diff --git a/report.pdf b/report.pdf index b86a634..4190ca7 100644 Binary files a/report.pdf and b/report.pdf differ diff --git a/report.tex b/report.tex index 20aef5b..83ef562 100644 --- a/report.tex +++ b/report.tex @@ -24,24 +24,37 @@ already know as library clients. \subsection {Projects Considered} +We considered the following GitHub repositories: + \begin{description} \item[vavr-io/vavr] a Java library for functional programming, discarded as the project is less than 20K LOC and doesn't meet the selection criteria; \item[bitcoin4j/bitcoin4j] a Java implementation of the bitcoin protocol, discarded as the project is distributed in several subprojects; - \item[FasterXML/jackson-core] a popular Java JSON serialization and - deserialization library. This repository contains the \textit{core} - component of the library, i.e. the library abstractions and interface to - support additional modules and the main JSON serialization and - deserialization capabilities. We chose this library because it meets the + \item[FasterXML/jackson-core] a Java JSON serialization and + deserialization library. We chose this library because it meets the selection criteria, it doesn't rely on external components for its execution, and its project structure uses a single Maven module for its sources and thus easy to analyze. \end{description} -Therefore we chose \textbf{FasterXML/jackson-core}, specifically the sources -under the git tag \texttt{jackson-core-2.13.4}, the latest stable version of the -library at this time. + +\subsection {The Jackson Core Library} +As already mentioned, \texttt{Jackson} is a library that offers serialization +and deseralization capabilities in JSON format. The library is highly extensible +and customizable through a robust but flexible API and module suite that allows +to change the serialization and deserialization rules, or in the case of the +\texttt{jackson-dataformat-xml} module, to allow to target XML instead of JSON. + +The chosen repository contains only the \textit{core} module of Jackson. The +\textit{core} module implements the necessary library abstractions and +interfaces to allow other modules to be plugged-in. Additionally, the +\textit{core} module implements the tokenizer and low-level abstractions to work +with the JSON format. + +We chose to analyze version 2.13.4 of the module (corresponding to the code +under the git tag \texttt{jackson-core-2.13.4}) because it is the latest stable +version available at the time of writing. \section{Analysis} @@ -57,6 +70,8 @@ instead, as it is the previous LTS version. An XML dump of the \textit{Pattern4j} analysis results are included in the submission as the file \texttt{analysis.xml}. + + \subsection{Comments} \begin{itemize} \item Lots of false positives for the Singleton pattern. Example, @@ -64,6 +79,20 @@ submission as the file \texttt{analysis.xml}. public static final instance of it, but reading the documentation the class represents (short) JSON string literals and therefore is clearly initialized by client code. + \begin{description} + \item[sym.Name1, JsonLocation, DefaultIndenter, + util.DefaultPrettyPrinter\$FixedSpaceIndenter] not a singleton (detected + cause of "convenient" default instance given as static final field), the + constructor is not used but the class is extensible + \item[JsonPointer, filter.TokenFilter] like above, but constructors are protected + \item[JsonpCharacterEscapes, util.DefaultPrettyPrinter\$NopIndenter, + Version] a singleton but with a public constructor that is never called + in the module code, may be called in tests + \item[io.JsonStringEncoder] like above, but the class is final + \item[util.InternCache, io.CharTypes\$AltEscapes] + actual singleton, thread-unsafe initialization + \item[io.ContentReference] like above, but constructor is protected + \end{description} \item TBD \end{itemize} \end{document}