FindBugs (1.2.1-dev-20070506) Analysis for glassfish-v2-b43

FindBugs Analysis generated at: Thu, 19 Apr 2007 17:14:56 -0400

Package	Code Size	Bugs	Bugs p1	Bugs p2
Overall (2365 packages), (34039 classes)	2176122	4967	271	4696
	301	5		5
com.sun.activation.registries	562	5		5
com.sun.activation.viewers	193	8	1	7
com.sun.appserv	113	1		1
com.sun.appserv.management.alert	192	2		2
com.sun.appserv.management.base	956	4		4
com.sun.appserv.management.client	697	5		5
com.sun.appserv.management.client.handler	517	9		9
com.sun.appserv.management.client.prefs	262	2		2
com.sun.appserv.management.deploy	297	4		4
com.sun.appserv.management.event	177	1		1
com.sun.appserv.management.ext.wsmgmt	331	8		8
com.sun.appserv.management.helper	1018	10		10
com.sun.appserv.management.j2ee.statistics	693	6		6
com.sun.appserv.management.util.j2ee	103	2		2
com.sun.appserv.management.util.j2ee.stringifier	56	1		1
com.sun.appserv.management.util.jmx	2595	26		26
com.sun.appserv.management.util.jmx.stringifier	522	1		1
com.sun.appserv.management.util.misc	2537	32		32
com.sun.appserv.management.util.stringifier	366	1		1
com.sun.appserv.naming	309	2		2
com.sun.appserv.security	328	1		1
com.sun.appserv.server	503	6		6
com.sun.appserv.server.util	359	5		5
com.sun.appserv.util.cache	877	3		3
com.sun.appserv.web.cache	274	5		5
com.sun.appserv.web.cache.filter	324	5		5
com.sun.appserv.web.cache.mapping	371	5		5
com.sun.appserv.web.taglibs.cache	270	6		6
com.sun.ejb	573	6		6
com.sun.ejb.base.sfsb	313	3		3
com.sun.ejb.base.sfsb.initialization	191	4		4
com.sun.ejb.base.sfsb.util	410	3		3
com.sun.ejb.base.stats	1217	6		6
com.sun.ejb.codegen	2300	9		9
com.sun.ejb.containers	10169	74	1	73
com.sun.ejb.containers.builder	162	2		2
com.sun.ejb.containers.interceptors	455	1		1
com.sun.ejb.containers.util	282	7		7
com.sun.ejb.containers.util.cache	1521	34		34
com.sun.ejb.containers.util.pool	656	5		5
com.sun.ejb.portable	164	5	1	4
com.sun.ejb.spi.distributed	189	2		2
com.sun.el.parser	3072	50		50
com.sun.enterprise	625	1		1
com.sun.enterprise.addon	177	2		2
com.sun.enterprise.addons	864	18		18
com.sun.enterprise.addons.util	61	1		1
com.sun.enterprise.admin	442	3		3
com.sun.enterprise.admin.alert	202	5		5
com.sun.enterprise.admin.common	2124	26		26
com.sun.enterprise.admin.common.domains.registry	461	5	1	4
com.sun.enterprise.admin.common.exception	210	1		1
com.sun.enterprise.admin.config	1173	18		18
com.sun.enterprise.admin.configbeans	148	2		2
com.sun.enterprise.admin.dottedname.valueaccessor	229	3		3
com.sun.enterprise.admin.event	4006	20		20
com.sun.enterprise.admin.jmx.remote	297	10		10
com.sun.enterprise.admin.jmx.remote.comm	361	2		2
com.sun.enterprise.admin.jmx.remote.http	51	1		1
com.sun.enterprise.admin.jmx.remote.https	212	1		1
com.sun.enterprise.admin.jmx.remote.internal	639	2		2
com.sun.enterprise.admin.jmx.remote.server.callers	456	4		4
com.sun.enterprise.admin.jmx.remote.server.notification	327	5		5
com.sun.enterprise.admin.jmx.remote.server.rmi	286	3		3
com.sun.enterprise.admin.jmx.remote.server.servlet	103	2		2
com.sun.enterprise.admin.mbeans	6425	38		38
com.sun.enterprise.admin.mbeans.custom	542	4		4
com.sun.enterprise.admin.mbeans.custom.loading	296	4		4
com.sun.enterprise.admin.mbeans.jvm	376	1		1
com.sun.enterprise.admin.meta	1653	14		14
com.sun.enterprise.admin.meta.naming	607	3	1	2
com.sun.enterprise.admin.monitor	958	6		6
com.sun.enterprise.admin.monitor.callflow	3235	12	1	11
com.sun.enterprise.admin.monitor.jndi	147	2		2
com.sun.enterprise.admin.monitor.registry.spi	2775	14		14
com.sun.enterprise.admin.monitor.registry.spi.reconfig	851	2		2
com.sun.enterprise.admin.monitor.stats.lb	882	2	1	1
com.sun.enterprise.admin.monitor.stats.spi	482	9		9
com.sun.enterprise.admin.monitor.types	38	4		4
com.sun.enterprise.admin.monitor.util	56	1		1
com.sun.enterprise.admin.runtime	173	1		1
com.sun.enterprise.admin.selfmanagement.configuration	62	4		4
com.sun.enterprise.admin.selfmanagement.event	2881	25		25
com.sun.enterprise.admin.server.core	1361	10		10
com.sun.enterprise.admin.server.core.channel	914	12		12
com.sun.enterprise.admin.server.core.jmx	847	6		6
com.sun.enterprise.admin.server.core.jmx.tester	147	2		2
com.sun.enterprise.admin.server.core.mbean.config	4708	26	2	24
com.sun.enterprise.admin.server.core.mbean.config.naming	439	2		2
com.sun.enterprise.admin.server.core.mbean.meta	504	4		4
com.sun.enterprise.admin.server.core.servlet	273	5		5
com.sun.enterprise.admin.servermgmt	1703	28	4	24
com.sun.enterprise.admin.servermgmt.launch	1609	16		16
com.sun.enterprise.admin.servermgmt.pe	1487	5		5
com.sun.enterprise.admin.servermgmt.util	39	1		1
com.sun.enterprise.admin.snmp	42	1		1
com.sun.enterprise.admin.target	385	3	1	2
com.sun.enterprise.admin.util	1947	18		18
com.sun.enterprise.admin.util.jmx	233	4		4
com.sun.enterprise.admin.verifier	335	4		4
com.sun.enterprise.admin.verifier.tests	1081	15		15
com.sun.enterprise.admin.wsmgmt	555	2		2
com.sun.enterprise.admin.wsmgmt.agent	130	2	1	1
com.sun.enterprise.admin.wsmgmt.lifecycle	336	3		3
com.sun.enterprise.admin.wsmgmt.lifecycle.reconfig	198	2		2
com.sun.enterprise.admin.wsmgmt.msg	396	1		1
com.sun.enterprise.admin.wsmgmt.registry	826	16		16
com.sun.enterprise.admin.wsmgmt.repository.impl	252	1		1
com.sun.enterprise.admin.wsmgmt.stats.impl	259	10		10
com.sun.enterprise.appclient	1737	19		19
com.sun.enterprise.appclient.jws	1972	25	2	23
com.sun.enterprise.appclient.jws.boot	303	3		3
com.sun.enterprise.cli.commands	5697	50	1	49
com.sun.enterprise.cli.commands.monitor	1725	20	1	19
com.sun.enterprise.cli.framework	2593	18		18
com.sun.enterprise.config	987	15	3	12
com.sun.enterprise.config.backup	562	6		6
com.sun.enterprise.config.backup.util	948	13		13
com.sun.enterprise.config.clientbeans	1461	10	10
com.sun.enterprise.config.impl	694	11	2	9
com.sun.enterprise.config.serverbeans	18498	47	36	11
com.sun.enterprise.config.serverbeans.validation	2087	25		25
com.sun.enterprise.config.serverbeans.validation.tests	855	6		6
