[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15780238#comment-15780238
]
Goldstein Lyor edited comment on SSHD-724 at 12/27/16 11:46 AM:
Thanks for the configuration - added it as a {{javac-errorprone}} profile that
can be activated via {{mvn -Pjavac-errorprone clean install}}
was (Author: lgoldstein):
Thanks for the configuration - added it as a `javac-errorprone` profile that
can be activated via `mvn -Pjavac-errorprone clean install`
> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
> Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the
> remaining issues.
> Summary of the reports
> NULL_DEREFERENCE: 82
> RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778788#comment-15778788 ] Goldstein Lyor edited comment on SSHD-724 at 12/26/16 6:39 PM: --- Thanks a lot for the patch - [merged it|https://github.com/apache/mina-sshd/commit/385f21deddb758d6e511dd174b45c957e2a4c954], so you can close the PR. Thanks also for the static analysis results - fixed most of them - some are not warranted though. In this context, it is worth noting that there are *several* analyzers out there - each with its own features, advantages and drawbacks, For the time being, my view is that we should use all of them - but via (inactive by defauly) *profiles*. This is is due to the fact that quite a few "errors" are not such because of the limitations of static analysis. The idea is that before a major release and/or important milestone we can activate the profiles and see what the static analyzers have to say, decide what errors are "real" and fix them. That being said, I find that currently I cannot spend as much time as I would like on this (and other issues) and have to rely on the kindness of "strangers" such as yourself. If you wish to contribute some more on this issue, I would be glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ profile if you wish to add more static analyzers (e.g., _prone_ that you mentioned). Thanks again for the contribution and hope you can find time to contribute more... was (Author: lgoldstein): Thanks a lot for the patch - merged it, so you can close the PR. Thanks also for the static analysis results - fixed most of them - some are not warranted though. In this context, it is worth noting that there are *several* analyzers out there - each with its own features, advantages and drawbacks, For the time being, my view is that we should use all of them - but via (inactive by defauly) *profiles*. This is is due to the fact that quite a few "errors" are not such because of the limitations of static analysis. The idea is that before a major release and/or important milestone we can activate the profiles and see what the static analyzers have to say, decide what errors are "real" and fix them. That being said, I find that currently I cannot spend as much time as I would like on this (and other issues) and have to rely on the kindness of "strangers" such as yourself. If you wish to contribute some more on this issue, I would be glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ profile if you wish to add more static analyzers (e.g., _prone_ that you mentioned). Thanks again for the contribution and hope you can find time to contribute more... > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777188#comment-15777188
]
David Ostrovsky edited comment on SSHD-724 at 12/25/16 11:07 PM:
-
Ack. On JGit and other projects infer did a great job, though.
Btw, are you aware of error prone: http://errorprone.info? Yet another Google's
static error checker.
It can be easily activated in Maven driven build, did it for Mina SSHD:
{code:none}
$ cat error_prone.patch
diff --git a/pom.xml b/pom.xml
index 965ea67..887779c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -733,15 +733,33 @@
org.apache.maven.plugins
maven-compiler-plugin
-3.5.1
+3.6.0
+ javac-with-errorprone
+ true
${javac.source}
${javac.target}
+
-Xlint:-serial
-Xlint:unchecked
+ -->
+true
+
+
+ org.codehaus.plexus
+
plexus-compiler-javac-errorprone
+ 2.8.1
+
+
+
+ com.google.errorprone
+ error_prone_core
+ 2.0.15
+
+
org.apache.maven.plugins
{code}
And running it on sshd-core (with activated warnings) produced 1 error and 12
warnings: [1].
[1] http://paste.openstack.org/show/593340
was (Author: davido2):
Ack. On JGit and other projects infer did a great job, though.
Btw, are you aware of error prone: http://errorprone.info? Yet another Google's
static error checker.
It can be easily activated in Maven driven build, did it for Mina SSHD:
{code:none}
$ cat error_prone.patch
diff --git a/pom.xml b/pom.xml
index 965ea67..887779c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -733,15 +733,33 @@
org.apache.maven.plugins
maven-compiler-plugin
-3.5.1
+3.6.0
+ javac-with-errorprone
+ true
${javac.source}
${javac.target}
+
-Xlint:-serial
-Xlint:unchecked
+ -->
+true
+
+
+ org.codehaus.plexus
+
plexus-compiler-javac-errorprone
+ 2.8.1
+
+
+
+ com.google.errorprone
+ error_prone_core
+ 2.0.15
+
+
org.apache.maven.plugins
{code}
And running it on sshd-core (with activate warnings) produced 1 error and 12
warnings: [1].
[1] http://paste.openstack.org/show/593340
> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
> Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the
> remaining issues.
> Summary of the reports
> NULL_DEREFERENCE: 82
> RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
