FindBugs (1.2.1-dev-20070506) Analysis for jdk1.7.0-b12

FindBugs Analysis generated at: Sun, 6 May 2007 03:12:12 -0400

Package Code Size Bugs Bugs p1 Bugs p2 Bugs p3 Bugs Exp. Ratio
Overall (736 packages), (16445 classes) 963957 3901 259 3642
com.sun.corba.se.impl.activation 1688 34 5 29
com.sun.corba.se.impl.copyobject 71 1 1
com.sun.corba.se.impl.corba 2118 33 33
com.sun.corba.se.impl.dynamicany 2287 16 3 13
com.sun.corba.se.impl.encoding 5652 55 1 54
com.sun.corba.se.impl.interceptors 1979 41 41
com.sun.corba.se.impl.io 3438 47 2 45
com.sun.corba.se.impl.ior 1207 14 2 12
com.sun.corba.se.impl.ior.iiop 457 4 4
com.sun.corba.se.impl.javax.rmi.CORBA 337 3 1 2
com.sun.corba.se.impl.logging 9374 8 8
com.sun.corba.se.impl.naming.cosnaming 799 27 1 26
com.sun.corba.se.impl.naming.pcosnaming 690 37 4 33
com.sun.corba.se.impl.oa.poa 2102 31 1 30
com.sun.corba.se.impl.orb 2324 46 2 44
com.sun.corba.se.impl.orbutil 3795 25 3 22
com.sun.corba.se.impl.orbutil.concurrent 320 4 4
com.sun.corba.se.impl.orbutil.threadpool 357 8 8
com.sun.corba.se.impl.presentation.rmi 1634 19 2 17
com.sun.corba.se.impl.protocol 2133 15 15
com.sun.corba.se.impl.protocol.giopmsgheaders 1861 13 1 12
com.sun.corba.se.impl.resolver 299 1 1
com.sun.corba.se.impl.transport 2266 24 1 23
com.sun.corba.se.impl.util 1232 4 4
com.sun.corba.se.internal.CosNaming 36 1 1
com.sun.corba.se.spi.activation 3094 50 50
com.sun.corba.se.spi.activation.InitialNameServicePackage 65 1 1
com.sun.corba.se.spi.activation.LocatorPackage 158 2 2
com.sun.corba.se.spi.activation.RepositoryPackage 152 1 1
com.sun.corba.se.spi.extension 107 1 1
com.sun.corba.se.spi.legacy.connection 31 1 1
com.sun.corba.se.spi.orb 764 4 4
com.sun.corba.se.spi.orbutil.fsm 278 2 1 1
com.sun.corba.se.spi.protocol 189 1 1
com.sun.corba.se.spi.servicecontext 429 6 6
com.sun.image.codec.jpeg 261 2 2
com.sun.imageio.plugins.bmp 2131 41 4 37
com.sun.imageio.plugins.common 1299 5 5
com.sun.imageio.plugins.gif 2067 7 7
com.sun.imageio.plugins.jpeg 4849 30 6 24
com.sun.imageio.plugins.png 3036 20 20
com.sun.imageio.plugins.wbmp 429 6 6
com.sun.java_cup.internal.runtime 411 2 2
com.sun.java.swing.plaf.gtk 5642 50 1 49
com.sun.java.swing.plaf.gtk.resources 55 1 1
com.sun.java.swing.plaf.motif 3901 23 23
com.sun.java.swing.plaf.motif.resources 55 1 1
com.sun.java.swing.plaf.windows 6354 50 2 48
com.sun.java.swing.plaf.windows.resources 55 1 1
com.sun.jmx.interceptor 720 2 2
com.sun.jmx.mbeanserver 2882 4 4
com.sun.jmx.remote.internal 1504 9 9
com.sun.jmx.remote.security 648 1 1
com.sun.jmx.snmp 3427 47 4 43
com.sun.jmx.snmp.agent 2423 15 15
com.sun.jmx.snmp.daemon 3593 48 6 42
com.sun.jmx.snmp.defaults 93 1 1
com.sun.jmx.snmp.internal 331 5 1 4
com.sun.jmx.snmp.IPAcl 3375 8 1 7
com.sun.jmx.snmp.tasks 144 2 2
com.sun.naming.internal 404 2 2
com.sun.org.apache.bcel.internal.classfile 3188 12 1 11
com.sun.org.apache.bcel.internal.generic 6535 178 5 173
com.sun.org.apache.bcel.internal.util 1571 11 3 8
com.sun.org.apache.regexp.internal 1875 48 48
com.sun.org.apache.xalan.internal 24 1 1
com.sun.org.apache.xalan.internal.client 270 8 8
com.sun.org.apache.xalan.internal.lib 1335 12 2 10
com.sun.org.apache.xalan.internal.xslt 1151 86 86
com.sun.org.apache.xalan.internal.xsltc.cmdline 537 7 7
com.sun.org.apache.xalan.internal.xsltc.cmdline.getopt 134 4 4
com.sun.org.apache.xalan.internal.xsltc.compiler 13150 106 9 97
com.sun.org.apache.xalan.internal.xsltc.compiler.util 2496 15 2 13
