Exoplayer: Checker Framework dependency leaked

Created on 10 May 2018 · 12Comments · Source: google/ExoPlayer

Issue description

ExoPlayer 2.8.0 (core) includes transitive dependency on checker framework

▶ ./gradlew app:dependencies --configuration debugRuntimeClasspath
Project not found, defaulting to app:assembleDebug
Parallel execution is an incubating feature.

> Task :app:dependencies

------------------------------------------------------------
Project :app
------------------------------------------------------------

debugRuntimeClasspath - Resolved configuration for runtime for variant: debug
...
--- com.google.android.exoplayer:exoplayer:2.8.0
|    +--- com.google.android.exoplayer:exoplayer-core:2.8.0
|    |    +--- com.android.support:support-annotations:27.0.0 -> 27.1.0
|    |    \--- org.checkerframework:checker-qual:2.5.0
|    +--- com.google.android.exoplayer:exoplayer-dash:2.8.0
|    |    +--- com.google.android.exoplayer:exoplayer-core:2.8.0 (*)
|    |    \--- com.android.support:support-annotations:27.0.0 -> 27.1.0
|    +--- com.google.android.exoplayer:exoplayer-hls:2.8.0
|    |    +--- com.android.support:support-annotations:27.0.0 -> 27.1.0
|    |    \--- com.google.android.exoplayer:exoplayer-core:2.8.0 (*)
|    +--- com.google.android.exoplayer:exoplayer-smoothstreaming:2.8.0
|    |    +--- com.google.android.exoplayer:exoplayer-core:2.8.0 (*)
|    |    \--- com.android.support:support-annotations:27.0.0 -> 27.1.0
|    \--- com.google.android.exoplayer:exoplayer-ui:2.8.0
|         +--- com.google.android.exoplayer:exoplayer-core:2.8.0 (*)
|         +--- com.android.support:support-media-compat:27.0.0 -> 27.1.0 (*)
|         \--- com.android.support:support-annotations:27.0.0 -> 27.1.0

Reproduction steps

Include Exoplayer 2.8.0. Issue became apparent to us when Lint complained:

Error: Invalid package reference in library; not included in Android: java.awt. Referenced from org.checkerframework.checker.signedness.SignednessUtil. [InvalidPackage]

Version of ExoPlayer being used

2.8.0

bug

Source

lwasylkowski

👍4

Most helpful comment

I don't think there is a 2.8.3. The latest release in the releases section is 2.8.1 and the issue was resolved for me in that release.

smw1218 on 23 Jun 2018

👍2

All 12 comments

We added the dependency to checkerframework for static code analysis and also needed to provide lint exclusions for our library. See here and here.

Unfortunately, it seems that these lint exclusions are not propagated when using the library in an app. Marking as a bug until we found out how to prevent this from happening.

In the meantime, if you want to prevent the lint error, please add the same lint exclusion as linked above to your app.

tonihei on 11 May 2018

I see, thanks for the quick response. I later realised that this probably is intentional on all fronts, even if it looks like a strange design choice for Checker Framework to not have a separate artifact for annotations.

Would it make sense to e.g. strip checker annotations from the resulting jar for the release builds?

lwasylkowski on 11 May 2018

I tried exactly that this morning by using gradle's compileOnly instead of implementation. This basically removes the dependency for all users of our library. Haven't been able to verify it actually helps yet.

tonihei on 11 May 2018

compileOnly should work, actually. I was just writing that excluding the checker framework dependency fixes things as well ({ exclude group: 'org.checkerframework' }), and this is the same thing but on the other side.

The only thing is that if ExoPlayer ever uses anything else from Checker Framework than annotations this will break the library at runtime, since afaik only (?) annotations, even with runtime retention, are harmless if they're not actually present in the runtime classpath.

lwasylkowski on 11 May 2018

Yes, I arrived at the same conclusion. We don't plan to ship anything else than their annotations, so hopefully this should be fine.

tonihei on 11 May 2018

👍1

Thanks for quick fix! @ojw28 I'm curious, is the reference to checker framework in proguard (-dontwarn org.checkerframework.**) still required in ExoPlayer? I see it's not removed in the fixes commit

lwasylkowski on 14 May 2018

Yes, it still seems to be required.

tonihei on 14 May 2018

Also closing this issue, as it seems to be fixed now.

tonihei on 14 May 2018

👍1

Any idea when this might make it into a release? I'm getting a dex error from this dependency and can't upgrade to 2.8.0:

Dex: Error converting bytecode to dex:
Cause: Dex cannot parse version 52 byte code.
This is caused by library dependencies that have been compiled using Java 8 or above.
If you are using the 'java' gradle plugin in a library submodule add
targetCompatibility = '1.7'
sourceCompatibility = '1.7'

... Caused by: com.android.dx.cf.iface.ParseException: bad class file magic (cafebabe) or version (0034.0000)

What went wrong:
Execution failed for task ':app:transformClassesWithDexForBetaDebug'.
> com.android.build.api.transform.TransformException: java.lang.RuntimeException: java.lang.RuntimeException: Unable to pre-dex '/Users/scott/.gradle/caches/modules-2/files-2.1/org.checkerframework/checker-qual/2.5.0/f03b9f07c2b002f35f81338e6cde3fc191b91951/checker-qual-2.5.0.jar' to '/build/intermediates/transforms/dex/beta/debug/folders/1000/10/checker-qual-2.5.0_b7d5c3b808d988e5828cf9fdb1bab6f55e2d9e55'

smw1218 on 14 May 2018

The fix will be in 2.8.1 (hopefully later this week).