Skip to content

fix(#4708): resolve ArrayIndexOutOfBoundsException in debug mode for EoSyntax#4709

Merged
yegor256 merged 1 commit into
objectionary:masterfrom
volodya-lombrozo:4708-eo-parser-debug-fix
Dec 3, 2025
Merged

fix(#4708): resolve ArrayIndexOutOfBoundsException in debug mode for EoSyntax#4709
yegor256 merged 1 commit into
objectionary:masterfrom
volodya-lombrozo:4708-eo-parser-debug-fix

Conversation

@volodya-lombrozo

@volodya-lombrozo volodya-lombrozo commented Dec 3, 2025

Copy link
Copy Markdown
Member

This PR fixes an ArrayIndexOutOfBoundsException in EoSyntax when debug mode is enabled.

Fixes #4708

Summary by CodeRabbit

  • Tests

    • Added a test exercising parser behavior in debug/logging mode and lifecycle setup to preserve logger state.
  • Chores

    • Updated test logging dependencies and scopes.
    • Simplified error message formatting for clearer, less verbose logs.

✏️ Tip: You can customize this high-level summary in your review settings.

Copilot AI review requested due to automatic review settings December 3, 2025 11:26
@github-actions github-actions Bot added the core label Dec 3, 2025
@coderabbitai

coderabbitai Bot commented Dec 3, 2025

Copy link
Copy Markdown
Contributor

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Logging test dependencies were adjusted in eo-parser's POM, EoSyntax's error-summary log message was simplified, and a new test was added to verify parsing under DEBUG logging.

Changes

Cohort / File(s) Summary
Logging Dependencies
eo-parser/pom.xml
Added ch.qos.reload4j:reload4j:1.2.22 with <scope>test</scope> and set existing log4j dependency scope to test.
Error Message Format
eo-parser/src/main/java/org/eolang/parser/EoSyntax.java
Removed class-name placeholder from the error summary log message; message now reads: "The program of %d EO lines compiled with %d error(s)".
Debug Mode Test
eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java
Added @Execution(ExecutionMode.SAME_THREAD), logger level setup/teardown, and parsesSimpleCodeWithDebugMode() which sets logger to DEBUG and asserts parsing does not throw.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Pay attention to:
    • eo-parser/pom.xml — ensure test-scoped logging changes don't affect other modules.
    • EoSyntax.java — confirm log formatting arguments match the new message.
    • EoSyntaxTest.java — verify logger level is properly restored and the new test is stable under concurrency.

🐰 I hopped through code with a careful paw,
Scoped the logs to tests and fixed a flaw,
Trimmed a message, kept the count right,
Set debug bright — then tucked it from sight,
A tiny carrot of code, neat and light.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title clearly identifies the fix for ArrayIndexOutOfBoundsException in debug mode for EoSyntax, which aligns with the main objective and changes in the PR.
Linked Issues check ✅ Passed The PR fixes the ArrayIndexOutOfBoundsException in EoSyntax.parsed() by removing the problematic string formatting parameter that caused array index out of bounds.
Out of Scope Changes check ✅ Passed All changes (pom.xml dependency updates, EoSyntax.java error message fix, and test infrastructure) are directly related to resolving the debug mode ArrayIndexOutOfBoundsException.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4079ba8 and 2e4fb89.

📒 Files selected for processing (3)
  • eo-parser/pom.xml (1 hunks)
  • eo-parser/src/main/java/org/eolang/parser/EoSyntax.java (1 hunks)
  • eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java (4 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • eo-parser/src/main/java/org/eolang/parser/EoSyntax.java
  • eo-parser/pom.xml
🧰 Additional context used
🧬 Code graph analysis (1)
eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java (1)
eo-runtime/src/test/java/org/eolang/DataizedTest.java (1)
  • Execution (26-155)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
  • GitHub Check: Codacy Static Code Analysis
  • GitHub Check: integration
  • GitHub Check: mvn (macos-15, 23)
  • GitHub Check: mvn (windows-2022, 23)
  • GitHub Check: mvn (ubuntu-24.04, 23)
  • GitHub Check: mvn (ubuntu-24.04, 17)
  • GitHub Check: benchmark
  • GitHub Check: snippets
  • GitHub Check: trufflehog
  • GitHub Check: pr-size
  • GitHub Check: ort
  • GitHub Check: qulice
🔇 Additional comments (3)
eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java (3)

21-21: Per-test log level lifecycle is handled cleanly via JUnit hooks.

Capturing the current org.apache.log4j.Logger level in @BeforeEach and restoring it in @AfterEach avoids inline cleanup in tests and keeps logger state isolated per test instance, which aligns with earlier review feedback about not cleaning up at the end of test methods.

