Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Which static analysis tool for Java is easiest to extend? [closed]

Which static analysis tools for Java has easiest extension mechanism. I checked PMD But the process of writing custom rules appears to be very involved. Specifically, I want to know whether there is any tools that offers AspectJ like syntax for picking out interesting areas of code? I am aware of AspectJ's declare warning but it appears to be limited in what it can do.

I have found a related question:

Static Analysis tool recommendation for Java? Static Analysis tool recommendation for Java?

The answers list many tools. But I want to find which one offers easiest option for writing custom rules.

Edit: So far PMD's XPath expressions suggested by Guillaume appears to be closest to what I am looking for. I will be exploring it shortly.

like image 376
Tahir Akhtar Avatar asked Dec 29 '22 21:12

Tahir Akhtar


2 Answers

It is actually pretty easy to write custom rules for PMD. PMD provides a xPath-like syntax to find interesting area of your code, so if you have some minimal experience with XML, you will be able to get started in no time. I suggest you invest 1-2 hours in either PMD or Findbugs and come back here if you have specific questions.

We might be able to give you a better answer if you tell us exactly what kind of rules you are trying to write ...

like image 67
Guillaume Avatar answered Jan 14 '23 14:01

Guillaume


The real problem with "extending" a static analysis tool is "static analysis" is such a broad topic that that you need lots of machinery to do it in general: parsing, tree building, control flow graph extraction, data flow extraction, points-to analysis, interprocedural analysis, range analysis, the list goes on and on, see the tons of compiler literature on analyzing programs.

You might use pattern matching of surface syntax to focus the tool's attention on some program code, but you'll still have to explain to the tool what you want it to "statically analyze" at that point (and some analyses [such as points-to] require you do the analysis everywhere first, and then just pick out the part you want).

Moral: don't expect extending a tool to do arbitrary analysis to be easy. You should basically decide what kinds of analysis you care about in advance (tainted inputs? subscript range checks? API abuse?) and find a tool that already supports that kind of thing. At least then your "extensions" have a chance of being simple by virtue of being similar to what the tool already does.

Our DMS Software Reengineering Toolkit is an attempt to amortize the cost of building all kinds of analysis machinery across many applications and langauges. It provides the parsing, control/dataflow analysis and points-to analysis to varying degrees for C, C++, Java and COBOL. And it has surface-syntax pattern matching to help you "point". See http://www.semanticdesigns.com/Products/DMS/DMSToolkit.html

like image 32
Ira Baxter Avatar answered Jan 14 '23 15:01

Ira Baxter



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!