FindBugs (1.2.1-dev-20070506) Analysis for jboss-4.0.5

FindBugs Analysis generated at: Sun, 29 Apr 2007 20:45:24 -0400

Package Code Size Bugs Bugs p1 Bugs p2 Bugs p3 Bugs Exp. Ratio
Overall (1410 packages), (24326 classes) 1395012 885 136 749
javax.enterprise.deploy.spi.status 64 2 2
javax.jms 500 1 1
javax.management 2936 15 15
javax.management.loading 252 3 3
javax.management.modelmbean 1241 4 4
javax.management.monitor 723 2 2
javax.management.openmbean 1424 11 11
javax.management.relation 1863 11 11
javax.management.timer 306 2 2
javax.resource.spi 323 1 1
javax.resource.spi.work 166 1 1
javax.security.jacc 736 3 2 1
javax.xml.registry 339 1 1
org.jboss 429 2 2
org.jboss.aop 6303 1 1
org.jboss.aop.advice 1805 1 1
org.jboss.aop.annotation 757 2 2
org.jboss.aop.deployment 796 11 5 6
org.jboss.aop.pointcut 2091 2 2
org.jboss.aop.proxy 400 2 2
org.jboss.aop.proxy.container 815 5 5
org.jboss.aspects.asynch 305 3 3
org.jboss.aspects.asynchronous.aspects.jboss 96 1 1
org.jboss.aspects.dbc 140 1 1
org.jboss.aspects.dbc.condition 370 2 2
org.jboss.aspects.dbc.condition.parser 256 1 1
org.jboss.aspects.jmx 158 4 4
org.jboss.aspects.remoting 337 2 2
org.jboss.aspects.tx 447 3 3
org.jboss.aspects.txlock 238 5 5
org.jboss.aspects.versioned 2049 17 4 13
org.jboss.cache.invalidation 509 2 2
org.jboss.cache.invalidation.bridges 503 2 2
org.jboss.cache.invalidation.triggers 59 1 1
org.jboss.console.manager 254 2 1 1
org.jboss.console.manager.interfaces.impl 323 5 1 4
org.jboss.console.navtree 542 7 7
org.jboss.console.plugins 647 14 14
org.jboss.console.plugins.helpers 380 6 6
org.jboss.console.plugins.helpers.jmx 248 6 1 5
org.jboss.console.plugins.helpers.servlet 174 1 1
org.jboss.console.plugins.monitor 754 10 10
org.jboss.console.remote 163 2 2
org.jboss.console.twiddle.command 1001 7 1 6
org.jboss.crypto 95 1 1
org.jboss.crypto.digest 127 2 2
org.jboss.deployment 2858 15 7 8
org.jboss.deployment.cache 185 3 2 1
org.jboss.deployment.scanner 1309 19 11 8
org.jboss.deployment.spi 908 3 1 2
org.jboss.deployment.spi.beans 360 9 1 8
org.jboss.ejb 4537 25 7 18
org.jboss.ejb.plugins 5227 10 10
org.jboss.ejb.plugins.cmp.jdbc 7442 13 3 10
org.jboss.ejb.plugins.cmp.jdbc.bridge 2630 5 5
org.jboss.ejb.plugins.cmp.jdbc.keygen 449 2 2
org.jboss.ejb.plugins.cmp.jdbc.metadata 2703 3 3
org.jboss.ejb.plugins.cmp.jdbc2 972 1 1
org.jboss.ejb.plugins.cmp.jdbc2.bridge 1240 2 1 1
org.jboss.ejb.plugins.cmp.jdbc2.schema 1800 5 1 4
org.jboss.ejb.plugins.jms 915 2 2
org.jboss.ejb.plugins.local 531 2 2
org.jboss.ejb.plugins.lock 578 4 4
org.jboss.ejb.txtimer 1384 3 3
org.jboss.ha.framework.interfaces 697 12 2 10
org.jboss.ha.framework.server 2608 12 1 11
org.jboss.ha.framework.test 76 2 2
org.jboss.ha.hasessionstate.server 591 1 1
org.jboss.ha.jndi 1082 3 1 2
org.jboss.iiop 474 3 2 1
org.jboss.iiop.csiv2 1054 2 2
org.jboss.iiop.jacorb 199 1 1
org.jboss.iiop.rmi 1496 5 1 4
org.jboss.iiop.rmi.ir 1697 1 1
org.jboss.iiop.rmi.marshal 507 1 1
org.jboss.iiop.test 63 1 1
org.jboss.invocation 1136 3 3
org.jboss.invocation.http.interfaces 350 4 1 3
org.jboss.invocation.http.server 435 4 1 3
org.jboss.invocation.iiop 308 1 1
org.jboss.invocation.jrmp.interfaces 201 1 1
org.jboss.invocation.jrmp.server 613 7 7
