Last winter I started a first attempt at identifying preservation risks in PDF files using the Apache Preflight PDF/A validator. This work was later followed up by others in two SPRUCE hackathons in Leeds (see this blog post by Peter Cliff) and London (described here). Much of this later work tacitly assumes that Apache Preflight is able to successfully identify features in PDF that are a potential risk for long-term access. This Wiki page on uses and abuses of Preflight (created as part of the final SPRUCE hackathon) even goes as far as stating that "Preflight is thorough and unforgiving (as it should be)". But what evidence do we have to support such claims? The only evidence that I'm aware of, are the results obtained from a small test corpus of custom-created PDFs. Each PDF in this corpus was created in such a way that it includes only one specific feature that is a potential preservation risk (e.g. encryption, non-embedded fonts, and so on). However, PDFs that exist 'in the wild' are usually more complex. Also, the PDF specification often allows you to implement similar features in subtly different ways. For these reasons, it is essential to obtain additional evidence of Preflight's ability to detect 'risky' features before relying on this tool in any operational setting.
Adobe Acrobat Engineering test files
Shortly after I completed my initial tests, Adobe released the Acrobat Engineering website, which contains a large volume of test documents that are used by Adobe for testing their products. Although the test documents are not fully annotated, they are subdivided into categories such as Multimedia & 3D Tests and Font tests. This makes these files particularly useful for additional tests on Preflight.
Methodology
The general methodology I used to analyse these files is identical to what I did in my 2012 report: first, each PDF was validated using Apache Preflight. As a control I also validated the PDFs with the Preflight component of Adobe Acrobat, using the PDF/A-1b profile. The table below lists the software versions used:
Software | Version |
---|---|
Apache Preflight | 2.0.0 |
Adobe Acrobat | 10.14 |
Acrobat Preflight | 10.1.3 (090) |
Re-analysis of PDF Cabinet of Horrors corpus
Because the current analysis is based on a more recent version of Apache Preflight than the one used in the 2012 report (which was 1.8.0), I first re-ran the analysis of the PDFs in the PDF Cabinet of Horrors corpus. The main results are reproduced here. The main differences with respect to that earlier version are:
- Apache Preflight now has an option to produce output in XML format (as suggested by William Palmer following the Leeds SPRUCE hackathon)
- Better reporting of non-embedded fonts (see also this issue)
- Unlike the earlier version, Preflight 2.0.0 does not give any meaningful output in case of encrypted and password-protected PDFs! This is probably a bug, for which I submitted a report here.
Analysis Acrobat Engineering PDFs
Since the Acrobat Engineering site hosts a lot of PDFs, I only focused on a limited subset for the current analysis:
- all files in the General section of the Font Testing category;
- all files in the Classic Multimedia section of the Multimedia & 3D Tests category.
The results are summarized in two tables (see next sections). For each analysed PDF, the table lists:
- the error(s) reported by Adobe Acrobat Preflight;
- the error code(s) reported by Apache Preflight (see Preflight's source code for a listing of all possible error codes);
- the error description(s) reported by Apache Preflight in the details output element.
For the sake of readability, the tables only list those error messages/codes that are directly related to font problems, multimedia, encryption and JavaScript. The full output for all tested files can be found here.
