doc/allBugDescriptions.html - Issue 1232833004: Update findbugs from 3.0.0 to 3.0.1.

Unified Diff: doc/allBugDescriptions.html

Issue 1232833004: Update findbugs from 3.0.0 to 3.0.1. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/findbugs.git@master

Patch Set: rebase again Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: doc/allBugDescriptions.html

diff --git a/doc/allBugDescriptions.html b/doc/allBugDescriptions.html

index 66c75e290dae43eb7e64586d1f1c17aa985d698d..e62485bdc5adb6744b41029c95eb65622992d8ee 100644

--- a/doc/allBugDescriptions.html

+++ b/doc/allBugDescriptions.html

@@ -1,5 +1,6 @@

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

-<html><head><title>FindBugs Bug Descriptions (Unabridged)</title>

+<html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">

+<title>FindBugs Bug Descriptions (Unabridged)</title>

</head><body>

@@ -39,7 +40,7 @@

<tr><td><b>Development</b></td></tr>

-<tr><td><font size="-1"> <a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>

+<tr><td><font size="-1"> <a class="sidebar" href="http://sourceforge.net/p/findbugs/bugs/">Open bugs</a></font></td></tr>

<tr><td><font size="-1"> <a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>

<tr><td><font size="-1"> <a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>

@@ -69,6 +70,8 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#eeeeee"><td><a href="#CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE">CN: Class defines clone() but doesn't implement Cloneable</a></td><td>Bad practice</td></tr>

<tr bgcolor="#ffffff"><td><a href="#CNT_ROUGH_CONSTANT_VALUE">CNT: Rough value of known constant found</a></td><td>Bad practice</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#CO_ABSTRACT_SELF">Co: Abstract class defines covariant compareTo() method</a></td><td>Bad practice</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#CO_COMPARETO_INCORRECT_FLOATING">Co: compareTo()/compare() incorrectly handles float or double value</a></td><td>Bad practice</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE</a></td><td>Bad practice</td></tr>

<tr bgcolor="#ffffff"><td><a href="#CO_SELF_NO_OBJECT">Co: Covariant compareTo() method defined</a></td><td>Bad practice</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#DE_MIGHT_DROP">DE: Method might drop exception</a></td><td>Bad practice</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DE_MIGHT_IGNORE">DE: Method might ignore exception</a></td><td>Bad practice</td></tr>

@@ -104,6 +107,8 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#ffffff"><td><a href="#IT_NO_SUCH_ELEMENT">It: Iterator next() method can't throw NoSuchElementException</a></td><td>Bad practice</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION">J2EE: Store of non serializable object into HttpSession</a></td><td>Bad practice</td></tr>

<tr bgcolor="#ffffff"><td><a href="#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP: Fields of immutable classes should be final</a></td><td>Bad practice</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#ME_ENUM_FIELD_SETTER">ME: Public enum method unconditionally sets its field</a></td><td>Bad practice</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#ME_MUTABLE_ENUM_FIELD">ME: Enum field is public and mutable</a></td><td>Bad practice</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#NP_BOOLEAN_RETURN_NULL">NP: Method with Boolean return type returns explicit null</a></td><td>Bad practice</td></tr>

<tr bgcolor="#ffffff"><td><a href="#NP_CLONE_COULD_RETURN_NULL">NP: Clone method may return null</a></td><td>Bad practice</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT">NP: equals() method does not check for null argument</a></td><td>Bad practice</td></tr>

@@ -158,9 +163,9 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#ffffff"><td><a href="#BIT_IOR_OF_SIGNED_BYTE">BIT: Bitwise OR of signed byte value</a></td><td>Correctness</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#BIT_SIGNED_CHECK_HIGH_BIT">BIT: Check for sign of bitwise operation</a></td><td>Correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#BOA_BADLY_OVERRIDDEN_ADAPTER">BOA: Class overrides a method implemented in super class Adapter wrongly</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#BSHIFT_WRONG_ADD_PRIORITY">BSHIFT: Possible bad parsing of shift operation</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#CAA_COVARIANT_ARRAY_ELEMENT_STORE">CAA: Possibly incompatible element is stored in covariant array</a></td><td>Correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_INCREMENT_IN_RETURN">DLS: Useless increment in return statement</a></td><td>Correctness</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_STORE_OF_CLASS_LITERAL">DLS: Dead store of class literal</a></td><td>Correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DLS_OVERWRITTEN_INCREMENT">DLS: Overwritten increment</a></td><td>Correctness</td></tr>