org.jboss.invocation.pooled.interfaces 664 4 1 3
org.jboss.invocation.pooled.server 599 5 5
org.jboss.invocation.unified.marshall 107 2 2
org.jboss.invocation.unified.server 156 1 1
org.jboss.jaxr.juddi 554 4 4
org.jboss.jdbc 294 3 3
org.jboss.jms.asf 408 2 1 1
org.jboss.jms.recovery 158 1 1
org.jboss.jmx.adaptor.rmi 66 1 1
org.jboss.jmx.adaptor.snmp.agent 1284 16 16
org.jboss.jmx.adaptor.snmp.system 77 1 1
org.jboss.jmx.connector.invoker 442 2 2
org.jboss.logging 814 2 2
org.jboss.mail 149 1 1
org.jboss.management.j2ee 2717 18 2 16
org.jboss.management.j2ee.cluster 320 2 2
org.jboss.management.j2ee.statistics 565 2 2
org.jboss.management.mejb 598 12 12
org.jboss.metadata 3587 17 4 13
org.jboss.metadata.serviceref 280 1 1
org.jboss.monitor 685 2 1 1
org.jboss.monitor.alerts 128 1 1
org.jboss.monitor.services 634 1 1
org.jboss.mq 5349 26 7 19
org.jboss.mq.il.http 714 8 8
org.jboss.mq.il.oil 789 1 1
org.jboss.mq.il.oil2 1042 8 1 7
org.jboss.mq.il.uil2 1118 26 26
org.jboss.mq.il.uil2.msgs 900 3 3
org.jboss.mq.pm 310 2 1 1
org.jboss.mq.pm.jdbc2 1244 12 12
org.jboss.mq.security 459 3 3
org.jboss.mq.selectors 2858 5 5
org.jboss.mq.server 3267 6 2 4
org.jboss.mq.server.jmx 996 2 2
org.jboss.mq.xml 434 2 2
org.jboss.mx.capability 556 2 2
org.jboss.mx.interceptor 621 4 4
org.jboss.mx.loading 2534 26 8 18
org.jboss.mx.metadata 906 2 2
org.jboss.mx.modelmbean 652 3 3
org.jboss.mx.notification 390 1 1
org.jboss.mx.server 1885 9 9
org.jboss.mx.server.registry 400 5 5
org.jboss.mx.service 12 1 1
org.jboss.mx.util 1738 21 5 16
org.jboss.naming 1343 1 1
org.jboss.naming.client.java 74 1 1
org.jboss.naming.java 12 1 1
org.jboss.proxy 238 1 1
org.jboss.proxy.compiler 1452 8 4 4
org.jboss.proxy.ejb 1552 10 4 6
org.jboss.proxy.ejb.handle 221 1 1
org.jboss.resource.adapter.jdbc.remote 583 5 5
org.jboss.resource.adapter.jdbc.vendor 209 2 2
org.jboss.resource.connectionmanager 3211 9 9
org.jboss.resource.deployment 837 1 1
org.jboss.resource.security 512 1 1
org.jboss.security 1921 6 6
org.jboss.security.auth 47 2 1 1
org.jboss.security.auth.callback 358 3 3
org.jboss.security.auth.spi 1907 5 1 4
org.jboss.security.jacc 643 2 2
org.jboss.security.plugins 1616 19 8 11
org.jboss.security.srp 1517 10 10
org.jboss.security.srp.jaas 362 4 4
org.jboss.services.binding 532 4 4
org.jboss.system 1898 5 5
org.jboss.system.pm 452 2 2
org.jboss.system.server 1302 15 2 13
org.jboss.system.server.jmx 165 6 5 1
org.jboss.tm 2172 8 8
org.jboss.tm.usertx.client 242 2 2
org.jboss.varia.deployment 350 3 3
org.jboss.varia.scheduler 1357 5 5
org.jboss.verifier 157 1 1
org.jboss.verifier.event 138 2 2
org.jboss.verifier.factory 39 1 1
org.jboss.verifier.strategy 2833 7 7
org.jboss.web 1549 14 3 11
org.jboss.web.tomcat.security 1398 7 1 6
org.jboss.web.tomcat.servlets 32 1 1
org.jboss.web.tomcat.tc5 1322 8 8
org.jboss.web.tomcat.tc5.jasper 466 2 1 1
org.jboss.web.tomcat.tc5.jca 88 1 1
org.jboss.web.tomcat.tc5.session 3299 21 6 15
org.jboss.web.tomcat.tc5.sso 912 3 3
org.jboss.webservice.metadata.serviceref 300 1 1
org.jboss.webservice.transport.jms 107 1 1
org.jnp.interfaces 918 7 7
org.jnp.interfaces.java 23 2 2
org.jnp.interfaces.jnp 16 2 2
org.jnp.server 643 3 3
SA / SA_LOCAL_SELF_COMPARISON

