axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric.D.Fried...@WellsFargo.COM
Subject RE: static analysis of axis.jar with "findbugs" utility
Date Fri, 13 Jun 2003 20:18:23 GMT
Apologies -- I just noticed that the branch has indeed been created.

Thanks!
Eric

-----Original Message-----
From: Eric.D.Friedman@WellsFargo.COM
[mailto:Eric.D.Friedman@WellsFargo.COM]
Sent: Friday, June 13, 2003 1:13 PM
To: axis-dev@ws.apache.org
Subject: RE: static analysis of axis.jar with "findbugs" utility


Some of them, certainly.  Is everyone convinced that there are no bugs here
that would jeopardize 1.1?  The equals/hashCode on some of the value objects
are a concern to me -- at a minimum I'd like to see a release note that
warns people about the danger of using those objects as keys in hash tables
(including HashMap and HashSet).  Similarly, a release note is (IMHO) the
least we could do about the double checked locking stuff.

On a related note -- could someone with CVS commit access please create a
branch for the 1.1 release?  That would free up the head for activities that
are post-1.1 while still giving the group the option of merging selected
changes from the head to the 1.1. branch.

Eric  

-----Original Message-----
From: Davanum Srinivas [mailto:dims@yahoo.com]
Sent: Friday, June 13, 2003 12:54 PM
To: axis-dev@ws.apache.org
Subject: Re: static analysis of axis.jar with "findbugs" utility


Eric,

Do you have some cycles to fix these problems (post 1.1 final release?)

