|
1 | | -# codenet-minerva-code-analyzer |
2 | | -Java source code (and/or binary) to JSON based system dependency graph generator. |
| 1 | +# |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | +Native WALA implementation of source code analysis tool for Enterprise Java Applications. |
| 6 | + |
| 7 | +## 1. Prerequisites |
| 8 | + |
| 9 | +Before you begin, ensure you have met the following requirements: |
| 10 | + |
| 11 | +* You have a Linux/MacOS/WSL machine. |
| 12 | +* You have installed the latest version of [SDKMan!](sdkman.io/) |
| 13 | + |
| 14 | +### 1.1. Install SDKMan! |
| 15 | +1. Install SDKMan! |
| 16 | + Open your terminal and enter the following command: |
| 17 | + |
| 18 | + ```bash |
| 19 | + curl -s "https://get.sdkman.io" | bash |
| 20 | + ``` |
| 21 | + |
| 22 | + Follow the on-screen instructions to complete the installation. |
| 23 | + |
| 24 | +2. Open a new terminal or source the SDKMan! scripts: |
| 25 | + |
| 26 | + ```bash |
| 27 | + source "$HOME/.sdkman/bin/sdkman-init.sh" |
| 28 | + ``` |
| 29 | + |
| 30 | +## 2. Building `codeanalyzer` |
| 31 | + |
| 32 | +### 2.1. Install Java 11 or above |
| 33 | + |
| 34 | +1. You can list all available GraalVM versions with: |
| 35 | + |
| 36 | + ```bash |
| 37 | + sdk list java | grep sem |
| 38 | + ``` |
| 39 | + You should see the following: |
| 40 | + ``` |
| 41 | + Semeru | | 21.0.2 | sem | | 21.0.2-sem |
| 42 | + | | 21.0.1 | sem | | 21.0.1-sem |
| 43 | + | | 17.0.10 | sem | | 17.0.10-sem |
| 44 | + | | 17.0.9 | sem | | 17.0.9-sem |
| 45 | + | | 11.0.22 | sem | installed | 11.0.22-sem |
| 46 | + | | 11.0.21 | sem | | 11.0.21-sem |
| 47 | + ``` |
| 48 | + |
| 49 | +2. Install Java 11 or above (we'll go with 17.0.10-sem): |
| 50 | + |
| 51 | + ```bash |
| 52 | + sdk install java 17.0.10-sem |
| 53 | + ``` |
| 54 | + |
| 55 | +3. Set Java 17 as the current Java version: |
| 56 | + |
| 57 | + ```bash |
| 58 | + sdk use java 17.0.10-sem |
| 59 | + ``` |
| 60 | + |
| 61 | +### 2.2. Build `codeanalyzer` |
| 62 | + |
| 63 | +Clone the repository (if you haven't already) and navigate into the cloned directory. |
| 64 | + |
| 65 | +Run the Gradle wrapper script to build the project. This will compile the project using GraalVM native image. |
| 66 | + |
| 67 | +```bash |
| 68 | +./gradlew fatJar |
| 69 | +``` |
| 70 | + |
| 71 | +### 2.3. Using `codeanalyzer` |
| 72 | + |
| 73 | +The jar will be built at `build/libs/codeanalyzer-1.0.jar`. It may be used as follows: |
| 74 | + |
| 75 | +```help |
| 76 | +Usage: java -jar /path/to/codeanalyzer-1.0.jar [-hqV] [-d=<appDeps>] [-e=<extraLibs>] -i=<input> |
| 77 | + -o=<outDir> |
| 78 | +Convert java binary (*.jar, *.ear, *.war) to a neo4j graph. |
| 79 | + -d, --app-deps=<appDeps> Path to the application dependencies. |
| 80 | + -e, --extra-libs=<extraLibs> |
| 81 | + Path to the extra libraries. |
| 82 | + -h, --help Show this help message and exit. |
| 83 | + -i, --input=<input> Path to the input jar(s). |
| 84 | + -o, --output=<outDir> Destination directory to save the output graphs. |
| 85 | + -q, --quiet Don't print logs to console. |
| 86 | + -V, --version Print version information and exit. |
| 87 | +``` |
| 88 | + |
| 89 | + |
| 90 | +## 3. Installing `codeanalyzer` as a native binary (once built, no JVM will be required for running `codeanalyzer`) |
| 91 | + |
| 92 | +To install `codeanalyzer`, follow these steps: |
| 93 | + |
| 94 | +### 3.1. Install GraalVM using SDKMan |
| 95 | + |
| 96 | +1. You can list all available GraalVM versions with: |
| 97 | + |
| 98 | + ```bash |
| 99 | + sdk list java | grep graal |
| 100 | + ``` |
| 101 | + |
