{"id":29432371,"url":"https://github.com/sandec/jmemorybuddy","last_synced_at":"2026-03-07T03:02:07.562Z","repository":{"id":57730872,"uuid":"218610748","full_name":"Sandec/JMemoryBuddy","owner":"Sandec","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-29T19:23:29.000Z","size":440,"stargazers_count":50,"open_issues_count":1,"forks_count":3,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-28T09:02:26.394Z","etag":null,"topics":["java","javafx","memory-leaks","unittest"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sandec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-10-30T19:50:21.000Z","updated_at":"2025-04-12T01:09:19.000Z","dependencies_parsed_at":"2023-02-09T02:30:37.092Z","dependency_job_id":"28c6cbc4-cce6-4494-8757-cf8a2a35eaaf","html_url":"https://github.com/Sandec/JMemoryBuddy","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Sandec/JMemoryBuddy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sandec%2FJMemoryBuddy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sandec%2FJMemoryBuddy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sandec%2FJMemoryBuddy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sandec%2FJMemoryBuddy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sandec","download_url":"https://codeload.github.com/Sandec/JMemoryBuddy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sandec%2FJMemoryBuddy/sbom","scorecard":{"id":125821,"data":{"date":"2025-08-11","repo":{"name":"github.com/Sandec/JMemoryBuddy","commit":"63177eea0bd80aad21e6d4d5b50bda9aefbe5dd2"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 2/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Sandec/JMemoryBuddy/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Sandec/JMemoryBuddy/main.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T03:49:00.456Z","repository_id":57730872,"created_at":"2025-08-16T03:49:00.456Z","updated_at":"2025-08-16T03:49:00.456Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30206339,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"online","status_checked_at":"2026-03-07T02:00:06.765Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","javafx","memory-leaks","unittest"],"created_at":"2025-07-12T23:01:17.310Z","updated_at":"2026-03-07T03:02:07.527Z","avatar_url":"https://github.com/Sandec.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JMemoryBuddy\n![Build Status](https://github.com/Sandec/JMemoryBuddy/actions/workflows/main.yml/badge.svg)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/one.jpro/jmemorybuddy/badge.svg)](https://maven-badges.herokuapp.com/maven-central/one.jpro/jmemorybuddy)\n\nJMemoryBuddy provides an API to unit-test your code for memory leaks.\nIt also provides an API to monitor a running JVM for memory leaks.\nIt is used for internal projects at Sandec, especially for [JPro](https://www.jpro.one/). \nWe've made it public, so everyone can fix and test their code for memory leaks in a **professional** way.\n\n**Together we can fix all memory leaks in the world. :-)** \n\n## Dependency\nThe library is published at MavenCentral\n#### Maven \n```\n\u003cdependency\u003e\n  \u003cgroupId\u003eone.jpro\u003c/groupId\u003e\n  \u003cartifactId\u003eJMemoryBuddy\u003c/artifactId\u003e\n  \u003cversion\u003e0.5.6\u003c/version\u003e\n  \u003cscope\u003etest\u003c/scope\u003e\n\u003c/dependency\u003e\n```\n\n#### Gradle\n```\ndependencies {\n    compile \"one.jpro:JMemoryBuddy:0.5.6\"\n}\n```\n\n## How to use:\n\n#### Write unit tests for memory leaks!\n\nThe method `JMemoryBuddy.memoryTest` is the usual way to test for leaks with JMemoryBuddy.\nA typicial test might look like the following:\n```\n@Test\npublic void simpleTest() {\n    JMemoryBuddy.memoryTest(checker -\u003e {\n        A referenced = new A();\n        checker.setAsReferenced(referenced);\n        A notReferenced = new A();\n        checker.assertCollectable(notReferenced); // notReferenced should be collectable\n        checker.assertNotCollectable(referenced); // referenced should not be collectable\n    });\n}\n```\n\nThe lambda provided to the memory test method is executed only once. The provided argument named \"checker\" provides an API to declare how the memory semantic should be.\n| Method        |            |\n| ------------- |:-------------:|\n| assertCollectable(ref)     | After executing the lambda, the provided ref must be collectable. Otherwise, an exception is thrown. |\n| assertNotCollectable(ref)     | After executing the lambda, the provided ref must be not collectable. Otherwise, an exception is thrown. |\n| setAsReferenced(ref)     | The provided reference won't be collected, until memoryTest finishes all it's tests.