Thanks,
dims

--- Eric.D.Friedman@WellsFargo.COM wrote:
> I ran the "findbugs" static analysis utility against a copy of axis.jar.
> I'm attaching the resulting report, which was created with the "textui" in
> "sort by class" mode.  It looks like there are several things that could
be
> trivially fixed and several others which merit further investigation.
> Findbugs comes with an ant task and so if there's consensus about the
> usefulness of this report, it might make sense to add a target to the axis
> build file so that this can be run from time to time.
> 
> Findbugs, if you don't already know, was created by David Hovemeyer and
Bill
> Pugh (of skip list fame).  The original paper describing the tool and its
> goals is available here:
> http://www.cs.umd.edu/~pugh/java/bugs/docs/findbugsPaper.pdf.  The site
for
> findbugs is here: http://www.cs.umd.edu/~pugh/java/bugs/
> 
> And here's a report for axis.  I recommend trying it out yourselves with
the
> GUI -- that includes slightly more verbose descriptions of the patterns
that
> findbugs considers to be problematic.
> 
> Eric
> 
> PS -- I'd be most concerned about the classes that have problems with the
> equals/hashCode contract, as those can result in serious and difficult to
> reproduce runtime failures.  Also, there are places where Axis is using
the
> "double checked locking" idiom for lazy initialization -- this is known to
> not work in Java and should be fixed as soon as possible.  See
> http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html for
> information about why this is so.  Apart from that, it's up to the
> committers (of which I am not one) to decide what other errors are worth
> fixing.  The several unread/unused instance variables are probably easy,
> low-hanging fruit....
> 
>  <<byClass.txt>> 
> > MS: org.apache.axis.AxisEngine.log isn't final but should be
> Dm: org.apache.axis.AxisFault.dumpToString() invokes dubious new String()
constructor; just use
> ""
> MS: org.apache.axis.AxisFault.log isn't final but should be
> Se: org.apache.axis.AxisFault is Serializable; consider declaring a
serialVersionUID
> MS: org.apache.axis.AxisProperties.log isn't final but should be
> MS: org.apache.axis.ConfigurationException.copyStackByDefault isn't final
but should be
> MS: org.apache.axis.ConfigurationException.log isn't final but should be
> Se: org.apache.axis.ConfigurationException is Serializable; consider
declaring a
> serialVersionUID
> MS: org.apache.axis.Constants.QNAMES_NIL is a mutable array
> MS: org.apache.axis.Constants.URIS_SCHEMA_XSD is a mutable array
> MS: org.apache.axis.Constants.URIS_SCHEMA_XSI is a mutable array
> MS: org.apache.axis.Constants.URIS_SOAP_ENC is a mutable array
> MS: org.apache.axis.Constants.NS_URIS_WSDL should be package protected
> MS: org.apache.axis.Constants.NS_URIS_WSDL_SOAP should be package
protected
> MS: org.apache.axis.Constants.URIS_SOAP_ENV should be package protected
> MS: org.apache.axis.FaultableHandler.entLog isn't final but should be
> MS: org.apache.axis.FaultableHandler.log isn't final but should be
> Se: org.apache.axis.FaultableHandler is Serializable; consider declaring a
serialVersionUID
> MS: org.apache.axis.InternalException.log isn't final but should be
> Se: org.apache.axis.InternalException is Serializable; consider declaring
a serialVersionUID
> IS2: Inconsistent synchronization of org.apache.axis.Message.attachImpl;
locked 50% of time
> MS: org.apache.axis.Message.log isn't final but should be
> Se: org.apache.axis.Message is Serializable; consider declaring a
serialVersionUID
> Dm: org.apache.axis.MessageContext.getProperty(String) invokes dubious
Boolean constructor; use
> Boolean.valueOf(...) instead
> MS: org.apache.axis.MessageContext.log isn't final but should be
> MS: org.apache.axis.MessageContext.systemTempDir isn't final but should be
> Nm: Confusing to have methods
>
org.apache.axis.MessageContext.setSOAPConstants(org.apache.axis.soap.SOAPCon
stants) and
>
org.apache.axis.message.SOAPEnvelope.setSoapConstants(org.apache.axis.soap.S
OAPConstants)
> EI: org.apache.axis.SOAPPart.getAsBytes() may expose internal
representation by returning
> org.apache.axis.SOAPPart.currentMessageAsBytes
> MS: org.apache.axis.SOAPPart.log isn't final but should be
> MS: org.apache.axis.SimpleChain.log isn't final but should be
> Se: org.apache.axis.SimpleChain is Serializable; consider declaring a
serialVersionUID
> MS: org.apache.axis.SimpleTargetedChain.log isn't final but should be
> Se: org.apache.axis.SimpleTargetedChain is Serializable; consider
declaring a serialVersionUID
> SIC: Should org.apache.axis.SimpleTargetedChain$PivotIndicator be a
_static_ inner class?
> FI: org.apache.axis.attachments.AttachmentPart.finalize() missing call to
super.finalize(), so
> org.apache.axis.attachments.AttachmentPart.finalize() doesn't get called
> MS: org.apache.axis.attachments.AttachmentPart.log isn't final but should
be
> MS: org.apache.axis.attachments.AttachmentsImpl.log isn't final but should
be
> Se: org.apache.axis.attachments.AttachmentsImpl is Serializable; consider
declaring a
> serialVersionUID
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.boundaryPos; locked
87% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.readBufEnd; locked 87%
