-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File handle to findsecbugs-plugin.jar is leaking #128
Comments
I have experienced similar problems with the spotbugs-maven-plugins. |
There is a fix in progress : spotbugs/spotbugs#591 |
Is this fixed? |
I'm still having the issue with sonar-findbugs 3.11.0 |
I did not do any advanced analysis.. Here is the code loading the plugin. I don't see any state kept in this class which could keep a reference to the file of the plugin. sonar-findbugs/src/main/java/org/sonar/plugins/findbugs/FindbugsExecutor.java Lines 271 to 278 in b7ca5dd
Could it be SpotBugs which is keeping some sort of cache or having a circular reference? Or is specifically FSB ? Heap analysis with VisualVM will likely help track this reference.. |
I know one case, is that, Windows uses cache and it keep file handle opened by JVM. Then In my understanding, SpotBugs has fixed this issue by the following commit, but we may miss other problem that still keeps handler in Windows. spotbugs/spotbugs@5f88794#diff-dad40536bc9bd97552925b9c1566a005R286 |
I guess that we probably need a fix like this? Is there anybody can reproduce this issue? diff --git a/spotbugs/src/main/java/edu/umd/cs/findbugs/PluginLoader.java b/spotbugs/src/main/java/edu/umd/cs/findbugs/PluginLoader.java
index f4112bb72..fbfe3c352 100644
--- a/spotbugs/src/main/java/edu/umd/cs/findbugs/PluginLoader.java
+++ b/spotbugs/src/main/java/edu/umd/cs/findbugs/PluginLoader.java
@@ -222,6 +222,9 @@ public class PluginLoader {
}
partiallyInitialized.add(this);
} else {
+ if (classLoader instanceof URLClassLoader) {
+ ((URLClassLoader) classLoader).setUseCaches(false);
+ }
loadPluginComponents();
Plugin.putPlugin(loadedFromUri, plugin);
} |
I'm having this exact issue with the sonarqube plugin, Is there a fix for this yet? Where do I go to add the .setUseCaches(false) ? |
I`m having same issue still today. Can not build Gradle project cause findsecbugs-plugin.jar is locked after SonarQube task ran. |
If you can reproduce this problem, try this patch and share the result if possible. |
I'm still having the same issue. I was interested to try this patch out but it won't compile. There's no setUseCaches method on URLClassLoader unfortunately. |
I'm still having the same issue :( |
Reproduced Plugin version: 3.1.1 |
If you run gradle with --no-daemon, it kills all JVM processes upon completion. This may work for a few use cases. |
I ran into that issue while working into another problem with Gradle and could reproduce it all the time. It would be great if anyone knowledgeable of the JVM internals could look into, maybe I completely misunderstood the problem. |
- RulesDefinitionXmlLoader is deprecated and will be dropped in SQ 10 - RulesDefinitionXmlLoader does not populate the OWASP categories and can't be extended (see spotbugs#392) - Loading/unloading the plugins dynamically from jar files leads to file leaks because SpotBugs does not close the classloaders (solves #128) - The Groovy scripts seem to need some fixes to work with Groovy 4
* deps: drop deprecated RulesDefinitionXmlLoader - RulesDefinitionXmlLoader is deprecated and will be dropped in SQ 10 - RulesDefinitionXmlLoader does not populate the OWASP categories and can't be extended (see #392) - Loading/unloading the plugins dynamically from jar files leads to file leaks because SpotBugs does not close the classloaders (solves #128) - The Groovy scripts seem to need some fixes to work with Groovy 4 * deps: removed usage of dependencies no longer provided The sonar-java-plugin is provided by the SonarQube server but not its transient dependencies - Removed usage of Guava - Replaced commons-lang usage by commons-lang3
* fix: close plugins at the end of the analysis We have copied the plugin jar in the project's build directory. Now we need to close the classloaders pointing to that jar so we do not prevent the deletion of the build folder. Fixes #128
A file handle to findsecbugs-plugin.jar is leaking.
When I run a SonarQube analysis with Gradle Scanner with activated Gradle Daemon on Windows and after the analysis is finished try to delete the
build/sonar/
folder, Windows is yelling at me that thefindsecbugs-plugin.jar
files for each project are in use.This means that the Findbugs plugin or Findbugs is leaking the reference to that JAR.
It would be nice if this would not be the case.
The text was updated successfully, but these errors were encountered: