Sourceanalyzer complains not enough memory despite -Xmx36G

Just upgraded SCA to 16.10 from 4.4.2 and having issues getting the TFS build definition to successfully complete the scan phase. The clean and translate task successfully execute but the scan task seems to get stuck in time and the log has the following message:

FortifyScan:

         "d:\Program Files\HP_Fortify\HP_Fortify_SCA_and_Apps_16.10\bin\sourceanalyzer.exe" -b myProject -Xmx36G -logfile "d:\TFS\Builds\Agent1\myProject\Solutions\Master\myProject.scan.log" -scan -format fpr -f myProject.fpr

[warning]: Scan progress is slowing due to JVM garbage collection, which may indicate low memory. For details on making more memory available, please consult the user manual.

[warning]: Scan progress is slow due to JVM garbage collection, which may indicate low memory. For details on making more memory available, please consult the user manual.

[error]: There is not enough memory available to complete analysis.  For details on making more memory available, please consult the user manual.

Running the scan manually via the Visual Studio 2015 plugin also results in the scan task freezing at 24% during the "building analysis model" phase.

I’ve noticed that Fortify seems to ship its own jre (it’s located in fortify install base dir\jre\bin\). Looking at the release it appears to be for Windows 5.2, or XP. I wonder if this may have something to do with it, that Fortify is perhaps using an inappropriate and outdated release of the jre for the host system on which it resides.

I'd appreciate any help or insight anyone can provide.

Thanks!

Tags:

Parents
  • There are two heaps we should be concerned. I suggest adding the item#2 (red chars) to your command line.

    (1) java heap:-64 -Xmx36G breaks out the 1.3 GB limitation.

    (2) class heap:

    • -XX: CMSClassUnloadingEnabled (allow you to unload class if not used) 
    • -XX:MaxPermSize=128M (define class heap, retired in JDK1.8. leave it in wont' hurt, will not break your scan)  
    • -XX: UseConcMarkSweepGC  or  -XX: UseParallelGC ( if i recall correctly, they are mutual exclusive, you can use just one, i use -XX: UseParallelGC in my commandline)

    use command switch  -verbose -debug to see more details in the log

Reply
  • There are two heaps we should be concerned. I suggest adding the item#2 (red chars) to your command line.

    (1) java heap:-64 -Xmx36G breaks out the 1.3 GB limitation.

    (2) class heap:

    • -XX: CMSClassUnloadingEnabled (allow you to unload class if not used) 
    • -XX:MaxPermSize=128M (define class heap, retired in JDK1.8. leave it in wont' hurt, will not break your scan)  
    • -XX: UseConcMarkSweepGC  or  -XX: UseParallelGC ( if i recall correctly, they are mutual exclusive, you can use just one, i use -XX: UseParallelGC in my commandline)

    use command switch  -verbose -debug to see more details in the log

Children
No Data