Uploaded image for project: 'REEF (Retired)'
  1. REEF (Retired)
  2. REEF-2056

Invoking unexpected methods, due to dependency conflicts on org.ow2.asm:asm

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.16
    • 0.17
    • REEF Vortex
    • None

    Description

      Hi, in apache-reef-0.16.0 (reef-reef-project-0.16.0\lang\java\reef-applications\reef-vortex module), there are mulptiple versions of org.ow2.asm:asm.jar. However, according to Maven's dependency management strategy, only org.ow2.asm:asm:jar:4.2 can be loaded, and org.ow2.asm:asm:jar:5.0.3 will be shadowed.

      As shown in the following dependency tree, com.esotericsoftware:kryo:jar:3.0.3:compile expects to reference org.ow2.asm:asm:jar:5.0.3:compile. But due to dependency conflicts, Maven actually loads org.ow2.asm:asm:jar:4.2. As a result, com.esotericsoftware:kryo:jar:3.0.3:compile has to invoke the methods included in the unexpected version org.ow2.asm:asm:jar:4.2, which may cause inconsistent semantic behaviors.

      For instance, method org.apache.reef.vortex.common.KryoUtils.deserialize(byte[]) actually references method org.objectweb.asm.ClassReader.accept(org.objectweb.asm.ClassVisitor,org.objectweb.asm.Attribute[],int) in the unexpected version org.ow2.asm:asm:jar:4.2 via the following invocation path:

      <org.apache.reef.vortex.common.KryoUtils: java.lang.Object deserialize(byte[])> D:\testcase\NewProject3\reef-reef-project-0.16.0\lang\java\reef-applications\reef-vortex\target\classes

<com.esotericsoftware.kryo.Kryo: java.lang.Object readClassAndObject(com.esotericsoftware.kryo.io.Input)> D:\cEnvironment\repository\com\esotericsoftware\kryo\3.0.3\kryo-3.0.3.jar

<com.esotericsoftware.kryo.serializers.FieldSerializer: void setGenerics(com.esotericsoftware.kryo.Kryo,java.lang.Class[])> D:\cEnvironment\repository\com\esotericsoftware\kryo\3.0.3\kryo-3.0.3.jar

<com.esotericsoftware.kryo.serializers.FieldSerializer: void rebuildCachedFields(boolean)> D:\cEnvironment\repository\com\esotericsoftware\kryo\3.0.3\kryo-3.0.3.jar

<com.esotericsoftware.reflectasm.FieldAccess: com.esotericsoftware.reflectasm.FieldAccess get(java.lang.Class)> D:\cEnvironment\repository\com\esotericsoftware\reflectasm\1.10.1\reflectasm-1.10.1.jar

<org.objectweb.asm.ClassWriter: byte[] toByteArray()> D:\cEnvironment\repository\org\ow2\asm\asm\4.2\asm-4.2.jar

<org.objectweb.asm.ClassReader: void accept(org.objectweb.asm.ClassVisitor,int)> D:\cEnvironment\repository\org\ow2\asm\asm\4.2\asm-4.2.jar

<org.objectweb.asm.ClassReader: void accept(org.objectweb.asm.ClassVisitor,org.objectweb.asm.Attribute[],int)>

       

      By further analyzing, the expected callee org.objectweb.asm.ClassReader.accept(org.objectweb.asm.ClassVisitor,org.objectweb.asm.Attribute[],int) in shadowed version org.ow2.asm:asm:jar:5.0.3, have different implementations from the actual callees with the same signatures (same method names, same paremeters) included in the unexpected (but actual loaded) version org.ow2.asm:asm:jar:4.2, which leads to different behaviors.

      Solution:
      Use the newer version org.ow2.asm:asm:jar:5.0.3  to keep the version consistency.

       

      Thank you for attention,

      Best,

      Coco

       

      Dependency Tree-----

      [INFO] org.apache.reef:vortex:jar:0.16.0

      [INFO] +- org.apache.reef:reef-common:jar:0.16.0:compile

      [INFO] |  +- org.apache.reef:reef-annotations:jar:0.16.0:compile

      [INFO] |  +- org.apache.reef:reef-utils:jar:0.16.0:compile

      [INFO] |  |  +- javax.inject:javax.inject:jar:1:compile

      [INFO] |  |  - (net.jcip:jcip-annotations:jar:1.0:compile - omitted for duplicate)

      [INFO] |  +- com.google.protobuf:protobuf-java:jar:2.5.0:compile

      [INFO] |  +- org.apache.reef:wake:jar:0.16.0:compile

      [INFO] |  |  +- cglib:cglib:jar:3.1:compile

      [INFO] |  |  |  - org.ow2.asm:asm:jar:4.2:compile

      [INFO] |  |  +- io.netty:netty-all:jar:4.0.21.Final:compile

      [INFO] |  |  +- (com.google.protobuf:protobuf-java:jar:2.5.0:compile - omitted for duplicate)

      [INFO] |  |  +- (org.apache.reef:tang:jar:0.16.0:compile - omitted for duplicate)

      [INFO] |  |  - (net.jcip:jcip-annotations:jar:1.0:compile - omitted for duplicate)

      [INFO] |  +- org.apache.reef:tang:jar:0.16.0:compile

      [INFO] |  |  +- (com.google.protobuf:protobuf-java:jar:2.5.0:compile - omitted for duplicate)

      [INFO] |  |  +- commons-configuration:commons-configuration:jar:1.10:compile

      [INFO] |  |  |  +- commons-lang:commons-lang:jar:2.6:compile

      [INFO] |  |  |  - commons-logging:commons-logging:jar:1.1.1:compile

      [INFO] |  |  +- commons-cli:commons-cli:jar:1.2:compile

      [INFO] |  |  +- (javax.inject:javax.inject:jar:1:compile - omitted for duplicate)

      [INFO] |  |  - org.apache.avro:avro:jar:1.8.1:compile

      [INFO] |  |     +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile

      [INFO] |  |     +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile

      [INFO] |  |     |  - (org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile - omitted for duplicate)

      [INFO] |  |     +- com.thoughtworks.paranamer:paranamer:jar:2.7:compile

      [INFO] |  |     +- org.xerial.snappy:snappy-java:jar:1.1.1.3:compile

      [INFO] |  |     +- org.apache.commons:commons-compress:jar:1.8.1:compile

      [INFO] |  |     +- org.tukaani:xz:jar:1.5:compile

      [INFO] |  |     - org.slf4j:slf4j-api:jar:1.7.7:compile

      [INFO] |  +- net.jcip:jcip-annotations:jar:1.0:compile

      [INFO] |  +- org.apache.commons:commons-lang3:jar:3.3.2:compile

      [INFO] |  - com.google.code.findbugs:jsr305:jar:3.0.1:compile

      [INFO] +- junit:junit:jar:4.11:test

      [INFO] |  - org.hamcrest:hamcrest-core:jar:1.3:test

      [INFO] +- org.mockito:mockito-core:jar:1.9.5:test

      [INFO] |  +- (org.hamcrest:hamcrest-core:jar:1.1:test - omitted for conflict with 1.3)

      [INFO] |  - (org.objenesis:objenesis:jar:1.0:compile - scope updated from test; omitted for duplicate)

      [INFO] +- org.apache.reef:reef-runtime-local:jar:0.16.0:compile

      [INFO] |  - (org.apache.reef:reef-common:jar:0.16.0:compile - omitted for duplicate)

      [INFO] +- com.esotericsoftware:kryo-shaded:jar:3.0.3:compile

      [INFO] |  +- com.esotericsoftware:minlog:jar:1.3.0:compile

      [INFO] |  - org.objenesis:objenesis:jar:1.0:compile

      [INFO] - de.javakaffee:kryo-serializers:jar:0.37:compile

      [INFO]    +- com.esotericsoftware:kryo:jar:3.0.3:compile

      [INFO]    |  +- com.esotericsoftware:reflectasm:jar:1.10.1:compile

      [INFO]    |  |  - (org.ow2.asm:asm:jar:5.0.3:compile - omitted for conflict with 4.2)

      [INFO]    |  +- (com.esotericsoftware:minlog:jar:1.3.0:compile - omitted for duplicate)

      [INFO]    |  - (org.objenesis:objenesis:jar:2.1:compile - omitted for conflict with 1.0)

      [INFO]    - (com.google.protobuf:protobuf-java:jar:2.5.0:compile - version managed from 2.6.1; omitted for duplicate)

       

      Attachments

        1. attribute4.2.png
          30 kB
          Hello CoCooo
        2. attribute5.0.3.png
          35 kB
          Hello CoCooo

        Issue Links

          links to

          Web Link GitHub Pull Request #1489

          Activity

            People

              Unassigned Unassigned
              HelloCoCooo Hello CoCooo
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 40m
                  1h 40m