Basically I ran Intellij Idea ‘s plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error even though it was fixed in the source file . It only stopped complaining after I recompiled my classses . Why does it require a compilation step ? Shouldn’t it basically look in the source file and detect a possible bug ? How do these tools work in general ?
2
Findbugs examines the bytecode to identify patterns that tend to be buggy.
This is far more efficient than analyzing source code. You would essentially have to parse the source anyway to analyze it, so let the existing compiler do that work for you and focus on finding bugs.
By working with compiled bytecode, FindBugs can treat your code as identical to the third-party libraries that you use, and investigate all of them (to ensure that you’re calling the library correctly).
5
There are different types of static analysis tools – those that operate on the source code and those that operate on a compiled product. Findbugs is an example of the latter, while a tool like PMD is an example of the former. Depending on what type of problems the tool is trying to detect, the choice of what product to analyze can make it easier or more difficult. As an example, tools that analyze the byte code can’t be used to find problems that lead to code being less readable, but they can analyze anything that compiles to the same byte code.
2