Your SlideShare is downloading. ×
0
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentations Unusual Java Bugs And Detecting Them Using Foss Tools

670

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
670
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Unusual Java Bugs and Fighting them Using FOSS Tools S G Ganesh Research Engineer Siemens (Corporate Technology), Bangalore Open Source India W eek The TechZone: Developer Track—Bangalore 12-Feb-2008
  • 2. Why Static Analysis Tools  Too much buggy software out there in the market  Open source is better, but still …  Important to improve the quality of the software  “ilities” : reliability, security, maintainability etc.  Testing is not enough  Cannot check all paths, possibilities, practices
  • 3. Why Static Analysis Tools (contd..)  Benefits of Static Analysis Tools  Can cover code not covered by testing or dynamic analysis  No instrumentation needed, no tests to develop and run  Usually easy to use  Run in your IDE, by just clicking a button  Code review is not sufficient  Can catch usual/obvious mistakes  A static analysis tool can often find unusual bugs
  • 4. Why Bugs Happen in Code?  Everyone makes mistakes  Including experts  only that novices make more mistakes  Compiler catches syntax/(some) semantic errors  Not sufficient. E.g. how about errors in usage?  We are often asked to ‘Get-the-code- working’  So, after that, we spend rest of the time fixing the bugs ;-)
  • 5. Why Java FOSS Tools?  Many high quality FOSS tools available  Java is free and widely used  Java programs also suffer quality issues like code developed in C/C++  No pointers, automatic memory management etc helps less experienced programmers much  Still, Java software suffers quality problems like security, maintainability etc.  Significantly improve quality of software  before software is tested or released to users
  • 6. Finding Uncommon Bugs  We’ll see a buggy code example  not usual bug like null pointer access or bad cast  unusual bugs like misuse of language features, synchronization issues etc. … and then see how a FOSS static analysis tool catches it  We’ll see simple bugs first  … and then move on to more difficult ones
  • 7. What does this code print? class LongVal { public static void main(String []s) { long l = 0x1l; System.out.format(quot;%xquot;, l); } }
  • 8. Here is the output …  $ java LongVal 1 $  The program prints 1 and not 11 – why?
  • 9. Bug: ‘l’ and ‘1’ looks alike!  The antic tool detects it: $antic –java LongVal.java LongVal.java:3:26: May be 'l' is used instead of '1' at the end of integer constant  Programmer, possibly by mistake, typed ‘l’ (english letter ell) instead of ‘1’ (number one)! long l = 0x1l;
  • 10. Introducing Jlint/Antic  Antic is meant for finding problems related to C syntax  Like this problem we saw now  Works on java source files  Jlint is for Java inconsistencies and bugs  Can find difficult synchronization issues also  Works on built class files  Simple to use tool  Used from command line  Available from http://jlint.sourceforge.net
  • 11. What does this code print? class NaNTest { public static void main(String []s) { double d = getVal(); if(d == Double.NaN) System.out.println(quot;d is NaNquot;); } private static double getVal() { return Double.NaN; } }
  • 12. Here is the output… $ java NaNTest $  It does not print anything!
  • 13. FindBugs Detects it
  • 14. Bug: (NaN == NaN) is false!  FindBugs names this bug as: “Doomed test for equality to NaN”  This code checks to see if a floating point value is equal to the special Not A Number value (d == Double.NaN).  special semantics of NaN: no value is equal to NaN, including NaN.  d == Double.NaN is always false  Correct check: Use Double.isNaN(x)
  • 15. Introducing FingBugs  Detects problems like correctness, multithreading issues, performance problems, bad practices etc  Less number of false positives  No source files needed  Runs on Java class/jar files  You can run it on huge code-bases  Runs in a nice GUI  Get from: http://findbugs.sourceforge.net/
  • 16. How FindBugs GUI looks
  • 17. What is wrong with this code?
  • 18. Here is the output…
  • 19. PMD Detects It  $pmd Test.java text design Test.java:3 Overridable method 'foo' called during object construction
  • 20. Bug: Ctor calls overridden method!  Constructors do not support runtime polymorphism  Because derived objects are not constructed yet when base class constructor executes.  Virtual method foo is called from the base class constructor  Overridden foo calls toString method from i which is not initialized yet  Results in NullPointerException
  • 21. Introducing PMD  PMD checks for problems like:  Possible bugs, design rule violations  Duplicate, sub-optimal or dead code  Suggestions for Migration to newer JDK versions, J2EE, JavaBeans, JSP, JUnit rules  Works on Java source files  Command-line  Or as plugin for Eclipse, JBuilder, JCreator etc.  Get from: http://pmd.sourceforge.net/
  • 22. What is wrong with this code?
  • 23. What is wrong with this code? …
  • 24. Here is the output…  The program hangs after running successfully for few times  It ‘deadlocked’..
  • 25. QJ-Pro Detects It
  • 26. Bug: Multiple locks can deadlock!  Locks: basic Java synchronization mechanism  Ensures exclusive ownership for a thread while executing critical section  Incorrect synchronization can lead to deadlocks  Deadlocks are ‘non-deterministic’  Hence difficult to detect, reproduce and fix  Acquiring multiple locks is prone to deadlock  Particularly if not done in same order  or if sleep() in Thread is called  Inthis program, foo and bar acquire locks in opposite order and hence deadlock occurs
  • 27. Introducing QJ-Pro  QJ-Pro checks for problems like:  Conformance to coding standards, coding best practices  Misuse of features, APIs etc  Works on Java source files  Easy to use in standalone GUI version  Or Eclipse, JBuilder, JDeveloper plugins or Ant job  Get from: http://qjpro.sourceforge.net/
  • 28. How QJ-Pro GUI looks
  • 29. Other FOSS Java Tools  CheckStyle  Checks for adherance to coding standards such as Sun’s  Get it from http://checkstyle.sourceforge.net/  JCSC (Java Coding Style Checker)  Checks for coding style adherance &  … and also checks for common bugs  Get it from http://checkstyle.sourceforge.net/  There are many more  Classycle, Condenser, DoctorJ, JarAnalyzer…
  • 30. Banish the Bug!  Tools are free  why don’t you use it for getting rid of bugs  Ensure high-quality of software  By detecting and fixing bugs early in s/w lifecycle
  • 31. Thank You!  Some Links:  Code Snippet Of the Day (CodeSOD)  http://thedailywtf.com/Series/CodeSOD.aspx  List of Open Source Java code analyzers  http://java-source.net/open-source/code-analyzers  Enough bugging you!  Time for Q & A now

×