com.sun.enterprise.config.util	88	1		1
com.sun.enterprise.connectors	3152	14	2	12
com.sun.enterprise.connectors.authentication	241	5		5
com.sun.enterprise.connectors.inflow	320	10		10
com.sun.enterprise.connectors.inflow.monitor	86	5		5
com.sun.enterprise.connectors.system	1216	15		15
com.sun.enterprise.connectors.util	2283	10		10
com.sun.enterprise.connectors.work	426	2		2
com.sun.enterprise.connectors.work.monitor	160	1		1
com.sun.enterprise.ddgenerator.sun	207	2		2
com.sun.enterprise.deployapi	1465	16	4	12
com.sun.enterprise.deployapi.actions	31	2		2
com.sun.enterprise.deployment	12209	43	2	41
com.sun.enterprise.deployment.annotation	103	1		1
com.sun.enterprise.deployment.annotation.context	384	1		1
com.sun.enterprise.deployment.annotation.factory	91	1		1
com.sun.enterprise.deployment.annotation.handlers	2077	7		7
com.sun.enterprise.deployment.annotation.impl	740	6		6
com.sun.enterprise.deployment.annotation.introspection	160	3		3
com.sun.enterprise.deployment.archivist	1490	4		4
com.sun.enterprise.deployment.autodeploy	1235	15		15
com.sun.enterprise.deployment.backend	3994	26		26
com.sun.enterprise.deployment.client	1194	7		7
com.sun.enterprise.deployment.io	386	1		1
com.sun.enterprise.deployment.node	2430	20		20
com.sun.enterprise.deployment.node.connector	517	7		7
com.sun.enterprise.deployment.node.ejb	979	4		4
com.sun.enterprise.deployment.node.runtime	1421	2		2
com.sun.enterprise.deployment.node.runtime.application	89	2		2
com.sun.enterprise.deployment.node.runtime.web	605	1		1
com.sun.enterprise.deployment.phasing	2721	13		13
com.sun.enterprise.deployment.runtime.common	264	1		1
com.sun.enterprise.deployment.util	1724	10		10
com.sun.enterprise.diagnostics	750	5		5
com.sun.enterprise.diagnostics.collect	1444	26		26
com.sun.enterprise.diagnostics.report.html	1195	14		14
com.sun.enterprise.diagnostics.util	552	6	1	5
com.sun.enterprise.distributedtx	1467	9		9
com.sun.enterprise.iiop	2866	38	2	36
com.sun.enterprise.iiop.security	1973	23	3	20
com.sun.enterprise.instance	2531	19		19
com.sun.enterprise.jbi	140	1		1
com.sun.enterprise.jbi.serviceengine.install	220	1		1
com.sun.enterprise.jms	319	11		11
com.sun.enterprise.launcher	431	9		9
com.sun.enterprise.loader	879	13	4	9
com.sun.enterprise.logging	50	2		2
com.sun.enterprise.management.agent	1048	6	1	5
com.sun.enterprise.management.config	3456	29		29
com.sun.enterprise.management.deploy	362	3		3
com.sun.enterprise.management.ext.lb	135	1		1
com.sun.enterprise.management.ext.logging	301	3		3
com.sun.enterprise.management.j2ee	816	1	1
com.sun.enterprise.management.model	1251	18	1	17
com.sun.enterprise.management.monitor	899	4		4
com.sun.enterprise.management.monitor.stats	250	3		3
com.sun.enterprise.management.offline	1048	6		6
com.sun.enterprise.management.selfmanagement	643	7	2	5
com.sun.enterprise.management.selfmanagement.reconfig	119	4		4
com.sun.enterprise.management.support	6006	38	2	36
com.sun.enterprise.management.support.oldconfig	1689	2		2
com.sun.enterprise.management.util	1141	7		7
com.sun.enterprise.naming	2072	11		11
com.sun.enterprise.naming.factory	100	3		3
com.sun.enterprise.naming.java	164	2		2
com.sun.enterprise.repository	1115	4		4
com.sun.enterprise.resource	5449	16		16
com.sun.enterprise.resource.monitor	405	3		3
com.sun.enterprise.security	2363	20		20
com.sun.enterprise.security.acl	360	3		3
com.sun.enterprise.security.application	491	6	1	5
com.sun.enterprise.security.auth.login	467	7		7
com.sun.enterprise.security.auth.realm.file	396	5		5
com.sun.enterprise.security.authorize	81	1		1
com.sun.enterprise.security.factory	117	1		1
com.sun.enterprise.security.jauth	1422	4		4
com.sun.enterprise.security.jmac	224	5		5
com.sun.enterprise.security.jmac.callback	384	1	1
com.sun.enterprise.security.jmac.config	1681	24		24
com.sun.enterprise.security.provider	908	5		5
com.sun.enterprise.security.store	316	2		2
com.sun.enterprise.security.web	292	1		1
com.sun.enterprise.server	4472	34	1	33
com.sun.enterprise.server.logging	1746	26		26
com.sun.enterprise.server.logging.logviewer.backend	444	7		7
com.sun.enterprise.server.logging.stats	160	3		3
com.sun.enterprise.server.ondemand	799	8	3	5
com.sun.enterprise.server.ss	563	7	2	5
com.sun.enterprise.server.ss.provider	1207	25		25
com.sun.enterprise.tools.common	425	8		8
com.sun.enterprise.tools.common.dd	1765	5		5
com.sun.enterprise.tools.common.dd.application	254	1		1
com.sun.enterprise.tools.common.dd.connector	526	2		2
com.sun.enterprise.tools.common.dd.ejb	3173	6		6
com.sun.enterprise.tools.common.dd.webapp	2508	12		12
com.sun.enterprise.tools.common.dd.webapp.data	1343	16		16
com.sun.enterprise.tools.common.properties	493	9		9
com.sun.enterprise.tools.common.ui	318	2		2
com.sun.enterprise.tools.common.util	612	18		18
com.sun.enterprise.tools.common.util.diagnostics	696	4		4
com.sun.enterprise.tools.common.util.zip	276	3		3
com.sun.enterprise.tools.launcher	1013	11		11
com.sun.enterprise.tools.upgrade	338	11		11
com.sun.enterprise.tools.upgrade.certconversion	1214	25		25
com.sun.enterprise.tools.upgrade.cli	179	9		9
com.sun.enterprise.tools.upgrade.cluster	440	3		3
com.sun.enterprise.tools.upgrade.common	2750	25		25
com.sun.enterprise.tools.upgrade.common.arguments	452	22		22
com.sun.enterprise.tools.upgrade.deployment	465	5		5
com.sun.enterprise.tools.upgrade.gui	2669	33		33
com.sun.enterprise.tools.upgrade.miscconfig	844	3		3
com.sun.enterprise.tools.upgrade.realm	210	2		2
com.sun.enterprise.tools.upgrade.transform	430	5		5
com.sun.enterprise.tools.upgrade.transform.elements	1291	7		7
com.sun.enterprise.tools.verifier	2366	46		46
com.sun.enterprise.tools.verifier.apiscan.classfile	1061	3		3
com.sun.enterprise.tools.verifier.apiscan.packaging	416	5		5
com.sun.enterprise.tools.verifier.apiscan.stdapis	357	3	1	2
com.sun.enterprise.tools.verifier.ejb	172	1		1
com.sun.enterprise.tools.verifier.gui	785	13	8	5
com.sun.enterprise.tools.verifier.tests	615	3		3