com.sun.org.apache.xalan.internal.xsltc.dom 4757 31 2 29
com.sun.org.apache.xalan.internal.xsltc.runtime 1807 11 1 10
com.sun.org.apache.xalan.internal.xsltc.runtime.output 177 3 3
com.sun.org.apache.xalan.internal.xsltc.trax 3554 25 4 21
com.sun.org.apache.xerces.internal.dom 9030 48 7 41
com.sun.org.apache.xerces.internal.impl 8090 39 4 35
com.sun.org.apache.xerces.internal.impl.dtd 2950 17 2 15
com.sun.org.apache.xerces.internal.impl.dtd.models 673 10 10
com.sun.org.apache.xerces.internal.impl.dv 387 2 2
com.sun.org.apache.xerces.internal.impl.dv.xs 3801 12 12
com.sun.org.apache.xerces.internal.impl.io 460 1 1
com.sun.org.apache.xerces.internal.impl.xpath 985 57 57
com.sun.org.apache.xerces.internal.impl.xpath.regex 4267 12 1 11
com.sun.org.apache.xerces.internal.impl.xs 5877 19 4 15
com.sun.org.apache.xerces.internal.impl.xs.identity 418 2 2
com.sun.org.apache.xerces.internal.impl.xs.models 681 4 4
com.sun.org.apache.xerces.internal.impl.xs.opti 1194 1 1
com.sun.org.apache.xerces.internal.impl.xs.traversers 4699 21 21
com.sun.org.apache.xerces.internal.impl.xs.util 378 6 1 5
com.sun.org.apache.xerces.internal.jaxp 1124 5 2 3
com.sun.org.apache.xerces.internal.jaxp.datatype 1375 7 7
com.sun.org.apache.xerces.internal.jaxp.validation 2055 2 2
com.sun.org.apache.xerces.internal.parsers 5562 11 5 6
com.sun.org.apache.xerces.internal.util 5208 15 10 5
com.sun.org.apache.xerces.internal.xinclude 2234 18 5 13
com.sun.org.apache.xerces.internal.xni 284 2 2
com.sun.org.apache.xerces.internal.xpointer 946 21 1 20
com.sun.org.apache.xml.internal.dtm 723 4 4
com.sun.org.apache.xml.internal.dtm.ref 4803 30 3 27
com.sun.org.apache.xml.internal.dtm.ref.dom2dtm 635 3 3
com.sun.org.apache.xml.internal.dtm.ref.sax2dtm 1999 5 5
com.sun.org.apache.xml.internal.resolver 1495 24 2 22
com.sun.org.apache.xml.internal.resolver.helpers 185 4 4
com.sun.org.apache.xml.internal.resolver.tools 487 8 8
com.sun.org.apache.xml.internal.security.algorithms 281 2 2
com.sun.org.apache.xml.internal.security.algorithms.implementations 428 1 1
com.sun.org.apache.xml.internal.security.c14n.helper 79 3 3
com.sun.org.apache.xml.internal.security.c14n.implementations 917 1 1
com.sun.org.apache.xml.internal.security.encryption 1684 23 3 20
com.sun.org.apache.xml.internal.security.keys.content.x509 190 10 5 5
com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations 417 1 1
com.sun.org.apache.xml.internal.security.keys.storage 82 2 2
com.sun.org.apache.xml.internal.security.keys.storage.implementations 161 4 4
com.sun.org.apache.xml.internal.security.signature 1370 10 10
com.sun.org.apache.xml.internal.security.transforms.implementations 422 3 3
com.sun.org.apache.xml.internal.security.utils 1669 13 3 10
com.sun.org.apache.xml.internal.security.utils.resolver 172 2 2
com.sun.org.apache.xml.internal.serialize 3727 35 1 34
com.sun.org.apache.xml.internal.serializer 5748 33 33
com.sun.org.apache.xml.internal.serializer.utils 938 4 4
com.sun.org.apache.xml.internal.utils 5571 30 2 28
com.sun.org.apache.xpath.internal 1814 10 3 7
com.sun.org.apache.xpath.internal.axes 2659 19 2 17
com.sun.org.apache.xpath.internal.compiler 2053 109 1 108
com.sun.org.apache.xpath.internal.domapi 307 3 3
com.sun.org.apache.xpath.internal.functions 1238 5 5
com.sun.org.apache.xpath.internal.jaxp 436 4 4
com.sun.org.apache.xpath.internal.objects 1286 8 1 7
com.sun.org.apache.xpath.internal.operations 333 2 2