Fonts
The table below summarizes the results of the PDFs in the Font Testing category:
Test file | Acrobat Preflight error(s) | Apache Preflight Error Code(s) | Apache Preflight Details |
---|---|---|---|
EmbeddedCmap.pdf | Font not embedded (and text rendering mode not 3) ; Glyphs missing in embedded font | 3.1.3 | Invalid Font definition, FontFile entry is missing from FontDescriptor for HeiseiKakuGo-W5 |
TEXT.pdf | Font not embedded (and text rendering mode not 3); Glyphs missing in embedded font ; TrueType font has differences to standard encodings but is not a symbolic font; Wrong encoding for non-symbolic TrueType font | 3.1.5; 3.1.1; 3.1.2; 3.1.3; 3.2.4 | Invalid Font definition, The Encoding is invalid for the NonSymbolic TTF; Invalid Font definition, Some required fields are missing from the Font dictionary; Invalid Font definition, FontDescriptor is null or is a AFM Descriptor; Invalid Font definition, FontFile entry is missing from FontDescriptor for Arial,Italic (repeated for other fonts); Font damaged, The CharProcs references an element which can't be read |
Type3_WWW-HTML.PDF | – | 3.1.6 | Invalid Font definition, The character with CID"58" should have a width equals to 15.56599 (repeated for other fonts) |
embedded_fonts.pdf | Font not embedded (and text rendering mode not 3); Type 2 CID font: CIDToGIDMap invalid or missing | 3.1.9; 3.1.11 | Invalid Font definition; Invalid Font definition, The CIDSet entry is missing for the Composite Subset |
embedded_pm65.pdf | – | 3.1.6 | Invalid Font definition, Width of the character "110" in the font program "HKPLIB+AdobeCorpID-MyriadRg"is inconsistent with the width in the PDF dictionary (repeated for other font) |
notembedded_pm65.pdf | Font not embedded (and text rendering mode not 3); Glyphs missing in embedded font | 3.1.3 | Invalid Font definition, FontFile entry is missing from FontDescriptor for TimesNewRoman (repeated for other fonts) |
printtestfont_nonopt.pdf* | ICC profile is not valid; ICC profile is version 4.0 or newer; ICC profile uses invalid color space;ICC profile uses invalid type | – | Preflight throws exception (exceptionThrown), exits with message 'Invalid ICC Profile Data' |
printtestfont_opt.pdf* | ICC profile is not valid; ICC profile is version 4.0 or newer; ICC profile uses invalid color space; ICC profile uses invalid type | – | Preflight throws exception (exceptionThrown), exits with message 'Invalid ICC Profile Data' |
substitution_fonts.pdf | Font not embedded (and text rendering mode not 3) | 3.1.1; 3.1.2; 3.1.3 | Invalid Font definition, Some required fields are missing from the Font dictionary; Invalid Font definition, FontDescriptor is null or is a AFM Descriptor; Invalid Font definition, FontFile entry is missing from FontDescriptor for Souvenir-Light (repeated for other fonts) |
text_images_pdf1.2.pdf | Font not embedded (and text rendering mode not 3); Glyphs missing in embedded font; Width information for rendered glyphs is inconsistent | 3.1.1; 3.1.2 | Invalid Font definition, Some required fields are missing from the Font dictionary; Invalid Font definition, FontDescriptor is null or is a AFM Descriptor |
* As this document doesn't appear to have any font-related issues it's unclear why it is in the Font Testing category. Errors related to ICC profiles reproduced here because of relevance to Apache Preflight exception.
General observations
An intercomparison between the results of Acrobat Preflight and Apache Preflight shows that Apache Preflight's output may vary in case of non-embedded fonts. In most cases it produces error code 3.1.3 (as was the case with the PDF Cabinet of Horrors dataset), but other errors in the 3.1.x range may occur as well. The 3.1.6 "character width" error is something that was also encountered during the London SPRUCE Hackathon, and according to the information here this is most likely the result of the PDF/A specification not being particularly clear. So, this looks like a non-serious error that can be safely ignored in most cases.
Multimedia
The next table shows the results for Multimedia & 3D Tests category:
Test file | Acrobat Preflight error(s) | Apache Preflight Error Code(s) | Apache Preflight Details |
---|---|---|---|
20020402_CALOS.pdf | – | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
Disney-Flash.pdf | Contains action of type JavaScript; Document contains JavaScripts; Document contains additional actions (AA); Font not embedded (and text rendering mode not 3); Form field does not have appearance dict; Form field has actions; Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia-related errors; Preflight did report syntax and body syntax error |
Jpeg_linked.pdf | Document is encrypted; Encrypt key present in file trailer; Named action with a value other than standard page navigation used; Incorrect annotation type used (not allowed in PDF/A); Font not embedded (and text rendering mode not 3) | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
MultiMedia_Acro6.pdf | Document is encrypted; EmbeddedFiles entry in Names dictionary; Encrypt key present in file trailer; PDF contains EF (embedded file) entry; Incorrect annotation type used (not allowed in PDF/A) | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
MusicalScore.pdf | CIDset in subset font is incomplete; CIDset in subset font missing; Contains action of type JavaScript; Document contains JavaScripts; Document contains additional actions (AA); Font not embedded (and text rendering mode not 3); Form field has actions; Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry; Type 2 CID font: CIDToGIDMap invalid or missing | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
SVG-AnnotAnim.pdf | Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry | 5.2.1; 1.2.9 | Forbidden field in an annotation definition, The subtype isn't authorized : SVG; Body Syntax error, EmbeddedFile entry is present in a FileSpecification dictionary |