com.sun.enterprise.tools.verifier.tests.app	552	2		2
com.sun.enterprise.tools.verifier.tests.appclient	405	7		7
com.sun.enterprise.tools.verifier.tests.connector	547	4	1	3
com.sun.enterprise.tools.verifier.tests.dd	343	2		2
com.sun.enterprise.tools.verifier.tests.ejb	1243	18	1	17
com.sun.enterprise.tools.verifier.tests.ejb.beanclass	200	1		1
com.sun.enterprise.tools.verifier.tests.ejb.businessmethod	378	3		3
com.sun.enterprise.tools.verifier.tests.ejb.ejb30	463	3		3
com.sun.enterprise.tools.verifier.tests.ejb.elements	471	5	1	4
com.sun.enterprise.tools.verifier.tests.ejb.entity	691	9		9
com.sun.enterprise.tools.verifier.tests.ejb.entity.cmp	305	8		8
com.sun.enterprise.tools.verifier.tests.ejb.entity.cmp2	734	6		6
com.sun.enterprise.tools.verifier.tests.ejb.entity.createmethod	383	5		5
com.sun.enterprise.tools.verifier.tests.ejb.entity.ejbcreatemethod	525	8		8
com.sun.enterprise.tools.verifier.tests.ejb.entity.ejbfindbyprimarykey	381	8		8
com.sun.enterprise.tools.verifier.tests.ejb.entity.ejbfindermethod	535	11		11
com.sun.enterprise.tools.verifier.tests.ejb.entity.ejbpostcreatemethod	390	8		8
com.sun.enterprise.tools.verifier.tests.ejb.entity.findbyprimarykey	187	3		3
com.sun.enterprise.tools.verifier.tests.ejb.entity.findermethod	376	8		8
com.sun.enterprise.tools.verifier.tests.ejb.entity.pkmultiplefield	262	10		10
com.sun.enterprise.tools.verifier.tests.ejb.entity.pksinglefield	104	3		3
com.sun.enterprise.tools.verifier.tests.ejb.entity.primarykeyclass	324	6		6
com.sun.enterprise.tools.verifier.tests.ejb.homeintf	374	2		2
com.sun.enterprise.tools.verifier.tests.ejb.homeintf.remotehomeintf	167	1		1
com.sun.enterprise.tools.verifier.tests.ejb.intf	252	1		1
com.sun.enterprise.tools.verifier.tests.ejb.intf.localintf	74	1		1
com.sun.enterprise.tools.verifier.tests.ejb.intf.remoteintf	114	1		1
com.sun.enterprise.tools.verifier.tests.ejb.messagebean	217	2		2
com.sun.enterprise.tools.verifier.tests.ejb.runtime	1078	33	2	31
com.sun.enterprise.tools.verifier.tests.ejb.runtime.beancache	216	15		15
com.sun.enterprise.tools.verifier.tests.ejb.runtime.beanpool	206	16		16
com.sun.enterprise.tools.verifier.tests.ejb.runtime.resource	190	5	2	3
com.sun.enterprise.tools.verifier.tests.ejb.session	537	5		5
com.sun.enterprise.tools.verifier.tests.ejb.session.createmethod	393	7		7
com.sun.enterprise.tools.verifier.tests.ejb.session.ejbcreatemethod	446	9		9
com.sun.enterprise.tools.verifier.tests.ejb.session.stateless	168	4		4
com.sun.enterprise.tools.verifier.tests.ejb.timer	47	1		1
com.sun.enterprise.tools.verifier.tests.web	2525	27		27
com.sun.enterprise.tools.verifier.tests.web.runtime	1029	18	2	16
com.sun.enterprise.tools.verifier.tests.webservices	946	12	1	11
com.sun.enterprise.tools.verifier.tests.wsclients	293	3		3
com.sun.enterprise.tools.verifier.web	377	7		7
com.sun.enterprise.tools.verifier.webservices	38	2		2
com.sun.enterprise.tools.verifier.wsclient	47	1		1
com.sun.enterprise.transaction	357	5	1	4
com.sun.enterprise.transaction.monitor	381	9		9
com.sun.enterprise.util	5485	40		40
com.sun.enterprise.util.collection	1598	14	3	11
com.sun.enterprise.util.diagnostics	1265	12	1	11
com.sun.enterprise.util.i18n	117	1		1
com.sun.enterprise.util.io	864	8	1	7
com.sun.enterprise.util.net	194	2		2
com.sun.enterprise.util.pool	727	4		4
com.sun.enterprise.util.scheduler	164	3		3
com.sun.enterprise.util.sync	165	4		4
com.sun.enterprise.util.threadpool	198	2		2
com.sun.enterprise.util.zip	353	3		3
com.sun.enterprise.web	7337	37	2	35
com.sun.enterprise.web.ara	268	3		3
com.sun.enterprise.web.ara.algorithms	69	1		1
com.sun.enterprise.web.ara.rules	260	3	1	2
com.sun.enterprise.web.connector.coyote	416	1		1
com.sun.enterprise.web.connector.extension	100	1		1
com.sun.enterprise.web.connector.grizzly	4929	23	3	20
com.sun.enterprise.web.connector.grizzly.async	217	1		1
com.sun.enterprise.web.connector.grizzly.comet	740	5		5
com.sun.enterprise.web.connector.grizzly.ssl	1076	6		6
com.sun.enterprise.web.connector.grizzly.standalone	194	3		3
com.sun.enterprise.web.deploy	188	1		1
com.sun.enterprise.web.monitor.impl	196	2		2
com.sun.enterprise.web.portunif	394	3		3
com.sun.enterprise.web.portunif.util	144	3		3
com.sun.enterprise.web.reconfig	273	2		2
com.sun.enterprise.web.stats	1183	4		4
com.sun.enterprise.web.util	205	4		4
com.sun.enterprise.webservice	4071	86	5	81
com.sun.enterprise.webservice.codegen	349	3		3
com.sun.enterprise.webservice.monitoring	812	8	1	7
com.sun.gjc.spi	1113	9		9
com.sun.grizzly.cometd	247	7		7
com.sun.grizzly.cometd.bayeux	371	3		3
com.sun.grizzly.cometd.servlet	60	3		3
com.sun.grizzly.cometd.standalone	113	3		3
com.sun.jdo.api.persistence.enhancer	877	6		6
com.sun.jdo.api.persistence.enhancer.classfile	3169	14	4	10
com.sun.jdo.api.persistence.enhancer.generator	511	10	5	5
com.sun.jdo.api.persistence.enhancer.impl	2005	11	2	9
com.sun.jdo.api.persistence.enhancer.util	617	3		3
com.sun.jdo.api.persistence.mapping.ejb	1281	31	1	30
com.sun.jdo.api.persistence.model	761	1		1
com.sun.jdo.api.persistence.model.jdo.impl	438	16		16
com.sun.jdo.api.persistence.model.mapping.impl	1004	9		9
com.sun.jdo.api.persistence.model.util	1340	2		2
com.sun.jdo.api.persistence.support.util	401	2		2
com.sun.jdo.spi.persistence.generator.database	1278	44		44
com.sun.jdo.spi.persistence.support.ejb.cmp	517	4	1	3
com.sun.jdo.spi.persistence.support.ejb.ejbc	3298	5		5
com.sun.jdo.spi.persistence.support.ejb.ejbqlc	7396	5		5
com.sun.jdo.spi.persistence.support.ejb.model	252	5		5
com.sun.jdo.spi.persistence.support.sqlstore	2510	13		13
com.sun.jdo.spi.persistence.support.sqlstore.connection	1545	14		14
com.sun.jdo.spi.persistence.support.sqlstore.database	470	1		1
com.sun.jdo.spi.persistence.support.sqlstore.database.oracle	183	1		1
com.sun.jdo.spi.persistence.support.sqlstore.impl	2951	25		25
com.sun.jdo.spi.persistence.support.sqlstore.model	1511	17		17
com.sun.jdo.spi.persistence.support.sqlstore.query	284	1		1
com.sun.jdo.spi.persistence.support.sqlstore.query.jqlc	11857	7		7
