You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Er...@WellsFargo.COM on 2003/06/13 19:21:50 UTC
static analysis of axis.jar with "findbugs" utility
I ran the "findbugs" static analysis utility against a copy of axis.jar.
I'm attaching the resulting report, which was created with the "textui" in
"sort by class" mode. It looks like there are several things that could be
trivially fixed and several others which merit further investigation.
Findbugs comes with an ant task and so if there's consensus about the
usefulness of this report, it might make sense to add a target to the axis
build file so that this can be run from time to time.
Findbugs, if you don't already know, was created by David Hovemeyer and Bill
Pugh (of skip list fame). The original paper describing the tool and its
goals is available here:
http://www.cs.umd.edu/~pugh/java/bugs/docs/findbugsPaper.pdf. The site for
findbugs is here: http://www.cs.umd.edu/~pugh/java/bugs/
And here's a report for axis. I recommend trying it out yourselves with the
GUI -- that includes slightly more verbose descriptions of the patterns that
findbugs considers to be problematic.
Eric
PS -- I'd be most concerned about the classes that have problems with the
equals/hashCode contract, as those can result in serious and difficult to
reproduce runtime failures. Also, there are places where Axis is using the
"double checked locking" idiom for lazy initialization -- this is known to
not work in Java and should be fixed as soon as possible. See
http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html for
information about why this is so. Apart from that, it's up to the
committers (of which I am not one) to decide what other errors are worth
fixing. The several unread/unused instance variables are probably easy,
low-hanging fruit....
<<byClass.txt>>
Re: static analysis of axis.jar with "findbugs" utility
Posted by Davanum Srinivas <di...@yahoo.com>.
Eric,
Do you have some cycles to fix these problems (post 1.1 final release?)
Thanks,
dims
--- Eric.D.Friedman@WellsFargo.COM wrote:
> I ran the "findbugs" static analysis utility against a copy of axis.jar.
> I'm attaching the resulting report, which was created with the "textui" in
> "sort by class" mode. It looks like there are several things that could be
> trivially fixed and several others which merit further investigation.
> Findbugs comes with an ant task and so if there's consensus about the
> usefulness of this report, it might make sense to add a target to the axis
> build file so that this can be run from time to time.
>
> Findbugs, if you don't already know, was created by David Hovemeyer and Bill
> Pugh (of skip list fame). The original paper describing the tool and its
> goals is available here:
> http://www.cs.umd.edu/~pugh/java/bugs/docs/findbugsPaper.pdf. The site for
> findbugs is here: http://www.cs.umd.edu/~pugh/java/bugs/
>
> And here's a report for axis. I recommend trying it out yourselves with the
> GUI -- that includes slightly more verbose descriptions of the patterns that
> findbugs considers to be problematic.
>
> Eric
>
> PS -- I'd be most concerned about the classes that have problems with the
> equals/hashCode contract, as those can result in serious and difficult to
> reproduce runtime failures. Also, there are places where Axis is using the
> "double checked locking" idiom for lazy initialization -- this is known to
> not work in Java and should be fixed as soon as possible. See
> http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html for
> information about why this is so. Apart from that, it's up to the
> committers (of which I am not one) to decide what other errors are worth
> fixing. The several unread/unused instance variables are probably easy,
> low-hanging fruit....
