FindBugs command line: how to specify the project to be analyzed?

Question

I tried to run FindBugs in command line and had troubles when specifying the project to be analyzed. I understand FindBugs works on bytecode (.jar, .class), so I wrote a HelloWorld program and made sure that it had some messy code that would be detected by FindBugs.

Then I tried:

java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld/bin

which threw an exception:

java.lang.IllegalArgumentException: Can't read project from HelloWorld/bin
              at edu.umd.cs.findbugs.Project.readProject(Project.java:774)

I also tried .class and .jar files, but nothing showed up:

java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld/bin/Main.class
java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld.jar

I checked the FindBugs manual about the command line option "-project", it says

The project file you specify should be one that was created using the GUI interface. It will typically end in the extension .fb or .fbp

I don't understand this. Does it mean that some pre-processing is required and FindBugs cannot check arbitrary .jar or .class or project directly? How can I get this .fb or .fbp extension?

Thanks.

Answer 1

The procedure is described on the FindBugs website:

• Make sure you download the FindBugs distribution which includes the GUI (called Swing interface).
• Extract your downloaded ZIP and add its bin folder to your PATH.
• Type findbugs to open the GUI, then click New Project
• In the dialog:
  • Enter a project name, say HelloWorld.
  • Where it says Classpath for analysis, give it the Jar with your .class files or a directory where the .class files are (such as build/classes/main or whatever; the package structure must start in this directory).
  • Where it says Auxiliary classpath, list any libraries required to load your classes.
  • Source directories works just like Classpath for analysis, but for .java files. FindBugs uses this to show you where in the code your issues are.
  • You can select (cloud disabled) as bug store.
• Click Analyze.
• Now you can save the project configuration as a .fbp project file.

Next time, you can start the analysis by running

java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld.fbp

If you don't want to or cannot use the GUI, you can get the text-only version by adding the -textui option as first option after findbugs.jar. Output formats and behavior are configured via additional command line options.

However, most people use FindBugs integrated with their IDEs, or as part of a build process. Neither use case should require the GUI or command line versions. Take a look at the plugins for your IDE, it may save you a lot of time and they are really easy to use.