[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15780238#comment-15780238 ] Goldstein Lyor edited comment on SSHD-724 at 12/27/16 11:46 AM: Thanks for the configuration - added it as a {{javac-errorprone}} profile that can be activated via {{mvn -Pjavac-errorprone clean install}} was (Author: lgoldstein): Thanks for the configuration - added it as a `javac-errorprone` profile that can be activated via `mvn -Pjavac-errorprone clean install` > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778788#comment-15778788 ] Goldstein Lyor edited comment on SSHD-724 at 12/26/16 6:39 PM: --- Thanks a lot for the patch - [merged it|https://github.com/apache/mina-sshd/commit/385f21deddb758d6e511dd174b45c957e2a4c954], so you can close the PR. Thanks also for the static analysis results - fixed most of them - some are not warranted though. In this context, it is worth noting that there are *several* analyzers out there - each with its own features, advantages and drawbacks, For the time being, my view is that we should use all of them - but via (inactive by defauly) *profiles*. This is is due to the fact that quite a few "errors" are not such because of the limitations of static analysis. The idea is that before a major release and/or important milestone we can activate the profiles and see what the static analyzers have to say, decide what errors are "real" and fix them. That being said, I find that currently I cannot spend as much time as I would like on this (and other issues) and have to rely on the kindness of "strangers" such as yourself. If you wish to contribute some more on this issue, I would be glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ profile if you wish to add more static analyzers (e.g., _prone_ that you mentioned). Thanks again for the contribution and hope you can find time to contribute more... was (Author: lgoldstein): Thanks a lot for the patch - merged it, so you can close the PR. Thanks also for the static analysis results - fixed most of them - some are not warranted though. In this context, it is worth noting that there are *several* analyzers out there - each with its own features, advantages and drawbacks, For the time being, my view is that we should use all of them - but via (inactive by defauly) *profiles*. This is is due to the fact that quite a few "errors" are not such because of the limitations of static analysis. The idea is that before a major release and/or important milestone we can activate the profiles and see what the static analyzers have to say, decide what errors are "real" and fix them. That being said, I find that currently I cannot spend as much time as I would like on this (and other issues) and have to rely on the kindness of "strangers" such as yourself. If you wish to contribute some more on this issue, I would be glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ profile if you wish to add more static analyzers (e.g., _prone_ that you mentioned). Thanks again for the contribution and hope you can find time to contribute more... > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777188#comment-15777188 ] David Ostrovsky edited comment on SSHD-724 at 12/25/16 11:07 PM: - Ack. On JGit and other projects infer did a great job, though. Btw, are you aware of error prone: http://errorprone.info? Yet another Google's static error checker. It can be easily activated in Maven driven build, did it for Mina SSHD: {code:none} $ cat error_prone.patch diff --git a/pom.xml b/pom.xml index 965ea67..887779c 100644 --- a/pom.xml +++ b/pom.xml @@ -733,15 +733,33 @@ org.apache.maven.plugins maven-compiler-plugin -3.5.1 +3.6.0 + javac-with-errorprone + true ${javac.source} ${javac.target} + -Xlint:-serial -Xlint:unchecked + --> +true + + + org.codehaus.plexus + plexus-compiler-javac-errorprone + 2.8.1 + + + + com.google.errorprone + error_prone_core + 2.0.15 + + org.apache.maven.plugins {code} And running it on sshd-core (with activated warnings) produced 1 error and 12 warnings: [1]. [1] http://paste.openstack.org/show/593340 was (Author: davido2): Ack. On JGit and other projects infer did a great job, though. Btw, are you aware of error prone: http://errorprone.info? Yet another Google's static error checker. It can be easily activated in Maven driven build, did it for Mina SSHD: {code:none} $ cat error_prone.patch diff --git a/pom.xml b/pom.xml index 965ea67..887779c 100644 --- a/pom.xml +++ b/pom.xml @@ -733,15 +733,33 @@ org.apache.maven.plugins maven-compiler-plugin -3.5.1 +3.6.0 + javac-with-errorprone + true ${javac.source} ${javac.target} + -Xlint:-serial -Xlint:unchecked + --> +true + + + org.codehaus.plexus + plexus-compiler-javac-errorprone + 2.8.1 + + + + com.google.errorprone + error_prone_core + 2.0.15 + + org.apache.maven.plugins {code} And running it on sshd-core (with activate warnings) produced 1 error and 12 warnings: [1]. [1] http://paste.openstack.org/show/593340 > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)