wip singleton analysis

report.tex

@@ -24,24 +24,37 @@ already know as library clients.
 
 \subsection {Projects Considered}
 
+We considered the following GitHub repositories:
+
 \begin{description}
   \item[vavr-io/vavr] a Java library for functional programming, discarded as
     the project is less than 20K LOC and doesn't meet the selection criteria;
   \item[bitcoin4j/bitcoin4j] a Java implementation of the bitcoin protocol,
     discarded as the project is distributed in several subprojects;
-  \item[FasterXML/jackson-core] a popular Java JSON serialization and
-    deserialization library. This repository contains the \textit{core}
-    component of the library, i.e. the library abstractions and interface to
-    support additional modules and the main JSON serialization and
-    deserialization capabilities. We chose this library because it meets the
+  \item[FasterXML/jackson-core] a Java JSON serialization and
+    deserialization library. We chose this library because it meets the
     selection criteria, it doesn't rely on external components for its
     execution, and its project structure uses a single Maven module for its
     sources and thus easy to analyze.
 \end{description}
 
-Therefore we chose \textbf{FasterXML/jackson-core}, specifically the sources
-under the git tag \texttt{jackson-core-2.13.4}, the latest stable version of the
-library at this time.
+
+\subsection {The Jackson Core Library}
+As already mentioned, \texttt{Jackson} is a library that offers serialization
+and deseralization capabilities in JSON format. The library is highly extensible
+and customizable through a robust but flexible API and module suite that allows
+to change the serialization and deserialization rules, or in the case of the
+\texttt{jackson-dataformat-xml} module, to allow to target XML instead of JSON.
+
+The chosen repository contains only the \textit{core} module of Jackson. The
+\textit{core} module implements the necessary library abstractions and
+interfaces to allow other modules to be plugged-in. Additionally, the
+\textit{core} module implements the tokenizer and low-level abstractions to work
+with the JSON format.
+
+We chose to analyze version 2.13.4 of the module (corresponding to the code
+under the  git tag \texttt{jackson-core-2.13.4}) because it is the latest stable
+version available at the time of writing.
 
 \section{Analysis}
 
@@ -57,6 +70,8 @@ instead, as it is the previous LTS version.
 An XML dump of the \textit{Pattern4j} analysis results are included in the
 submission as the file \texttt{analysis.xml}.
 
+
+
 \subsection{Comments}
 \begin{itemize}
   \item Lots of false positives for the Singleton pattern. Example,
@@ -64,6 +79,20 @@ submission as the file \texttt{analysis.xml}.
     public static final instance of it, but reading the documentation the class
     represents (short) JSON string literals and therefore is clearly
     initialized by client code.
+    \begin{description}
+      \item[sym.Name1, JsonLocation, DefaultIndenter,
+        util.DefaultPrettyPrinter\$FixedSpaceIndenter] not a singleton (detected
+        cause of "convenient" default instance given as static final field), the
+        constructor is not used but the class is extensible
+      \item[JsonPointer, filter.TokenFilter] like above, but constructors are protected
+      \item[JsonpCharacterEscapes, util.DefaultPrettyPrinter\$NopIndenter,
+        Version] a singleton but with a public constructor that is never called
+        in the module code, may be called in tests
+      \item[io.JsonStringEncoder] like above, but the class is final
+      \item[util.InternCache, io.CharTypes\$AltEscapes]
+          actual singleton, thread-unsafe initialization
+      \item[io.ContentReference] like above, but constructor is protected
+    \end{description}
   \item TBD
 \end{itemize}
 \end{document}