com.sun.jdo.spi.persistence.support.sqlstore.query.util.type	529	21		21
com.sun.jdo.spi.persistence.support.sqlstore.sco	1151	14	6	8
com.sun.jdo.spi.persistence.support.sqlstore.sql	759	7		7
com.sun.jdo.spi.persistence.support.sqlstore.sql.concurrency	122	3		3
com.sun.jdo.spi.persistence.support.sqlstore.sql.constraint	210	3		3
com.sun.jdo.spi.persistence.support.sqlstore.sql.generator	2181	5		5
com.sun.jdo.spi.persistence.support.sqlstore.state	541	1		1
com.sun.jdo.spi.persistence.support.sqlstore.utility	317	2		2
com.sun.jdo.spi.persistence.utility	895	8		8
com.sun.jdo.spi.persistence.utility.logging	595	12		12
com.sun.jndi.url.corbaname	163	3		3
com.sun.jts.CosTransactions	9218	235	23	212
com.sun.jts.jta	777	9		9
com.sun.jts.jtsxa	619	12		12
com.sun.jts.otsidl	1213	34		34
com.sun.jts.pi	529	10		10
com.sun.jts.trace	122	1		1
com.sun.jts.utils.RecoveryHooks	102	7		7
com.sun.mail.iap	696	1		1
com.sun.mail.imap	3232	20		20
com.sun.mail.imap.protocol	2373	1		1
com.sun.mail.pop3	789	3		3
com.sun.mail.util	1152	2		2
com.sun.web.security	1867	15		15
javax.activation	1278	8		8
javax.el	826	2		2
javax.enterprise.deploy.spi.status	34	1		1
javax.jms	472	3		3
javax.mail	2142	6		6
javax.mail.internet	3575	13	1	12
javax.mail.util	277	2		2
javax.resource.spi	270	1		1
javax.resource.spi.work	123	1		1
javax.security.auth.message	82	1		1
javax.security.jacc	931	19		19
javax.servlet	465	1		1
javax.servlet.http	636	1		1
javax.servlet.jsp.jstl.core	448	1	1
javax.servlet.jsp.jstl.tlv	184	7		7
javax.servlet.jsp.tagext	613	4	1	3
oracle.toplink.essentials.descriptors	3701	24	10	14
oracle.toplink.essentials.descriptors.copying	128	2		2
oracle.toplink.essentials.ejb.cmp3.persistence	523	4		4
oracle.toplink.essentials.exceptions	4794	11	1	10
oracle.toplink.essentials.expressions	2802	186		186
oracle.toplink.essentials.indirection	826	7		7
oracle.toplink.essentials.internal.databaseaccess	3018	33		33
oracle.toplink.essentials.internal.descriptors	1738	22	1	21
oracle.toplink.essentials.internal.ejb.cmp3	904	5		5
oracle.toplink.essentials.internal.ejb.cmp3.base	1484	9		9
oracle.toplink.essentials.internal.ejb.cmp3.metadata	1545	13	9	4
oracle.toplink.essentials.internal.ejb.cmp3.metadata.accessors	1525	4		4
oracle.toplink.essentials.internal.ejb.cmp3.metadata.listeners	240	10	1	9
oracle.toplink.essentials.internal.ejb.cmp3.metadata.sequencing	117	3	3
oracle.toplink.essentials.internal.ejb.cmp3.transaction.base	363	2		2
oracle.toplink.essentials.internal.ejb.cmp3.xml.accessors	512	6	6
oracle.toplink.essentials.internal.ejb.cmp3.xml.parser	297	2		2
oracle.toplink.essentials.internal.expressions	3818	13		13
oracle.toplink.essentials.internal.helper	4347	29		29
oracle.toplink.essentials.internal.identitymaps	1247	16	1	15
oracle.toplink.essentials.internal.indirection	722	3		3
oracle.toplink.essentials.internal.parsing	3758	11		11
oracle.toplink.essentials.internal.queryframework	3706	25	1	24
oracle.toplink.essentials.internal.security	419	4		4
oracle.toplink.essentials.internal.sequencing	657	3		3
oracle.toplink.essentials.internal.sessions	5817	44	3	41
oracle.toplink.essentials.internal.weaving	903	13	1	12
oracle.toplink.essentials.logging	853	4		4
oracle.toplink.essentials.mappings	5724	48	17	31
oracle.toplink.essentials.mappings.converters	347	3	1	2
oracle.toplink.essentials.platform.database	1923	81		81
oracle.toplink.essentials.platform.database.oracle	261	8		8
oracle.toplink.essentials.platform.xml	400	3		3
oracle.toplink.essentials.platform.xml.jaxp	262	1		1
oracle.toplink.essentials.queryframework	3851	14	7	7
oracle.toplink.essentials.sequencing	532	7	4	3
oracle.toplink.essentials.sessions	2186	6		6
oracle.toplink.essentials.threetier	714	5		5
oracle.toplink.essentials.tools.schemaframework	1824	2		2
oracle.toplink.essentials.transaction	333	2		2
oracle.toplink.essentials.weaving	308	1		1
oracle.toplink.libraries.asm	2362	3		3
oracle.toplink.libraries.asm.attrs	708	3		3
org.apache.catalina	1082	3		3
org.apache.catalina.authenticator	1043	6	2	4
org.apache.catalina.core	10567	52	3	49
org.apache.catalina.loader	2094	8		8
org.apache.catalina.logger	298	1		1
org.apache.catalina.mbeans	3069	24	1	23
org.apache.catalina.realm	1984	6		6
org.apache.catalina.servlets	3191	21		21
org.apache.catalina.session	2910	20	1	19
org.apache.catalina.ssi	1518	2		2
org.apache.catalina.startup	3475	20		20
org.apache.catalina.util	2913	14	1	13
org.apache.catalina.valves	1765	14		14
org.apache.coyote.http11	1700	4	1	3
org.apache.coyote.tomcat5	4794	18		18
org.apache.jasper	1539	8	1	7
org.apache.jasper.compiler	11990	29		29
org.apache.jasper.runtime	2377	7		7
org.apache.jasper.servlet	544	6		6
org.apache.jasper.util	247	1		1
org.apache.jasper.xmlparser	2805	1		1
org.apache.naming.factory	317	3	1	2
org.apache.naming.java	17	1		1
org.apache.naming.resources	1957	8		8
org.apache.taglibs.standard.extra.spath	1655	27		27
org.apache.taglibs.standard.lang.jstl	1998	3		3
org.apache.taglibs.standard.lang.jstl.parser	1744	46		46
org.apache.taglibs.standard.lang.jstl.test	548	5		5
org.apache.taglibs.standard.tag.common.core	981	6		6
org.apache.taglibs.standard.tag.common.sql	568	2		2
org.apache.taglibs.standard.tlv	645	48		48
org.apache.tomcat.util	495	6		6
org.apache.tomcat.util.buf	2381	15		15
org.apache.tomcat.util.collections	474	11		11
org.apache.tomcat.util.handler	74	3		3
org.apache.tomcat.util.http	1500	3		3
org.apache.tomcat.util.http.mapper	746	4		4
org.apache.tomcat.util.mx	212	1		1
org.apache.tomcat.util.net.jsse	531	3		3
org.apache.tomcat.util.threads	587	9		9
org.apache.tools.ant.taskdefs.optional.sun.appserv	1574	10		10
persistence.antlr	15746	94	2	92
persistence.antlr.actions.cpp	1165	1	1
persistence.antlr.actions.csharp	1170	1	1
persistence.antlr.actions.java	1136	1	1
persistence.antlr.collections.impl	507	12	1	11
persistence.antlr.debug	1396	20		20
persistence.antlr.debug.misc	114	2	1	1
persistence.antlr.preprocessor	1606	20	2	18