com.sun.org.apache.xpath.internal.patterns 698 5 2 3
com.sun.security.auth 1585 12 12
com.sun.security.auth.callback 232 1 1
com.sun.security.auth.login 275 11 11
com.sun.security.auth.module 1650 9 9
java.applet 125 1 1
java.awt 22029 90 10 80
java.awt.color 942 1 1
java.awt.datatransfer 1250 4 4
java.awt.dnd 1208 11 11
java.awt.event 1525 4 1 3
java.awt.font 3113 5 5
java.awt.geom 5337 31 2 29
java.awt.image 7796 31 1 30
java.awt.image.renderable 357 13 13
java.awt.print 311 1 1
java.beans 4228 32 32
java.beans.beancontext 1210 7 1 6
java.io 8669 23 3 20
java.lang 9085 46 3 43
java.lang.annotation 81 1 1
java.lang.ref 294 2 2
java.lang.reflect 963 4 4
java.math 3151 7 7
java.net 7955 53 2 51
java.nio 6188 13 11 2
java.nio.channels 430 2 2
java.nio.channels.spi 308 1 1
java.nio.charset 749 1 1
java.rmi.server 639 3 3
java.security 5028 18 5 13
java.security.cert 2071 2 1 1
java.sql 2065 3 1 2
java.text 6799 22 3 19
java.util 18749 31 31
java.util.concurrent 6987 11 11
java.util.jar 1047 7 7
java.util.logging 2094 15 15
java.util.prefs 1473 6 6
java.util.regex 3023 4 4
javax.accessibility 715 6 6
javax.imageio 2272 19 1 18
javax.imageio.metadata 1081 7 7
javax.imageio.spi 691 5 5
javax.imageio.stream 1438 6 6
javax.lang.model.type 126 1 1
javax.management 4005 17 4 13
javax.management.loading 651 4 4
javax.management.modelmbean 2454 9 1 8
javax.management.monitor 1377 15 15
javax.management.openmbean 1587 14 14
javax.management.relation 2818 34 3 31
javax.management.remote 686 4 1 3
javax.management.remote.rmi 5301 5 5
javax.management.timer 355 8 8
javax.naming 1401 5 5
javax.naming.ldap 891 1 1
javax.print 965 5 5
javax.print.attribute.standard 1851 13 13
javax.security.auth 973 2 2
javax.security.auth.kerberos 689 3 3
javax.sound.midi 1010 5 5
javax.sound.sampled 1253 10 10
javax.sql 211 1 1
javax.sql.rowset 913 63 63
javax.sql.rowset.serial 768 28 28
javax.sql.rowset.spi 360 3 3
javax.swing 35662 205 16 189
javax.swing.colorchooser 1275 13 13
javax.swing.event 617 6 6
javax.swing.filechooser 342 2 2
javax.swing.plaf 340 2 2
javax.swing.plaf.basic 24666 104 4 100
javax.swing.plaf.metal 8472 59 9 50
javax.swing.plaf.synth 9593 32 2 30
javax.swing.table 1363 9 1 8
javax.swing.text 15353 90 7 83
javax.swing.text.html 12170 68 8 60
javax.swing.text.html.parser 1873 35 35
javax.swing.text.rtf 1906 22 22
javax.swing.tree 3390 16 1 15
javax.swing.undo 407 1 1
javax.tools 341 1 1
javax.xml.bind 687 8 8
javax.xml.crypto 214 1 1
javax.xml.datatype 528 2 2
javax.xml.parsers 436 2 2
javax.xml.soap 566 2 2
javax.xml.stream 461 2 2
javax.xml.transform 411 1 1
javax.xml.transform.stax 65 1 1
javax.xml.validation 469 2 2
javax.xml.ws.spi 79 2 2
javax.xml.xpath 480 2 2
org.omg.CORBA 3982 14 14
org.omg.CosNaming 1922 42 42
org.omg.CosNaming.NamingContextExtPackage 155 1 1
org.omg.CosNaming.NamingContextPackage 439 5 5
org.omg.DynamicAny 3652 2 2
org.omg.DynamicAny.DynAnyFactoryPackage 47 1 1
org.omg.DynamicAny.DynAnyPackage 94 2 2
org.omg.IOP 616 4 4
org.omg.IOP.CodecFactoryPackage 47 1 1
org.omg.IOP.CodecPackage 141 3 3
org.omg.PortableInterceptor 674 4 4
org.omg.PortableInterceptor.ORBInitInfoPackage 135 2 2
org.omg.PortableServer 646 5 5
org.omg.PortableServer.CurrentPackage 47 1 1
org.omg.PortableServer.POAManagerPackage 77 1 1
org.omg.PortableServer.POAPackage 481 10 10
org.w3c.dom.bootstrap 132 2 2
org.xml.sax.helpers 1108 6 6
SA / SA_LOCAL_SELF_COMPARISON

This method compares a local variable with itself, and may indicate a typo or a logic error. Make sure that you are comparing the right things.

UG / UG_SYNC_SET_UNSYNC_GET

This class contains similarly-named get and set methods where the set method is synchronized and the get method is not.  This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object.  The get method should be made synchronized.

Nm / NM_FIELD_NAMING_CONVENTION

Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.

UPM / UPM_UNCALLED_PRIVATE_METHOD

This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.

SF / SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH

A value stored in the previous switch case is overwritten here due to a switch fall through. It is likely that you forgot to put a break or return at the end of the previous case.

Eq / EQ_COMPARETO_USE_OBJECT_EQUALS

This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.

From the JavaDoc for the compareTo method in the Comparable interface:

It is strongly recommended, but not strictly required that (x.compareTo(y)==0) == (x.equals(y)). Generally speaking, any class that implements the Comparable interface and violates this condition should clearly indicate this fact. The recommended language is "Note: this class has a natural ordering that is inconsistent with equals."
Nm / NM_VERY_CONFUSING

The referenced methods have names that differ only by capitalization or the packages of their parameters. This is very confusing because if the capitalization and parameter package names were identical then one of the methods would override the other.

Nm / NM_LCASE_HASHCODE

This class defines a method called hashcode().  This method does not override the hashCode() method in java.lang.Object, which is probably what was intended.

VO / VO_VOLATILE_REFERENCE_TO_ARRAY

This declares a volatile reference to an array, which might not be what you want. With a volatile reference to an array, reads and writes of the reference to the array are treated as volatile, but the array elements are non-volatile. To get volatile array elements, you will need to use one of the atomic array classes in java.util.concurrent (provided in Java 5.0).

Bx / DM_NUMBER_CTOR

Using new Integer(int) is guaranteed to always result in a new object whereas Integer.valueOf(int) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.

Values between -128 and 127 are guaranteed to have corresponding cached instances and using valueOf is approximately 3.5 times faster than using constructor. For values outside the constant range the performance of both styles is the same.

Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Long, Integer, Short, Character, and Byte.

SIC / SIC_INNER_SHOULD_BE_STATIC

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE

This method contains a redundant check of a known null value against the constant null.

FE / FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER

This code checks to see if a floating point value is equal to the special Not A Number value (e.g., if (x == Double.NaN)). However, because of the special semantics of NaN, no value is equal to Nan, including NaN. Thus, x == Double.NaN always evaluates to false. To check to see if a value contained in x is the special Not A Number value, use Double.isNaN(x) (or Float.isNaN(x) if x is floating point precision).

TLW / TLW_TWO_LOCK_WAIT

Waiting on a monitor while two locks are held may cause deadlock.   Performing a wait only releases the lock on the object being waited on, not any other locks.   This not necessarily a bug, but is worth examining closely.

ES / ES_COMPARING_PARAMETER_STRING_WITH_EQ

This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.

Dm / DM_STRING_VOID_CTOR

Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "".  Java guarantees that identical string constants will be represented by the same String object.  Therefore, you should just use the empty string constant directly.

Nm / NM_METHOD_NAMING_CONVENTION

Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.

RR / SR_NOT_CHECKED

This method ignores the return value of java.io.InputStream.skip() which can skip multiple bytes.  If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were skipped than the caller requested.  This is a particularly insidious kind of bug, because in many programs, skips from input streams usually do skip the full amount of data requested, causing the program to fail only sporadically. With Buffered streams, however, skip() will only skip data in the buffer, and will routinely fail to skip the requested number of bytes.

NP / NP_NULL_PARAM_DEREF_NONVIRTUAL

A possibly-null value is passed to a method which unconditionally dereferences it. This will almost certainly result in a null pointer exception.

RV / RV_RETURN_VALUE_IGNORED

The return value of this method should be checked. One common cause of this warning is to invoke a method on an immutable object, thinking that it updates the object. For example, in the following code fragment,

String dateString = getHeaderField(name);
dateString.trim();

the programmer seems to be thinking that the trim() method will update the String referenced by dateString. But since Strings are immutable, the trim() function returns a new String value, which is being ignored here. The code should be corrected to:

String dateString = getHeaderField(name);
dateString = dateString.trim();
IP / IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN

The initial value of this parameter is ignored, and the parameter is overwritten here. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller.

Co / CO_SELF_NO_OBJECT

This class defines a covariant version of compareTo().  To correctly override the compareTo() method in the Comparable interface, the parameter of compareTo() must have type java.lang.Object.

ES / ES_COMPARING_STRINGS_WITH_EQ

This code compares java.lang.String objects for reference equality using the == or != operators. Unless both strings are either constants in a source file, or have been interned using the String.intern() method, the same string value may be represented by two different String objects. Consider using the equals(Object) method instead.

UW / UW_UNCOND_WAIT

This method contains a call to java.lang.Object.wait() which is not guarded by conditional control flow.  The code should verify that condition it intends to wait for is not already satisfied before calling wait; any previous notifications will be ignored.

INT / INT_VACUOUS_COMPARISON

There is an integer comparison that always returns the same value (e.g., x <= Integer.MAX_VALUE).

UwF / UWF_UNWRITTEN_FIELD

This field is never written.  All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.

BC / BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS

The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this.

CN / CN_IDIOM_NO_SUPER_CALL

This non-final class defines a clone() method that does not call super.clone(). If this class ("A") is extended by a subclass ("B"), and the subclass B calls super.clone(), then it is likely that B's clone() method will return an object of type A, which violates the standard contract for clone().

If all clone() methods call super.clone(), then they are guaranteed to use Object.clone(), which always returns an object of the correct type.

Nm / NM_METHOD_CONSTRUCTOR_CONFUSION

This regular method has the same name as the class it is defined in. It is likely that this was intended to be a constructor. If it was intended to be a constructor, remove the declaration of a void return value. If you had accidently defined this method, realized the mistake, defined a proper constructor but can't get rid of this method due to backwards compatibility, deprecate the method.

MWN / MWN_MISMATCHED_WAIT

This method calls Object.wait() without obviously holding a lock on the object.  Calling wait() without a lock held will result in an IllegalMonitorStateException being thrown.

Dm / DM_GC

Code explicitly invokes garbage collection. Except for specific use in benchmarking, this is very dubious.

In the past, situations where people have explicitly invoked the garbage collector in routines such as close or finalize methods has led to huge performance black holes. Garbage collection can be expensive. Any situation that forces hundreds or thousands of garbage collections will bring the machine to a crawl.

BC / DMI_RANDOM_USED_ONLY_ONCE

This code creates a java.util.Random object, uses it to generate one random number, and then discards the Random object. This produces mediocre quality random numbers and is inefficient. If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number is required invoke a method on the existing Random object to obtain it.

If it is important that the generated Random numbers not be guessable, you must not create a new Random for each random number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead (and avoid allocating a new SecureRandom for each random number needed).

ML / ML_SYNC_ON_UPDATED_FIELD

This method synchronizes on an object references from a mutable field. This is unlikely to have useful semantics, since different threads may be synchronizing on different objects.

Bx / BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION

A primitive boxed value constructed and then immediately converted into a different primitive type (e.g., new Double(d).intValue()). Just perform direct primitive coercion (e.g., (int) d).

DMI / DMI_NONSERIALIZABLE_OBJECT_WRITTEN

This code seems to be passing a non-serializable object to the ObjectOutput.writeObject method. If the object is, indeed, non-serializable, an error will result.

DMI / DMI_USELESS_SUBSTRING

This code invokes substring(0) on a String, which returns the original value.

UrF / URF_UNREAD_FIELD

This field is never read.  Consider removing it from the class.

NP / NP_NULL_INSTANCEOF

This instanceof test will always return false, since the value being checked is guaranteed to be null. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

NP / NP_LOAD_OF_KNOWN_NULL_VALUE

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.

Dm / DMI_BLOCKING_METHODS_ON_URL

The equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit. See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information. Consider using java.net.URI instead.

IM / IM_BAD_CHECK_FOR_ODD

The code uses x % 2 == 1 to check to see if a value is odd, but this won't work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0.

SWL / SWL_SLEEP_WITH_LOCK_HELD

This method calls Thread.sleep() with a lock held. This may result in very poor performance and scalability, or a deadlock, since other threads may be waiting to acquire the lock. It is a much better idea to call wait() on the lock, which releases the lock and allows other threads to run.

Nm / NM_VERY_CONFUSING_INTENTIONAL

The referenced methods have names that differ only by capitalization or the packages of their parameters. This is very confusing because if the capitalization were identical then one of the methods would override the other. From the existence of other methods, it seems that the existence of both of these methods is intentional, but is sure is confusing. You should try hard to eliminate one of them, unless you are forced to have both due to frozen APIs.

IS / IS2_INCONSISTENT_SYNC

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

  1. The class contains a mix of locked and unlocked accesses,
  2. At least one locked access was performed by one of the class's own methods, and
  3. The number of unsynchronized field accesses (reads and writes) was no more than one third of all accesses, with writes being weighed twice as high as reads

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.

ICAST / ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL

This code converts an int value to a double precision floating point number and then passing the result to the Math.ceil() function, which rounds a double to the next higher integer value. This operation should always be a no-op, since the converting an integer to a double should give a number with no fractional part. It is likely that the operation that generated the value to be passed to Math.ceil was intended to be performed using double precision floating point arithmetic.

Se / SE_COMPARATOR_SHOULD_BE_SERIALIZABLE

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

CN / CN_IDIOM

Class implements Cloneable but does not define or use the clone method.

DE / DE_MIGHT_IGNORE

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

FI / FI_MISSING_SUPER_CALL

This finalize() method does not make a call to its superclass's finalize() method.  So, any finalizer actions defined for the superclass will not be performed.  Add a call to super.finalize().

DMI / DMI_INVOKING_TOSTRING_ON_ARRAY

The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.

NP / NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  The value may be null because it was return from a method which is known to return possibly-null values.

FI / FI_EMPTY

Empty finalize() methods are useless, so they should be deleted.

Dm / DM_EXIT

Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.

DC / DC_DOUBLECHECK

This method may contain an instance of double-checked locking.  This idiom is not correct according to the semantics of the Java memory model.  For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.

UwF / UWF_NULL_FIELD

All writes to this field are of the constant value null, and thus all reads of the field will return null. Check for errors, or remove it if it is useless.

NN / NN_NAKED_NOTIFY

A call to notify() or notifyAll() was made without any (apparent) accompanying modification to mutable object state.  In general, calling a notify method on a monitor is done because some condition another thread is waiting for has become true.  However, for the condition to be meaningful, it must involve a heap object that is visible to both threads.

This bug does not necessarily indicate an error, since the change to mutable object state may have taken place in a method which then called the method containing the notification.

OS / OS_OPEN_STREAM

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

UL / UL_UNRELEASED_LOCK_EXCEPTION_PATH

This method acquires a JSR-166 (java.util.concurrent) lock, but does not release it on all exception paths out of the method. In general, the correct idiom for using a JSR-166 lock is:

    Lock l = ...;
    l.lock();
    try {
        // do something
    } finally {
        l.unlock();
    }
Se / SE_BAD_FIELD

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

RCN / RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES

This method contains a redundant comparison of two references known to both be definitely null.

REC / REC_CATCH_EXCEPTION

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

UR / UR_UNINIT_READ

This constructor reads a field which has not yet been assigned a value.  This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.

Eq / EQ_SELF_USE_OBJECT

This class defines a covariant version of the equals() method, but inherits the normal equals(Object) method defined in the base java.lang.Object class.  The class should probably define a non-covariant version of equals().  (I.e., a method with the signature boolean equals(java.lang.Object).

Nm / NM_CLASS_NOT_EXCEPTION

This class is not derived from another exception, but ends with 'Exception'. This will be confusing to users of this class.

RR / RR_NOT_CHECKED

This method ignores the return value of one of the variants of java.io.InputStream.read() which can return multiple bytes.  If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were read than the caller requested.  This is a particularly insidious kind of bug, because in many programs, reads from input streams usually do read the full amount of data requested, causing the program to fail only sporadically.

RCN / RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

This method contains a redundant check of a known non-null value against the constant null.

BC / BC_IMPOSSIBLE_INSTANCEOF

This instanceof test will always return false. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

SS / SS_SHOULD_BE_STATIC

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

ST / ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

NP / NP_TOSTRING_COULD_RETURN_NULL

This toString method seems to return null in some circumstances. A liberal reading of the spec could be interpreted as allowing this, but it is probably a bad idea and could cause other code to break. Return the empty string or some other appropriate string rather than null.

Se / SE_TRANSIENT_FIELD_NOT_RESTORED

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

EC / EC_NULL_ARG

This method calls equals(Object), passing a null value as the argument. According to the contract of the equals() method, this call should always return false.

Dm / DM_STRING_TOSTRING

Calling String.toString() is just a redundant operation. Just use the String.

NS / NS_NON_SHORT_CIRCUIT

This code seems to be using non-short-circuit logic (e.g., & or |) rather than short-circuit logic (&& or ||). Non-short-circuit logic causes both sides of the expression to be evaluated even when the result can be inferred from knowing the left-hand side. This can be less efficient and can result in errors if the left-hand side guards cases when evaluating the right-hand side can generate an error.

See the Java Language Specification for details

NP / NP_NULL_PARAM_DEREF

This method call passes a null value to a method which might dereference it unconditionally.

Dm / DM_BOOLEAN_CTOR

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type.  Use the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean objects instead.

DLS / DLS_DEAD_LOCAL_STORE

This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

LI / LI_LAZY_INIT_STATIC

This method contains an unsynchronized lazy initialization of a non-volatile static field. Because the compiler or processor may reorder instructions, threads are not guaranteed to see a completely initialized object, if the method can be called by multiple threads. You can make the field volatile to correct the problem. For more information, see the Java Memory Model web site.

HE / HE_EQUALS_USE_HASHCODE

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }
DB / DB_DUPLICATE_BRANCHES

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

Dm / DM_STRING_CTOR

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter.  Just use the argument String directly.

FE / FE_FLOATING_POINT_EQUALITY

This operation compares two floating point values for equality. Because floating point calculations may involve rounding, calculated float and double values may not be accurate. For values that must be precise, such as monetary values, consider using a fixed-precision type such as BigDecimal. For values that need not be precise, consider comparing for equality within some range, for example: if ( Math.abs(x - y) < .0000001 ). See the Java Language Specification, section 4.2.4.

SnVI / SE_NO_SERIALVERSIONID

This class implements the Serializable interface, but does not define a serialVersionUID field.  A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

Se / SE_BAD_FIELD_STORE

A non-serializable value is stored into a non-transient field of a serializable class.

ICAST / ICAST_INTEGER_MULTIPLY_CAST_TO_LONG

This code performs integer multiply and then converts the result to a long, as in:

 
	long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; } 
If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to:
 
	long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; } 
or
 
	static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
	long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; } 

Se / SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION

This class implements the Externalizable interface, but does not define a void constructor. When Externalizable objects are deserialized, they first need to be constructed by invoking the void constructor. Since this class does not have one, serialization and deserialization will fail at runtime.

DMI / DMI_HARDCODED_ABSOLUTE_FILENAME

This code constructs a File object using a hard coded to an absolute pathname (e.g., new File("/home/dannyc/workspace/j2ee/src/share/com/sun/enterprise/deployment");

Ru / RU_INVOKE_RUN

This method explicitly invokes run() on an object.  In general, classes implement the Runnable interface because they are going to have their run() method invoked in a new thread, in which case Thread.start() is the right method to call.

SA / SA_FIELD_SELF_ASSIGNMENT

This method contains a self assignment of a field; e.g.

  int x;
  public void foo() {
    x = x;
  }

Such assignments are useless, and may indicate a logic error or typo.

SBSC / SBSC_USE_STRINGBUFFER_CONCATENATION

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();
HE / HE_INHERITS_EQUALS_USE_HASHCODE

This class inherits equals(Object) from an abstract superclass, and hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't want to define a hashCode method, and/or don't believe the object will ever be put into a HashMap/Hashtable, define the hashCode() method to throw UnsupportedOperationException.

Wa / WA_NOT_IN_LOOP

This method contains a call to java.lang.Object.wait() which is not in a loop.  If the monitor is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred.

BC / BC_IMPOSSIBLE_CAST

This cast will always throw a ClassCastException.

NP / NP_NULL_ON_SOME_PATH_EXCEPTION

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

ICAST / ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT

The code performs an unsigned right shift, whose result is then cast to a short or byte, which discards the upper bits of the result. Since the upper bits are discarded, there may be no difference between a signed and unsigned right shift (depending upon the size of the shift).

IC / IC_INIT_CIRCULARITY

A circularity was detected in the static initializers of the two classes referenced by the bug instance.  Many kinds of unexpected behavior may arise from such circularity.

NP / NP_ALWAYS_NULL

A null pointer is dereferenced here.  This will lead to a NullPointerException when the code is executed.

Nm / NM_CLASS_NAMING_CONVENTION

Class names should be nouns, in mixed case with the first letter of each internal word capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms and abbreviations (unless the abbreviation is much more widely used than the long form, such as URL or HTML).

It / IT_NO_SUCH_ELEMENT

This class implements the java.util.Iterator interface.  However, its next() method is not capable of throwing java.util.NoSuchElementException.  The next() method should be changed so it throws NoSuchElementException if is called when there are no more elements to return.

RCN / RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.

UuF / UUF_UNUSED_FIELD

This field is never used.  Consider removing it from the class.

HE / HE_EQUALS_NO_HASHCODE

This class overrides equals(Object), but does not override hashCode().  Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

NP / NP_CLONE_COULD_RETURN_NULL

This clone method seems to return null in some circumstances, but clone is never allowed to return a null value. If you are convinced this path is unreachable, throw an AssertionError instead.

ICAST / ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND

This code converts an int value to a float precision floating point number and then passing the result to the Math.round() function, which returns the int/long closest to the argument. This operation should always be a no-op, since the converting an integer to a float should give a number with no fractional part. It is likely that the operation that generated the value to be passed to Math.round was intended to be performed using floating point arithmetic.

BC / BC_VACUOUS_INSTANCEOF

This instanceof test will always return true. Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error.

NP / NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT

This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.

NP / NP_NULL_ON_SOME_PATH

A reference value dereferenced here might be null at runtime.  This may lead to a NullPointerException when the code is executed.