of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.readBufPos; locked 84%
of time
> MS: org.apache.axis.attachments.BoundaryDelimitedStream.log isn't final
but should be
> DE:
>
org.apache.axis.attachments.DimeBodyPart.send(java.io.OutputStream,byte,java
x.activation.DataHandler,long)
> might ignore java.io.IOException
> MS: org.apache.axis.attachments.DimeBodyPart.log isn't final but should be
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.bytesRead; locked 94%
of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.dataPadLength; locked
81% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.recordLength; locked
80% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.theEnd; locked 50% of
time
> MS: org.apache.axis.attachments.DimeDelimitedInputStream.streamCount
should be package protected
> MS: org.apache.axis.attachments.DimeDelimitedInputStream.log isn't final
but should be
> HE: org.apache.axis.attachments.DimeTypeNameFormat defines equals and uses
Object.hashCode()
> MS: org.apache.axis.attachments.ImageDataSource.log isn't final but should
be
> UuF: Unused field: org.apache.axis.attachments.ImageDataSource.is
> DE: org.apache.axis.attachments.ManagedMemoryDataSource.delete() might
ignore
> java.lang.Exception
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.ManagedMemoryDataSource.currentMemoryBufSz;
locked 85% of time
> MS: org.apache.axis.attachments.ManagedMemoryDataSource.is_log isn't final
but should be
> MS: org.apache.axis.attachments.ManagedMemoryDataSource.log isn't final
but should be
> UrF: Unread field: org.apache.axis.attachments.ManagedMemoryDataSource.ss
> DE:
>
org.apache.axis.attachments.MimeMultipartDataSource.<init>(String,javax.mail
.internet.MimeMultipart)
> might ignore java.lang.Exception
> UuF: Unused field: org.apache.axis.attachments.MimeMultipartDataSource.is
> MS: org.apache.axis.attachments.MimeUtils.filter should be both final and
package protected
> MS: org.apache.axis.attachments.MimeUtils.log isn't final but should be
> MS: org.apache.axis.attachments.MultiPartDimeInputStream.READ_ALL should
be package protected
> MS: org.apache.axis.attachments.MultiPartDimeInputStream.log isn't final
but should be
> MS: org.apache.axis.attachments.MultiPartRelatedInputStream.READ_ALL
should be package protected
> MS: org.apache.axis.attachments.MultiPartRelatedInputStream.log isn't
final but should be
> RR:
org.apache.axis.attachments.MultiPartRelatedInputStream.<init>(String,java.i
o.InputStream)
> ignores result of java.io.InputStream.read(byte[])
> EI: org.apache.axis.attachments.OctetStream.getBytes() may expose internal
representation by
> returning org.apache.axis.attachments.OctetStream.bytes
> UuF: Unused field: org.apache.axis.attachments.PlainTextDataSource.is
> RR:
>
org.apache.axis.attachments.SourceDataSource.<init>(String,String,javax.xml.
transform.stream.StreamSource)
> ignores result of java.io.InputStream.read(byte[],int,int)
> UuF: Unused field: org.apache.axis.attachments.SourceDataSource.is
> MS: org.apache.axis.client.AdminClient.log isn't final but should be
> MS: org.apache.axis.client.AxisClient.log isn't final but should be
> Se: org.apache.axis.client.AxisClient is Serializable; consider declaring
a serialVersionUID
> DE: org.apache.axis.client.Call.getTransportForProtocol(String) might
ignore
> java.lang.InstantiationException
> DE: org.apache.axis.client.Call.getTransportForProtocol(String) might
ignore
> java.lang.IllegalAccessException
> DE: org.apache.axis.client.Call.setOperation(String) might ignore
java.lang.Exception
> MS: org.apache.axis.client.Call.entLog isn't final but should be
> MS: org.apache.axis.client.Call.log isn't final but should be
> Se: org.apache.axis.client.Service is Serializable; consider declaring a
serialVersionUID
> DE: org.apache.axis.client.ServiceFactory.getService(java.util.Map) might
ignore
> javax.naming.NamingException
> Dm: org.apache.axis.client.Stub._getProperty(String) invokes dubious
Boolean constructor; use
> Boolean.valueOf(...) instead
> Dm: org.apache.axis.client.Stub.setMaintainSession(boolean) invokes
dubious Boolean constructor;
> use Boolean.valueOf(...) instead
> Nm: Confusing to have methods org.apache.axis.client.Transport.getUrl()
and
> org.apache.axis.utils.Options.getURL()
> MS: org.apache.axis.components.compiler.CompilerFactory.log isn't final
but should be
> MS: org.apache.axis.components.compiler.Javac.log isn't final but should
be
> MS: org.apache.axis.components.compiler.Jikes.log isn't final but should
be
> SIC: Should org.apache.axis.components.compiler.Jikes$StreamPumper be a
_static_ inner class?
> UrF: Unread field:
org.apache.axis.components.compiler.Jikes$StreamPumper.stopSignal
> MS: org.apache.axis.components.image.ImageIOFactory.log isn't final but
should be
> MS: org.apache.axis.components.net.DefaultSocketFactory.log isn't final
but should be
> MS: org.apache.axis.components.net.SocketFactoryFactory.log isn't final
but should be
> MS: org.apache.axis.components.net.SunFakeTrustSocketFactory.log isn't
final but should be
> MS:
org.apache.axis.components.net.SunFakeTrustSocketFactory$FakeX509TrustManage
r.log isn't
> final but should be
> MS: org.apache.axis.components.net.TransportClientPropertiesFactory.log