SA / SA_LOCAL_SELF_COMPARISON

This method compares a local variable with itself, and may indicate a typo or a logic error. Make sure that you are comparing the right things.

UG / UG_SYNC_SET_UNSYNC_GET

This class contains similarly-named get and set methods where the set method is synchronized and the get method is not. This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object. The get method should be made synchronized.

Nm / NM_FIELD_NAMING_CONVENTION

Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.

SA / SA_LOCAL_DOUBLE_ASSIGNMENT

This method contains a double assignment of a local variable; e.g.

  public void foo() {
    int x,y;
    x = x = 17;
  }

Assigning the same value to a variable twice is useless, and may indicate a logic error or typo.

UPM / UPM_UNCALLED_PRIVATE_METHOD

This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.

SF / SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH

A value stored in the previous switch case is overwritten here due to a switch fall through. It is likely that you forgot to put a break or return at the end of the previous case.

FI / FI_FINALIZER_ONLY_NULLS_FIELDS

This finalizer does nothing except null out fields. This is completely pointless, and requires that the object be garbage collected, finalized, and then garbage collected again. You should just remove the finalize method.

Eq / EQ_COMPARETO_USE_OBJECT_EQUALS

This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.

From the JavaDoc for the compareTo method in the Comparable interface:

It is strongly recommended, but not strictly required that (x.compareTo(y)==0) == (x.equals(y)). Generally speaking, any class that implements the Comparable interface and violates this condition should clearly indicate this fact. The recommended language is "Note: this class has a natural ordering that is inconsistent with equals."

ODR / ODR_OPEN_DATABASE_RESOURCE

The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.

Bx / DM_NUMBER_CTOR

Using new Integer(int) is guaranteed to always result in a new object whereas Integer.valueOf(int) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.

Values between -128 and 127 are guaranteed to have corresponding cached instances and using valueOf is approximately 3.5 times faster than using constructor. For values outside the constant range the performance of both styles is the same.

Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Long, Integer, Short, Character, and Byte.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE

This method contains a redundant check of a known null value against the constant null.

SIC / SIC_INNER_SHOULD_BE_STATIC

This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.

FI / FI_FINALIZER_NULLS_FIELDS

This finalizer nulls out fields. This is usually an error, as it does not aid garbage collection, and the object is going to be garbage collected anyway.

IA / IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD

An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. By the Java semantics, it will be resolved to invoke the inherited method, but this may not be want you intend. If you really intend to invoke the inherited method, invoke it by invoking the method on super (e.g., invoke super.foo(17)), and thus it will be clear to other readers of your code and to FindBugs that you want to invoke the inherited method, not the method in the outer class.

ES / ES_COMPARING_PARAMETER_STRING_WITH_EQ

This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.

Dm / DMI_COLLECTION_OF_URLS

This method or field is or uses a Map or Set of URLs. Since both the equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit. See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information. Consider using java.net.URI instead.

Dm / DM_STRING_VOID_CTOR

Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "". Java guarantees that identical string constants will be represented by the same String object. Therefore, you should just use the empty string constant directly.

Nm / NM_METHOD_NAMING_CONVENTION

Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.

RR / SR_NOT_CHECKED

This method ignores the return value of java.io.InputStream.skip() which can skip multiple bytes. If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were skipped than the caller requested. This is a particularly insidious kind of bug, because in many programs, skips from input streams usually do skip the full amount of data requested, causing the program to fail only sporadically. With Buffered streams, however, skip() will only skip data in the buffer, and will routinely fail to skip the requested number of bytes.

NP / NP_NULL_PARAM_DEREF_NONVIRTUAL

A possibly-null value is passed to a method which unconditionally dereferences it. This will almost certainly result in a null pointer exception.

RV / RV_RETURN_VALUE_IGNORED

The return value of this method should be checked. One common cause of this warning is to invoke a method on an immutable object, thinking that it updates the object. For example, in the following code fragment,

String dateString = getHeaderField(name);
dateString.trim();

the programmer seems to be thinking that the trim() method will update the String referenced by dateString. But since Strings are immutable, the trim() function returns a new String value, which is being ignored here. The code should be corrected to:

String dateString = getHeaderField(name);
dateString = dateString.trim();

IP / IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN

The initial value of this parameter is ignored, and the parameter is overwritten here. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller.

DP / DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED

This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.

ES / ES_COMPARING_STRINGS_WITH_EQ

This code compares java.lang.String objects for reference equality using the == or != operators. Unless both strings are either constants in a source file, or have been interned using the String.intern() method, the same string value may be represented by two different String objects. Consider using the equals(Object) method instead.

SA / SA_FIELD_SELF_COMPARISON

This method compares a field with itself, and may indicate a typo or a logic error. Make sure that you are comparing the right things.

UW / UW_UNCOND_WAIT

This method contains a call to java.lang.Object.wait() which is not guarded by conditional control flow. The code should verify that condition it intends to wait for is not already satisfied before calling wait; any previous notifications will be ignored.

INT / INT_VACUOUS_COMPARISON

There is an integer comparison that always returns the same value (e.g., x <= Integer.MAX_VALUE).

UwF / UWF_UNWRITTEN_FIELD

This field is never written. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.

BC / BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS

The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this.

CN / CN_IDIOM_NO_SUPER_CALL

This non-final class defines a clone() method that does not call super.clone(). If this class ("A") is extended by a subclass ("B"), and the subclass B calls super.clone(), then it is likely that B's clone() method will return an object of type A, which violates the standard contract for clone().

If all clone() methods call super.clone(), then they are guaranteed to use Object.clone(), which always returns an object of the correct type.

Nm / NM_METHOD_CONSTRUCTOR_CONFUSION

This regular method has the same name as the class it is defined in. It is likely that this was intended to be a constructor. If it was intended to be a constructor, remove the declaration of a void return value. If you had accidently defined this method, realized the mistake, defined a proper constructor but can't get rid of this method due to backwards compatibility, deprecate the method.

ML / ML_SYNC_ON_UPDATED_FIELD

This method synchronizes on an object references from a mutable field. This is unlikely to have useful semantics, since different threads may be synchronizing on different objects.

Dm / DM_GC

Code explicitly invokes garbage collection. Except for specific use in benchmarking, this is very dubious.

In the past, situations where people have explicitly invoked the garbage collector in routines such as close or finalize methods has led to huge performance black holes. Garbage collection can be expensive. Any situation that forces hundreds or thousands of garbage collections will bring the machine to a crawl.

Bx / BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION

A primitive boxed value constructed and then immediately converted into a different primitive type (e.g., new Double(d).intValue()). Just perform direct primitive coercion (e.g., (int) d).

UrF / URF_UNREAD_FIELD

This field is never read. Consider removing it from the class.

NP / NP_NULL_INSTANCEOF

This instanceof test will always return false, since the value being checked is guaranteed to be null. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

NP / NP_LOAD_OF_KNOWN_NULL_VALUE

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.

Dm / DMI_BLOCKING_METHODS_ON_URL

The equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit. See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information. Consider using java.net.URI instead.

IM / IM_BAD_CHECK_FOR_ODD

The code uses x % 2 == 1 to check to see if a value is odd, but this won't work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.

SWL / SWL_SLEEP_WITH_LOCK_HELD

This method calls Thread.sleep() with a lock held. This may result in very poor performance and scalability, or a deadlock, since other threads may be waiting to acquire the lock. It is a much better idea to call wait() on the lock, which releases the lock and allows other threads to run.

IS / IS2_INCONSISTENT_SYNC

The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that

The class contains a mix of locked and unlocked accesses,
At least one locked access was performed by one of the class's own methods, and
The number of unsynchronized field accesses (reads and writes) was no more than one third of all accesses, with writes being weighed twice as high as reads

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.

CN / CN_IDIOM

Class implements Cloneable but does not define or use the clone method.

Se / SE_COMPARATOR_SHOULD_BE_SERIALIZABLE

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

DE / DE_MIGHT_IGNORE

This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

DMI / DMI_INVOKING_TOSTRING_ON_ARRAY

The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.

