieved by adopting various best practices including Four-eye reviews, Code inspections, Pair programming and the less fancied, Testing. Recently, I stumbled upon a software called FindBugs which, surprisingly, attempts to find bugs in Java code.  FindBugs is a static analysis tool which runs through a set of compiled java code and shows up pieces of code which might potentially contain bugs. I was very skeptical of a static analysis tool. It couldn’t possibly find bugs in code which has been reviewed, tested and inspected. Moreover, a static analysis tool could only identify the ‘silly’ mistakes and since our code was in use for years, these would have already been ironed out. But, it was a lazy weekend so I decided to humor myself and read a little more about this tool. Some of the facts were quite startling:

  • The tool has found 190 Null Pointer dereferences in JDK1.6! Surely, JDK has been in use longer than our software and surely, Java has more people in Quality than our team does and yet, there are 190 Null Pointer dereferences in the JDK code? That took me by surprise because the null pointer pieces of code are normally easy to identify and deal with.
  • FindBugs found 236 Null Pointer dereferences in eclipse-3.2.
  • FindBugs also found an infinite recursive loop in Google Widget Toolkit after it was made open source. This is interesting for two reasons – firstly, even programmers at Google make mistakes. And secondly, GWT isn’t a very large piece of software and an infinite recursive loop can be categorized as a ‘silly’ error. So, bugs can be introduced by anyone and can occur anywhere.

This got me interested and I decided to run the tool on the code I work with. It showed me a lot of bugs (over a hundred, actually). Even though some of them were either insignificant (unchecked cast, for example when I know the cast will work fine) or false positives, I found a lot of bugs in the code which I never knew existed. Exhibit AimageHere you will find an if-else condition which does the exact same thing in both the branchesExhibit Bimage A comparison with null, which if true, will throw a null pointer exceptionExhibit Cimage The tool is smart enough to find out that the value of ICON_LEFT_OFFSET is 0 and states that either way, the value assigned will be 0Exhibit DimageAnother common error where a null pointer exception could easily occur There were quite a few (about 15) null pointer dereferences and I even found 2 potential infinite recursive loops! And these are generic enough errors which could occur in any piece of code. I agree that some null pointer errors might never occur in the normal execution of the code as they are probably checked for at other places, but that is never an excuse to have lame code. The tool even shows up bad programming practices.  In conclusion, even though this tool might not replace other good practices like Code Inspections, Four-eye reviews, etc. this is definitely a great developer companion which can help improve software a great deal. Give it a shot and trust me, you will be surprised.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Markus Kohler
    Findbugs is a pretty good static code analyzer.
    It also finds some easy to fix performance problems.

    Markus (/people/markus.kohler/blog)

    1. Niraj Kumar

      very useful information.
      Would be a good idea to incorporate usage of this tool along with other Q practices (reviews, tests etc.).



Leave a Reply