isn't final but should
> be
> MS: org.apache.axis.components.script.ScriptFactory.log isn't final but
should be
> IS2: Inconsistent synchronization of
> org.apache.axis.components.threadpool.ThreadPool.threadcount; locked 70%
of time
> MS: org.apache.axis.components.threadpool.ThreadPool.log isn't final but
should be
> Dm: org.apache.axis.components.uuid.SimpleUUIDGen.nextUUID() invokes
dubious new String()
> constructor; just use ""
> MS: org.apache.axis.configuration.EngineConfigurationFactoryDefault.log
isn't final but should
> be
> MS: org.apache.axis.configuration.EngineConfigurationFactoryFinder.log
isn't final but should be
> DE: org.apache.axis.configuration.EngineConfigurationFactoryFinder$1.run()
might ignore
> java.lang.Exception
> MS: org.apache.axis.configuration.EngineConfigurationFactoryServlet.log
isn't final but should
> be
> MS: org.apache.axis.configuration.FileProvider.log isn't final but should
be
> IS2: Inconsistent synchronization of
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.singletonInstance;
locked 66% of time
> MS: org.apache.axis.deployment.wsdd.WSDDDeployableItem.scopeStrings should
be both final and
> package protected
> MS: org.apache.axis.deployment.wsdd.WSDDDeployableItem.log isn't final but
should be
> UR: Unitialized read of
org.apache.axis.deployment.wsdd.WSDDDeployableItem.parameters in
>
org.apache.axis.deployment.wsdd.WSDDDeployableItem.<init>(org.w3c.dom.Elemen
t)
> MS: org.apache.axis.deployment.wsdd.WSDDDeployment.log isn't final but
should be
> Se: org.apache.axis.deployment.wsdd.WSDDDeployment is Serializable;
consider declaring a
> serialVersionUID
> MS: org.apache.axis.deployment.wsdd.WSDDDocument.log isn't final but
should be
> UrF: Unread field: org.apache.axis.deployment.wsdd.WSDDDocument.doc
> Se: org.apache.axis.deployment.wsdd.WSDDHandler is Serializable; consider
declaring a
> serialVersionUID
> EI: org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfo.getHeaders() may
expose internal
> representation by returning
org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfo._headers
> DE:
org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain.<init>(org.w3c.do
m.Element) might
> ignore java.lang.ClassNotFoundException
> EI: org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain.getRoles()
may expose internal
> representation by returning
org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain._roles
> MS: org.apache.axis.deployment.wsdd.WSDDProvider.log isn't final but
should be
> Nm: Confusing to have methods
org.apache.axis.description.FaultDesc.getXmlType() and
> org.apache.axis.wsdl.symbolTable.FaultInfo.getXMLType()
> MS: org.apache.axis.description.OperationDesc.log isn't final but should
be
> Se: org.apache.axis.description.ParameterDesc is Serializable; consider
declaring a
> serialVersionUID
> DE: org.apache.axis.description.ServiceDesc.loadSkeletonOperations() might
ignore
> java.lang.NoSuchMethodException
> DE: org.apache.axis.description.ServiceDesc.loadSkeletonOperations() might
ignore
> java.lang.SecurityException
> IS2: Inconsistent synchronization of
> org.apache.axis.description.ServiceDesc.qname2OperationsMap; locked 80% of
time
> MS: org.apache.axis.description.ServiceDesc.log isn't final but should be
> SIC: Should org.apache.axis.description.ServiceDesc$1 be a _static_ inner
class?
> DE: org.apache.axis.description.TypeDesc.getTypeDescForClass(Class) might
ignore
> java.lang.NoSuchMethodException
> EI: org.apache.axis.description.TypeDesc.getFields() may expose internal
representation by
> returning org.apache.axis.description.TypeDesc.fields
> EI: org.apache.axis.description.TypeDesc.getFields(boolean) may expose
internal representation
> by returning org.apache.axis.description.TypeDesc.fields
> EI: org.apache.axis.description.TypeDesc.getPropertyDescriptors() may
expose internal
> representation by returning
org.apache.axis.description.TypeDesc.propertyDescriptors
> DE: org.apache.axis.encoding.DeserializationContextImpl.parse() might
ignore
> org.xml.sax.SAXException
> MS: org.apache.axis.encoding.DeserializationContextImpl.log isn't final
but should be
> MS: org.apache.axis.encoding.DeserializerImpl.log isn't final but should
be
> MS: org.apache.axis.encoding.FieldTarget.log isn't final but should be
> MS: org.apache.axis.encoding.MethodTarget.log isn't final but should be
> MS: org.apache.axis.encoding.SerializationContextImpl.log isn't final but
should be
> SIC: Should org.apache.axis.encoding.SerializationContextImpl$MultiRefItem
be a _static_ inner
> class?
> UrF: Unread field:
org.apache.axis.encoding.SerializationContextImpl$MultiRefItem.sendType
> DE:
org.apache.axis.encoding.TypeMappingImpl.getClassForQName(javax.xml.namespac
e.QName) might
> ignore java.lang.ClassNotFoundException
> MS: org.apache.axis.encoding.TypeMappingImpl.log isn't final but should be
> SIC: Should org.apache.axis.encoding.TypeMappingImpl$Pair be a _static_
inner class?
> DE: org.apache.axis.encoding.ser.ArrayDeserializer.valueComplete() might
ignore
> java.lang.RuntimeException
> MS: org.apache.axis.encoding.ser.ArrayDeserializer.log isn't final but
should be
> 
=== message truncated ===


=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

Mime
View raw message