>
> <<byClass.txt>>
> > MS: org.apache.axis.AxisEngine.log isn't final but should be
> Dm: org.apache.axis.AxisFault.dumpToString() invokes dubious new String() constructor; just use
> ""
> MS: org.apache.axis.AxisFault.log isn't final but should be
> Se: org.apache.axis.AxisFault is Serializable; consider declaring a serialVersionUID
> MS: org.apache.axis.AxisProperties.log isn't final but should be
> MS: org.apache.axis.ConfigurationException.copyStackByDefault isn't final but should be
> MS: org.apache.axis.ConfigurationException.log isn't final but should be
> Se: org.apache.axis.ConfigurationException is Serializable; consider declaring a
> serialVersionUID
> MS: org.apache.axis.Constants.QNAMES_NIL is a mutable array
> MS: org.apache.axis.Constants.URIS_SCHEMA_XSD is a mutable array
> MS: org.apache.axis.Constants.URIS_SCHEMA_XSI is a mutable array
> MS: org.apache.axis.Constants.URIS_SOAP_ENC is a mutable array
> MS: org.apache.axis.Constants.NS_URIS_WSDL should be package protected
> MS: org.apache.axis.Constants.NS_URIS_WSDL_SOAP should be package protected
> MS: org.apache.axis.Constants.URIS_SOAP_ENV should be package protected
> MS: org.apache.axis.FaultableHandler.entLog isn't final but should be
> MS: org.apache.axis.FaultableHandler.log isn't final but should be
> Se: org.apache.axis.FaultableHandler is Serializable; consider declaring a serialVersionUID
> MS: org.apache.axis.InternalException.log isn't final but should be
> Se: org.apache.axis.InternalException is Serializable; consider declaring a serialVersionUID
> IS2: Inconsistent synchronization of org.apache.axis.Message.attachImpl; locked 50% of time
> MS: org.apache.axis.Message.log isn't final but should be
> Se: org.apache.axis.Message is Serializable; consider declaring a serialVersionUID
> Dm: org.apache.axis.MessageContext.getProperty(String) invokes dubious Boolean constructor; use
> Boolean.valueOf(...) instead
> MS: org.apache.axis.MessageContext.log isn't final but should be
> MS: org.apache.axis.MessageContext.systemTempDir isn't final but should be
> Nm: Confusing to have methods
> org.apache.axis.MessageContext.setSOAPConstants(org.apache.axis.soap.SOAPConstants) and
> org.apache.axis.message.SOAPEnvelope.setSoapConstants(org.apache.axis.soap.SOAPConstants)
> EI: org.apache.axis.SOAPPart.getAsBytes() may expose internal representation by returning
> org.apache.axis.SOAPPart.currentMessageAsBytes
> MS: org.apache.axis.SOAPPart.log isn't final but should be
> MS: org.apache.axis.SimpleChain.log isn't final but should be
> Se: org.apache.axis.SimpleChain is Serializable; consider declaring a serialVersionUID
> MS: org.apache.axis.SimpleTargetedChain.log isn't final but should be
> Se: org.apache.axis.SimpleTargetedChain is Serializable; consider declaring a serialVersionUID
> SIC: Should org.apache.axis.SimpleTargetedChain$PivotIndicator be a _static_ inner class?
> FI: org.apache.axis.attachments.AttachmentPart.finalize() missing call to super.finalize(), so
> org.apache.axis.attachments.AttachmentPart.finalize() doesn't get called
> MS: org.apache.axis.attachments.AttachmentPart.log isn't final but should be
> MS: org.apache.axis.attachments.AttachmentsImpl.log isn't final but should be
> Se: org.apache.axis.attachments.AttachmentsImpl is Serializable; consider declaring a
> serialVersionUID
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.boundaryPos; locked 87% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.readBufEnd; locked 87% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.BoundaryDelimitedStream.readBufPos; locked 84% of time
> MS: org.apache.axis.attachments.BoundaryDelimitedStream.log isn't final but should be
> DE:
>
org.apache.axis.attachments.DimeBodyPart.send(java.io.OutputStream,byte,javax.activation.DataHandler,long)
> might ignore java.io.IOException
> MS: org.apache.axis.attachments.DimeBodyPart.log isn't final but should be
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.bytesRead; locked 94% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.dataPadLength; locked 81% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.recordLength; locked 80% of time
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.DimeDelimitedInputStream.theEnd; locked 50% of time
> MS: org.apache.axis.attachments.DimeDelimitedInputStream.streamCount should be package protected
> MS: org.apache.axis.attachments.DimeDelimitedInputStream.log isn't final but should be
> HE: org.apache.axis.attachments.DimeTypeNameFormat defines equals and uses Object.hashCode()
> MS: org.apache.axis.attachments.ImageDataSource.log isn't final but should be
> UuF: Unused field: org.apache.axis.attachments.ImageDataSource.is
> DE: org.apache.axis.attachments.ManagedMemoryDataSource.delete() might ignore
> java.lang.Exception
> IS2: Inconsistent synchronization of
> org.apache.axis.attachments.ManagedMemoryDataSource.currentMemoryBufSz; locked 85% of time
> MS: org.apache.axis.attachments.ManagedMemoryDataSource.is_log isn't final but should be
> MS: org.apache.axis.attachments.ManagedMemoryDataSource.log isn't final but should be
> UrF: Unread field: org.apache.axis.attachments.ManagedMemoryDataSource.ss
> DE:
>
org.apache.axis.attachments.MimeMultipartDataSource.<init>(String,javax.mail.internet.MimeMultipart)
> might ignore java.lang.Exception
> UuF: Unused field: org.apache.axis.attachments.MimeMultipartDataSource.is
> MS: org.apache.axis.attachments.MimeUtils.filter should be both final and package protected
> MS: org.apache.axis.attachments.MimeUtils.log isn't final but should be
> MS: org.apache.axis.attachments.MultiPartDimeInputStream.READ_ALL should be package protected
> MS: org.apache.axis.attachments.MultiPartDimeInputStream.log isn't final but should be
> MS: org.apache.axis.attachments.MultiPartRelatedInputStream.READ_ALL should be package protected
> MS: org.apache.axis.attachments.MultiPartRelatedInputStream.log isn't final but should be
> RR: org.apache.axis.attachments.MultiPartRelatedInputStream.<init>(String,java.io.InputStream)
> ignores result of java.io.InputStream.read(byte[])
> EI: org.apache.axis.attachments.OctetStream.getBytes() may expose internal representation by
> returning org.apache.axis.attachments.OctetStream.bytes
> UuF: Unused field: org.apache.axis.attachments.PlainTextDataSource.is
> RR:
>
org.apache.axis.attachments.SourceDataSource.<init>(String,String,javax.xml.transform.stream.StreamSource)
> ignores result of java.io.InputStream.read(byte[],int,int)
> UuF: Unused field: org.apache.axis.attachments.SourceDataSource.is
> MS: org.apache.axis.client.AdminClient.log isn't final but should be
> MS: org.apache.axis.client.AxisClient.log isn't final but should be
> Se: org.apache.axis.client.AxisClient is Serializable; consider declaring a serialVersionUID
> DE: org.apache.axis.client.Call.getTransportForProtocol(String) might ignore
> java.lang.InstantiationException
> DE: org.apache.axis.client.Call.getTransportForProtocol(String) might ignore
> java.lang.IllegalAccessException
> DE: org.apache.axis.client.Call.setOperation(String) might ignore java.lang.Exception
> MS: org.apache.axis.client.Call.entLog isn't final but should be
> MS: org.apache.axis.client.Call.log isn't final but should be
> Se: org.apache.axis.client.Service is Serializable; consider declaring a serialVersionUID
> DE: org.apache.axis.client.ServiceFactory.getService(java.util.Map) might ignore
> javax.naming.NamingException
> Dm: org.apache.axis.client.Stub._getProperty(String) invokes dubious Boolean constructor; use
> Boolean.valueOf(...) instead
> Dm: org.apache.axis.client.Stub.setMaintainSession(boolean) invokes dubious Boolean constructor;
> use Boolean.valueOf(...) instead
> Nm: Confusing to have methods org.apache.axis.client.Transport.getUrl() and
> org.apache.axis.utils.Options.getURL()
> MS: org.apache.axis.components.compiler.CompilerFactory.log isn't final but should be
> MS: org.apache.axis.components.compiler.Javac.log isn't final but should be
> MS: org.apache.axis.components.compiler.Jikes.log isn't final but should be
> SIC: Should org.apache.axis.components.compiler.Jikes$StreamPumper be a _static_ inner class?
> UrF: Unread field: org.apache.axis.components.compiler.Jikes$StreamPumper.stopSignal
> MS: org.apache.axis.components.image.ImageIOFactory.log isn't final but should be
> MS: org.apache.axis.components.net.DefaultSocketFactory.log isn't final but should be
> MS: org.apache.axis.components.net.SocketFactoryFactory.log isn't final but should be
> MS: org.apache.axis.components.net.SunFakeTrustSocketFactory.log isn't final but should be
> MS: org.apache.axis.components.net.SunFakeTrustSocketFactory$FakeX509TrustManager.log isn't
> final but should be
> MS: org.apache.axis.components.net.TransportClientPropertiesFactory.log isn't final but should
> be
> MS: org.apache.axis.components.script.ScriptFactory.log isn't final but should be
> IS2: Inconsistent synchronization of
> org.apache.axis.components.threadpool.ThreadPool.threadcount; locked 70% of time
> MS: org.apache.axis.components.threadpool.ThreadPool.log isn't final but should be
> Dm: org.apache.axis.components.uuid.SimpleUUIDGen.nextUUID() invokes dubious new String()
> constructor; just use ""
> MS: org.apache.axis.configuration.EngineConfigurationFactoryDefault.log isn't final but should
> be
> MS: org.apache.axis.configuration.EngineConfigurationFactoryFinder.log isn't final but should be
> DE: org.apache.axis.configuration.EngineConfigurationFactoryFinder$1.run() might ignore
> java.lang.Exception
> MS: org.apache.axis.configuration.EngineConfigurationFactoryServlet.log isn't final but should
> be
> MS: org.apache.axis.configuration.FileProvider.log isn't final but should be
> IS2: Inconsistent synchronization of
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.singletonInstance; locked 66% of time
> MS: org.apache.axis.deployment.wsdd.WSDDDeployableItem.scopeStrings should be both final and
> package protected
> MS: org.apache.axis.deployment.wsdd.WSDDDeployableItem.log isn't final but should be
> UR: Unitialized read of org.apache.axis.deployment.wsdd.WSDDDeployableItem.parameters in
> org.apache.axis.deployment.wsdd.WSDDDeployableItem.<init>(org.w3c.dom.Element)
> MS: org.apache.axis.deployment.wsdd.WSDDDeployment.log isn't final but should be
> Se: org.apache.axis.deployment.wsdd.WSDDDeployment is Serializable; consider declaring a
> serialVersionUID
> MS: org.apache.axis.deployment.wsdd.WSDDDocument.log isn't final but should be
> UrF: Unread field: org.apache.axis.deployment.wsdd.WSDDDocument.doc
> Se: org.apache.axis.deployment.wsdd.WSDDHandler is Serializable; consider declaring a
> serialVersionUID
> EI: org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfo.getHeaders() may expose internal
> representation by returning org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfo._headers
> DE: org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain.<init>(org.w3c.dom.Element) might
> ignore java.lang.ClassNotFoundException
> EI: org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain.getRoles() may expose internal
> representation by returning org.apache.axis.deployment.wsdd.WSDDJAXRPCHandlerInfoChain._roles
> MS: org.apache.axis.deployment.wsdd.WSDDProvider.log isn't final but should be
> Nm: Confusing to have methods org.apache.axis.description.FaultDesc.getXmlType() and
> org.apache.axis.wsdl.symbolTable.FaultInfo.getXMLType()
> MS: org.apache.axis.description.OperationDesc.log isn't final but should be
> Se: org.apache.axis.description.ParameterDesc is Serializable; consider declaring a
> serialVersionUID
> DE: org.apache.axis.description.ServiceDesc.loadSkeletonOperations() might ignore
> java.lang.NoSuchMethodException
> DE: org.apache.axis.description.ServiceDesc.loadSkeletonOperations() might ignore
> java.lang.SecurityException
> IS2: Inconsistent synchronization of
> org.apache.axis.description.ServiceDesc.qname2OperationsMap; locked 80% of time
> MS: org.apache.axis.description.ServiceDesc.log isn't final but should be
> SIC: Should org.apache.axis.description.ServiceDesc$1 be a _static_ inner class?
> DE: org.apache.axis.description.TypeDesc.getTypeDescForClass(Class) might ignore
> java.lang.NoSuchMethodException
> EI: org.apache.axis.description.TypeDesc.getFields() may expose internal representation by
> returning org.apache.axis.description.TypeDesc.fields
> EI: org.apache.axis.description.TypeDesc.getFields(boolean) may expose internal representation
> by returning org.apache.axis.description.TypeDesc.fields
> EI: org.apache.axis.description.TypeDesc.getPropertyDescriptors() may expose internal
> representation by returning org.apache.axis.description.TypeDesc.propertyDescriptors
> DE: org.apache.axis.encoding.DeserializationContextImpl.parse() might ignore
> org.xml.sax.SAXException
> MS: org.apache.axis.encoding.DeserializationContextImpl.log isn't final but should be
> MS: org.apache.axis.encoding.DeserializerImpl.log isn't final but should be
> MS: org.apache.axis.encoding.FieldTarget.log isn't final but should be
> MS: org.apache.axis.encoding.MethodTarget.log isn't final but should be
> MS: org.apache.axis.encoding.SerializationContextImpl.log isn't final but should be
> SIC: Should org.apache.axis.encoding.SerializationContextImpl$MultiRefItem be a _static_ inner
> class?
> UrF: Unread field: org.apache.axis.encoding.SerializationContextImpl$MultiRefItem.sendType
> DE: org.apache.axis.encoding.TypeMappingImpl.getClassForQName(javax.xml.namespace.QName) might
> ignore java.lang.ClassNotFoundException
> MS: org.apache.axis.encoding.TypeMappingImpl.log isn't final but should be
> SIC: Should org.apache.axis.encoding.TypeMappingImpl$Pair be a _static_ inner class?
> DE: org.apache.axis.encoding.ser.ArrayDeserializer.valueComplete() might ignore
> java.lang.RuntimeException
> MS: org.apache.axis.encoding.ser.ArrayDeserializer.log isn't final but should be
>
=== message truncated ===
=====
Davanum Srinivas - http://webservices.apache.org/~dims/
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com