* Enable additional Error Prone checks & fix violations
Some of them also enforce additional Google Java Format requirements which
are not handled by google-java-format, such as disallowing wildcard imports.
Not all experimental checks have been listed because some are not applicable,
such as Dependency Injection framework checks, or checks related to Guava's
immutable collections (since Gson's main code does not have a dependency on
Guava).
Other checks have been omitted because they are probably not relevant
(this was a subjective choice), or would require larger refactoring or
would flag issues with the public API, which cannot be changed easily.
* Address review feedback
---------
Co-authored-by: Éamonn McManus <emcmanus@google.com>
This annotation indicates that return value of the annotated method does
not need to be used. If it is _not_ present on a non-void method, and if
Error Prone's `CheckReturnValue` is active, then calling the method
without using the result is an error. However, we are not enabling
`CheckReturnValue` by default here.
Also update some code that does ignore return values, so that the
returned value is used, if only by assigning it to an unused variable.
* Fix `OperatorPrecedence` warn in `JsonWriter#close`
* Fix `ReferenceEquality` warn in `LinkedTreeMap#replaceInParent`
* Fix `UnnecessaryParentheses` warn in `LinkedTreeMap#replaceInParent`
* Fix `ReferenceEquality` warn in `LinkedTreeMap#hasNext`
* Fix `ReferenceEquality` warn in `LinkedTreeMap#nextNode`
* Adds `error_prone_annotations` to the `pom.xml` of `gson`
* Fix `InlineMeSuggester` warns in `JsonParser`
* Fix `UnnecessaryParentheses` warns in `ConstructorConstructor#newDefaultImplementationConstructor`
* Fix `ThreadLocalUsage` warn in `Gson`
* Fix `JdkObsolete` warn in `GsonBuilder`
* Fix `ReferenceEquality` warn in `LazilyParsedNumber#equals`
* Fix `OperatorPrecedence` warn in `TreeTypeAdapter#create`
* Fix `OperatorPrecedence` warn in `ArrayTypeAdapter`
* Fix `UnnecessaryParentheses` warn in `TypeAdapters`
* Adds `-XepExcludedPaths` flag to ErrorProne plugin to exclude tests and proto path
* Fix `ClassNewInstance` warn in `InterceptorAdapter`
* Fix `ThreadLocalUsage` warn in `GraphAdapterBuilder`
* Fix `JdkObsolete` warn in `GraphAdapterBuilder`
* Revert "Adds `error_prone_annotations` to the `pom.xml` of `gson`"
This reverts commit 14af14dfa23b46a54f4855a70ccf2b0a2cdc3e3f.
* Revert "Fix `InlineMeSuggester` warns in `JsonParser`"
This reverts commit 095bfd517e06510e4cc9cc6b1aac58ad9bf3038a.
* Adds `@SuppressWarnings("ThreadLocalUsage")`
* Fix `OperatorPrecedence` in `JsonWriter`
* Revert "Fix `ReferenceEquality` warn in `LinkedTreeMap#nextNode`"
This reverts commit 387746c7f7e3d0943c8f80501f5d9c3710f4862e.
* Adds `@SuppressWarnings("ReferenceEquality")`
* Adds `guava-testlib` to the gson `pom.xml`
* `@SuppressWarnings("TruthSelfEquals")` removed to use `EqualsTester()`
* Add CodeQL GitHub code scanning workflow
* Only compile main sources for code scanning
* Move test .proto files to test sources
`annotations.proto` also seems to be only relevant for tests because the test
explicitly registers them as extensions. By default the Proto adapter does not
consider them.
* Address some code scanning findings
* Fix some more findings
Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.
The most interesting optimization is to replace ArrayDeque with a manual linked list that reuses the nodes 'parent' field. These optimizations save about 20%.
Compared to LinkedTreeMap, this is slower for small (size=5) maps: 124% slower to get() and 33% slower to create and populate. It's a win for large (size=500) maps: 46% faster to get() but 8% slower to create and populate. And it's a big win for very large (size=50,000) maps: 81% faster to get() and 46% faster to create and populate.
http://microbenchmarks.appspot.com/run/limpbizkit@gmail.com/com.google.common.collect.MapBenchmark
I'm going to follow this up with some simple optimizations: caching local fields and simplifying access. That should narrow the performance gap.
Not yet adopted in our code.
Known critical bugs:
- throws ClassCastException when get() is called with a non-comparable key
- throws NullPointerException on get(null)
