[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15780238#comment-15780238 ] Goldstein Lyor commented on SSHD-724: - Thanks for the configuration - added it as a `javac-errorprone` profile that can be activated via `mvn -Pjavac-errorprone clean install` > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778827#comment-15778827 ] ASF GitHub Bot commented on SSHD-724: - Github user davido closed the pull request at: https://github.com/apache/mina-sshd/pull/28 > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15778788#comment-15778788 ] Goldstein Lyor commented on SSHD-724: - Thanks a lot for the patch - merged it, so you can close the PR. Thanks also for the static analysis results - fixed most of them - some are not warranted though. In this context, it is worth noting that there are *several* analyzers out there - each with its own features, advantages and drawbacks, For the time being, my view is that we should use all of them - but via (inactive by defauly) *profiles*. This is is due to the fact that quite a few "errors" are not such because of the limitations of static analysis. The idea is that before a major release and/or important milestone we can activate the profiles and see what the static analyzers have to say, decide what errors are "real" and fix them. That being said, I find that currently I cannot spend as much time as I would like on this (and other issues) and have to rely on the kindness of "strangers" such as yourself. If you wish to contribute some more on this issue, I would be glad to merge PR(s) along these lines. See the initial way I added a _Findbugs_ profile if you wish to add more static analyzers (e.g., _prone_ that you mentioned). Thanks again for the contribution and hope you can find time to contribute more... > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777215#comment-15777215 ] David Ostrovsky commented on SSHD-724: -- After fixing the bug flagged by error prone and uploading this PR: [1], running it again produced further warnings: [2]. * [1] https://github.com/apache/mina-sshd/pull/28 * [2] http://paste.openstack.org/show/593341 > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777212#comment-15777212 ] ASF GitHub Bot commented on SSHD-724: - GitHub user davido opened a pull request: https://github.com/apache/mina-sshd/pull/28 SSHD-724: SshClient#checkConfig: Do not ovewrite predefined factories You can merge this pull request into a Git repository by running: $ git pull https://github.com/davido/mina-sshd patch-1 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/mina-sshd/pull/28.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #28 commit 8456cc36874c50016bf60a1a71fbfc0d17509df3 Author: David OstrovskyDate: 2016-12-25T23:24:38Z SSHD-724: SshClient#checkConfig: Do not ovewrite predefined factories > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15777188#comment-15777188 ] David Ostrovsky commented on SSHD-724: -- Ack. On JGit and other projects infer did a great job, though. Btw, are you aware of error prone: http://errorprone.info? Yet another Google's static error checker. It can be easily activated in Maven driven build, did it for Mina SSHD: {code:none} $ cat error_prone.patch diff --git a/pom.xml b/pom.xml index 965ea67..887779c 100644 --- a/pom.xml +++ b/pom.xml @@ -733,15 +733,33 @@ org.apache.maven.plugins maven-compiler-plugin -3.5.1 +3.6.0 + javac-with-errorprone + true ${javac.source} ${javac.target} + -Xlint:-serial -Xlint:unchecked + --> +true + + + org.codehaus.plexus + plexus-compiler-javac-errorprone + 2.8.1 + + + + com.google.errorprone + error_prone_core + 2.0.15 + + org.apache.maven.plugins {code} And running it on sshd-core (with activate warnings) produced 1 error and 12 warnings: [1]. [1] http://paste.openstack.org/show/593340 > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-724) Fix errors flagged by infer static analyzer
[ https://issues.apache.org/jira/browse/SSHD-724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15776809#comment-15776809 ] Goldstein Lyor commented on SSHD-724: - The initiative is more than welcome, but a random samping of the so called reported "errors" yields that they are false alarms. In other words, if one looks at the code the reported "error" is not there, because the claim: {quote} could be null and is dereferenced {quote} is incorrect if one reads the Javadoc (which of course the static analyzer has no way of knowing) - and the same applies for the several reported "resource leaks". I would love to have a static analyzer integrated as part of the build - but it has to be configurable so it would not yield 100's of "errors" that look like noise and may hide the real ones. P.S. I would have preferred having [Findbugs|http://findbugs.sourceforge.net/] report since it also has a _Maven_ plugin.and allows more fine-grained control over what is an error and what is not. > Fix errors flagged by infer static analyzer > --- > > Key: SSHD-724 > URL: https://issues.apache.org/jira/browse/SSHD-724 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.3.0 >Reporter: David Ostrovsky > Labels: findbugs, static-analysis > Fix For: 1.4.0 > > > Running infer static analyzer: [1] on latest master produces 113 errors: > [davido@wizball sshd]$ git describe > sshd-1.3.0-51-g4f0f4dc > [davido@wizball sshd]$ uname -a > Linux wizball 4.8.6-300.fc25.x86_64 #1 SMP Tue Nov 1 12:36:38 UTC 2016 x86_64 > x86_64 x86_64 GNU/Linux > [davido@wizball sshd]$ java -version > openjdk version "1.8.0_111" > OpenJDK Runtime Environment (build 1.8.0_111-b16) > OpenJDK 64-Bit Server VM (build 25.111-b16, mixed mode) > [davido@localhost sshd]$ infer -- mvn package > [...] > ...too many issues to display (limit=10 exceeded), please see > /home/davido/projects/sshd/infer-out/bugs.txt or run `inferTraceBugs` for the > remaining issues. > Summary of the reports > NULL_DEREFERENCE: 82 > RESOURCE_LEAK: 31 > The full report can be found here: [2]. > [1] http://fbinfer.com > [2] http://paste.openstack.org/show/593308 -- This message was sent by Atlassian JIRA (v6.3.4#6332)