presentations unusual java bugs and detecting them using foss tools

Unusual Java Bugs and Fighting them Using FOSS Tools

S G GaneshResearch Engineer

Siemens (Corporate Technology), Bangalore

Open Source India WeekThe TechZone: Developer Track—Bangalore

12-Feb-2008

Why Static Analysis Tools

Too much buggy software out there in the market Open source is better, but still …

Important to improve the quality of the software “ilities” : reliability, security, maintainability etc.

Testing is not enough Cannot check all paths, possibilities, practices

Why Static Analysis Tools (contd..)

Benefits of Static Analysis Tools Can cover code not covered by testing or dynamic

analysis No instrumentation needed, no tests to develop and run Usually easy to use

Run in your IDE, by just clicking a button

Code review is not sufficient Can catch usual/obvious mistakes A static analysis tool can often find unusual bugs

Why Bugs Happen in Code?

Everyone makes mistakes Including experts only that novices make more mistakes

Compiler catches syntax/(some) semantic errors Not sufficient. E.g. how about errors in usage?

We are often asked to ‘Get-the-code-working’ So, after that, we spend rest of the time fixing

the bugs ;-)

Why Java FOSS Tools?

Many high quality FOSS tools available Java is free and widely used Java programs also suffer quality issues like

code developed in C/C++ No pointers, automatic memory management etc

helps less experienced programmers much Still, Java software suffers quality problems like

security, maintainability etc. Significantly improve quality of software

before software is tested or released to users

Finding Uncommon Bugs

We’ll see a buggy code example not usual bug like null pointer access or bad

cast unusual bugs like misuse of language features,

synchronization issues etc. … and then see how a FOSS static

analysis tool catches it We’ll see simple bugs first

… and then move on to more difficult ones

What does this code print?

class LongVal { public static void main(String []s) { long l = 0x1l; System.out.format("%x", l); }}

Here is the output …

$ java LongVal1 $

The program prints 1 and not 11 – why?

Bug: ‘l’ and ‘1’ looks alike!

The antic tool detects it: $antic –java LongVal.javaLongVal.java:3:26: May be 'l' is used

instead of '1' at the end of integer constant

Programmer, possibly by mistake, typed ‘l’ (english letter ell) instead of ‘1’ (number one)! long l = 0x1l;

Introducing Jlint/Antic

Antic is meant for finding problems related to C syntax Like this problem we saw now Works on java source files

Jlint is for Java inconsistencies and bugs Can find difficult synchronization issues also Works on built class files

Simple to use tool Used from command line

Available from http://jlint.sourceforge.net

What does this code print?

class NaNTest {public static void main(String []s) {

double d = getVal();if(d == Double.NaN)

System.out.println("d is NaN");}

private static double getVal() { return Double.NaN; }

}

Here is the output…

$ java NaNTest $ It does not print anything!

FindBugs Detects it

Bug: (NaN == NaN) is false!

FindBugs names this bug as: “Doomed test for equality to NaN”

This code checks to see if a floating point value is equal to the special Not A Number value (d == Double.NaN).

special semantics of NaN: no value is equal to NaN, including NaN.

d == Double.NaN is always false Correct check: Use Double.isNaN(x)

Introducing FingBugs

Detects problems like correctness, multithreading issues, performance problems, bad practices etc

Less number of false positives No source files needed

Runs on Java class/jar files You can run it on huge code-bases

Runs in a nice GUI Get from: http://findbugs.sourceforge.net/

How FindBugs GUI looks

What is wrong with this code?

Here is the output…

PMD Detects It

$pmd Test.java text designTest.java:3 Overridable method 'foo'

called during object construction

Bug: Ctor calls overridden method!

Constructors do not support runtime polymorphism

Because derived objects are not constructed yet when base class constructor executes.

Virtual method foo is called from the base class constructor

Overridden foo calls toString method from i which is not initialized yet

Results in NullPointerException

Introducing PMD

PMD checks for problems like: Possible bugs, design rule violations Duplicate, sub-optimal or dead code Suggestions for Migration to newer JDK versions,

J2EE, JavaBeans, JSP, JUnit rules Works on Java source files Command-line

Or as plugin for Eclipse, JBuilder, JCreator etc. Get from: http://pmd.sourceforge.net/

What is wrong with this code?

What is wrong with this code? …

Here is the output…

The program hangs after running successfully for few times

It ‘deadlocked’..

QJ-Pro Detects It

Bug: Multiple locks can deadlock!

Locks: basic Java synchronization mechanism Ensures exclusive ownership for a thread while

executing critical section Incorrect synchronization can lead to deadlocks Deadlocks are ‘non-deterministic’

Hence difficult to detect, reproduce and fix Acquiring multiple locks is prone to deadlock

Particularly if not done in same order or if sleep() in Thread is called

In this program, foo and bar acquire locks in opposite order and hence deadlock occurs

Introducing QJ-Pro

QJ-Pro checks for problems like: Conformance to coding standards, coding best

practices Misuse of features, APIs etc

Works on Java source files Easy to use in standalone GUI version

Or Eclipse, JBuilder, JDeveloper plugins or Ant job Get from: http://qjpro.sourceforge.net/

How QJ-Pro GUI looks

Other FOSS Java Tools

CheckStyle Checks for adherance to coding standards such as

Sun’s Get it from http://checkstyle.sourceforge.net/

JCSC (Java Coding Style Checker) Checks for coding style adherance & … and also checks for common bugs Get it from http://checkstyle.sourceforge.net/

There are many more Classycle, Condenser, DoctorJ, JarAnalyzer…

Banish the Bug!

Tools are free why don’t you use it for getting rid of bugs

Ensure high-quality of software By detecting and fixing bugs early in s/w lifecycle

Thank You!

Some Links: Code Snippet Of the Day (CodeSOD)

http://thedailywtf.com/Series/CodeSOD.aspx List of Open Source Java code analyzers

http://java-source.net/open-source/code-analyzers

Enough bugging you! Time for Q & A now