|\n\n#### Other utility methods:\n\nYou can also use the method `assertCollectable` and `assertNotCollectable` to check whether a single WeakReference can be collected, but usually, the `memoryTest` method is prefered because it results in more elegant tests.\n\n\n#### Analyzing the heap dump:\nJMemoryBuddy makes it easy to analyze the heap dump because all problematic instances are wrapped inside a class with the name `AssertCollectable`. Just search your heap dump with your prefered tool for this class name:\n![visualvm](/screenshot-visualvm.png)\n\n\n\n\n\n## Configure JMemoryBuddy\n\nYou can configure VisualVM with SystemProperties:\n\n| Tables        | Effect           | Default  |\n| ------------- |:-------------:| -----:|\n| -Djmemorybuddy.createHeapDump    | Should a heap dump created on failure? | true |\n| -Djmemorybuddy.output    | The folder where the heap dump gets saved. | if target exists, then \"target\" otherwise \"build\" |\n\nThe following values usually shouldn't be changed but might be useful to make tests more stable or reduce the time required.\n| Tables        | Effect           | Default  |\n| ------------- |:-------------:| -----:|\n| -Djmemorybuddy.steps     | Maximum number of times we check whether something is collectable. You probably shouldn't change it. | 10 |\n| -Djmemorybuddy.testDuration | Maximum time in ms used to check whether something is collectable. You probably shouldn't change it. | 1000 |\n| -Djmemorybuddy.garbageAmount     | How much garbage is created to stimulate the garbage collector | 999999 |\n\n\n\n## Monitor running systems:\nMark references, where you know they can be collected:\n```\nJMemoryBuddyLive.markCollectable(\"description\",reference);\n```\nAfterwards you can create a report during runtime with details about leaks.\n```\nSystem.gc();\nJMemoryBuddyLive.getReport();\n```\nor search for AssertCollectableLive in a HeapDump.\nIf the referent of an AssertCollectableLive is reachable, then you have a memory leak.\nIt's especially interesting to see which leaks happen, if an application runs for severy hours, days, weeks or months. \n\n    \n## FAQ - Why is no one else writing unit-tests for memory leaks?\n\nThere are various reasons for this. By spec the command `System.gc()` doesn't have to do anything, \nThis makes it hard and undeterministic to test for collectability. Nevertheless, **JMemoryBuddy makes testing for memory leaks reliably!**. Currently, all known cases reliable and don't cause false-negative test results.\n\n* What can i do about SoftReferences? It's hard to check whether they are strongly reachable.\n\nYou can use the following JVM arugment: `-XX:SoftRefLRUPolicyMSPerMB=0`. With this argument, SoftReferences behave like WeakReferences.\n\n* I'm getting Leaking references during development, but not during production. What could be the reason?\n\nA common reason might be various debuging features of you IDE. If you use the debugger, the garbage collector doesn't work reliably anymore.\n\n## Real test samples:\n* [controlsfx](https://github.com/controlsfx/controlsfx/blob/master/controlsfx/src/test/java/org/controlsfx/control/action/TestActionUtils.java) - A simple test for a isolated JavaFX Components.\n* CSSFX ([1](https://github.com/McFoggy/cssfx/blob/master/src/test/java/fr/brouillard/oss/cssfx/test/TestMemoryLeaks.java), [2](https://github.com/McFoggy/cssfx/blob/master/src/test/java/fr/brouillard/oss/cssfx/test/TestURIRegistrar.java)) - Various tests to make sure that a listener based code base doesn't have unwanted changes to the memory semantics.\n* [JavaFX](https://github.com/openjdk/jfx/pull/204) - PR for JavaFX itself to simplify some of the existing tests for memory leaks.\n\n## Projects using JMemoryBuddy:\n* [jpro.one](https://jpro.one/) - aka JavaFX for the web\n* [controlsfx](https://github.com/controlsfx/controlsfx) - A very often used Library for JavaFX\n* [CSSFX](https://github.com/McFoggy/cssfx) - Every JavaFX Developer should use this library\n* [Your project?](https://github.com/Sandec/JMemoryBuddy/pulls)\n\n##### internal developer\npublish local:\n```\n./gradlew publishToMavenLocal\n```\n\npublish to sonatype:\n```\n./gradlew publishToSonatype closeAndReleaseStagingRepository\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandec%2Fjmemorybuddy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsandec%2Fjmemorybuddy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsandec%2Fjmemorybuddy/lists"}