[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-27 Thread Goldstein Lyor (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15780238#comment-15780238
 ] 

Goldstein Lyor commented on SSHD-724:
-

Thanks for the configuration - added it as a `javac-errorprone` profile that 
can be activated via `mvn -Pjavac-errorprone clean install`

> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-26 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778827#comment-15778827
 ] 

ASF GitHub Bot commented on SSHD-724:
-

Github user davido closed the pull request at:

https://github.com/apache/mina-sshd/pull/28


> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-26 Thread Goldstein Lyor (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778788#comment-15778788
 ] 

Goldstein Lyor commented on SSHD-724:
-

Thanks a lot for the patch - merged it, so you can close the PR.

Thanks also for the static analysis results - fixed most of them - some are not 
warranted though. In this context, it is worth noting that there are *several* 
analyzers out there - each with its own features, advantages and drawbacks, For 
the time being, my view is that we should use all of them - but via (inactive 
by defauly) *profiles*. This is is due to the fact that quite a few "errors" 
are not such because of the limitations of static analysis. The idea is that 
before a major release and/or important milestone we can activate the profiles 
and see what the static analyzers have to say, decide what errors are "real" 
and fix them.

That being said, I find that currently I cannot spend as much time as I would 
like on this (and other issues) and have to rely on the kindness of "strangers" 
such as yourself. If you wish to contribute some more on this issue, I would be 
glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ 
profile if you wish to add more static analyzers (e.g., _prone_ that you 
mentioned).

Thanks again for the contribution and hope you can find time to contribute 
more...

> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-25 Thread David Ostrovsky (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777215#comment-15777215
 ] 

David Ostrovsky commented on SSHD-724:
--

After fixing the bug flagged by error prone and uploading this PR: [1],
running it again produced further warnings: [2].

* [1] https://github.com/apache/mina-sshd/pull/28
* [2] http://paste.openstack.org/show/593341

> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-25 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777212#comment-15777212
 ] 

ASF GitHub Bot commented on SSHD-724:
-

GitHub user davido opened a pull request:

https://github.com/apache/mina-sshd/pull/28

SSHD-724: SshClient#checkConfig: Do not ovewrite predefined factories



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/davido/mina-sshd patch-1

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/mina-sshd/pull/28.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #28


commit 8456cc36874c50016bf60a1a71fbfc0d17509df3
Author: David Ostrovsky 
Date:   2016-12-25T23:24:38Z

SSHD-724: SshClient#checkConfig: Do not ovewrite predefined factories




> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-25 Thread David Ostrovsky (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777188#comment-15777188
 ] 

David Ostrovsky commented on SSHD-724:
--

Ack. On JGit and other projects infer did a great job, though.
Btw, are you aware of error prone: http://errorprone.info? Yet another Google's 
static error checker.

It can be easily activated in Maven driven build, did it for Mina SSHD:

{code:none}
$ cat error_prone.patch 
diff --git a/pom.xml b/pom.xml
index 965ea67..887779c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -733,15 +733,33 @@
 
 org.apache.maven.plugins
 maven-compiler-plugin
-3.5.1
+3.6.0
 
+   javac-with-errorprone
+   true
 ${javac.source}
 ${javac.target}
+   
 -Xlint:-serial
 -Xlint:unchecked
+   -->
+true
 
+   
+ 
+   org.codehaus.plexus
+
plexus-compiler-javac-errorprone
+   2.8.1
+ 
+ 
+  
+   com.google.errorprone
+   error_prone_core
+   2.0.15
+ 
+   
 
 
 org.apache.maven.plugins
{code}

And running it on sshd-core (with activate warnings) produced 1 error and 12 
warnings: [1].

[1] http://paste.openstack.org/show/593340


> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer

2016-12-25 Thread Goldstein Lyor (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15776809#comment-15776809
 ] 

Goldstein Lyor commented on SSHD-724:
-

The initiative is more than welcome, but a random samping of the so called 
reported "errors" yields that they are false alarms. In other words, if one 
looks at the code the reported "error" is not there, because the claim:

{quote}
could be null and is dereferenced
{quote}

is incorrect if one reads the Javadoc (which of course the static analyzer has 
no way of knowing) - and the same applies for the several reported "resource 
leaks". I would love to have a static analyzer integrated as part of the build 
- but it has to be configurable so it would not yield 100's of "errors" that 
look like noise and may hide the real ones.

P.S. I would have preferred having [Findbugs|http://findbugs.sourceforge.net/] 
report since it also has a _Maven_ plugin.and allows more fine-grained control 
over what is an error and what is not.

> Fix errors flagged by infer static analyzer
> ---
>
> Key: SSHD-724
> URL: https://issues.apache.org/jira/browse/SSHD-724
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.3.0
>Reporter: David Ostrovsky
>  Labels: findbugs, static-analysis
> Fix For: 1.4.0
>
>
> Running infer static analyzer: [1] on latest master produces 113 errors:
> [davido@wizball sshd]$ git describe
> sshd-1.3.0-51-g4f0f4dc
> [davido@wizball sshd]$ uname -a
> Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 
> x86_64 x86_64 GNU/Linux
> [davido@wizball sshd]$ java -version
> openjdk version "1.8.0_111"
> OpenJDK Runtime Environment (build 1.8.0_111-b16)
> OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode)
> [davido@localhost sshd]$ infer -- mvn package
> [...]
> ...too many issues to display (limit=10 exceeded), please see 
> /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the 
> remaining issues.
> Summary of the reports
>   NULL_DEREFERENCE: 82
>  RESOURCE_LEAK: 31
> The full report can be found here: [2].
> [1] http://fbinfer.com
> [2] http://paste.openstack.org/show/593308



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)