Using FindBugs for Android Code Analysis and Automated Testing

In Android automated testing, we first use various code inspection tools to examine Android code, thereby detecting bugs and potential issues early and improving code quality. FindBugs is one of the most commonly used tools for Android code inspection.

FindBugs is an open‑source Java code analysis tool licensed under the GNU GPL. It can inspect Java classes or JAR files by analyzing bytecode rather than source code, comparing the bytecode against a set of defect patterns to uncover issues such as null‑pointer dereferences, infinite recursion, deadlocks, etc. The types of bugs it detects include:

Bad practice: common code errors, serialization errors, used for static code checking pattern matching.

Correctness: code that may cause errors, such as null‑pointer dereferences.

Internationalization issues: incorrect string conversions.

Potential malicious attacks: e.g., improper access‑modifier definitions.

Multithreading correctness: common synchronization and thread scheduling issues.

Runtime performance issues: inefficiencies caused by variable definitions, method calls, etc.

FindBugs is a standalone GUI application that can also be used as a plugin for Eclipse, NetBeans, or IntelliJ IDEA, and can be invoked from the command line, Ant, or Maven. Its usage is straightforward, allowing developers to check code on the fly.

After detecting bugs, FindBugs classifies them into four severity levels—Scariest, Scary, Troubling, and Of Concern—providing suggested fixes.

An example of code inspection results is shown below:

Click “Read the original article” to view the FindBugs official website!