FindBugs FAQThis document contains answers to frequently asked questions about FindBugs. If you just want general information about FindBugs, have a look at the fact sheet and the manual. Contents
Q1: I'm getting java.lang.UnsupportedClassVersionError when I try to run FindBugsFindBugs requires JRE 1.7.0 or later to run. If you use an earlier version, you will see an exception error message similar to the following: Exception in thread "main" java.lang.UnsupportedClassVersionError: edu/umd/cs/findbugs/gui/FindBugsFrame (Unsupported major.minor version 51.0)The solution is to upgrade to JRE 1.7.0 or later. Q2: When I click the "Find Bugs!" button, I get a NoSuchMethodError or VerifyErrorThe symptom of this bug is that when you start the FindBugs analysis, you see an exception similar to the following: java.lang.NoSuchMethodError: org.apache.bcel.Repository.setRepository(Lorg/apache/bcel/util/Repository;)V at edu.umd.cs.findbugs.FindBugs.clearRepository(FindBugs.java:483) ...or java.lang.VerifyError: Cannot inherit from final class at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:537) ... The problem here is that the wrong version of the
Apache BCEL
library is being found. FindBugs requires its own
version of BCEL, which normally will be used automatically
when you invoke the
In all of these cases, you should be able to run FindBugs by either removing the offending version of BCEL from your JRE, or installing a clean JRE or JDK and using that to run FindBugs. Many thanks to Peter Meulmeester, Michael Levi, and Thomas Klaeger for providing information on this problem. Q3: FindBugs is running out of memory, or is taking a long time to finish In general, FindBugs requires lots of memory and a relatively
fast CPU. For large applications, 1024M or more of heap space may be
required. By default, FindBugs allocates 768M of heap space.
You can increase this using the Q4: What is the "auxiliary classpath"? Why should I specify it?Many important facts about a Java class require information about the classes that it references. For example:
The "auxiliary classpath" is a list of Jar files, directories, and class files containing classes that are used by the code you want FindBugs to analyze, but should not themselves be analyzed by FindBugs. If FindBugs doesn't have complete information about referenced classes, it will not be able to produce results that are as accurate as possible. For example, having a complete repository of referenced classes allows FindBugs to prune control flow information so it can concentrate on paths through methods that are most likely to be feasible at runtime. Also, some bug detectors (such as the suspicious reference comparison detector) rely on being able to perform type inference, which requires complete type hierarchy information. For these reasons, we strongly recommend that you completely specify
the auxiliary classpath when you run FindBugs. You can do this
by using the If FindBugs cannot find a class referenced by your application, it will print out a message when the analysis completes, specifying the classes that were missing. You should modify the auxiliary classpath to specify how to find the missing classes, and then run FindBugs again. Q5: The Eclipse plugin doesn't loadThe symptom of this problem is that Eclipse fails to load the FindBugs UI plugin with the message: Plug-in "edu.umd.cs.findbugs.plugin.eclipse" was disabled due to missing or disabled prerequisite plug-in "org.eclipse.ui.ide" The reason for this problem is that the Eclipse plugin distributed with FindBugs does not work with older 3.x versions of Eclipse. Please use Eclipse version 3.6 (June 2010) or newer. Q6: I'm getting a lot of false "OS" and "ODR" warnings By default, FindBugs assumes that any method invocation can
throw an unchecked runtime exception. As a result,
it may assume that an unchecked exception thrown out of the
method could bypass a call to a You can use the Q7: The Eclipse plugin loads, but doesn't work correctlyMake sure the Java code you trying to analyze is built properly and has no classpath or compile errors. Make sure the project and workspace FindBugs settings are valid - in doubt, revert them to defaults. Make sure the Error log view does not show errors. Q8: Where is the Maven plugin for FindBugs?The Maven Plugin for FindBugs may be found here. Please note that the Maven plugin is not maintained by the FindBugs developers, so we can't answer questions about it. Q9: Where is the NetBeans plugin for FindBugs?We recommend SQE: Software Quality Environment which bundles FindBugs, PMD and CheckStyle. Use the following update site: http://deadlock.netbeans.org/hudson/job/sqe/lastStableBuild/artifact/build/full-sqe-updatecenter/updates.xml Pease note that the SQE plugin is not maintained by the FindBugs developers, so we can't answer questions about it.
Send comments to findbugs@cs.umd.edu |