This method compares a local variable with itself, and may indicate a typo or a logic error. Make sure that you are comparing the right things.

UG / UG_SYNC_SET_UNSYNC_GET

This class contains similarly-named get and set methods where the set method is synchronized and the get method is not.  This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object.  The get method should be made synchronized.

Nm / NM_FIELD_NAMING_CONVENTION

Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.

SA / SA_LOCAL_DOUBLE_ASSIGNMENT

This method contains a double assignment of a local variable; e.g. 

  public void foo() {
    int x,y;
    x = x = 17;
  }

Assigning the same value to a variable twice is useless, and may indicate a logic error or typo.

UPM / UPM_UNCALLED_PRIVATE_METHOD

This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.

Eq / EQ_COMPARETO_USE_OBJECT_EQUALS

This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.

From the JavaDoc for the compareTo method in the Comparable interface:

It is strongly recommended, but not strictly required that (x.compareTo(y)==0) == (x.equals(y)). Generally speaking, any class that implements the Comparable interface and violates this condition should clearly indicate this fact. The recommended language is "Note: this class has a natural ordering that is inconsistent with equals."
ODR / ODR_OPEN_DATABASE_RESOURCE

The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method.  Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE

This method contains a redundant check of a known null value against the constant null.

SIC / SIC_INNER_SHOULD_BE_STATIC

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

FI / FI_FINALIZER_NULLS_FIELDS

This finalizer nulls out fields. This is usually an error, as it does not aid garbage collection, and the object is going to be garbage collected anyway.

Dm / DMI_COLLECTION_OF_URLS

This method or field is or uses a Map or Set of URLs. Since both the equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit. See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information. Consider using java.net.URI instead.

ES / ES_COMPARING_PARAMETER_STRING_WITH_EQ

This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.

Dm / DM_STRING_VOID_CTOR

Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "".  Java guarantees that identical string constants will be represented by the same String object.  Therefore, you should just use the empty string constant directly.

Nm / NM_METHOD_NAMING_CONVENTION

Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.

NP / NP_NULL_PARAM_DEREF_NONVIRTUAL

A possibly-null value is passed to a method which unconditionally dereferences it. This will almost certainly result in a null pointer exception.

IP / IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN

The initial value of this parameter is ignored, and the parameter is overwritten here. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller.

RV / RV_RETURN_VALUE_IGNORED

The return value of this method should be checked. One common cause of this warning is to invoke a method on an immutable object, thinking that it updates the object. For example, in the following code fragment,

String dateString = getHeaderField(name);
dateString.trim();

the programmer seems to be thinking that the trim() method will update the String referenced by dateString. But since Strings are immutable, the trim() function returns a new String value, which is being ignored here. The code should be corrected to: 

String dateString = getHeaderField(name);
dateString = dateString.trim();
DP / DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED

This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.

ES / ES_COMPARING_STRINGS_WITH_EQ

This code compares java.lang.String objects for reference equality using the == or != operators. Unless both strings are either constants in a source file, or have been interned using the String.intern() method, the same string value may be represented by two different String objects. Consider using the equals(Object) method instead.

UW / UW_UNCOND_WAIT

This method contains a call to java.lang.Object.wait() which is not guarded by conditional control flow.  The code should verify that condition it intends to wait for is not already satisfied before calling wait; any previous notifications will be ignored.

INT / INT_VACUOUS_COMPARISON

There is an integer comparison that always returns the same value (e.g., x <= Integer.MAX_VALUE).

UwF / UWF_UNWRITTEN_FIELD

This field is never written.  All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.

BC / BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS

The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this.

CN / CN_IDIOM_NO_SUPER_CALL

This non-final class defines a clone() method that does not call super.clone(). If this class ("A") is extended by a subclass ("B"), and the subclass B calls super.clone(), then it is likely that B's clone() method will return an object of type A, which violates the standard contract for clone().

If all clone() methods call super.clone(), then they are guaranteed to use Object.clone(), which always returns an object of the correct type.

Dm / DM_GC

Code explicitly invokes garbage collection. Except for specific use in benchmarking, this is very dubious.

In the past, situations where people have explicitly invoked the garbage collector in routines such as close or finalize methods has led to huge performance black holes. Garbage collection can be expensive. Any situation that forces hundreds or thousands of garbage collections will bring the machine to a crawl.

UrF / URF_UNREAD_FIELD

This field is never read.  Consider removing it from the class.

NP / NP_LOAD_OF_KNOWN_NULL_VALUE

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.

Dm / DMI_BLOCKING_METHODS_ON_URL

The equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit. See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information. Consider using java.net.URI instead.

IM / IM_BAD_CHECK_FOR_ODD

The code uses x % 2 == 1 to check to see if a value is odd, but this won't work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.

SWL / SWL_SLEEP_WITH_LOCK_HELD

This method calls Thread.sleep() with a lock held. This may result in very poor performance and scalability, or a deadlock, since other threads may be waiting to acquire the lock. It is a much better idea to call wait() on the lock, which releases the lock and allows other threads to run.

IS / IS2_INCONSISTENT_SYNC

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

  1. The class contains a mix of locked and unlocked accesses,
  2. At least one locked access was performed by one of the class's own methods, and
  3. The number of unsynchronized field accesses (reads and writes) was no more than one third of all accesses, with writes being weighed twice as high as reads

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.

Se / SE_COMPARATOR_SHOULD_BE_SERIALIZABLE

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

CN / CN_IDIOM

Class implements Cloneable but does not define or use the clone method.

DE / DE_MIGHT_IGNORE

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

DMI / DMI_INVOKING_TOSTRING_ON_ARRAY

The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.

NP / NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  The value may be null because it was return from a method which is known to return possibly-null values.

Dm / DM_EXIT

Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.

UwF / UWF_NULL_FIELD

All writes to this field are of the constant value null, and thus all reads of the field will return null. Check for errors, or remove it if it is useless.

NN / NN_NAKED_NOTIFY

A call to notify() or notifyAll() was made without any (apparent) accompanying modification to mutable object state.  In general, calling a notify method on a monitor is done because some condition another thread is waiting for has become true.  However, for the condition to be meaningful, it must involve a heap object that is visible to both threads.

This bug does not necessarily indicate an error, since the change to mutable object state may have taken place in a method which then called the method containing the notification.

OS / OS_OPEN_STREAM

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

HE / HE_USE_OF_UNHASHABLE_CLASS

A class defines an equals(Object) method but not a hashCode() method, and thus doesn't fulfill the requirement that equal Objects have equal hashCodes. An instance of this class is used in a hash data structure, making the need to fix this problem of highest importance.

EC / EC_BAD_ARRAY_COMPARE

This method invokes the .equals(Object o) method on an array. Since arrays do not override the equals method of Object, calling equals on an array is the same as comparing their addresses. To compare the contents of the arrays, use java.util.Arrays.equals(Object[], Object[]).

Se / SE_BAD_FIELD

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

REC / REC_CATCH_EXCEPTION

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

UR / UR_UNINIT_READ

This constructor reads a field which has not yet been assigned a value.  This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.

Eq / EQ_SELF_USE_OBJECT

This class defines a covariant version of the equals() method, but inherits the normal equals(Object) method defined in the base java.lang.Object class.  The class should probably define a non-covariant version of equals().  (I.e., a method with the signature boolean equals(java.lang.Object).

RR / RR_NOT_CHECKED

This method ignores the return value of one of the variants of java.io.InputStream.read() which can return multiple bytes.  If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were read than the caller requested.  This is a particularly insidious kind of bug, because in many programs, reads from input streams usually do read the full amount of data requested, causing the program to fail only sporadically.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

This method contains a redundant check of a known non-null value against the constant null.

Se / SE_METHOD_MUST_BE_PRIVATE

This class implements the Serializable interface, and defines a method for custom serialization/deserialization. But since that method isn't declared private, it will be silently ignored by the serialization/deserialization API.

SS / SS_SHOULD_BE_STATIC

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

ST / ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

NP / NP_TOSTRING_COULD_RETURN_NULL

This toString method seems to return null in some circumstances. A liberal reading of the spec could be interpreted as allowing this, but it is probably a bad idea and could cause other code to break. Return the empty string or some other appropriate string rather than null.

Se / SE_TRANSIENT_FIELD_NOT_RESTORED

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

EC / EC_NULL_ARG

This method calls equals(Object), passing a null value as the argument. According to the contract of the equals() method, this call should always return false.

Dm / DM_STRING_TOSTRING

Calling String.toString() is just a redundant operation. Just use the String.

NP / NP_NULL_PARAM_DEREF

This method call passes a null value to a method which might dereference it unconditionally.

Dm / DM_BOOLEAN_CTOR

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type.  Use the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean objects instead.

DLS / DLS_DEAD_LOCAL_STORE

This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

NP / NP_ALWAYS_NULL_EXCEPTION

A pointer which is null on an exception path is dereferenced here.  This will lead to a NullPointerException when the code is executed.  Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

HE / HE_EQUALS_USE_HASHCODE

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }
DB / DB_DUPLICATE_BRANCHES

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

Dm / DM_STRING_CTOR

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter.  Just use the argument String directly.

SnVI / SE_NO_SERIALVERSIONID

This class implements the Serializable interface, but does not define a serialVersionUID field.  A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

Se / SE_BAD_FIELD_STORE

A non-serializable value is stored into a non-transient field of a serializable class.

Se / SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION

This class implements the Externalizable interface, but does not define a void constructor. When Externalizable objects are deserialized, they first need to be constructed by invoking the void constructor. Since this class does not have one, serialization and deserialization will fail at runtime.

ICAST / ICAST_INTEGER_MULTIPLY_CAST_TO_LONG

This code performs integer multiply and then converts the result to a long, as in: 

 
	long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; }
If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to: 
 
	long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; }
or 
 
	static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
	long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; }

SI / SI_INSTANCE_BEFORE_FINALS_ASSIGNED

The class's static initializer creates an instance of the class before all of the static final fields are assigned.

UI / UI_INHERITANCE_UNSAFE_GETRESOURCE

Calling this.getClass().getResource(...) could give results other than expected if this class is extended by a class in another package.

SBSC / SBSC_USE_STRINGBUFFER_CONCATENATION

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();
SQL / SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

The method invokes the execute method on an SQL statement with a String that seems to be dynamically generated. Consider using a prepared statement instead. It is more efficient and less vulnerable to SQL injection attacks.

HE / HE_INHERITS_EQUALS_USE_HASHCODE

This class inherits equals(Object) from an abstract superclass, and hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't want to define a hashCode method, and/or don't believe the object will ever be put into a HashMap/Hashtable, define the hashCode() method to throw UnsupportedOperationException.

Wa / WA_NOT_IN_LOOP

This method contains a call to java.lang.Object.wait() which is not in a loop.  If the monitor is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred.

BC / BC_IMPOSSIBLE_CAST

This cast will always throw a ClassCastException.

Nm / NM_CLASS_NAMING_CONVENTION

Class names should be nouns, in mixed case with the first letter of each internal word capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms and abbreviations (unless the abbreviation is much more widely used than the long form, such as URL or HTML).

NP / NP_ALWAYS_NULL

A null pointer is dereferenced here.  This will lead to a NullPointerException when the code is executed.

UuF / UUF_UNUSED_FIELD

This field is never used.  Consider removing it from the class.

RCN / RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.

HE / HE_EQUALS_NO_HASHCODE

This class overrides equals(Object), but does not override hashCode().  Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

Se / SE_NONSTATIC_SERIALVERSIONID

This class defines a serialVersionUID field that is not static.  The field should be made static if it is intended to specify the version UID for purposes of serialization.

BC / BC_VACUOUS_INSTANCEOF

This instanceof test will always return true. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

RV / RV_ABSOLUTE_VALUE_OF_HASHCODE

This code generates a hashcode and then computes the absolute value of that hashcode. If the hashcode is Integer.MIN_VALUE, then the result will be negative as well (since Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE).

UCF / UCF_USELESS_CONTROL_FLOW

This method contains a useless control flow statement, where control flow continues onto the same place regardless of whether or not the branch is taken. For example, this is caused by having an empty statement block fot an if statement:

    if (argv.length == 0) {
	// TODO: handle this case
	}
NP / NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT

This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.

SQL / SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

NP / NP_NULL_ON_SOME_PATH

A reference value dereferenced here might be null at runtime.  This may lead to a NullPointerException when the code is executed.

ICAST / ICAST_IDIV_CAST_TO_DOUBLE

This code casts the result of an integer division operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example: 

int x = 2;
int y = 5;
// Wrong: yields result 0.0
double value1 =  x / y;

// Right: yields result 0.4
double value2 =  x / (double) y;
BC / BC_UNCONFIRMED_CAST

This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.

WMI / WMI_WRONG_MAP_ITERATOR

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.

EC / EC_UNRELATED_TYPES

This method calls equals(Object) on two references of different class types with no common subclasses. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime.

RC / RC_REF_COMPARISON

This method compares two reference values using the == or != operator, where the correct way to compare instances of this type is generally with the equals() method. Examples of classes which should generally not be compared by reference are java.lang.Integer, java.lang.Float, etc.

SC / SC_START_IN_CTOR

The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.

MF / MF_CLASS_MASKS_FIELD

This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other.

SF / SF_SWITCH_FALLTHROUGH

This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return.

ESync / ESync_EMPTY_SYNC

The code contains an empty synchronized block:

synchronized() {}

Empty synchronized blocks are far more subtle and hard to use correctly than most people recognize, and empty synchronized blocks are almost never a better solution than less contrived solutions.

UMAC / UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS

This anonymous class defined a method that is not directly invoked and does not override a method in a superclass. Since methods in other classes cannot directly invoke methods declared in an anonymous class, it seems that this method is uncallable. The method might simply be dead code, but it is also possible that the method is intended to override a method declared in a superclass, and due to an typo or other error the method does not, in fact, override the method it is intended to.

Se / SE_NO_SUITABLE_CONSTRUCTOR

This class implements the Serializable interface and its superclass does not. When such an object is deserialized, the fields of the superclass need to be initialized by invoking the void constructor of the superclass. Since the superclass does not have one, serialization and deserialization will fail at runtime.

MWN / MWN_MISMATCHED_NOTIFY

This method calls Object.notify() or Object.notifyAll() without obviously holding a lock on the object.  Calling notify() or notifyAll() without a lock held will result in an IllegalMonitorStateException being thrown.