Search code examples
findbugsspotbugs

Relationship of FindBugs bug rank, category and type

I'm using FindBug and I want to understand the .XML report generated by it for documentation purpose.

Sample I got is below. 

<BugInstance type="RANGE_ARRAY_INDEX" priority="2" rank="7" abbrev="RANGE" category="CORRECTNESS" first="1">

So as it seems type RANGE_ARRAY_INDEX of category CORRECTNESS is having rank 7 so it is a scary one. So is it always true ? Is RANGE_ARRAY_INDEX always a scary one ?

I couldn't find any resource mentioning about a relationship among them.

I referred to FindBugs Bug Descriptions and FindBugs 2 site and this SO question which dose not have a clear answer

As it seems we have several Categories,

  1. Bad practice
  2. Correctness
  3. Experimental
  4. Internationalization
  5. Malicious code vulnerability
  6. Multithreaded correctness
  7. Performance
  8. Security
  9. Dodgy code

And

  • Scariest (1-4),
  • Scary (5-9),
  • Troubling (10-14)
  • Of Concern (rank 15-20)

And we have many types as it's in the doc.

Can anyone help me on this ?

Solution

  • There is an answer by David Harkness which explains it pretty well, partly cited below. I also checked the SpotBugs code. SpotBugs is FindBugs' successor. In short:

    • Type - This is just the name of the BugPattern which was found.
    • Category - The category is for grouping BugPatterns, hardcoded in FindBugs. For example, RANGE_ARRAY_INDEX will always fall in the CORRECTNESS category (and it's reported by the DumbMethods detector).
    • Rank - Rank is the result of complex calculations, can vary, and indicates the severity of the found bug. It varies from 20 (lowest) to 1 (highest), and the UI groups the values into four categories: scariest, scary, troubling, and of concern. (Harkness) So, a certain NullPointerException might get a 1, and a potential performance improvement might just get a 12.
    • Priority - Also a calculated value which varies. It indicates the confidence that the found bug is actually a bug. FindBugs employs heuristics which may go wrong. It varies from 1 (highest confidence) to 5 (lowest confidence, to be disregarded). For a long time now, priority has been renamed confidence in order to make this clearer. The XML still says priority for compatibility reasons.