问题
I tried to run FindBugs in command line and had troubles when specifying the project to be analyzed. I understand FindBugs works on bytecode (.jar, .class), so I wrote a HelloWorld program and made sure that it had some messy code that would be detected by FindBugs.
Then I tried:
java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld/bin
which threw an exception:
java.lang.IllegalArgumentException: Can't read project from HelloWorld/bin
at edu.umd.cs.findbugs.Project.readProject(Project.java:774)
I also tried .class and .jar files, but nothing showed up:
java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld/bin/Main.class
java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld.jar
I checked the FindBugs manual about the command line option "-project", it says
The project file you specify should be one that was created using the GUI interface. It will typically end in the extension .fb or .fbp
I don't understand this. Does it mean that some pre-processing is required and FindBugs cannot check arbitrary .jar or .class or project directly? How can I get this .fb or .fbp extension?
Thanks.
回答1:
The procedure is described on the FindBugs website:
- Make sure you download the FindBugs distribution which includes the GUI (called Swing interface).
- Extract your downloaded ZIP and add its bin folder to your PATH.
- Type
findbugsto open the GUI, then click New Project - In the dialog:
- Enter a project name, say
HelloWorld. - Where it says Classpath for analysis, give it the Jar with your .class files or a directory where the .class files are (such as
build/classes/mainor whatever; the package structure must start in this directory). - Where it says Auxiliary classpath, list any libraries required to load your classes.
- Source directories works just like Classpath for analysis, but for .java files. FindBugs uses this to show you where in the code your issues are.
- You can select
(cloud disabled)as bug store.
- Enter a project name, say
- Click Analyze.
- Now you can save the project configuration as a .fbp project file.
Next time, you can start the analysis by running
java -jar D:/findbugs-2.0.3/lib/findbugs.jar -project HelloWorld.fbp
If you don't want to or cannot use the GUI, you can get the text-only version by adding the -textui option as first option after findbugs.jar. Output formats and behavior are configured via additional command line options.
However, most people use FindBugs integrated with their IDEs, or as part of a build process. Neither use case should require the GUI or command line versions. Take a look at the plugins for your IDE, it may save you a lot of time and they are really easy to use.
来源:https://stackoverflow.com/questions/24157777/findbugs-command-line-how-to-specify-the-project-to-be-analyzed