Skip to content

Commit c3a26b9

Browse files
committed
spotbugs: flip pom to Max+Low at the gate; clear remaining 8 source-level findings
Pom now enforces effort=Max + threshold=Low (matches BAF, plugin, sb that all already gate on it). With the gate flipped, the remaining 8 findings surface and are dispatched in one sweep: Source fixes (2): - LlamaModel.java — move OBJECT_MAPPER static field to the top of the class body so static fields precede instance fields (IMC_IMMATURE_CLASS_WRONG_FIELD_ORDER). - ModelParameters.java — same reorder: statics before the instance serializer field. Narrow <Match> suppressions added to spotbugs-exclude.xml with rationale (6): - CancellationToken + ChatTranscript: IMC_NO_EQUALS — both are identity-managed lifecycle handles (cancellation flag observed across threads, append-only transcript owned by one Session). Documented in their Javadocs as intentionally non-value-shaped. - TimingsLogger: LO_SUSPECT_LOG_CLASS — the documented public logger name "net.ladenthin.llama.timings" is the operator-visible contract (see README + CLAUDE.md System Properties Reference), NOT the FQN of the enclosing class. - Java8CompatibilityHelper.formatted: FORMAT_STRING_MANIPULATION — the wrapper exists specifically to accept runtime format strings as a Java 8 backport of String#formatted(). - ToolHandler.invoke: THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION — functional-interface contract for user-supplied handlers; the agent loop catches broad Exception and reports back as {"error":"..."}. - ChatMessage.requireNonNull: WEM_WEAK_EXCEPTION_MESSAGING — precondition guard with no state-dependent context to add to the message. Verification: mvn clean compile spotbugs:check -> BugInstance size is 0, BUILD SUCCESS.
1 parent 14091bf commit c3a26b9

4 files changed

Lines changed: 82 additions & 8 deletions

File tree

pom.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -594,8 +594,8 @@ SPDX-License-Identifier: MIT
594594
<groupId>com.github.spotbugs</groupId>
595595
<artifactId>spotbugs-maven-plugin</artifactId>
596596
<configuration>
597-
<effort>Default</effort>
598-
<threshold>Default</threshold>
597+
<effort>Max</effort>
598+
<threshold>Low</threshold>
599599
<failOnError>true</failOnError>
600600
<includeTests>false</includeTests>
601601
<excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>

spotbugs-exclude.xml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -286,4 +286,78 @@ SPDX-License-Identifier: MIT
286286
<Field name="ctx"/>
287287
</Match>
288288

