diy: analyse statique en java
TRANSCRIPT
![Page 1: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/1.jpg)
GenevaJug
#sonarqube
DIY:Java Static Analysis
Nicolas PERU - @benzonicoMichael GUMOWSKI - @m-g-sonar
![Page 2: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/2.jpg)
Ego boost
● Nicolas PERU - @benzonico ○ Java developer@SonarSource○ Developer in language team○ Lead of sonar java plugin○ Geneva Jug enthusiast
● Michael GUMOWSKI○ Java developer@SonarSource○ Developer in language team○ Run half marathon in 1h24
![Page 3: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/3.jpg)
Static Analysis
Analyze code,
without executing it.
![Page 4: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/4.jpg)
● Back Story
Sonar Java Plugin
![Page 5: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/5.jpg)
Challenge
Get the language.
![Page 6: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/6.jpg)
![Page 7: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/7.jpg)
Lexical Analysis
Only two things are infinite, the universe and human
stupidity, and I am not sure about the former.
![Page 8: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/8.jpg)
Syntactic Analysis
Only two things are infinite, the universe and human
stupidity, and I am not sure about the former.
Albert E. Subjects Verbs
![Page 9: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/9.jpg)
Lexical Analysis
class A { int b;}
![Page 10: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/10.jpg)
Syntactic Analysis
class A { int b;}
Keywords
Identifiers
punctuators
![Page 11: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/11.jpg)
Syntax Tree
+
3
2 1
+
1 + 2 + 3
interface BinaryExpressionTree {
ExpressionTree leftOperand();
SyntaxToken operatorToken();
ExpressionTree rightOperand();
}
![Page 12: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/12.jpg)
Java pop quizz !!
[ ]
![Page 13: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/13.jpg)
[ ] ) [ ] [ ] {
![Page 14: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/14.jpg)
int[ ] foo(int a[ ] ) [ ] [ ] {return null;
}
![Page 15: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/15.jpg)
int[ ] foo(int a[ ] ) [ ] [ ] {return null;
}
![Page 16: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/16.jpg)
int[ ][ ][ ] foo(int[ ] a) {return null;
}
![Page 17: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/17.jpg)
Semantic Analysis
Only two things are infinite, the universe and human
stupidity, and I am not sure about the former.
Albert E.
![Page 18: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/18.jpg)
Semantic Analysis
Only two things are infinite, the universe and human
stupidity, and I am not sure about the former.
Albert E.
![Page 19: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/19.jpg)
Semantic Analysis
class A { int b; A(int b) { this.b = b; }}
![Page 20: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/20.jpg)
Java pop quizz !!
class Foo<T> { class T { } T myField; }
![Page 21: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/21.jpg)
Java pop quizz !!
class Foo<T> { class T { } T myField; }
![Page 22: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/22.jpg)
How do you know that ?
JLS is your best friend
http://docs.oracle.com/javase/specs/jls/se8/html/index.html
![Page 23: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/23.jpg)
Java pop quizz !!
interface F1 { }
interface F2 { }
![Page 24: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/24.jpg)
Java pop quizz !!
class A<T extends F1 & F2>{ void fun(F1 f1){} void fun(T t){} }
![Page 25: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/25.jpg)
Java pop quizz !!
class A<T extends F2 & F1>{ void fun(F1 f1){} void fun(T t){} }
![Page 26: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/26.jpg)
Java pop quizz !!
The erasure of a type variable is the erasure of its leftmost bound.
![Page 27: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/27.jpg)
How do you know that ?
JLS is your best friend
http://docs.oracle.com/javase/specs/jls/se8/html/index.html
![Page 28: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/28.jpg)
Your turn now : Custom rules !
![Page 29: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/29.jpg)
Beyond semantic : Symbolic Execution
Object myObject = new Object();
if(a) { myObject = null; }... if( !a ) { ... } else { myObject.toString(); } //NPE
![Page 30: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/30.jpg)
Symbolic Execution
Object myObject = new Object();
if(a) { myObject = null; }... if( !a ) { … }else { myObject.toString(); } //NPE
Program State#0myObject != null
![Page 31: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/31.jpg)
Symbolic Execution
Object myObject = new Object();
if(a) { myObject = null; }... if( !a ) { … }else { myObject.toString(); } //NPE
Program State#0myObject != null
Program State#1myObject != nulla = false
Program State#2myObject = nulla = true
![Page 32: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/32.jpg)
Symbolic Execution
... if( !a ) { … } else {
myObject.toString(); // NPE}
Program State#1myObject != nulla = false
Program State#2myObject = nulla = true
Program State#4myObject = nulla = true
Program State#3...
![Page 33: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/33.jpg)
Symbolic Execution challenges
Complex flows : Try Catch Finally try { methodCall(); methodThrowingException();} catch ( CustomException e) {...}finally {...}
![Page 34: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/34.jpg)
Symbolic Execution challenges
Complex conditions :
if(a + 1 < (b* 10 - 39) ) { if( b > a/10 + 4 ) { … } // Always true}
![Page 35: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/35.jpg)
Symbolic Execution challenges
Explosion of states :
if(a) {...} else {...}if(b) {...} else {...}if(c) {...} else {...}instruction; //evaluated by 8 states.
![Page 36: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/36.jpg)
Uhoh ?!
From apache vysper:https://nemo.sonarqube.org/issues/search#issues=AVJ9P2Bzm66gr6MLNW_j
![Page 37: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/37.jpg)
Uhoh ?!
From elastic search:https://nemo.sonarqube.org/issues/search#issues=AVJ9mFy_m66gr6MLNXpJ
![Page 38: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/38.jpg)
Reach us
https://groups.google.com/forum/#!forum/sonarqube
![Page 40: DIY: Analyse statique en Java](https://reader031.vdocuments.us/reader031/viewer/2022021918/58a4546c1a28ab55068b5bc1/html5/thumbnails/40.jpg)
Q & A