Improving your software using static analysis to find bugs

Brian Cole, Daniel Hakim, David Hovemeyer, Reuven Lazarus, William Pugh, Kristin Stephens
2006 Companion to the 21st ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications - OOPSLA '06  
FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons, such as difficult language features, misunderstood API semantics, misunderstood invariants when code is modified during maintenance, and simple mistakes such as typos. FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. We have found that FindBugs finds real errors in most Java
more » ... software. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate true errors. In practice, the rate of false warnings reported by FindBugs is generally lower than 50%, often much lower.
doi:10.1145/1176617.1176667 dblp:conf/oopsla/ColeHHLPS06 fatcat:4njng44t3vdohi3gl56l6cjv3m