maggicl
/
sdm01
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2022-12-20. You can view files and clone it, but cannot push or open issues or pull requests.
sdm01/report.tex

100 lines
4.3 KiB
TeX
Raw Blame History

% vim: set ts=2 sw=2 et tw=80:
\documentclass[12pt,a4paper]{article}
\usepackage[utf8]{inputenc}
\usepackage[margin=2cm]{geometry}
\usepackage{hyperref}
\title{Assginment 1 -- Software Design and Modelling}
\author{Volodymyr Karpenko \and Claudio Maggioni}
\begin{document}
\maketitle
\section{Project selection process}
We need to find a project that is a single unit in terms of compilation
modules\footnote{A problem for Pattern4J as compiled \texttt{.class} files are
distributed across several directories and would have to be merged manually for
analyzing them}
self contained and with as little external dependencies as possible to ease the
analysis project. Additionally, it would be nice if we choose a project that we
already know as library clients.
\subsection {Projects Considered}
We considered the following GitHub repositories:
\begin{description}
\item[vavr-io/vavr] a Java library for functional programming, discarded as
the project is less than 20K LOC and doesn't meet the selection criteria;
\item[bitcoin4j/bitcoin4j] a Java implementation of the bitcoin protocol,
discarded as the project is distributed in several subprojects;
\item[FasterXML/jackson-core] a Java JSON serialization and
deserialization library. We chose this library because it meets the
selection criteria, it doesn't rely on external components for its
execution, and its project structure uses a single Maven module for its
sources and thus easy to analyze.
\end{description}
\subsection {The Jackson Core Library}
As already mentioned, \texttt{Jackson} is a library that offers serialization
and deseralization capabilities in JSON format. The library is highly extensible
and customizable through a robust but flexible API and module suite that allows
to change the serialization and deserialization rules, or in the case of the
\texttt{jackson-dataformat-xml} module, to allow to target XML instead of JSON.
The chosen repository contains only the \textit{core} module of Jackson. The
\textit{core} module implements the necessary library abstractions and
interfaces to allow other modules to be plugged-in. Additionally, the
\textit{core} module implements the tokenizer and low-level abstractions to work
with the JSON format.
We chose to analyze version 2.13.4 of the module (corresponding to the code
under the git tag \texttt{jackson-core-2.13.4}) because it is the latest stable
version available at the time of writing.
\section{Analysis}
We use
\href{https://users.encs.concordia.ca/~nikolaos/pattern\_detection.html}{\textit{Pattern4}}
as a pattern detection tool. This tool needs compiled \texttt{.class} files in
order to perform analysis. Therefore, as \texttt{jackson-core} is a standard
Maven project, we compile the sources using the command \texttt{mvn clean
compile}. The \texttt{pom.xml} of the library specifies Java 1.6 as a
compilation target, which is not supported by JDK 17 or above. We used JDK 11
instead, as it is the previous LTS version.
An XML dump of the \textit{Pattern4j} analysis results are included in the
submission as the file \texttt{analysis.xml}.
\subsection{Comments}
\begin{itemize}
\item Lots of false positives for the Singleton pattern. Example,
com.fasterxml.jackson.core.sym.Name1 has a package private constructor and a
public static final instance of it, but reading the documentation the class
represents (short) JSON string literals and therefore is clearly
initialized by client code.
\begin{description}
\item[sym.Name1, JsonLocation, DefaultIndenter,
util.DefaultPrettyPrinter\$FixedSpaceIndenter] not a singleton (detected
cause of "convenient" default instance given as static final field), the
constructor is not used but the class is extensible
\item[JsonPointer, filter.TokenFilter] like above, but constructors are protected
\item[JsonpCharacterEscapes, util.DefaultPrettyPrinter\$NopIndenter,
Version] a singleton but with a public constructor that is never called
in the module code, may be called in tests
\item[io.JsonStringEncoder] like above, but the class is final
\item[util.InternCache, io.CharTypes\$AltEscapes]
actual singleton, thread-unsafe initialization
\item[io.ContentReference] like above, but constructor is protected
\end{description}
\item TBD
\end{itemize}
\end{document}
Reference in New Issue View Git Blame Copy Permalink