Also applies to: 59-74


41-42: SAME_THREAD execution is appropriate for tests mutating global logger state.

Annotating the class with @Execution(ExecutionMode.SAME_THREAD) is a good safeguard against intra-class races while tests change the EoSyntax logger level; just ensure your JUnit 5 parallel-execution configuration honors this annotation across the suite.

Also applies to: 56-56


97-112: New debug-mode test effectively guards against the original ArrayIndexOutOfBoundsException.

parsesSimpleCodeWithDebugMode() sets the EoSyntax logger to DEBUG, parses EO code known to produce errors, and asserts parsed() does not throw, which directly protects against regressions of the reported failure in debug mode.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Dec 3, 2025

Copy link
Copy Markdown
Contributor

🚀 Performance Analysis

All benchmarks are within the acceptable range. No critical degradation detected (threshold is 100%). Please refer to the detailed report for more information.

Click to see the detailed report
Test Base Score PR Score Change % Change Unit Mode
benchmarks.XmirBench.xmirToEO 173.203 191.218 18.015 10.40% ms/op Average Time

⚠️ Performance loss: benchmarks.XmirBench.xmirToEO is slower by 18.015 ms/op (10.40%)

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1c98ab2 and 4079ba8.

📒 Files selected for processing (3)
  • eo-parser/pom.xml (1 hunks)
  • eo-parser/src/main/java/org/eolang/parser/EoSyntax.java (1 hunks)
  • eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)
  • GitHub Check: CodeQL analysis (java)
  • GitHub Check: Agent
  • GitHub Check: Codacy Static Code Analysis
  • GitHub Check: integration
  • GitHub Check: qulice
  • GitHub Check: mvn (ubuntu-24.04, 17)
  • GitHub Check: mvn (windows-2022, 23)
  • GitHub Check: mvn (macos-15, 23)
  • GitHub Check: mvn (ubuntu-24.04, 23)
  • GitHub Check: ort
  • GitHub Check: trufflehog
  • GitHub Check: snippets
  • GitHub Check: benchmark
  • GitHub Check: pr-size
🔇 Additional comments (4)
eo-parser/pom.xml (1)

110-113: LGTM! Test scope is appropriate.

Restricting log4j to test scope is the correct approach, as it's only used in test code.

eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java (2)

21-21: LGTM! Import is necessary for the test.

The import is required for manipulating log levels in the test that verifies debug mode behavior.


75-92: Excellent test coverage for the bug fix!

The test effectively verifies that parsing doesn't throw an ArrayIndexOutOfBoundsException when debug logging is enabled. The test properly manages log level state by saving and restoring it.

eo-parser/src/main/java/org/eolang/parser/EoSyntax.java (1)

205-209: Perfect fix for the ArrayIndexOutOfBoundsException!

The root cause was a format string mismatch: the original message had three placeholders but only two arguments were provided. Removing the unused %s placeholder resolves the issue while preserving essential debugging information.

Comment thread eo-parser/pom.xml
Comment on lines +114 to 119
<dependency>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>1.2.22</version>
<scope>test</scope>
</dependency>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

curl -s "https://search.maven.org/solrsearch/select?q=g:ch.qos.reload4j+AND+a:reload4j&rows=10&wt=json" | jq -r '.response.docs[] | "\(.v)"' | sort -V | tail -10

Repository: objectionary/eo

Length of output: 174


🌐 Web query:

reload4j latest version security advisories

💡 Result:

Summary — latest release and security advisories

  • Latest release: reload4j ch.qos.reload4j:reload4j 1.2.26 (released Dec 15, 2024). [1]
  • Primary security advisories / known issues (and minimum fixed versions):
    • XML External Entity (XXE) injection — affects versions < 1.2.22; upgrade to ≥ 1.2.22 (recommend latest). [2][3]
    • Deserialization of untrusted data — CVE-2022-23307; fixed in ≥ 1.2.18.1. [2][4]
    • SQL injection (JDBCAppender) — CVE-2022-23305; fixed in ≥ 1.2.18.2. [2][5]
    • SMTP appender certificate host‑mismatch (MitM) — CVE-2020-9488; fixed in ≥ 1.2.18.3. [2][6]
  • Note: Snyk and other security trackers list these issues and mark 1.2.26 as the current non‑vulnerable release; some downstream vendors (e.g., IBM) have published bulletins referencing XXE impact in their products. Upgrade to 1.2.26 (or the latest patched release) and review your use of appenders (JMS/JDBC/SMTP/XML parsing) for exposure. [2][3][1][7]

Sources

  1. reload4j project site (latest release notes). [1]
  2. Snyk reload4j vulnerability summary (lists vulnerabilities and fixed versions). [2]
  3. Snyk advisory: XXE in reload4j (upgrade to ≥1.2.22). [3]
  4. Snyk / CVE-2022-23307 (deserialization). [4]
  5. Snyk / CVE-2022-23305 (SQL injection). [5]
  6. Snyk / CVE-2020-9488 (SMTP MitM). [6]
  7. IBM security bulletin referencing reload4j XXE impact. [7]

Would you like step-by-step upgrade guidance or a checklist to scan your codebase for vulnerable usages?