FI / FI_MISSING_SUPER_CALL

This finalize() method does not make a call to its superclass's finalize() method. So, any finalizer actions defined for the superclass will not be performed. Add a call to super.finalize().

NP / NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE

A reference value which is null on some exception control path is dereferenced here. This may lead to a NullPointerException when the code is executed. The value may be null because it was return from a method which is known to return possibly-null values.

FI / FI_EMPTY

Empty finalize() methods are useless, so they should be deleted.

Dm / DM_EXIT

Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.

DC / DC_DOUBLECHECK

This method may contain an instance of double-checked locking. This idiom is not correct according to the semantics of the Java memory model. For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.

NN / NN_NAKED_NOTIFY

A call to notify() or notifyAll() was made without any (apparent) accompanying modification to mutable object state. In general, calling a notify method on a monitor is done because some condition another thread is waiting for has become true. However, for the condition to be meaningful, it must involve a heap object that is visible to both threads.

This bug does not necessarily indicate an error, since the change to mutable object state may have taken place in a method which then called the method containing the notification.

UwF / UWF_NULL_FIELD

All writes to this field are of the constant value null, and thus all reads of the field will return null. Check for errors, or remove it if it is useless.

OS / OS_OPEN_STREAM

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method. This may result in a file descriptor leak. It is generally a good idea to use a finally block to ensure that streams are closed.

UL / UL_UNRELEASED_LOCK_EXCEPTION_PATH

This method acquires a JSR-166 (java.util.concurrent) lock, but does not release it on all exception paths out of the method. In general, the correct idiom for using a JSR-166 lock is:

    Lock l = ...;
    l.lock();
    try {
        // do something
    } finally {
        l.unlock();
    }

EC / EC_BAD_ARRAY_COMPARE

This method invokes the .equals(Object o) method on an array. Since arrays do not override the equals method of Object, calling equals on an array is the same as comparing their addresses. To compare the contents of the arrays, use java.util.Arrays.equals(Object[], Object[]).

Se / SE_BAD_FIELD

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods. Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

SA / SA_LOCAL_SELF_ASSIGNMENT

This method contains a self assignment of a local variable; e.g.

  public void foo() {
    int x = 3;
    x = x;
  }

Such assignments are useless, and may indicate a logic error or typo.

REC / REC_CATCH_EXCEPTION

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

UR / UR_UNINIT_READ

This constructor reads a field which has not yet been assigned a value. This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.

Eq / EQ_SELF_USE_OBJECT

This class defines a covariant version of the equals() method, but inherits the normal equals(Object) method defined in the base java.lang.Object class. The class should probably define a non-covariant version of equals(). (I.e., a method with the signature boolean equals(java.lang.Object).

Nm / NM_CLASS_NOT_EXCEPTION

This class is not derived from another exception, but ends with 'Exception'. This will be confusing to users of this class.

RR / RR_NOT_CHECKED

This method ignores the return value of one of the variants of java.io.InputStream.read() which can return multiple bytes. If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were read than the caller requested. This is a particularly insidious kind of bug, because in many programs, reads from input streams usually do read the full amount of data requested, causing the program to fail only sporadically.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

This method contains a redundant check of a known non-null value against the constant null.

FI / FI_EXPLICIT_INVOCATION

This method contains an explicit invocation of the finalize() method on an object. Because finalizer methods are supposed to be executed once, and only by the VM, this is a bad idea.

If a connected set of objects beings finalizable, then the VM will invoke the finalize method on all the finalizable object, possibly at the same time in different threads. Thus, it is a particularly bad idea, in the finalize method for a class X, invoke finalize on objects referenced by X, because they may already be getting finalized in a separate thread.

SS / SS_SHOULD_BE_STATIC

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

BC / BC_IMPOSSIBLE_INSTANCEOF

This instanceof test will always return false. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

ST / ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

Se / SE_NONFINAL_SERIALVERSIONID

This class defines a serialVersionUID field that is not final. The field should be made final if it is intended to specify the version UID for purposes of serialization.

NP / NP_TOSTRING_COULD_RETURN_NULL

This toString method seems to return null in some circumstances. A liberal reading of the spec could be interpreted as allowing this, but it is probably a bad idea and could cause other code to break. Return the empty string or some other appropriate string rather than null.

Se / SE_TRANSIENT_FIELD_NOT_RESTORED

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

GC / GC_UNRELATED_TYPES

This call to a generic container's method contains an argument with a different class type from that of the container's parameter. Therefore, it is unlikely that the container contains any objects with the same type as the method argument used here.

Dm / DM_STRING_TOSTRING

Calling String.toString() is just a redundant operation. Just use the String.

NP / NP_NULL_PARAM_DEREF

This method call passes a null value to a method which might dereference it unconditionally.

Dm / DM_BOOLEAN_CTOR

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type. Use the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean objects instead.

DLS / DLS_DEAD_LOCAL_STORE

This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

BC / BC_BAD_CAST_TO_CONCRETE_COLLECTION

This code casts an abstract collection (such as a Collection, List, or Set) to a specific concrete implementation (such as an ArrayList or HashSet). This might not be correct, and it may make your code fragile, since it makes it harder to switch to other concrete implementations at a future point. Unless you have a particular reason to do so, just use the abstract collection class.

LI / LI_LAZY_INIT_STATIC

This method contains an unsynchronized lazy initialization of a non-volatile static field. Because the compiler or processor may reorder instructions, threads are not guaranteed to see a completely initialized object, if the method can be called by multiple threads. You can make the field volatile to correct the problem. For more information, see the Java Memory Model web site.

HE / HE_EQUALS_USE_HASHCODE

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM). Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }

DB / DB_DUPLICATE_BRANCHES

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

Dm / DM_STRING_CTOR

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter. Just use the argument String directly.

SnVI / SE_NO_SERIALVERSIONID

This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

Se / SE_BAD_FIELD_STORE

A non-serializable value is stored into a non-transient field of a serializable class.

Se / SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION

This class implements the Externalizable interface, but does not define a void constructor. When Externalizable objects are deserialized, they first need to be constructed by invoking the void constructor. Since this class does not have one, serialization and deserialization will fail at runtime.

ICAST / ICAST_INTEGER_MULTIPLY_CAST_TO_LONG

This code performs integer multiply and then converts the result to a long, as in:

 
	long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; }

If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to:


 
	long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; }


 
	static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
	long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; }

DMI / DMI_HARDCODED_ABSOLUTE_FILENAME

This code constructs a File object using a hard coded to an absolute pathname (e.g., new File("/home/dannyc/workspace/j2ee/src/share/com/sun/enterprise/deployment");

SA / SA_FIELD_SELF_ASSIGNMENT

This method contains a self assignment of a field; e.g.

  int x;
  public void foo() {
    x = x;
  }

Such assignments are useless, and may indicate a logic error or typo.

