Presentations Unusual Java Bugs And Detecting Them Using Foss Tools

904 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
904
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Presentations Unusual Java Bugs And Detecting Them Using Foss Tools

  1. 1. Unusual Java Bugs and Fighting them Using FOSS Tools S G Ganesh Research Engineer Siemens (Corporate Technology), Bangalore Open Source India W eek The TechZone: Developer Track—Bangalore 12-Feb-2008
  2. 2. Why Static Analysis Tools  Too much buggy software out there in the market  Open source is better, but still …  Important to improve the quality of the software  “ilities” : reliability, security, maintainability etc.  Testing is not enough  Cannot check all paths, possibilities, practices
  3. 3. Why Static Analysis Tools (contd..)  Benefits of Static Analysis Tools  Can cover code not covered by testing or dynamic analysis  No instrumentation needed, no tests to develop and run  Usually easy to use  Run in your IDE, by just clicking a button  Code review is not sufficient  Can catch usual/obvious mistakes  A static analysis tool can often find unusual bugs
  4. 4. Why Bugs Happen in Code?  Everyone makes mistakes  Including experts  only that novices make more mistakes  Compiler catches syntax/(some) semantic errors  Not sufficient. E.g. how about errors in usage?  We are often asked to ‘Get-the-code- working’  So, after that, we spend rest of the time fixing the bugs ;-)
  5. 5. Why Java FOSS Tools?  Many high quality FOSS tools available  Java is free and widely used  Java programs also suffer quality issues like code developed in C/C++  No pointers, automatic memory management etc helps less experienced programmers much  Still, Java software suffers quality problems like security, maintainability etc.  Significantly improve quality of software  before software is tested or released to users
  6. 6. Finding Uncommon Bugs  We’ll see a buggy code example  not usual bug like null pointer access or bad cast  unusual bugs like misuse of language features, synchronization issues etc. … and then see how a FOSS static analysis tool catches it  We’ll see simple bugs first  … and then move on to more difficult ones
  7. 7. What does this code print? class LongVal { public static void main(String []s) { long l = 0x1l; System.out.format(quot;%xquot;, l); } }
  8. 8. Here is the output …  $ java LongVal 1 $  The program prints 1 and not 11 – why?
  9. 9. Bug: ‘l’ and ‘1’ looks alike!  The antic tool detects it: $antic –java LongVal.java LongVal.java:3:26: May be 'l' is used instead of '1' at the end of integer constant  Programmer, possibly by mistake, typed ‘l’ (english letter ell) instead of ‘1’ (number one)! long l = 0x1l;
  10. 10. Introducing Jlint/Antic  Antic is meant for finding problems related to C syntax  Like this problem we saw now  Works on java source files  Jlint is for Java inconsistencies and bugs  Can find difficult synchronization issues also  Works on built class files  Simple to use tool  Used from command line  Available from http://jlint.sourceforge.net
  11. 11. What does this code print? class NaNTest { public static void main(String []s) { double d = getVal(); if(d == Double.NaN) System.out.println(quot;d is NaNquot;); } private static double getVal() { return Double.NaN; } }
  12. 12. Here is the output… $ java NaNTest $  It does not print anything!
  13. 13. FindBugs Detects it
  14. 14. Bug: (NaN == NaN) is false!  FindBugs names this bug as: “Doomed test for equality to NaN”  This code checks to see if a floating point value is equal to the special Not A Number value (d == Double.NaN).  special semantics of NaN: no value is equal to NaN, including NaN.  d == Double.NaN is always false  Correct check: Use Double.isNaN(x)
  15. 15. Introducing FingBugs  Detects problems like correctness, multithreading issues, performance problems, bad practices etc  Less number of false positives  No source files needed  Runs on Java class/jar files  You can run it on huge code-bases  Runs in a nice GUI  Get from: http://findbugs.sourceforge.net/
  16. 16. How FindBugs GUI looks
  17. 17. What is wrong with this code?
  18. 18. Here is the output…
  19. 19. PMD Detects It  $pmd Test.java text design Test.java:3 Overridable method 'foo' called during object construction
  20. 20. Bug: Ctor calls overridden method!  Constructors do not support runtime polymorphism  Because derived objects are not constructed yet when base class constructor executes.  Virtual method foo is called from the base class constructor  Overridden foo calls toString method from i which is not initialized yet  Results in NullPointerException
  21. 21. Introducing PMD  PMD checks for problems like:  Possible bugs, design rule violations  Duplicate, sub-optimal or dead code  Suggestions for Migration to newer JDK versions, J2EE, JavaBeans, JSP, JUnit rules  Works on Java source files  Command-line  Or as plugin for Eclipse, JBuilder, JCreator etc.  Get from: http://pmd.sourceforge.net/
  22. 22. What is wrong with this code?
  23. 23. What is wrong with this code? …
  24. 24. Here is the output…  The program hangs after running successfully for few times  It ‘deadlocked’..
  25. 25. QJ-Pro Detects It
  26. 26. Bug: Multiple locks can deadlock!  Locks: basic Java synchronization mechanism  Ensures exclusive ownership for a thread while executing critical section  Incorrect synchronization can lead to deadlocks  Deadlocks are ‘non-deterministic’  Hence difficult to detect, reproduce and fix  Acquiring multiple locks is prone to deadlock  Particularly if not done in same order  or if sleep() in Thread is called  Inthis program, foo and bar acquire locks in opposite order and hence deadlock occurs
  27. 27. Introducing QJ-Pro  QJ-Pro checks for problems like:  Conformance to coding standards, coding best practices  Misuse of features, APIs etc  Works on Java source files  Easy to use in standalone GUI version  Or Eclipse, JBuilder, JDeveloper plugins or Ant job  Get from: http://qjpro.sourceforge.net/
  28. 28. How QJ-Pro GUI looks
  29. 29. Other FOSS Java Tools  CheckStyle  Checks for adherance to coding standards such as Sun’s  Get it from http://checkstyle.sourceforge.net/  JCSC (Java Coding Style Checker)  Checks for coding style adherance &  … and also checks for common bugs  Get it from http://checkstyle.sourceforge.net/  There are many more  Classycle, Condenser, DoctorJ, JarAnalyzer…
  30. 30. Banish the Bug!  Tools are free  why don’t you use it for getting rid of bugs  Ensure high-quality of software  By detecting and fixing bugs early in s/w lifecycle
  31. 31. Thank You!  Some Links:  Code Snippet Of the Day (CodeSOD)  http://thedailywtf.com/Series/CodeSOD.aspx  List of Open Source Java code analyzers  http://java-source.net/open-source/code-analyzers  Enough bugging you!  Time for Q & A now

×