ICAST / ICAST_IDIV_CAST_TO_DOUBLE

This code casts the result of an integer division operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example:

int x = 2;
int y = 5;
// Wrong: yields result 0.0
double value1 =  x / y;

// Right: yields result 0.4
double value2 =  x / (double) y;
FI / FI_NULLIFY_SUPER

This empty finalize() method explicitly negates the effect of any finalizer defined by its superclass.  Any finalizer actions defined for the superclass will not be performed.  Unless this is intended, delete this method.

RS / RS_READOBJECT_SYNC

This serializable class defines a readObject() which is synchronized.  By definition, an object created by deserialization is only reachable by one thread, and thus there is no need for readObject() to be synchronized.  If the readObject() method itself is causing the object to become visible to another thread, that is an example of very dubious coding style.

NS / NS_DANGEROUS_NON_SHORT_CIRCUIT

This code seems to be using non-short-circuit logic (e.g., & or |) rather than short-circuit logic (&& or ||). In addition, it seem possible that, depending on the value of the left hand side, you might not want to evaluate the right hand side (because it would have side effects, could cause an exception or could be expensive.

Non-short-circuit logic causes both sides of the expression to be evaluated even when the result can be inferred from knowing the left-hand side. This can be less efficient and can result in errors if the left-hand side guards cases when evaluating the right-hand side can generate an error.

See the Java Language Specification for details

BC / BC_UNCONFIRMED_CAST

This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.

IM / IM_AVERAGE_COMPUTATION_COULD_OVERFLOW

The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1

This bug exists in many earlier implementations of binary search and merge sort. Martin Buchholz found and fixed it in the JDK libraries, and Joshua Bloch widely publicized the bug pattern.

SA / SA_FIELD_DOUBLE_ASSIGNMENT

This method contains a double assignment of a field; e.g.

  int x,y;
  public void foo() {
    x = x = 17;
  }

Assigning to a field twice is useless, and may indicate a logic error or typo.

WMI / WMI_WRONG_MAP_ITERATOR

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.

NP / NP_UNWRITTEN_FIELD

The program is dereferencing a field that does not seem to ever have a non-null value written to it. Dereferencing this value will generate a null pointer exception.

Se / SE_BAD_FIELD_INNER_CLASS

This Serializable class is an inner class of a non-serializable class. Thus, attempts to serialize it will also attempt to associate instance of the outer class with which it is associated, leading to a runtime error.

If possible, making the inner class a static inner class should solve the problem. Making the outer class serializable might also work, but that would mean serializing an instance of the inner class would always also serialize the instance of the outer class, which it often not what you really want.

UCF / UCF_USELESS_CONTROL_FLOW_NEXT_LINE

This method contains a useless control flow statement in which control flow follows to the same or following line regardless of whether or not the branch is taken. Often, this is caused by inadvertently using an empty statement as the body of an if statement, e.g.:

    if (argv.length == 1);
        System.out.println("Hello, " + argv[0]);
EC / EC_UNRELATED_TYPES

This method calls equals(Object) on two references of different class types with no common subclasses. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime.

NP / NP_GUARANTEED_DEREF

There is a statement or branch that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions).

Bx / BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR

A wrapped primative value is unboxed and converted to another primative type as part of the evaluation of a conditional ternary operator (the b ? e1 : e2 operator). The semantics of Java mandate that if e1 and e2 are wrapped numeric values, the values are unboxed and converted/coerced to their common type (e.g, if e1 is of type Integer and e2 is of type Float, then e1 is unboxed, converted to a floating point value, and boxed. See JLS Section 15.25.

RC / RC_REF_COMPARISON

This method compares two reference values using the == or != operator, where the correct way to compare instances of this type is generally with the equals() method. Examples of classes which should generally not be compared by reference are java.lang.Integer, java.lang.Float, etc.

SC / SC_START_IN_CTOR

The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.

SF / SF_SWITCH_FALLTHROUGH

This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return.

MF / MF_CLASS_MASKS_FIELD

This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other.

NP / NP_IMMEDIATE_DEREFERENCE_OF_READLINE

The result of invoking readLine() is immediately dereferenced. If there are no more lines of text to read, readLine() will return null and dereferencing that will generate a null pointer exception.

UMAC / UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS

This anonymous class defined a method that is not directly invoked and does not override a method in a superclass. Since methods in other classes cannot directly invoke methods declared in an anonymous class, it seems that this method is uncallable. The method might simply be dead code, but it is also possible that the method is intended to override a method declared in a superclass, and due to an typo or other error the method does not, in fact, override the method it is intended to.

Se / SE_NO_SUITABLE_CONSTRUCTOR

This class implements the Serializable interface and its superclass does not. When such an object is deserialized, the fields of the superclass need to be initialized by invoking the void constructor of the superclass. Since the superclass does not have one, serialization and deserialization will fail at runtime.