FindBugs is an open source static analysis tool from the University of Maryland that looks for potential bugs in Java class files. We have some scripts to run it over the Java code at build time.
For gyp builds, add run_findbugs=1 to your GYP_DEFINES.
For gn builds, add run_findbugs=true to the args you pass to gn gen:
gn gen --args='target_os="android" run_findbugs=true'
Note that running findbugs will add time to your build. The amount of additional time required depends on the number of targets on which findbugs runs, though it will usually be between 1-10 minutes.
Some of the warnings are false positives. In general, they should be suppressed using @SuppressFBWarnings. In the rare event that a warning should be suppressed across the entire code base, it should be added to the exclusion file instead. If you modify this file:
- Include a comment that says what you're suppressing and why.
- The existing suppressions should give you an idea of the syntax. See also the FindBugs documentation. Note that the documentation doesn't seem totally accurate (there's probably some version skew between the online docs and the version of FindBugs we're using) so you may have to experiment a little.
Chromium's FindBugs plugin
We have FindBugs plugin to enforce chromium specific Java rules. It currently detects:
- Synchronized method
- Synchronized this
FindBugs on the Bots
FindBugs is configured to run on:
- android_clang_dbg_recipe on the commit queue
- Android Clang Builder (dbg) on the main waterfall