SVG.pdf | Contains action of type JavaScript; Document contains JavaScripts; Font not embedded (and text rendering mode not 3); Form field has actions; PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
ScriptEvents.pdf | Contains action of type JavaScript; Document contains JavaScripts; Font not embedded (and text rendering mode not 3); Form field has actions; Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
Service Form_media.pdf | Contains action of type JavaScript; Contains action of type ResetForm; Document contains JavaScripts; Document contains additional actions (AA); Font not embedded (and text rendering mode not 3); Glyphs missing in embedded font; Incorrect annotation type used (not allowed in PDF/A); Named action with a value other than standard page navigation used; PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
Trophy.pdf | Contains action of type JavaScript; Document contains JavaScripts; Font not embedded (and text rendering mode not 3); Form field has actions; Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
VolvoS40V50-Full.pdf | Preflight exits with: "An error occurred while parsing a contents stream. Unable to analyze the PDF file" | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
gXsummer2004-stream.pdf | File cannot be loaded in Acrobat (damaged file) | 1.0; 1.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
phlmapbeta7.pdf | Document contains additional actions (AA); Font not embedded (and text rendering mode not 3); Incorrect annotation type used (not allowed in PDF/A); PDF contains EF (embedded file) entry | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
us_population.pdf | Preflight exits with: "An error occurred while parsing a contents stream. Unable to analyze the PDF file" | 1.0; 1.2.1 | No multimedia, font or encryption-related errors; Preflight did report syntax and body syntax error |
movie.pdf | Incorrect annotation type used (not allowed in PDF/A) | 5.2.1 | Forbidden field in an annotation definition, The subtype isn't authorized : Movie |
movie_down1.pdf | Incorrect annotation type used (not allowed in PDF/A) | 5.2.1 | Forbidden field in an annotation definition, The subtype isn't authorized : Movie |
remotemovieurl.pdf | Font not embedded (and text rendering mode not 3); Incorrect annotation type used (not allowed in PDF/A) | 5.2.1; 3.1.1; 3.1.2; 3.1.3 | Forbidden field in an annotation definition, The subtype isn't authorized : Movie; Invalid Font definition, Some required fields are missing from the Font dictionary; Invalid Font definition, FontDescriptor is null or is a AFM Descriptor; Invalid Font definition, FontFile entry is missing from FontDescriptor for Arial |
General observations
The results from the Multimedia PDFs are interesting for several reasons. First of all, these files include a wide variety of 'risky' features, such as multimedia content, embedded files, JavaScript, non-embedded fonts and encryption. These were successfully identified by Acrobat Preflight in most cases. Apache Preflight, on the other hand, only reported non-specific and fairly uninformative errors (1.0 + 1.2.1) for 12 out of 17 files. Even though Preflight was correct in establishing that these files were not valid PDF/A-1b, it wasn't able to drill down to the level of specific features for the majority of these files.
Looking more into detail at those 1.0 and 1.2.1 errors, the detailed description of most of them is:
Syntax error, Expected pattern 'obj but missed at character 'o'
To me it looks like Preflight doesn't correctly parse the binary structure of the PDF. Opening a few of the problematic PDFs revealed that the object identifiers in these files were followed immediately by the object contents, e.g:
32 0 obj<</Kids[33 0 R]>>
endobj
whereas more commonly they are separated by a line terminator, like this:
32 0 obj
<</Kids[33 0 R]>>
endobj
As far as I'm aware neither the PDF specification nor PDF/A have anything to say about line endings in this case, so my best guess is that this is simply a bug that results in the file not being fully parsed. I submitted a bug report for this issue here.
Summary and conclusions
The re-analysis of the PDF Cabinet of Horrors corpus, and the subsequent analysis of a sub-set of the Adobe Acrobat Engineering PDFs shows a number of things. First, Apache Preflight 2.0.0 does not properly identify encryption and password-protection. This looks like a bug that is probably easily fixed. Second, the analysis of the Font Testing PDFs from the Acrobat Engineering site revealed that non-embedded fonts may result in a variety of error codes in Apache Preflight (assuming here that the Acrobat Preflight results are accurate). So, when using Apache Preflight to check font embedding, it's probably a good idea to treat all font-related errors (perhaps with the exception of character width errors) as a potential risk. The more complex PDFs in the Multimedia category proved to be quite challenging to Apache Preflight: for most files here, it was not able to identify specific features such as multimedia content, embedded files, JavaScript and non-embedded fonts. A cursory analysis of some of the failed files suggests that this is probably a bug that results in Apache Preflight not being able to parse the file structure correctly. Keeping in mind that he specificity of Preflight's validation output already improved considerably since version 1.8.0, a fix of both this issue and the encryption problem would probably result in another significant improvement. In the meantime, it's important to keep the expectations about the tool's capabilities realistic, in order to avoid some potential unintended misuses.
