tags:

views:

296

answers:

3
+5  Q: 

Which static analysis tool for Java is easiest to extend?

Which static analysis tools for Java has easiest extension mechanism. I checked PMD But the process of writing custom rules appears to be very involved. Specifically, I want to know whether there is any tools that offers AspectJ like syntax for picking out interesting areas of code? I am aware of AspectJ's declare warning but it appears to be limited in what it can do.

I have found a related question:

Static Analysis tool recommendation for Java? http://stackoverflow.com/questions/97599/static-analysis-tool-recommendation-for-java

The answers list many tools. But I want to find which one offers easiest option for writing custom rules.

Edit: So far PMD's XPath expressions suggested by Guillaume appears to be closest to what I am looking for. I will be exploring it shortly.

+1  A: 

Writing a Findbugs custom detector is quite simple.

You just drop it into the plugin directory of your FindBugs installation, like explain here.

VonC  2009-06-24 06:09:05
Thanks. When I first looked there, use of byte code scanning appeared to be too low level. I will take another look into it if there is nothing comparable to AspectJ syntax.
Tahir Akhtar  2009-06-24 06:36:44
I wrote down my experiences adding a detector here: http://dschneller.blogspot.com/2007/04/findbugs-writing-custom-detectors-part.html
Daniel Schneller  2009-06-24 07:03:33
+4  A: 

It is actually pretty easy to write custom rules for PMD. PMD provides a xPath-like syntax to find interesting area of your code, so if you have some minimal experience with XML, you will be able to get started in no time. I suggest you invest 1-2 hours in either PMD or Findbugs and come back here if you have specific questions.

We might be able to give you a better answer if you tell us exactly what kind of rules you are trying to write ...

Guillaume  2009-06-24 06:48:21
OK, I had seen the AST Visitor style of writing PMD rules. XPath style looks better because of its declarative nature. Definitely will take a look.Thanks
Tahir Akhtar  2009-06-24 10:03:49
+2  A: 

The real problem with "extending" a static analysis tool is "static analysis" is such a broad topic that that you need lots of machinery to do it in general: parsing, tree building, control flow graph extraction, data flow extraction, points-to analysis, interprocedural analysis, range analysis, the list goes on and on, see the tons of compiler literature on analyzing programs.

You might use pattern matching of surface syntax to focus the tool's attention on some program code, but you'll still have to explain to the tool what you want it to "statically analyze" at that point (and some analyses [such as points-to] require you do the analysis everywhere first, and then just pick out the part you want).

Moral: don't expect extending a tool to do arbitrary analysis to be easy. You should basically decide what kinds of analysis you care about in advance (tainted inputs? subscript range checks? API abuse?) and find a tool that already supports that kind of thing. At least then your "extensions" have a chance of being simple by virtue of being similar to what the tool already does.

Our DMS Software Reengineering Toolkit is an attempt to amortize the cost of building all kinds of analysis machinery across many applications and langauges. It provides the parsing, control/dataflow analysis and points-to analysis to varying degrees for C, C++, Java and COBOL. And it has surface-syntax pattern matching to help you "point". See http://www.semanticdesigns.com/Products/DMS/DMSToolkit.html

Ira Baxter  2009-07-03 09:24:20
Thanks. DMS Toolkit looks pretty interesting.
Tahir Akhtar  2009-07-03 10:08:43

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java