views:

296

answers:

3

Which static analysis tools for Java has easiest extension mechanism. I checked PMD But the process of writing custom rules appears to be very involved. Specifically, I want to know whether there is any tools that offers AspectJ like syntax for picking out interesting areas of code? I am aware of AspectJ's declare warning but it appears to be limited in what it can do.

I have found a related question:

Static Analysis tool recommendation for Java? http://stackoverflow.com/questions/97599/static-analysis-tool-recommendation-for-java

The answers list many tools. But I want to find which one offers easiest option for writing custom rules.

Edit: So far PMD's XPath expressions suggested by Guillaume appears to be closest to what I am looking for. I will be exploring it shortly.

+1  A: 

Writing a Findbugs custom detector is quite simple.

You just drop it into the plugin directory of your FindBugs installation, like explain here.

VonC
Thanks. When I first looked there, use of byte code scanning appeared to be too low level. I will take another look into it if there is nothing comparable to AspectJ syntax.
Tahir Akhtar
I wrote down my experiences adding a detector here: http://dschneller.blogspot.com/2007/04/findbugs-writing-custom-detectors-part.html
Daniel Schneller
+4  A: 

It is actually pretty easy to write custom rules for PMD. PMD provides a xPath-like syntax to find interesting area of your code, so if you have some minimal experience with XML, you will be able to get started in no time. I suggest you invest 1-2 hours in either PMD or Findbugs and come back here if you have specific questions.

We might be able to give you a better answer if you tell us exactly what kind of rules you are trying to write ...

Guillaume
OK, I had seen the AST Visitor style of writing PMD rules. XPath style looks better because of its declarative nature. Definitely will take a look.Thanks
Tahir Akhtar
+2  A: 

The real problem with "extending" a static analysis tool is "static analysis" is such a broad topic that that you need lots of machinery to do it in general: parsing, tree building, control flow graph extraction, data flow extraction, points-to analysis, interprocedural analysis, range analysis, the list goes on and on, see the tons of compiler literature on analyzing programs.

You might use pattern matching of surface syntax to focus the tool's attention on some program code, but you'll still have to explain to the tool what you want it to "statically analyze" at that point (and some analyses [such as points-to] require you do the analysis everywhere first, and then just pick out the part you want).

Moral: don't expect extending a tool to do arbitrary analysis to be easy. You should basically decide what kinds of analysis you care about in advance (tainted inputs? subscript range checks? API abuse?) and find a tool that already supports that kind of thing. At least then your "extensions" have a chance of being simple by virtue of being similar to what the tool already does.

Our DMS Software Reengineering Toolkit is an attempt to amortize the cost of building all kinds of analysis machinery across many applications and langauges. It provides the parsing, control/dataflow analysis and points-to analysis to varying degrees for C, C++, Java and COBOL. And it has surface-syntax pattern matching to help you "point". See http://www.semanticdesigns.com/Products/DMS/DMSToolkit.html

Ira Baxter
Thanks. DMS Toolkit looks pretty interesting.
Tahir Akhtar