jverbraeken
commented
7 years ago @clenrock Fixed!
Closed jverbraeken closed 7 years ago
jverbraeken
commented
7 years ago @clenrock Fixed!
TheBonheurs
commented
7 years ago How can the coverage go down when @jverbraeken only increased the amount of code tested?
jverbraeken
commented
7 years ago @ericcornelissen Done!
Relevant Issues: -
Related Pull Requests: #137
What
This Pull Request adds to the repository a fully enabled FindBugs configuration
Why
This Pull Request is needed because the old configuration was almost entirely disabled and the tool shows you potential bugs
How
This feature can be viewed/tested within the project by building the project. Findbugs run on the bytecode instead of the source code, so just running check or even findbugs won't work
Alternative implementation
Other implementations that I've have considered are -
Notes
The serialization proxy pattern is only used for objects without circular dependencies, because it clearly doesn't work otherwise. For the other serialize objects we use readObject and writeObject methods for improved efficiency and security. In this PR stas' fix-bluetooth PR is merged because it has a lot to do with the Bluetooth class (of course) and that class had to be completely refractored because of the whole goal of this pr: fix findbugs.
Old notes: The new SerializationProxy is used to greatly reduce the likelikehood of bugs and security problems introduced by implementing the Serialization interface. Without going too much in depth here, have a look at item 74 for an explanation about the problems with Serialization and at item 78 for the serialization proxy pattern: Effective Java. Effective Java is widely regarded as the best book written about the Java programming language ever, written by one of the main developers of Java (Joshua Bloch). The serialization proxy is serialized instead of the object itself and largely eliminates the extralinguistic character of serialization, because the deserialized instance is created using the same constructors as any othe rinstance. That frees us from having to separately ensure that deserialized instances obey the class's invariants.