🌐 Web query:

ch.qos.reload4j:reload4j:1.2.22 security vulnerabilities

💡 Result:

Short answer: There are no widely reported direct vulnerabilities affecting ch.qos.reload4j:reload4j version 1.2.22. Version 1.2.22 was released to fix a newly discovered XML External Entity (XXE) issue in Chainsaw; security databases (Snyk) report the XXE as affecting versions before 1.2.22 and recommend upgrading to 1.2.22 or later. [1][2][3]

Sources

  • reload4j release notes / project page (notes that 1.2.22 fixes an XXE in Chainsaw). [1]
  • Snyk vulnerability entry for reload4j (XXE reported affecting versions < 1.2.22; recommends 1.2.22+). [2]
  • Maven / release metadata for 1.2.22. [3]

Update reload4j to version 1.2.26 (latest release).

Version 1.2.22 is secure and addresses known XXE vulnerabilities, but version 1.2.26 is now current (released Dec 15, 2024). Update the dependency version to 1.2.26 to align with the latest security patches and improvements.

🤖 Prompt for AI Agents
In eo-parser/pom.xml around lines 114 to 119 the reload4j test dependency is
pinned to version 1.2.22; update the <version> value to 1.2.26 to use the latest
release. Edit the dependency block and change the version element from 1.2.22 to
1.2.26, then run a quick mvn -q test to ensure no test-related regressions.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes an ArrayIndexOutOfBoundsException that occurred in EoSyntax when debug logging is enabled by correcting a format string mismatch in the debug log statement.

  • Removed an extra %s format specifier from the debug log message to match the number of arguments provided
  • Added a test case to verify the fix works correctly in debug mode
  • Updated test dependencies to include necessary logging libraries

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
eo-parser/src/main/java/org/eolang/parser/EoSyntax.java Fixed format string in debug log statement by removing extraneous %s specifier that was causing ArrayIndexOutOfBoundsException
eo-parser/src/test/java/org/eolang/parser/EoSyntaxTest.java Added test case parsesSimpleCodeWithDebugMode() to verify parsing works correctly when debug logging is enabled
eo-parser/pom.xml Added log4j and reload4j dependencies with test scope to support the new test case

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

syntax::parsed,
"EO syntax should not fail in debug mode when program has errors"
);
logger.setLevel(before);

Copilot AI Dec 3, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the project's coding guidelines, each test should end with an assertion with no code after it. The logger level restoration logger.setLevel(before) should be handled differently, such as using a try-finally block or JUnit's @AfterEach method to ensure proper cleanup without violating the test structure guideline.

Copilot generated this review using guidance from organization custom instructions.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@volodya-lombrozo this commetn of Copilot does make sense. Tests should not clean after themselves. Instead, they should only clean what's necessary before they start their execution.

Comment thread eo-parser/pom.xml
Comment on lines +115 to 120
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>1.2.22</version>
<scope>test</scope>
</dependency>
<dependency>

Copilot AI Dec 3, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reload4j dependency appears to be redundant because slf4j-reload4j (lines 104-108) already includes reload4j as a transitive dependency. Adding this explicit dependency could lead to version conflicts or confusion. If a specific version is required, it would be better to use dependency management to control the transitive version rather than adding a duplicate dependency.

Suggested change
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>1.2.22</version>
<scope>test</scope>
</dependency>
<dependency>

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to do it, however, I'm getting the following warning from qulice:

[WARNING] Used undeclared dependencies found:
        ch.qos.reload4j:reload4j:jar:1.2.22:test
[INFO] You can suppress this message by <exclude>dependencies:...</exclude> in pom.xml, where <...> is what the dependency name starts with (not a regular expression!)

@volodya-lombrozo

Copy link
Copy Markdown
Member Author

@yegor256 would you mind having a look?

@volodya-lombrozo
volodya-lombrozo force-pushed the 4708-eo-parser-debug-fix branch from 4079ba8 to 2e4fb89 Compare December 3, 2025 13:21
@volodya-lombrozo

Copy link
Copy Markdown
Member Author

@yegor256 could you take a look one more time, please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

EoSyntax fails when debug mode is enabled

3 participants