| 102 | +2. Install GraalVM 17 or above (we'll go with 21.0.2-graalce): |
| 103 | + |
| 104 | + ```bash |
| 105 | + sdk install java 21.0.2-graalce |
| 106 | + ``` |
| 107 | + |
| 108 | +3. Set GraalVM 21 as the current Java version: |
| 109 | + |
| 110 | + ```bash |
| 111 | + sdk use java 21.0.2-graalce |
| 112 | + ``` |
| 113 | + |
| 114 | +### 3.2. Build the Project |
| 115 | + |
| 116 | +Clone the repository (if you haven't already) and navigate into the cloned directory. |
| 117 | + |
| 118 | +Run the Gradle wrapper script to build the project. This will compile the project using GraalVM native image. |
| 119 | + |
| 120 | +```bash |
| 121 | +./gradlew nativeCompile -PbinDir=$HOME/.local/bin |
| 122 | +``` |
| 123 | + |
| 124 | +**Note: `-PbinDir` is optional. If not provided, this command places the binaries in `build/bin`.** |
| 125 | + |
| 126 | +### 3.3. Using `codeanalyzer` |
| 127 | + |
| 128 | +Assuming the path you provided in `-PbinDir` (in my case `$HOME/.local/bin`) is in your `$PATH`, after installation, you can use `codeanalyzer` by following the below format: |
| 129 | + |
| 130 | + ```help |
| 131 | + Usage: codeanalyzer [-hqV] [-d=<appDeps>] [-e=<extraLibs>] -i=<input> |
| 132 | + -o=<outDir> |
| 133 | + Convert java binary (*.jar, *.ear, *.war) to a neo4j graph. |
| 134 | + -d, --app-deps=<appDeps> Path to the application dependencies. |
| 135 | + -e, --extra-libs=<extraLibs> |
| 136 | + Path to the extra libraries. |
| 137 | + -h, --help Show this help message and exit. |
| 138 | + -i, --input=<input> Path to the input jar(s). |
| 139 | + -o, --output=<outDir> Destination directory to save the output graphs. |
| 140 | + -q, --quiet Don't print logs to console. |
| 141 | + -V, --version Print version information and exit. |
| 142 | + ``` |
| 143 | + |
| 144 | +There is a sample application in `src/test/resources/sample_apps/daytrader8/binaries/`. You can use this to test the tool. |
| 145 | + |
| 146 | + ```sh |
| 147 | + codeanalyzer -i src/test/resources/sample_apps/daytrader8/binaries/ |
| 148 | + ``` |
| 149 | + |
| 150 | +This will produce print the SDG on the console. Explore other flags to save the output to a JSON. |
| 151 | + |
| 152 | +## FAQ |
| 153 | + |
| 154 | +1. After making a few code changes, my native binary gives random exceptions. But, my code works perfectly with `java -jar`. |
| 155 | + |
| 156 | + The `reflect-config.json` is most likely out of date. Plese follow the below instructions: |
| 157 | + |
| 158 | + a. Build the fatjar using `./gradlew fatJar` |
| 159 | + |
| 160 | + b. Run the following |
| 161 | + |
| 162 | + ```sh |
| 163 | + java -agentlib:native-image-agent=config-output-dir=src/main/resources/META-INF/native-image-config -jar build/libs/codeanalyzer-1.0.jar -i src/test/resources/sample.applications/daytrader8/source -a 2 -v |
| 164 | + ``` |
| 165 | + |
| 166 | + c. Then build using the instructions in [§3.3](./README.md#33-build-the-project). |
| 167 | + |
| 168 | + The problem should be resolved. |
| 169 | + |
| 170 | +## LICENSE |
| 171 | + |
| 172 | +```LICENSE |
| 173 | +Copyright IBM Corporation 2023, 2024 |
| 174 | +
|
| 175 | +Licensed under the Apache Public License 2.0, Version 2.0 (the "License"); |
| 176 | +you may not use this file except in compliance with the License. |
| 177 | +
|
| 178 | +Unless required by applicable law or agreed to in writing, software |
| 179 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 180 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 181 | +See the License for the specific language governing permissions and |
| 182 | +limitations under the License. |
| 183 | +``` |
0 commit comments