View
635
Download
1
Category
Preview:
DESCRIPTION
Citation preview
Unusual Java Bugs and Fighting them Using FOSS Tools
S G GaneshResearch Engineer
Siemens (Corporate Technology), Bangalore
Open Source India WeekThe TechZone: Developer Track—Bangalore
12-Feb-2008
Why Static Analysis Tools
Too much buggy software out there in the market Open source is better, but still …
Important to improve the quality of the software “ilities” : reliability, security, maintainability etc.
Testing is not enough Cannot check all paths, possibilities, practices
Why Static Analysis Tools (contd..)
Benefits of Static Analysis Tools Can cover code not covered by testing or dynamic
analysis No instrumentation needed, no tests to develop and run Usually easy to use
Run in your IDE, by just clicking a button
Code review is not sufficient Can catch usual/obvious mistakes A static analysis tool can often find unusual bugs
Why Bugs Happen in Code?
Everyone makes mistakes Including experts only that novices make more mistakes
Compiler catches syntax/(some) semantic errors Not sufficient. E.g. how about errors in usage?
We are often asked to ‘Get-the-code-working’ So, after that, we spend rest of the time fixing
the bugs ;-)
Why Java FOSS Tools?
Many high quality FOSS tools available Java is free and widely used Java programs also suffer quality issues like
code developed in C/C++ No pointers, automatic memory management etc
helps less experienced programmers much Still, Java software suffers quality problems like
security, maintainability etc. Significantly improve quality of software
before software is tested or released to users
Finding Uncommon Bugs
We’ll see a buggy code example not usual bug like null pointer access or bad
cast unusual bugs like misuse of language features,
synchronization issues etc. … and then see how a FOSS static
analysis tool catches it We’ll see simple bugs first
… and then move on to more difficult ones
What does this code print?
class LongVal { public static void main(String []s) { long l = 0x1l; System.out.format("%x", l); }}
Here is the output …
$ java LongVal1 $
The program prints 1 and not 11 – why?
Bug: ‘l’ and ‘1’ looks alike!
The antic tool detects it: $antic –java LongVal.javaLongVal.java:3:26: May be 'l' is used
instead of '1' at the end of integer constant
Programmer, possibly by mistake, typed ‘l’ (english letter ell) instead of ‘1’ (number one)! long l = 0x1l;
Introducing Jlint/Antic
Antic is meant for finding problems related to C syntax Like this problem we saw now Works on java source files
Jlint is for Java inconsistencies and bugs Can find difficult synchronization issues also Works on built class files
Simple to use tool Used from command line
Available from http://jlint.sourceforge.net
What does this code print?
class NaNTest {public static void main(String []s) {
double d = getVal();if(d == Double.NaN)
System.out.println("d is NaN");}
private static double getVal() { return Double.NaN; }
}
Here is the output…
$ java NaNTest $ It does not print anything!
FindBugs Detects it
Bug: (NaN == NaN) is false!
FindBugs names this bug as: “Doomed test for equality to NaN”
This code checks to see if a floating point value is equal to the special Not A Number value (d == Double.NaN).
special semantics of NaN: no value is equal to NaN, including NaN.
d == Double.NaN is always false Correct check: Use Double.isNaN(x)
Introducing FingBugs
Detects problems like correctness, multithreading issues, performance problems, bad practices etc
Less number of false positives No source files needed
Runs on Java class/jar files You can run it on huge code-bases
Runs in a nice GUI Get from: http://findbugs.sourceforge.net/
How FindBugs GUI looks
What is wrong with this code?
Here is the output…
PMD Detects It
$pmd Test.java text designTest.java:3 Overridable method 'foo'
called during object construction
Bug: Ctor calls overridden method!
Constructors do not support runtime polymorphism
Because derived objects are not constructed yet when base class constructor executes.
Virtual method foo is called from the base class constructor
Overridden foo calls toString method from i which is not initialized yet
Results in NullPointerException
Introducing PMD
PMD checks for problems like: Possible bugs, design rule violations Duplicate, sub-optimal or dead code Suggestions for Migration to newer JDK versions,
J2EE, JavaBeans, JSP, JUnit rules Works on Java source files Command-line
Or as plugin for Eclipse, JBuilder, JCreator etc. Get from: http://pmd.sourceforge.net/
What is wrong with this code?
What is wrong with this code? …
Here is the output…
The program hangs after running successfully for few times
It ‘deadlocked’..
QJ-Pro Detects It
Bug: Multiple locks can deadlock!
Locks: basic Java synchronization mechanism Ensures exclusive ownership for a thread while
executing critical section Incorrect synchronization can lead to deadlocks Deadlocks are ‘non-deterministic’
Hence difficult to detect, reproduce and fix Acquiring multiple locks is prone to deadlock
Particularly if not done in same order or if sleep() in Thread is called
In this program, foo and bar acquire locks in opposite order and hence deadlock occurs
Introducing QJ-Pro
QJ-Pro checks for problems like: Conformance to coding standards, coding best
practices Misuse of features, APIs etc
Works on Java source files Easy to use in standalone GUI version
Or Eclipse, JBuilder, JDeveloper plugins or Ant job Get from: http://qjpro.sourceforge.net/
How QJ-Pro GUI looks
Other FOSS Java Tools
CheckStyle Checks for adherance to coding standards such as
Sun’s Get it from http://checkstyle.sourceforge.net/
JCSC (Java Coding Style Checker) Checks for coding style adherance & … and also checks for common bugs Get it from http://checkstyle.sourceforge.net/
There are many more Classycle, Condenser, DoctorJ, JarAnalyzer…
Banish the Bug!
Tools are free why don’t you use it for getting rid of bugs
Ensure high-quality of software By detecting and fixing bugs early in s/w lifecycle
Thank You!
Some Links: Code Snippet Of the Day (CodeSOD)
http://thedailywtf.com/Series/CodeSOD.aspx List of Open Source Java code analyzers
http://java-source.net/open-source/code-analyzers
Enough bugging you! Time for Q & A now
Recommended