search

spotbugs / sonar-findbugs

SpotBugs plugin for SonarQube
351 stars 135 forks source link

Getting error while running sonar scanner with Spotbugs rules for monolithic project ? #361

Open jayveersolanki opened 5 years ago

jayveersolanki commented 5 years ago

Findbugs Plugin have around 449 rules. Applying all those rules into my existing sonarqube quality profile and started sonar scanning which is taking lots of memory to scan the whole project and also it is throwing error after some time.

I am using Sonarqube version: 7.5 and Spotbugs jar version: 3.9.4

Set SONAR_SCANNER_OPTS=-Xmx10G for Temporary Command Prompt session but facing the issue with Java Heap Space (GC overhead limit exceed)

ERROR: Error during SonarQube Scanner execution ERROR: Can not execute Findbugs ERROR: Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded ERROR: Caused by: GC overhead limit exceeded ERROR: ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

I expect sonar scanner to work successfully with some selected Spotbugs(Findbugs) rule like vulnerabilities and Malicious rule but its didn't work for limited rule also.

emma-qi-qi commented 4 months ago

It seems I had a similar issue. Applying all findbugs rules into my existing sonarway copy profile. sonarqube 9.9.4 sonar-scanner 5.0.1 findbugs 4.2.9 Set SONAR_SCANNER_OPTS=-Xmx10G When scanning monolithic project, it hangs for a long time(several hours) without producing logs at below phase:

Aux: /data/jenkins/workspace/AAA_SONAR/build/classes/src Aux: /data/jenkins/workspace/AAA_SONAR/.scannerwork/findbugs/annotations.jar Aux: /data/jenkins/workspace/AAA_SONAR/.scannerwork/findbugs/jsr305.jar

Sometimes, it will failed with below error:

 ERROR: isAlive was interrupted
java.lang.InterruptedException: null
    at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
    at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
    at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
    at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
    at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.isAlive(EslintBridgeServerImpl.java:331)
    at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.heartbeat(EslintBridgeServerImpl.java:121)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
    at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)

The scan is success before update sonarqube from 7.9 to 9.9, findbugs plugin from 4.2.3 to 4.2.8 or 4.2.9

gtoison commented 4 months ago

org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl is a Sonarqube built-in plugin, not the Spotbugs plugin, so I think this is a separate issue. In any case I won't be able to investigate this without more details: the issue in the original message seems to be memory related but it's hard to tell what's going on with so little information

emma-qi-qi commented 4 months ago

I found these logs:

INFO: Loading findbugs plugin: /data/jenkins/workspace/99UCM_ucm_SONAR99/.scannerwork/findbugs/findsecbugs-plugin.jar
INFO: Findbugs output report: /data/jenkins/workspace/99UCM_ucm_SONAR99/.scannerwork/findbugs-result.xml

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "HttpClient-1-SelectorManager"
Exception in thread "process reaper" java.lang.OutOfMemoryError: Java heap space
The following errors occurred during analysis:
  Error analyzing public static void main(String[] args) (class: com.sinosoft.utility.Reflections)
    edu.umd.cs.findbugs.ba.DataflowAnalysisException: Accessing TOP or BOTTOM frame!
      At edu.umd.cs.findbugs.ba.Frame.getStackValue(Frame.java:243)
      At edu.umd.cs.findbugs.detect.FindUselessObjects$UselessValuesContext.initObservedValues(FindUselessObjects.java:144)
      At edu.umd.cs.findbugs.detect.FindUselessObjects.analyzeMethod(FindUselessObjects.java:461)
      At edu.umd.cs.findbugs.detect.FindUselessObjects.visitClassContext(FindUselessObjects.java:451)
      At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
      At edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
      At java.base/java.util.concurrent.FutureTask.run(Unknown Source)
      At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
      At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(Unknown Source)
      At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
      At org.sonar.plugins.findbugs.FindbugsExecutor$FindbugsTask.call(FindbugsExecutor.java:236)
      At java.base/java.util.concurrent.FutureTask.run(Unknown Source)
      At java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      At java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      At java.base/java.lang.Thread.run(Unknown Source)
The following classes needed for analysis were missing:
  javax.xml.rpc.Service
  org.apache.axis.client.Service
  org.apache.axis.client.Stub
  jxl.format.Alignment
  jxl.format.Border
  jxl.format.BorderLineStyle
  jxl.write.WritableFont
  javax.servlet.http.HttpServlet
  javax.servlet.Filter
  com.rabbitmq.client.ConfirmListener
  com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification
  org.apache.http.impl.client.DefaultHttpClient
  com.f1j.swing.JBook
  com.f1j.swing.EndEditListener
  org.apache.axis.encoding.SimpleType
  org.apache.log4j.Logger
  com.f1j.ss.ReadParams
  com.f1j.ss.BookModelImpl
  jxl.format.PaperSize
  jxl.write.WritableFont$FontName
  jxl.write.WritableFont$BoldStyle
  jxl.format.VerticalAlignment
  ........
Out of memory
Total memory: 10485M
 free memory: 6801M

Is there any other info you need for investigation?

gtoison commented 4 months ago

Can you please share the entire log of the sonar analysis? The bits you have shared might be unrelated problems. SpotBugs seems to have trouble analyzing the com.sinosoft.utility.Reflections class, could you please share its source (or its compiled .class file)?

emma-qi-qi commented 3 months ago

Hi gtoison, thanks a lot for your attention Actually, there two failed projects, I filed a new issue for the "ERROR: isAlive was interrupted" error https://github.com/spotbugs/sonar-findbugs/issues/1022

For this out of memory problem, I will try to exclude this class com.sinosoft.utility.Reflections firstly, and sync the result later