1. Unusual Java Bugs
and Fighting them Using FOSS Tools
S G Ganesh
Research Engineer
Siemens (Corporate Technology), Bangalore
Open Source India W eek
The TechZone: Developer Track—Bangalore
12-Feb-2008

2. Why Static Analysis Tools
 Too much buggy software out there in the
market
 Open source is better, but still …
 Important to improve the quality of the
software
 “ilities” : reliability, security, maintainability etc.
 Testing is not enough
 Cannot check all paths, possibilities, practices

3. Why Static Analysis Tools (contd..)
 Benefits of Static Analysis Tools
 Can cover code not covered by testing or dynamic
analysis
 No instrumentation needed, no tests to develop and run
 Usually easy to use
 Run in your IDE, by just clicking a button
 Code review is not sufficient
 Can catch usual/obvious mistakes
 A static analysis tool can often find unusual bugs

4. Why Bugs Happen in Code?
 Everyone makes mistakes
 Including experts
 only that novices make more mistakes
 Compiler catches syntax/(some) semantic
errors
 Not sufficient. E.g. how about errors in usage?
 We are often asked to ‘Get-the-code-
working’
 So, after that, we spend rest of the time fixing
the bugs ;-)

5. Why Java FOSS Tools?
 Many high quality FOSS tools available
 Java is free and widely used
 Java programs also suffer quality issues like
code developed in C/C++
 No pointers, automatic memory management etc
helps less experienced programmers much
 Still, Java software suffers quality problems like
security, maintainability etc.
 Significantly improve quality of software
 before software is tested or released to users

6. Finding Uncommon Bugs
 We’ll see a buggy code example
 not usual bug like null pointer access or bad
cast
 unusual bugs like misuse of language features,
synchronization issues etc.
… and then see how a FOSS static
analysis tool catches it
 We’ll see simple bugs first
 … and then move on to more difficult ones

7. What does this code print?
class LongVal {
public static void main(String []s) {
long l = 0x1l;
System.out.format(quot;%xquot;, l);
}
}

8. Here is the output …
 $ java LongVal
1
$
 The program prints 1 and not 11 – why?

9. Bug: ‘l’ and ‘1’ looks alike!
 The antic tool detects it:
$antic –java LongVal.java
LongVal.java:3:26: May be 'l' is used
instead of '1' at the end of integer
constant
 Programmer, possibly by mistake, typed
‘l’ (english letter ell) instead of ‘1’ (number
one)!
long l = 0x1l;

10. Introducing Jlint/Antic
 Antic is meant for finding problems related to C
syntax
 Like this problem we saw now
 Works on java source files
 Jlint is for Java inconsistencies and bugs
 Can find difficult synchronization issues also
 Works on built class files
 Simple to use tool
 Used from command line
 Available from http://jlint.sourceforge.net

11. What does this code print?
class NaNTest {
public static void main(String []s) {
double d = getVal();
if(d == Double.NaN)
System.out.println(quot;d is NaNquot;);
}
private static double getVal() {
return Double.NaN;
}
}

12. Here is the output…
$ java NaNTest
$
 It does not print anything!

13. FindBugs Detects it

14. Bug: (NaN == NaN) is false!
 FindBugs names this bug as: “Doomed test for
equality to NaN”
 This code checks to see if a floating point value
is equal to the special Not A Number value (d ==
Double.NaN).
 special semantics of NaN: no value is equal to
NaN, including NaN.
 d == Double.NaN is always false
 Correct check: Use Double.isNaN(x)

15. Introducing FingBugs
 Detects problems like correctness,
multithreading issues, performance
problems, bad practices etc
 Less number of false positives
 No source files needed
 Runs on Java class/jar files
 You can run it on huge code-bases
 Runs in a nice GUI
 Get from: http://findbugs.sourceforge.net/

16. How FindBugs GUI looks

17. What is wrong with this code?

18. Here is the output…

19. PMD Detects It
 $pmd Test.java text design
Test.java:3 Overridable method 'foo'
called during object construction

20. Bug: Ctor calls overridden method!
 Constructors do not support runtime
polymorphism
 Because derived objects are not constructed yet
when base class constructor executes.
 Virtual method foo is called from the base class
constructor
 Overridden foo calls toString method from i
which is not initialized yet
 Results in NullPointerException

21. Introducing PMD
 PMD checks for problems like:
 Possible bugs, design rule violations
 Duplicate, sub-optimal or dead code
 Suggestions for Migration to newer JDK versions,
J2EE, JavaBeans, JSP, JUnit rules
 Works on Java source files
 Command-line
 Or as plugin for Eclipse, JBuilder, JCreator etc.
 Get from: http://pmd.sourceforge.net/

22. What is wrong with this code?

23. What is wrong with this code? …

24. Here is the output…
 The program hangs after running
successfully for few times
 It ‘deadlocked’..

25. QJ-Pro Detects It

26. Bug: Multiple locks can deadlock!
 Locks: basic Java synchronization mechanism
 Ensures exclusive ownership for a thread while
executing critical section
 Incorrect
synchronization can lead to deadlocks
 Deadlocks are ‘non-deterministic’
 Hence difficult to detect, reproduce and fix
 Acquiring multiple locks is prone to deadlock
 Particularly if not done in same order
 or if sleep() in Thread is called
 Inthis program, foo and bar acquire locks in
opposite order and hence deadlock occurs

27. Introducing QJ-Pro
 QJ-Pro checks for problems like:
 Conformance to coding standards, coding best
practices
 Misuse of features, APIs etc
 Works on Java source files
 Easy to use in standalone GUI version
 Or Eclipse, JBuilder, JDeveloper plugins or Ant job
 Get from: http://qjpro.sourceforge.net/

28. How QJ-Pro GUI looks

29. Other FOSS Java Tools
 CheckStyle
 Checks for adherance to coding standards such as
Sun’s
 Get it from http://checkstyle.sourceforge.net/
 JCSC (Java Coding Style Checker)
 Checks for coding style adherance &
 … and also checks for common bugs
 Get it from http://checkstyle.sourceforge.net/
 There are many more
 Classycle, Condenser, DoctorJ, JarAnalyzer…

30. Banish the Bug!
 Tools are free
 why don’t you use it for getting rid of bugs
 Ensure high-quality of software
 By detecting and fixing bugs early in s/w lifecycle

31. Thank You!
 Some Links:
 Code Snippet Of the Day (CodeSOD)
 http://thedailywtf.com/Series/CodeSOD.aspx
 List of Open Source Java code analyzers
 http://java-source.net/open-source/code-analyzers
 Enough bugging you!
 Time for Q & A now