289+
<!--
290+
CancellationToken and ChatTranscript are lifecycle handles managed by
291+
identity, not value: a CancellationToken owns a mutable cancellation
292+
flag observed across threads, and ChatTranscript is an append-only
293+
transcript owned by a single Session and never compared by value.
294+
Both classes deliberately do NOT generate Lombok @EqualsAndHashCode
295+
(documented in their Javadocs) — fb-contrib's IMC_NO_EQUALS check
296+
is therefore a false positive for both.
297+
-->
298+
<Match>
299+
<Or>
300+
<Class name="net.ladenthin.llama.CancellationToken"/>
301+
<Class name="net.ladenthin.llama.ChatTranscript"/>
302+
</Or>
303+
<Bug pattern="IMC_IMMATURE_CLASS_NO_EQUALS"/>
304+
</Match>
305+
306+
<!--
307+
TimingsLogger emits its events under the documented public logger name
308+
"net.ladenthin.llama.timings" (see CLAUDE.md > System Properties Reference
309+
and the README), NOT the FQN of the TimingsLogger class. That separation
310+
lets operators raise/lower the per-run-timing line independently of
311+
application logs. fb-contrib's LO_SUSPECT_LOG_CLASS detector flags any
312+
logger whose name does not match the enclosing class FQN; here the
313+
mismatch is the public contract.
314+
-->
315+
<Match>
316+
<Class name="net.ladenthin.llama.TimingsLogger"/>
317+
<Bug pattern="LO_SUSPECT_LOG_CLASS"/>
318+
</Match>
319+
320+
<!--
321+
Java8CompatibilityHelper.formatted is a thin wrapper around
322+
String.format that intentionally accepts runtime-supplied format
323+
strings — the helper exists precisely so that Java 11+'s
324+
String#formatted() can be used uniformly on the Java 8 baseline.
325+
fb-contrib's FORMAT_STRING_MANIPULATION fires on any non-literal
326+
format argument; the wrapper is the documented escape hatch.
327+
-->
328+
<Match>
329+
<Class name="net.ladenthin.llama.Java8CompatibilityHelper"/>
330+
<Bug pattern="FORMAT_STRING_MANIPULATION"/>
331+
<Method name="formatted"/>
332+
</Match>
333+
334+
<!--
335+
ToolHandler.invoke is the functional-interface contract for caller-
336+
supplied tool handlers. `throws Exception` is the right shape because
337+
the handler body is user code that can throw anything; LlamaModel's
338+
chatWithTools agent loop catches the broad Exception and reports it
339+
back to the model as a {"error":"..."} tool result rather than
340+
aborting the request. Narrowing the throws clause would force every
341+
handler implementation to wrap arbitrary checked exceptions for
342+
no behavioural benefit.
343+
-->
344+
<Match>
345+
<Class name="net.ladenthin.llama.ToolHandler"/>
346+
<Bug pattern="THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION"/>
347+
<Method name="invoke"/>
348+
</Match>
349+
350+
<!--
351+
ChatMessage.requireNonNull is a precondition guard whose only
352+
meaningful state to report is the parameter name itself (the value
353+
is null by definition at the throw point). fb-contrib's WEM detector
354+
recognises the static-string IllegalArgumentException as "weak", but
355+
there is no additional state-dependent context to add at this guard.
356+
-->
357+
<Match>
358+
<Class name="net.ladenthin.llama.ChatMessage"/>
359+
<Bug pattern="WEM_WEAK_EXCEPTION_MESSAGING"/>
360+
<Method name="requireNonNull"/>
361+
</Match>
362+
289363
</FindBugsFilter>

src/main/java/net/ladenthin/llama/LlamaModel.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,9 @@
4242
@ToString
4343
public class LlamaModel implements AutoCloseable {
4444

45+
private static final com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER =
46+
new com.fasterxml.jackson.databind.ObjectMapper();
47+
4548
static {
4649
LlamaLoader.initialize();
4750
}
@@ -697,9 +700,6 @@ public String getMetrics() {
697700
return handleSlotAction(0, 0, null);
698701
}
699702

700-
private static final com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER =
701-
new com.fasterxml.jackson.databind.ObjectMapper();
702-
703703
/**
704704
* Run {@link #complete(InferenceParameters)} constrained to the supplied JSON Schema
705705
* and deserialize the result into an instance of {@code type}. The schema is applied

src/main/java/net/ladenthin/llama/ModelParameters.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,6 @@
2323
@EqualsAndHashCode(callSuper = true)
2424
public final class ModelParameters extends CliParameters {
2525

26-
@EqualsAndHashCode.Exclude
27-
private final ParameterJsonSerializer serializer = new ParameterJsonSerializer();
28-
2926
private static final String ARG_FIT = "--fit";
3027
static final String ARG_POOLING = "--pooling";
3128
/** CLI value enabling {@code --fit} (automatic device-memory fitting). */
@@ -35,6 +32,9 @@ public final class ModelParameters extends CliParameters {
3532
/** Mirrors the llama.cpp default: {@code fit_params = true}. */
3633
public static final String DEFAULT_FIT_VALUE = FIT_ON;
3734

35+
@EqualsAndHashCode.Exclude
36+
private final ParameterJsonSerializer serializer = new ParameterJsonSerializer();
37+
3838
/** Creates a new {@link ModelParameters} with {@code --fit=on} preset. */
3939
public ModelParameters() {
4040
parameters.put(ARG_FIT, DEFAULT_FIT_VALUE);

0 commit comments

Comments
 (0)