Static Analysis

Subscribe to Static Analysis: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Static Analysis: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Static Analysis Authors: AppDynamics Blog, Jason Bloomberg, RealWire News Distribution, Skytap Blog, Jayaram Krishnaswamy

Related Topics: Java EE Journal, Java Developer Magazine, Static Analysis

J2EE Journal: Article

JavaOne 2008: Uncommon Java Bugs

Detecting them with FOSS tools

Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects early in the development life cycle. In this article, we’ll look at a few examples of specific uncommon[1] or unusual defects that can happen in code and see how different Java static analysis tools detect them.

Testing
As software gets more complex and ubiquitous, it becomes more difficult to ensure high-quality code. One common method of finding bugs is testing. But testing can’t cover all paths and possibilities or enforce good programming practices. Expert knowledge in the form of manual code review by peers is one of the best ways to ensure good code quality. Code review is often used as a mandatory process step for improving the code and for finding problems early in the software life cycle.

Since testing and manual code review processes are resource-intensive, it would be helpful to use automated tools to review code. Static analysis tools help considerably in detecting the problems early in the software life cycle and help enhance the quality of the code significantly.

There are many high-quality Java tools available in the open source domain. While it’s true that Java programs don’t suffer from traditional C/C++ problems like memory issues and major portability issues, Java software does suffer quality problems like reliability, efficiency, maintainability, and security. A brief discussion on the benefits of using FOSS Java tools is given in the sidebar.

Before getting into the meat of the matter, let’s discuss why bugs happen. First, it’s important to recognize that everyone makes mistakes, even experts[2]. Second, compilers only check for syntax and semantic violations. Errors in language or API use, which manifest themselves as bugs, aren’t detected by compilers; this is left to static analysis tools and it’s important to use them to detect coding problems. Third, programmers and engineers are under constant pressure to “get-the-work-done” under tight schedules; working under “almost-impossible-to-meet” work schedules results in code that is often substandard and filled with bugs. Because of practical problems, most code developed in the real world has bugs and it’s worthwhile using static analysis tools to find them and fix them.

More Stories By S G Ganesh

S G Ganesh is a research engineer in Siemens (Corporate Technology), Bangalore. Prior to Siemens, he worked in Hewlett-Packard for around five years. His area of interest is programming languages and compilers. His latest book is "60 Tips on Object Oriented Programming" (ISBN-13 978-0-07-065670-3) published by Tata McGraw-Hill, New Delhi.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.