Monthly Archives: July 2014

FindBugs Static Analysis Tool | Java Bytecode

FindBugs Static Analysis Tool is:

– Opensource
– Looks for bugs in Java
– Operates on Java bytecode
– Can run in NetBeans, Swing, Eclipse, Ant…
– Generates XML or text output

More information about FindBugs:

  1. Plug-ins available for Eclipse, NetBeans, IntelliJ IDEA, Gradle, Hudson and Jenkins
  2. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern
  3. Additional rules sets can be plugged in FindBugs to increase the set of checks performed

Find Bugs Ant Usage Example:

<project name=”analyze_asm_util” default=”findbugs”>
<!– findbugs task definition –>
<property name=”findbugs.home” value=”/Users/ben/Documents/workspace/findbugs/findbugs” />
<property name=”jvmargs” value=”-server -Xss1m -Xmx800m -Duser.language=en -Duser.region=EN -Dfindbugs.home=${findbugs.home}” />

<path id=”findbugs.lib”>
<fileset dir=”${findbugs.home}/lib”>
<include name=”findbugs-ant.jar”/>
</fileset>
</path>

<taskdef name=”findbugs” classname=”edu.umd.cs.findbugs.anttask.FindBugsTask”>
<classpath refid=”findbugs.lib” />
</taskdef>

<taskdef name=”computeBugHistory” classname=”edu.umd.cs.findbugs.anttask.ComputeBugHistoryTask”>
<classpath refid=”findbugs.lib” />
</taskdef>

<taskdef name=”setBugDatabaseInfo” classname=”edu.umd.cs.findbugs.anttask.SetBugDatabaseInfoTask”>
<classpath refid=”findbugs.lib” />
</taskdef>

<taskdef name=”mineBugHistory” classname=”edu.umd.cs.findbugs.anttask.MineBugHistoryTask”>
<classpath refid=”findbugs.lib” />
</taskdef>

<!– findbugs task definition –>
<target name=”findbugs”>
<antcall target=”analyze” />
<antcall target=”mine” />
</target>

<!– analyze task –>
<target name=”analyze”>
<!– run findbugs against asm-util –>
<findbugs home=”${findbugs.home}”
output=”xml:withMessages”
timeout=”90000000″
reportLevel=”experimental”
workHard=”true”
effort=”max”
adjustExperimental=”true”
jvmargs=”${jvmargs}”
failOnError=”true”
outputFile=”out.xml”
projectName=”Findbugs”
debug=”false”>
<class location=”asm-util-3.0.jar” />
</findbugs>
</target>

<target name=”mine”>

<!– Set info to the latest analysis –>
<setBugDatabaseInfo home=”${findbugs.home}”
withMessages=”true”
name=”asm-util-3.0.jar”
input=”out.xml”
output=”out-rel.xml”/>

<!– Checking if history file already exists (out-hist.xml) –>
<condition property=”mining.historyfile.available”>
<available file=”out-hist.xml”/>
</condition>
<condition property=”mining.historyfile.notavailable”>
<not>
<available file=”out-hist.xml”/>
</not>
</condition>

<!– this target is executed if the history file do not exist (first run) –>
<antcall target=”history-init”>
<param name=”data.file” value=”out-rel.xml” />
<param name=”hist.file” value=”out-hist.xml” />
</antcall>
<!– else this one is executed –>
<antcall target=”history”>
<param name=”data.file” value=”out-rel.xml” />
<param name=”hist.file” value=”out-hist.xml” />
<param name=”hist.summary.file” value=”out-hist.txt” />
</antcall>
</target>

<!– Initializing history file –>
<target name=”history-init” if=”mining.historyfile.notavailable”>
<copy file=”${data.file}” tofile=”${hist.file}” />
</target>

<!– Computing bug history –>
<target name=”history” if=”mining.historyfile.available”>
<!– Merging ${data.file} into ${hist.file} –>
<computeBugHistory home=”${findbugs.home}”
withMessages=”true”
output=”${hist.file}”>
<dataFile name=”${hist.file}”/>
<dataFile name=”${data.file}”/>
</computeBugHistory>

<!– Compute history into ${hist.summary.file} –>
<mineBugHistory home=”${findbugs.home}”
formatDates=”true”
noTabs=”true”
input=”${hist.file}”
output=”${hist.summary.file}”/>
</target>

</project>

Resources:

Coverity – Code Analysis Solutions to identify defects and security vulnerabilities

Overview

  • It is a software vendor which develops code analysis solutions to identify quality and security issues
  • It provides static code analysis tools for C, C++, Java and C#
  • Coverity Dynamic Analyzer is a tool used to analyze Java source code

Defects it finds:

  • Crashes
  • Security Vulnerabilities
  • Concurrency
  • Memory Corruption
  • Uninitialized memory
  • Error handling
  • Resource leaks

Plugins

Videos