SI / SI_INSTANCE_BEFORE_FINALS_ASSIGNED

The class's static initializer creates an instance of the class before all of the static final fields are assigned.

UI / UI_INHERITANCE_UNSAFE_GETRESOURCE

Calling this.getClass().getResource(...) could give results other than expected if this class is extended by a class in another package.

SBSC / SBSC_USE_STRINGBUFFER_CONCATENATION

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();

SQL / SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

The method invokes the execute method on an SQL statement with a String that seems to be dynamically generated. Consider using a prepared statement instead. It is more efficient and less vulnerable to SQL injection attacks.

HE / HE_INHERITS_EQUALS_USE_HASHCODE

This class inherits equals(Object) from an abstract superclass, and hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM). Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't want to define a hashCode method, and/or don't believe the object will ever be put into a HashMap/Hashtable, define the hashCode() method to throw UnsupportedOperationException.

Wa / WA_NOT_IN_LOOP

This method contains a call to java.lang.Object.wait() which is not in a loop. If the monitor is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred.

NP / NP_NULL_ON_SOME_PATH_EXCEPTION

A reference value which is null on some exception control path is dereferenced here. This may lead to a NullPointerException when the code is executed. Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

NP / NP_ALWAYS_NULL

A null pointer is dereferenced here. This will lead to a NullPointerException when the code is executed.

Nm / NM_CLASS_NAMING_CONVENTION

Class names should be nouns, in mixed case with the first letter of each internal word capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms and abbreviations (unless the abbreviation is much more widely used than the long form, such as URL or HTML).

It / IT_NO_SUCH_ELEMENT

This class implements the java.util.Iterator interface. However, its next() method is not capable of throwing java.util.NoSuchElementException. The next() method should be changed so it throws NoSuchElementException if is called when there are no more elements to return.

UuF / UUF_UNUSED_FIELD

This field is never used. Consider removing it from the class.

RCN / RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.

NP / NP_CLONE_COULD_RETURN_NULL

This clone method seems to return null in some circumstances, but clone is never allowed to return a null value. If you are convinced this path is unreachable, throw an AssertionError instead.

HE / HE_EQUALS_NO_HASHCODE

This class overrides equals(Object), but does not override hashCode(). Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

BC / BC_VACUOUS_INSTANCEOF

This instanceof test will always return true. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

UCF / UCF_USELESS_CONTROL_FLOW

This method contains a useless control flow statement, where control flow continues onto the same place regardless of whether or not the branch is taken. For example, this is caused by having an empty statement block fot an if statement:

    if (argv.length == 0) {
	// TODO: handle this case
	}

SQL / SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

NP / NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT

This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.

NP / NP_NULL_ON_SOME_PATH

A reference value dereferenced here might be null at runtime. This may lead to a NullPointerException when the code is executed.

RS / RS_READOBJECT_SYNC

This serializable class defines a readObject() which is synchronized. By definition, an object created by deserialization is only reachable by one thread, and thus there is no need for readObject() to be synchronized. If the readObject() method itself is causing the object to become visible to another thread, that is an example of very dubious coding style.

NS / NS_DANGEROUS_NON_SHORT_CIRCUIT

This code seems to be using non-short-circuit logic (e.g., & or |) rather than short-circuit logic (&& or ||). In addition, it seem possible that, depending on the value of the left hand side, you might not want to evaluate the right hand side (because it would have side effects, could cause an exception or could be expensive.

Non-short-circuit logic causes both sides of the expression to be evaluated even when the result can be inferred from knowing the left-hand side. This can be less efficient and can result in errors if the left-hand side guards cases when evaluating the right-hand side can generate an error.

See the Java Language Specification for details

IM / IM_AVERAGE_COMPUTATION_COULD_OVERFLOW

The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1

This bug exists in many earlier implementations of binary search and merge sort. Martin Buchholz found and fixed it in the JDK libraries, and Joshua Bloch widely publicized the bug pattern.

BC / BC_UNCONFIRMED_CAST

This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.

SA / SA_FIELD_DOUBLE_ASSIGNMENT

This method contains a double assignment of a field; e.g.

  int x,y;
  public void foo() {
    x = x = 17;
  }

Assigning to a field twice is useless, and may indicate a logic error or typo.

WMI / WMI_WRONG_MAP_ITERATOR

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.

NP / NP_UNWRITTEN_FIELD

The program is dereferencing a field that does not seem to ever have a non-null value written to it. Dereferencing this value will generate a null pointer exception.

EC / EC_UNRELATED_TYPES

This method calls equals(Object) on two references of different class types with no common subclasses. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime.

NP / NP_GUARANTEED_DEREF

There is a statement or branch that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions).

RC / RC_REF_COMPARISON

This method compares two reference values using the == or != operator, where the correct way to compare instances of this type is generally with the equals() method. Examples of classes which should generally not be compared by reference are java.lang.Integer, java.lang.Float, etc.

SC / SC_START_IN_CTOR

The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.

SF / SF_SWITCH_FALLTHROUGH

This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return.

MF / MF_CLASS_MASKS_FIELD

This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other.

NP / NP_IMMEDIATE_DEREFERENCE_OF_READLINE

The result of invoking readLine() is immediately dereferenced. If there are no more lines of text to read, readLine() will return null and dereferencing that will generate a null pointer exception.

HSC / HSC_HUGE_SHARED_STRING_CONSTANT

A large String constant is duplicated across multiple class files. This is likely because a final field is initialized to a String constant, and the Java language mandates that all references to a final field from other classes be inlined into that classfile. See JDK bug 6447475 for a description of an occurrence of this bug in the JDK and how resolving it reduced the size of the JDK by 1 megabyte.

MWN / MWN_MISMATCHED_NOTIFY

This method calls Object.notify() or Object.notifyAll() without obviously holding a lock on the object. Calling notify() or notifyAll() without a lock held will result in an IllegalMonitorStateException being thrown.

NP / NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS

A possibly-null value is passed at a call site where all known target methods will unconditionally dereference it. This is very likely to result in a null pointer exception.

FindBugs (1.2.1-dev-20070506) Analysis for glassfish-v2-b43

FindBugs Analysis generated at: Thu, 19 Apr 2007 17:14:56 -0400

Analyzed Files:

Used Libraries:

Analysis Errors: