This is an automated email from the ASF dual-hosted git repository. jmalkin pushed a commit to branch 5.0.X-backport in repository https://gitbox.apache.org/repos/asf/datasketches-java.git
commit ef5b703e6de4b3564877622bfba5a97414cdeb83 Author: Lee Rhodes <[email protected]> AuthorDate: Thu Feb 15 16:42:48 2024 -0800 All except 2 of the fixes here were security related fixes to harden our classes against "finalizer attacks". See https://wiki.sei.cmu.edu/confluence/display/java/OBJ11-J.+Be+wary+of+letting+constructors+throw+exceptions --- src/main/java/org/apache/datasketches/fdt/FdtSketch.java | 2 +- src/main/java/org/apache/datasketches/hll/CouponHashSet.java | 2 +- src/main/java/org/apache/datasketches/hll/CouponList.java | 5 +++++ src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java | 2 +- src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java | 2 +- src/main/java/org/apache/datasketches/hll/DirectCouponList.java | 5 +++++ src/main/java/org/apache/datasketches/hll/DirectHllArray.java | 5 +++++ src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java | 2 +- src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java | 2 +- .../java/org/apache/datasketches/kll/KllItemsSketchSortedView.java | 5 +++++ .../apache/datasketches/quantiles/DirectDoublesSketchAccessor.java | 2 +- .../org/apache/datasketches/quantiles/DoublesSketchAccessor.java | 5 +++++ .../org/apache/datasketches/quantiles/ItemsSketchSortedView.java | 5 +++++ .../datasketches/quantilescommon/GenericPartitionBoundaries.java | 5 +++++ .../java/org/apache/datasketches/theta/DirectQuickSelectSketch.java | 5 +++++ src/main/java/org/apache/datasketches/tuple/CompactSketch.java | 5 +++++ src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java | 5 +++++ .../tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java | 5 +++++ .../apache/datasketches/tuple/strings/ArrayOfStringsSummary.java | 2 +- tools/FindBugsExcludeFilter.xml | 6 ++++++ 20 files changed, 69 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/apache/datasketches/fdt/FdtSketch.java b/src/main/java/org/apache/datasketches/fdt/FdtSketch.java index 8664e559..e4cac32a 100644 --- a/src/main/java/org/apache/datasketches/fdt/FdtSketch.java +++ b/src/main/java/org/apache/datasketches/fdt/FdtSketch.java @@ -46,7 +46,7 @@ import org.apache.datasketches.tuple.strings.ArrayOfStringsSketch; * * @author Lee Rhodes */ -public class FdtSketch extends ArrayOfStringsSketch { +public final class FdtSketch extends ArrayOfStringsSketch { /** * Create new instance of Frequent Distinct Tuples sketch with the given diff --git a/src/main/java/org/apache/datasketches/hll/CouponHashSet.java b/src/main/java/org/apache/datasketches/hll/CouponHashSet.java index b2e96668..8d0dec9a 100644 --- a/src/main/java/org/apache/datasketches/hll/CouponHashSet.java +++ b/src/main/java/org/apache/datasketches/hll/CouponHashSet.java @@ -42,7 +42,7 @@ import org.apache.datasketches.memory.Memory; * @author Lee Rhodes * @author Kevin Lang */ -class CouponHashSet extends CouponList { +final class CouponHashSet extends CouponList { /** * Constructs this sketch with the intent of loading it with data diff --git a/src/main/java/org/apache/datasketches/hll/CouponList.java b/src/main/java/org/apache/datasketches/hll/CouponList.java index 96f8e9e2..45f42656 100644 --- a/src/main/java/org/apache/datasketches/hll/CouponList.java +++ b/src/main/java/org/apache/datasketches/hll/CouponList.java @@ -41,6 +41,11 @@ class CouponList extends AbstractCoupons { int couponCount; int[] couponIntArr; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * New instance constructor for LIST or SET. * @param lgConfigK the configured Lg K diff --git a/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java b/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java index fe04ec06..98884f5e 100644 --- a/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java +++ b/src/main/java/org/apache/datasketches/hll/DirectAuxHashMap.java @@ -36,7 +36,7 @@ import org.apache.datasketches.memory.WritableMemory; /** * @author Lee Rhodes */ -class DirectAuxHashMap implements AuxHashMap { +final class DirectAuxHashMap implements AuxHashMap { private final DirectHllArray host; //hosts the WritableMemory and read-only Memory private final boolean readOnly; diff --git a/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java b/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java index e797113c..52ddf60b 100644 --- a/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java +++ b/src/main/java/org/apache/datasketches/hll/DirectCouponHashSet.java @@ -42,7 +42,7 @@ import org.apache.datasketches.memory.WritableMemory; /** * @author Lee Rhodes */ -class DirectCouponHashSet extends DirectCouponList { +final class DirectCouponHashSet extends DirectCouponList { //Constructs this sketch with data. DirectCouponHashSet(final int lgConfigK, final TgtHllType tgtHllType, diff --git a/src/main/java/org/apache/datasketches/hll/DirectCouponList.java b/src/main/java/org/apache/datasketches/hll/DirectCouponList.java index 008aac1d..e8b6ad2e 100644 --- a/src/main/java/org/apache/datasketches/hll/DirectCouponList.java +++ b/src/main/java/org/apache/datasketches/hll/DirectCouponList.java @@ -61,6 +61,11 @@ class DirectCouponList extends AbstractCoupons { Memory mem; final boolean compact; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + //called from newInstance, writableWrap and DirectCouponHashSet DirectCouponList(final int lgConfigK, final TgtHllType tgtHllType, final CurMode curMode, final WritableMemory wmem) { diff --git a/src/main/java/org/apache/datasketches/hll/DirectHllArray.java b/src/main/java/org/apache/datasketches/hll/DirectHllArray.java index 8c87ca4b..7d4270c1 100644 --- a/src/main/java/org/apache/datasketches/hll/DirectHllArray.java +++ b/src/main/java/org/apache/datasketches/hll/DirectHllArray.java @@ -59,6 +59,11 @@ abstract class DirectHllArray extends AbstractHllArray { long memAdd; final boolean compact; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + //Memory must be already initialized and may have data DirectHllArray(final int lgConfigK, final TgtHllType tgtHllType, final WritableMemory wmem) { super(lgConfigK, tgtHllType, CurMode.HLL); diff --git a/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java b/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java index ae75d381..374dbd62 100644 --- a/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java +++ b/src/main/java/org/apache/datasketches/hll/HeapAuxHashMap.java @@ -33,7 +33,7 @@ import org.apache.datasketches.memory.Memory; * @author Lee Rhodes * @author Kevin Lang */ -class HeapAuxHashMap implements AuxHashMap { +final class HeapAuxHashMap implements AuxHashMap { private final int lgConfigK; //required for #slot bits private int lgAuxArrInts; private int auxCount; diff --git a/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java b/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java index f8051d2b..9a480d94 100644 --- a/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java +++ b/src/main/java/org/apache/datasketches/hllmap/UniqueCountMap.java @@ -80,7 +80,7 @@ import org.apache.datasketches.common.SketchesArgumentException; * @author Alexander Saydakov * @author Kevin Lang */ -public class UniqueCountMap { +public final class UniqueCountMap { private static final String LS = System.getProperty("line.separator"); private static final int NUM_LEVELS = 10; // total of single coupon + traverse + coupon maps + hll private static final int NUM_TRAVERSE_MAPS = 3; diff --git a/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java b/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java index fffb5d70..783ce9bc 100644 --- a/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java +++ b/src/main/java/org/apache/datasketches/kll/KllItemsSketchSortedView.java @@ -56,6 +56,11 @@ public class KllItemsSketchSortedView<T> implements GenericSortedView<T>, Partit private final T minItem; private final Class<T> clazz; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * Construct from elements for testing only. * @param quantiles sorted array of quantiles diff --git a/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java b/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java index 49b82335..172ad14b 100644 --- a/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java +++ b/src/main/java/org/apache/datasketches/quantiles/DirectDoublesSketchAccessor.java @@ -26,7 +26,7 @@ import org.apache.datasketches.memory.WritableMemory; /** * @author Jon Malkin */ -class DirectDoublesSketchAccessor extends DoublesSketchAccessor { +final class DirectDoublesSketchAccessor extends DoublesSketchAccessor { DirectDoublesSketchAccessor(final DoublesSketch ds, final boolean forceSize, final int level) { diff --git a/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java b/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java index 7e70c927..54f83f18 100644 --- a/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java +++ b/src/main/java/org/apache/datasketches/quantiles/DoublesSketchAccessor.java @@ -39,6 +39,11 @@ abstract class DoublesSketchAccessor extends DoublesBufferAccessor { int numItems_; int offset_; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + DoublesSketchAccessor(final DoublesSketch ds, final boolean forceSize, final int level) { ds_ = ds; forceSize_ = forceSize; diff --git a/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java b/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java index 9638a9a9..827d9d08 100644 --- a/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java +++ b/src/main/java/org/apache/datasketches/quantiles/ItemsSketchSortedView.java @@ -56,6 +56,11 @@ public class ItemsSketchSortedView<T> implements GenericSortedView<T>, Partition private final T minItem; private final Class<T> clazz; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * Construct from elements for testing. * @param quantiles sorted array of quantiles diff --git a/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java b/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java index 5c0098a5..9cba9fbd 100644 --- a/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java +++ b/src/main/java/org/apache/datasketches/quantilescommon/GenericPartitionBoundaries.java @@ -39,6 +39,11 @@ public class GenericPartitionBoundaries<T> implements PartitionBoundaries { private long[] numDeltaItems; //num of items in each part private int numPartitions; //num of partitions + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + public GenericPartitionBoundaries( final long totalN, final T[] boundaries, diff --git a/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java b/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java index ef363d24..27174b52 100644 --- a/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java +++ b/src/main/java/org/apache/datasketches/theta/DirectQuickSelectSketch.java @@ -81,6 +81,11 @@ class DirectQuickSelectSketch extends DirectQuickSelectSketchR { super(seed, wmem); } + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * Construct a new sketch instance and initialize the given Memory as its backing store. * diff --git a/src/main/java/org/apache/datasketches/tuple/CompactSketch.java b/src/main/java/org/apache/datasketches/tuple/CompactSketch.java index b7e6935a..c77a2800 100644 --- a/src/main/java/org/apache/datasketches/tuple/CompactSketch.java +++ b/src/main/java/org/apache/datasketches/tuple/CompactSketch.java @@ -51,6 +51,11 @@ public class CompactSketch<S extends Summary> extends Sketch<S> { private enum Flags { IS_BIG_ENDIAN, IS_READ_ONLY, IS_EMPTY, IS_COMPACT, IS_ORDERED } + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * Create a CompactSketch from correct components * @param hashArr compacted hash array diff --git a/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java b/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java index 640547ba..68d2c44b 100644 --- a/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java +++ b/src/main/java/org/apache/datasketches/tuple/QuickSelectSketch.java @@ -57,6 +57,11 @@ class QuickSelectSketch<S extends Summary> extends Sketch<S> { private long[] hashTable_; S[] summaryTable_; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * This is to create an instance of a QuickSelectSketch with default resize factor. * @param nomEntries Nominal number of entries. Forced to the nearest power of 2 greater than diff --git a/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java b/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java index 93cd8ebd..8c08b3a2 100644 --- a/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java +++ b/src/main/java/org/apache/datasketches/tuple/arrayofdoubles/DirectArrayOfDoublesQuickSelectSketch.java @@ -45,6 +45,11 @@ class DirectArrayOfDoublesQuickSelectSketch extends ArrayOfDoublesQuickSelectSke private int keysOffset_; private int valuesOffset_; + @Override + protected final void finalize() { + // SpotBugs CT_CONSTUCTOR_THROW, OBJ11-J + } + /** * Construct a new sketch using the given Memory as its backing store. * diff --git a/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java b/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java index b0baab01..69ee83e8 100644 --- a/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java +++ b/src/main/java/org/apache/datasketches/tuple/strings/ArrayOfStringsSummary.java @@ -33,7 +33,7 @@ import org.apache.datasketches.tuple.UpdatableSummary; /** * @author Lee Rhodes */ -public class ArrayOfStringsSummary implements UpdatableSummary<String[]> { +public final class ArrayOfStringsSummary implements UpdatableSummary<String[]> { private String[] nodesArr = null; diff --git a/tools/FindBugsExcludeFilter.xml b/tools/FindBugsExcludeFilter.xml index 62cf08f0..32d176d7 100644 --- a/tools/FindBugsExcludeFilter.xml +++ b/tools/FindBugsExcludeFilter.xml @@ -79,4 +79,10 @@ under the License. <Class name="org.apache.datasketches.quantilescommon.GenericSortedViewIterator"/> </Match> + <Match> + <Bug pattern="FE_FLOATING_POINT_EQUALITY" /> + <Class name="org.apache.datasketches.sampling.EbppsItemsSample" /> + <Method name="merge" /> + </Match> + </FindBugsFilter> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
