Architecture & DesignGoing Beyond Unit Testing with SpotBugs

Going Beyond Unit Testing with SpotBugs content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Have you ever had a Java program that compiles cleanly, yet still exhibits some buggy behavior? Of course you have; it happens to the best of us! That’s because only a very narrow scope of errors are caught during compilation—namely syntax errors, invalid references, and the like. The fact that the IDE will warn you when a program contains compile errors goes a long way towards guaranteeing that such errors won’t find their way into your programs. At the same time, relying on the compiler to catch potential bugs is far from adequate, because it does nothing to guard against other types of errors, such as runtime or logic errors.

You can cast a wider net to catch more potential bugs by employing a static analysis tool such as SpotBugs. In today’s article, we’ll learn how to install the SpotBugs Eclipse plug-in and use it to identify issues in our program code.

What Is Static Analysis?

Unlike the Java compiler, which looks at the source code, static analysis inspects Java bytecode (compiled .class files) for occurrences of bug patterns. A bug pattern is a code expression/idiom that is often error-prone. Bug patterns can arise for a variety of reasons, including:

  • Use of difficult language features
  • Misunderstanding API methods
  • Misunderstanding variables when code is modified during maintenance
  • Garden variety mistakes: typos, use of the wrong operator, and so forth

SpotBugs is highlighted

Before running the analysis, let’s open the SpotBugs views.

  1. Select Window -> Show View -> Other… to open the Show View dialog.
  2. Once there, type “Bug” in the Filter box to narrow the views list to the two SpotBugs ones.
  3. Select both the SpotBugs views and click Open to display them:

    The new files
    Figure 2: The new files

To apply SpotBugs to a project:

  1. Right-click the project in the Package Explorer, Then, select SpotBugs -> Find Bugs from the context menu.

After the analysis has concluded, the results will be presented in the Bug Explorer view. Here’s what the TuxGuitar code generated:

The generated code
Figure 3: The generated code

The good news is that there are no bugs in the “Scariest” category. However, there are some “Scary,” “Troubling,” and “Of Concern” bugs. There is also a confidence factor for each bug category. This reflects the likelihood of these bugs to result in problems later. Each identified bug comes with a description of the issue. You can click it to see the line of code in the source that it pertains to—pretty nifty when you consider that SpotBugs is operating on bytecode!

Obtaining More Information on a Bug

Until you’ve been working with SpotBugs for some time, a bug like “ABadClass defines equals and uses Object.hashCode()” may not mean much to you. That’s why SpotBugs includes a lot more information on each problem. To see it, right-click the bug and select Show Bug Info from the popup menu. That will bring up an info page in the Bug Info view:

The Info page
Figure 4: The Info page

Configuring SpotBugs Settings

The FindBugs plug-in makes it easy to customize the bugs analysis strategy, by offering various ways to filter warning and limit the strictness of the results. You can check the configuration interface by going to Window -> Preferences -> SpotBugs:

The Preferences window
Figure 5: The Preferences window

The easiest way to alter the number of bugs reported is to use the Minimum rank to report slider. The further right it’s set, the more bugs will be reported. Conversely, the further left it’s set, the fewer bugs you’ll see. That’s because the minimum rank threshold rises as the slider moves to the left. You’ll see the minimum change as you go, from “Of concern,” to “Troubling,” to “Scary,” and finally, to “Scariest.” Each category is divided into five levels of rank.

Another useful setting is found on the Plug-ins and misc. settings tab. There, you can configure SpotBugs to run automatically as part of the project build by deselecting the Run SpotBugs analysis as extra job checkbox.


In today’s article, we learned how to install, configure, and apply static analysis to our Java projects in Eclipse. Although SpotBugs won’t rid your program of all bugs, it will definitely make a dent in the number of bugs that find their way into production.

About the Author


Rob Gravelle resides in Ottawa, Canada. His design company has built Web applications for numerous businesses and government agencies. E-mail him.

Rob’s alter-ego, “Blackjacques,” is an accomplished guitar player, who has released several CDs and cover songs. His band, Ivory Knight, was rated as one of Canada’s top hard rock and metal groups by Brave Words magazine (issue #92).

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories