100 lines
4.3 KiB
TeX
100 lines
4.3 KiB
TeX
% vim: set ts=2 sw=2 et tw=80:
|
|
|
|
\documentclass[12pt,a4paper]{article}
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage[margin=2cm]{geometry}
|
|
\usepackage{hyperref}
|
|
|
|
\title{Assginment 1 -- Software Design and Modelling}
|
|
|
|
\author{Volodymyr Karpenko \and Claudio Maggioni}
|
|
|
|
\begin{document}
|
|
\maketitle
|
|
|
|
\section{Project selection process}
|
|
|
|
We need to find a project that is a single unit in terms of compilation
|
|
modules\footnote{A problem for Pattern4J as compiled \texttt{.class} files are
|
|
distributed across several directories and would have to be merged manually for
|
|
analyzing them}
|
|
self contained and with as little external dependencies as possible to ease the
|
|
analysis project. Additionally, it would be nice if we choose a project that we
|
|
already know as library clients.
|
|
|
|
\subsection {Projects Considered}
|
|
|
|
We considered the following GitHub repositories:
|
|
|
|
\begin{description}
|
|
\item[vavr-io/vavr] a Java library for functional programming, discarded as
|
|
the project is less than 20K LOC and doesn't meet the selection criteria;
|
|
\item[bitcoin4j/bitcoin4j] a Java implementation of the bitcoin protocol,
|
|
discarded as the project is distributed in several subprojects;
|
|
\item[FasterXML/jackson-core] a Java JSON serialization and
|
|
deserialization library. We chose this library because it meets the
|
|
selection criteria, it doesn't rely on external components for its
|
|
execution, and its project structure uses a single Maven module for its
|
|
sources and thus easy to analyze.
|
|
\end{description}
|
|
|
|
|
|
\subsection {The Jackson Core Library}
|
|
As already mentioned, \texttt{Jackson} is a library that offers serialization
|
|
and deseralization capabilities in JSON format. The library is highly extensible
|
|
and customizable through a robust but flexible API and module suite that allows
|
|
to change the serialization and deserialization rules, or in the case of the
|
|
\texttt{jackson-dataformat-xml} module, to allow to target XML instead of JSON.
|
|
|
|
The chosen repository contains only the \textit{core} module of Jackson. The
|
|
\textit{core} module implements the necessary library abstractions and
|
|
interfaces to allow other modules to be plugged-in. Additionally, the
|
|
\textit{core} module implements the tokenizer and low-level abstractions to work
|
|
with the JSON format.
|
|
|
|
We chose to analyze version 2.13.4 of the module (corresponding to the code
|
|
under the git tag \texttt{jackson-core-2.13.4}) because it is the latest stable
|
|
version available at the time of writing.
|
|
|
|
\section{Analysis}
|
|
|
|
We use
|
|
\href{https://users.encs.concordia.ca/~nikolaos/pattern\_detection.html}{\textit{Pattern4}}
|
|
as a pattern detection tool. This tool needs compiled \texttt{.class} files in
|
|
order to perform analysis. Therefore, as \texttt{jackson-core} is a standard
|
|
Maven project, we compile the sources using the command \texttt{mvn clean
|
|
compile}. The \texttt{pom.xml} of the library specifies Java 1.6 as a
|
|
compilation target, which is not supported by JDK 17 or above. We used JDK 11
|
|
instead, as it is the previous LTS version.
|
|
|
|
An XML dump of the \textit{Pattern4j} analysis results are included in the
|
|
submission as the file \texttt{analysis.xml}.
|
|
|
|
|
|
|
|
\subsection{Comments}
|
|
\begin{itemize}
|
|
\item Lots of false positives for the Singleton pattern. Example,
|
|
com.fasterxml.jackson.core.sym.Name1 has a package private constructor and a
|
|
public static final instance of it, but reading the documentation the class
|
|
represents (short) JSON string literals and therefore is clearly
|
|
initialized by client code.
|
|
\begin{description}
|
|
\item[sym.Name1, JsonLocation, DefaultIndenter,
|
|
util.DefaultPrettyPrinter\$FixedSpaceIndenter] not a singleton (detected
|
|
cause of "convenient" default instance given as static final field), the
|
|
constructor is not used but the class is extensible
|
|
\item[JsonPointer, filter.TokenFilter] like above, but constructors are protected
|
|
\item[JsonpCharacterEscapes, util.DefaultPrettyPrinter\$NopIndenter,
|
|
Version] a singleton but with a public constructor that is never called
|
|
in the module code, may be called in tests
|
|
\item[io.JsonStringEncoder] like above, but the class is final
|
|
\item[util.InternCache, io.CharTypes\$AltEscapes]
|
|
actual singleton, thread-unsafe initialization
|
|
\item[io.ContentReference] like above, but constructor is protected
|
|
\end{description}
|
|
\item TBD
|
|
\end{itemize}
|
|
\end{document}
|
|
|