Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting error while running sonar scanner with Spotbugs rules for monolithic project ? #361

Open
jayveersolanki opened this issue Aug 22, 2019 · 5 comments
Open

Getting error while running sonar scanner with Spotbugs rules for monolithic project ? #361

jayveersolanki opened this issue Aug 22, 2019 · 5 comments

Comments

@jayveersolanki
Copy link

Findbugs Plugin have around 449 rules. Applying all those rules into my existing sonarqube quality profile and started sonar scanning which is taking lots of memory to scan the whole project and also it is throwing error after some time.

I am using Sonarqube version: 7.5 and Spotbugs jar version: 3.9.4

Set SONAR_SCANNER_OPTS=-Xmx10G for Temporary Command Prompt session but facing the issue with Java Heap Space (GC overhead limit exceed)

ERROR: Error during SonarQube Scanner execution
ERROR: Can not execute Findbugs
ERROR: Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded
ERROR: Caused by: GC overhead limit exceeded
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

I expect sonar scanner to work successfully with some selected Spotbugs(Findbugs) rule like vulnerabilities and Malicious rule but its didn't work for limited rule also.
@KengoTODA KengoTODA transferred this issue from spotbugs/discuss Mar 29, 2021
@emma-qi-qi
Copy link

emma-qi-qi commented May 15, 2024
edited by gtoison
Loading

It seems I had a similar issue. Applying all findbugs rules into my existing sonarway copy profile.
sonarqube 9.9.4
sonar-scanner 5.0.1
findbugs 4.2.9
Set SONAR_SCANNER_OPTS=-Xmx10G
When scanning monolithic project, it hangs for a long time(several hours) without producing logs at below phase:

Aux: /data/jenkins/workspace/AAA_SONAR/build/classes/src
Aux: /data/jenkins/workspace/AAA_SONAR/.scannerwork/findbugs/annotations.jar
Aux: /data/jenkins/workspace/AAA_SONAR/.scannerwork/findbugs/jsr305.jar

Sometimes, it will failed with below error:

 ERROR: isAlive was interrupted
java.lang.InterruptedException: null
	at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
	at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
	at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.isAlive(EslintBridgeServerImpl.java:331)
	at org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl.heartbeat(EslintBridgeServerImpl.java:121)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

The scan is success before update sonarqube from 7.9 to 9.9, findbugs plugin from 4.2.3 to 4.2.8 or 4.2.9

@gtoison
Copy link
Contributor

gtoison commented May 15, 2024

org.sonar.plugins.javascript.eslint.EslintBridgeServerImpl is a Sonarqube built-in plugin, not the Spotbugs plugin, so I think this is a separate issue.
In any case I won't be able to investigate this without more details: the issue in the original message seems to be memory related but it's hard to tell what's going on with so little information

@emma-qi-qi
Copy link

emma-qi-qi commented May 15, 2024
edited by gtoison
Loading

I found these logs:

INFO: Loading findbugs plugin: /data/jenkins/workspace/99UCM_ucm_SONAR99/.scannerwork/findbugs/findsecbugs-plugin.jar
INFO: Findbugs output report: /data/jenkins/workspace/99UCM_ucm_SONAR99/.scannerwork/findbugs-result.xml

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "HttpClient-1-SelectorManager"
Exception in thread "process reaper" java.lang.OutOfMemoryError: Java heap space
The following errors occurred during analysis:
  Error analyzing public static void main(String[] args) (class: com.sinosoft.utility.Reflections)
    edu.umd.cs.findbugs.ba.DataflowAnalysisException: Accessing TOP or BOTTOM frame!
      At edu.umd.cs.findbugs.ba.Frame.getStackValue(Frame.java:243)
      At edu.umd.cs.findbugs.detect.FindUselessObjects$UselessValuesContext.initObservedValues(FindUselessObjects.java:144)
      At edu.umd.cs.findbugs.detect.FindUselessObjects.analyzeMethod(FindUselessObjects.java:461)
      At edu.umd.cs.findbugs.detect.FindUselessObjects.visitClassContext(FindUselessObjects.java:451)
      At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
      At edu.umd.cs.findbugs.FindBugs2.lambda$analyzeApplication$1(FindBugs2.java:1108)
      At java.base/java.util.concurrent.FutureTask.run(Unknown Source)
      At edu.umd.cs.findbugs.CurrentThreadExecutorService.execute(CurrentThreadExecutorService.java:86)
      At java.base/java.util.concurrent.AbstractExecutorService.invokeAll(Unknown Source)
      At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1118)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
      At org.sonar.plugins.findbugs.FindbugsExecutor$FindbugsTask.call(FindbugsExecutor.java:236)
      At java.base/java.util.concurrent.FutureTask.run(Unknown Source)
      At java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      At java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      At java.base/java.lang.Thread.run(Unknown Source)
The following classes needed for analysis were missing:
  javax.xml.rpc.Service
  org.apache.axis.client.Service
  org.apache.axis.client.Stub
  jxl.format.Alignment
  jxl.format.Border
  jxl.format.BorderLineStyle
  jxl.write.WritableFont
  javax.servlet.http.HttpServlet
  javax.servlet.Filter
  com.rabbitmq.client.ConfirmListener
  com.sshtools.j2ssh.transport.AbstractKnownHostsKeyVerification
  org.apache.http.impl.client.DefaultHttpClient
  com.f1j.swing.JBook
  com.f1j.swing.EndEditListener
  org.apache.axis.encoding.SimpleType
  org.apache.log4j.Logger
  com.f1j.ss.ReadParams
  com.f1j.ss.BookModelImpl
  jxl.format.PaperSize
  jxl.write.WritableFont$FontName
  jxl.write.WritableFont$BoldStyle
  jxl.format.VerticalAlignment
  ........
Out of memory
Total memory: 10485M
 free memory: 6801M

Is there any other info you need for investigation?

@gtoison
Copy link
Contributor

gtoison commented May 17, 2024
edited
Loading

Can you please share the entire log of the sonar analysis? The bits you have shared might be unrelated problems.
SpotBugs seems to have trouble analyzing the com.sinosoft.utility.Reflections class, could you please share its source (or its compiled .class file)?

@emma-qi-qi
Copy link

Hi gtoison, thanks a lot for your attention
Actually, there two failed projects, I filed a new issue for the "ERROR: isAlive was interrupted" error #1022

For this out of memory problem, I will try to exclude this class com.sinosoft.utility.Reflections firstly, and sync the result later

@gtoison gtoison mentioned this issue Jun 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jayveersolanki @emma-qi-qi @gtoison