Links
-
Full Acrobat Preflight and Apache Preflight output for all tested files (Github)
-
Identification of PDF preservation risks with Apache Preflight: a first impression
pixelatedpete
July 29, 2013 @ 12:22 PM Europe/Berlin
Andy, if you will use niche products like Apple Preview what do you expect? 🙂
Yes, that set are a sub-set of those we worked on in the last SPRUCE event. All validate (using one validator) as PDF/A-1b and generate errors using Apache Preflight.
Knowing if something renders correctly or not using thumbnails sounds like a good approach and is something being worked on albeit in a different context. Also, tools that detect common error artifacts (blank bits of the document, lots of small character size boxes where there should be characters, etc.) in PDFs shouldn't be beyond the realms of possiblity. One curious error I came across working at the Bodleian (with the Planets documenation no less!) was that the documents rendered fine on screen, but didn't print correctly, so we might need to ask ourselves how far we go with this…
The question of errors in the original and what to do with them is an interesting one and I think the answers have to come from the communities in question. Ask the curators – do you want this error fixed? Only they know the answers because only they know why the collection is important.
If a set of PDFs are examples of just how easy it is to break the PDF spec then the errors probably matter. However if the PDF format and its foibles entirely irrelevant to the collection and it could just as easily be Word or EPUB then validation errors in rendering pages are not important but the order of the words and the whitespace is…
I'll stop now before I say 'designated community defined significant properties'. Oh. Damn. 🙂
pixelatedpete
July 29, 2013 @ 12:06 PM Europe/Berlin
Seems to me this scenario (3) implies that the PDFs are access copies.
Deposit libraries then should really be angling for both the "original source" and a generated copy? However I am not convinced that'll happen and I suspect there are many flavours of (standards-compliant or otherwise) source documents…
Maybe we can just get everyone to use EPUB3?
ecochrane
July 29, 2013 @ 10:32 AM Europe/Berlin
Hi Johan,
Good point. The tool would definitely be useful for archives/libraries to use if they set standards for donors/transferring agencies to use when creating content to go into the archive, and publishers are a great example of where this might happen. Also, the tool would be good for publishers to use themselves to ensure they are making compliant files, if they want to do that.
Cheers,
Euan
johan
July 29, 2013 @ 10:24 AM Europe/Berlin
Hi Euan,
Actually apart from scenarios 1 and 2 there's a third one: consider an "error" that was part of the original object due to some mistake in a publisher's production workflow. This is something I've seen a couple of times myself. Publishers are often able to provide corrected versions of those files when asked. They do this by simply re-generating them from the original source documents, and there's no need for any complex fixes or migrations whatsoever. Needless to say this option is only available while the original publisher is still around, and I imagine it may be more problematic for older publications. Which makes it all the more important to try detecting such issues in a timely fashion.
Cheers,
Johan
ecochrane
July 29, 2013 @ 2:18 AM Europe/Berlin
Your last paragraph reminds me of an important point to be made about/raised by the issue of rendering and "errors" in files: the "errors" discussed above are probably only (problematic/real) errors if they were introduced after object was created and changed the way the object is rendered. It seems reasonable to assume that anything else is just part of the object.
Knowing that "errors" exist in files is not very useful if you don't know whether they were part of the original object or not (as you don't know whether they need to be preserved or should be "fixed"). And if they were part of the original object, then it is also not that useful to know about them, as in most situations the "errors" will likely need to be preserved as part of the object and the only option that seems practical for preserving such objects, emulation, is, for the most part, agnostic to those "errors", i.e. the errors aren't something that would cause an unnusual problem for an emulation based approach so its not realy important to even be aware of them.
The reason I suggest emulation is the only option that seems practical in such cases, is because attempting to preserve the objects by migrating content from the file(s) to new (a) file(s) starts to seem awfully complicated or impossible when you consider the need to replicate "errors" in the new (presumably) industry standard files that (presumably) don't support those errors. In other words, to preserve the "errors" using a migration/normalisation based approach you would need to have a format to move the content to that supported maintaining those "errors" and that seems (almost by definition) rather unlikely.
So it seems (to me) that the only times the "errors" matter is if:
(1.) is one of the reasons why this work is important but (2.) seems to be a use-case/scenario that will turn out to be very rare because of the difficulty and expense involved in attempting to take this approach.