@@ -177,148 +182,156 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#eeeeee"><td><a href="#DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR">Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor</a></td><td>Correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS">Dm: Creation of ScheduledThreadPoolExecutor with zero core threads</a></td><td>Correctness</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD">Dm: Useless/vacuous call to EasyMock method</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EC_ARRAY_AND_NONARRAY">EC: equals() used to compare array and nonarray</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EC_BAD_ARRAY_COMPARE">EC: Invocation of equals() on an array, which is equivalent to ==</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EC_INCOMPATIBLE_ARRAY_COMPARE">EC: equals(...) used to compare incompatible arrays</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EC_NULL_ARG">EC: Call to equals(null)</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EC_UNRELATED_CLASS_AND_INTERFACE">EC: Call to equals() comparing unrelated class and interface</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EC_UNRELATED_INTERFACES">EC: Call to equals() comparing different interface types</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EC_UNRELATED_TYPES">EC: Call to equals() comparing different types</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EC_UNRELATED_TYPES_USING_POINTER_EQUALITY">EC: Using pointer equality to compare different types</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EQ_ALWAYS_FALSE">Eq: equals method always returns false</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EQ_ALWAYS_TRUE">Eq: equals method always returns true</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EQ_COMPARING_CLASS_NAMES">Eq: equals method compares class names rather than class objects</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EQ_DONT_DEFINE_EQUALS_FOR_ENUM">Eq: Covariant equals() method defined for enum</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EQ_OTHER_NO_OBJECT">Eq: equals() method defined that doesn't override equals(Object)</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EQ_OTHER_USE_OBJECT">Eq: equals() method defined that doesn't override Object.equals(Object)</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC">Eq: equals method overrides equals in superclass and may not be symmetric</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EQ_SELF_USE_OBJECT">Eq: Covariant equals() method defined, Object.equals(Object) inherited</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#FB_MISSING_EXPECTED_WARNING">FB: Missing expected or desired warning from FindBugs</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#FB_UNEXPECTED_WARNING">FB: Unexpected/undesired warning from FindBugs</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER">FE: Doomed test for equality to NaN</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#FL_MATH_USING_FLOAT_PRECISION">FL: Method performs math using floating point precision</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_BAD_ARGUMENT">FS: Format string placeholder incompatible with passed argument</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION">FS: The type of a supplied argument doesn't match format specifier</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED">FS: MessageFormat supplied where printf style format expected</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED">FS: More arguments are passed than are actually used in the format string</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_ILLEGAL">FS: Illegal format string</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_MISSING_ARGUMENT">FS: Format string references missing argument</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT">FS: No previous argument for format string</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#GC_UNRELATED_TYPES">GC: No relationship between generic parameter and method argument</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS">HE: Signature declares use of unhashable class in hashed construct</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#HE_USE_OF_UNHASHABLE_CLASS">HE: Use of class without a hashCode() method in a hashed data structure</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#ICAST_INT_2_LONG_AS_INSTANT">ICAST: int value converted to long and used as absolute time</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL">ICAST: Integral value cast to double and then passed to Math.ceil</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND">ICAST: int value cast to float and then passed to Math.round</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD">IJU: JUnit assertion in run method will not be noticed by JUnit</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IJU_BAD_SUITE_METHOD">IJU: TestCase declares a bad suite method </a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IJU_NO_TESTS">IJU: TestCase has no tests</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IJU_SETUP_NO_SUPER">IJU: TestCase defines setUp that doesn't call super.setUp()</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IJU_SUITE_NOT_STATIC">IJU: TestCase implements a non-static suite method </a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IJU_TEARDOWN_NO_SUPER">IJU: TestCase defines tearDown that doesn't call super.tearDown()</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IL_CONTAINER_ADDED_TO_ITSELF">IL: A collection is added to itself</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IL_INFINITE_LOOP">IL: An apparent infinite loop</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IL_INFINITE_RECURSIVE_LOOP">IL: An apparent infinite recursive loop</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IM_MULTIPLYING_RESULT_OF_IREM">IM: Integer multiply of result of integer remainder</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_COMPARISON_WITH_INT_VALUE">INT: Bad comparison of int value with long constant</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_COMPARISON_WITH_SIGNED_BYTE">INT: Bad comparison of signed byte</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IO_APPENDING_TO_OBJECT_OUTPUT_STREAM">IO: Doomed attempt to append to an object output stream</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN">IP: A parameter is dead upon entry to a method but overwritten</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MF_CLASS_MASKS_FIELD">MF: Class defines field that masks a superclass field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MF_METHOD_MASKS_FIELD">MF: Method defines a variable that obscures a field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_ALWAYS_NULL">NP: Null pointer dereference</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_ALWAYS_NULL_EXCEPTION">NP: Null pointer dereference in method on exception path</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_ARGUMENT_MIGHT_BE_NULL">NP: Method does not check for null argument</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_CLOSING_NULL">NP: close() invoked on a value that is always null</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_GUARANTEED_DEREF">NP: Null value is guaranteed to be dereferenced</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH">NP: Value is null and guaranteed to be dereferenced on exception path</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Nonnull field is not initialized</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a nonnull parameter </a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @NonNull</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_INSTANCEOF">NP: A known null value is checked to see if it is an instance of a type</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH">NP: Possible null pointer dereference</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_EXCEPTION">NP: Possible null pointer dereference in method on exception path</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF">NP: Method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_OPTIONAL_RETURN_NULL">NP: Method with Optional return type returns explicit null</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated NonNull</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_UNWRITTEN_FIELD">NP: Read of unwritten field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NM_BAD_EQUAL">Nm: Class defines equal(Object); should it be equals(Object)?</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NM_LCASE_HASHCODE">Nm: Class defines hashcode(); should it be hashCode()?</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NM_LCASE_TOSTRING">Nm: Class defines tostring(); should it be toString()?</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NM_METHOD_CONSTRUCTOR_CONFUSION">Nm: Apparent method/constructor confusion</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NM_VERY_CONFUSING">Nm: Very confusing method names</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NM_WRONG_PACKAGE">Nm: Method doesn't override method in superclass due to wrong package for parameter</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT">QBA: Method assigns boolean literal in boolean expression</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RC_REF_COMPARISON">RC: Suspicious reference comparison</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE">RCN: Nullcheck of value previously dereferenced</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION">RE: Invalid syntax for regular expression</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION">RE: File.separator used for regular expression</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RE_POSSIBLE_UNINTENDED_PATTERN">RE: "." or "|" used for regular expression</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RV_01_TO_INT">RV: Random value from 0 to 1 is coerced to the integer 0</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_ABSOLUTE_VALUE_OF_HASHCODE">RV: Bad attempt to compute absolute value of signed 32-bit hashcode </a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RV_ABSOLUTE_VALUE_OF_RANDOM_INT">RV: Bad attempt to compute absolute value of signed random integer</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE">RV: Code checks for specific values returned by compareTo</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RV_EXCEPTION_NOT_THROWN">RV: Exception created and dropped rather than thrown</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_RETURN_VALUE_IGNORED">RV: Method ignores return value</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RpC_REPEATED_CONDITIONAL_TEST">RpC: Repeated conditional tests</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SA_FIELD_SELF_ASSIGNMENT">SA: Self assignment of field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SA_FIELD_SELF_COMPARISON">SA: Self comparison of field with itself</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SA_FIELD_SELF_COMPUTATION">SA: Nonsensical self computation involving a field (e.g., x & x)</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD">SA: Self assignment of local rather than assignment to field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_SELF_COMPARISON">SA: Self comparison of value with itself</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_SELF_COMPUTATION">SA: Nonsensical self computation involving a variable (e.g., x & x)</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH">SF: Dead store due to switch statement fall through</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW">SF: Dead store due to switch statement fall through to throw</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SIC_THREADLOCAL_DEADLY_EMBRACE">SIC: Deadly embrace of non-static inner class and thread local</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SIO_SUPERFLUOUS_INSTANCEOF">SIO: Unnecessary type check done using instanceof operator</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SQL_BAD_PREPARED_STATEMENT_ACCESS">SQL: Method attempts to access a prepared statement parameter with index 0</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SQL_BAD_RESULTSET_ACCESS">SQL: Method attempts to access a result set field with index 0</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#STI_INTERRUPTED_ON_CURRENTTHREAD">STI: Unneeded use of currentThread() call, to call interrupted() </a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#STI_INTERRUPTED_ON_UNKNOWNTHREAD">STI: Static Thread.interrupted() method invoked on thread instance</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#SE_METHOD_MUST_BE_PRIVATE">Se: Method must be private in order for serialization to work</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SE_READ_RESOLVE_IS_STATIC">Se: The readResolve method must not be declared as a static method. </a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED">TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ: Comparing values with incompatible type qualifiers</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK">TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifier</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK">TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED">TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is required</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ: Value without a type qualifier used where a value is required to have that qualifier</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS">UMAC: Uncallable method defined in anonymous class</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#UR_UNINIT_READ">UR: Uninitialized read of field in constructor</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR">UR: Uninitialized read of field method called from constructor of superclass</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY">USELESS_STRING: Invocation of toString on an unnamed array</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DMI_INVOKING_TOSTRING_ON_ARRAY">USELESS_STRING: Invocation of toString on an array</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY">USELESS_STRING: Array formatted in useless way using format string</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UWF_NULL_FIELD">UwF: Field only ever set to null</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#UWF_UNWRITTEN_FIELD">UwF: Unwritten field</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG">VA: Primitive array passed to function expecting a variable number of object arguments</a></td><td>Correctness</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#VR_UNRESOLVABLE_REFERENCE">VR: Class makes reference to unresolvable class or method</a></td><td>Correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE">LG: Potential lost logger changes due to weak reference in OpenJDK</a></td><td>Experimental</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#OBL_UNSATISFIED_OBLIGATION">OBL: Method may fail to clean up stream or resource</a></td><td>Experimental</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE">OBL: Method may fail to clean up stream or resource on checked exception</a></td><td>Experimental</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#TESTING">TEST: Testing</a></td><td>Experimental</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DM_CONVERT_CASE">Dm: Consider using Locale parameterized version of invoked method</a></td><td>Internationalization</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DM_DEFAULT_ENCODING">Dm: Reliance on default encoding</a></td><td>Internationalization</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED">DP: Classloaders should only be created inside doPrivileged block</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DP_DO_INSIDE_DO_PRIVILEGED">DP: Method invoked that should be only be invoked inside a doPrivileged block</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EI_EXPOSE_REP">EI: May expose internal representation by returning reference to mutable object</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EI_EXPOSE_REP2">EI2: May expose internal representation by incorporating reference to mutable object</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#FI_PUBLIC_SHOULD_BE_PROTECTED">FI: Finalizer should be protected, not public</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EI_EXPOSE_STATIC_REP2">MS: May expose internal static state by storing a mutable object into a static field</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MS_CANNOT_BE_FINAL">MS: Field isn't final and can't be protected from malicious code</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MS_EXPOSE_REP">MS: Public static method may expose internal representation by returning array</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MS_FINAL_PKGPROTECT">MS: Field should be both final and package protected</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MS_MUTABLE_ARRAY">MS: Field is a mutable array</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MS_MUTABLE_HASHTABLE">MS: Field is a mutable Hashtable</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MS_OOI_PKGPROTECT">MS: Field should be moved out of an interface and made package protected</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MS_PKGPROTECT">MS: Field should be package protected</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MS_SHOULD_BE_FINAL">MS: Field isn't final but should be</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS: Field isn't final but should be refactored to be so</a></td><td>Malicious code vulnerability</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">AT: Sequence of calls to concurrent abstraction may not be atomic</a></td><td>Multithreaded correctness</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DC_DOUBLECHECK">DC: Possible double check of field</a></td><td>Multithreaded correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DM_INVALID_MIN_MAX">Dm: Incorrect combination of Math.max and Math.min</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EC_ARRAY_AND_NONARRAY">EC: equals() used to compare array and nonarray</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EC_BAD_ARRAY_COMPARE">EC: Invocation of equals() on an array, which is equivalent to ==</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EC_INCOMPATIBLE_ARRAY_COMPARE">EC: equals(...) used to compare incompatible arrays</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EC_NULL_ARG">EC: Call to equals(null)</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EC_UNRELATED_CLASS_AND_INTERFACE">EC: Call to equals() comparing unrelated class and interface</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EC_UNRELATED_INTERFACES">EC: Call to equals() comparing different interface types</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EC_UNRELATED_TYPES">EC: Call to equals() comparing different types</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EC_UNRELATED_TYPES_USING_POINTER_EQUALITY">EC: Using pointer equality to compare different types</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EQ_ALWAYS_FALSE">Eq: equals method always returns false</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EQ_ALWAYS_TRUE">Eq: equals method always returns true</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EQ_COMPARING_CLASS_NAMES">Eq: equals method compares class names rather than class objects</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EQ_DONT_DEFINE_EQUALS_FOR_ENUM">Eq: Covariant equals() method defined for enum</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EQ_OTHER_NO_OBJECT">Eq: equals() method defined that doesn't override equals(Object)</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EQ_OTHER_USE_OBJECT">Eq: equals() method defined that doesn't override Object.equals(Object)</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC">Eq: equals method overrides equals in superclass and may not be symmetric</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EQ_SELF_USE_OBJECT">Eq: Covariant equals() method defined, Object.equals(Object) inherited</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#FB_MISSING_EXPECTED_WARNING">FB: Missing expected or desired warning from FindBugs</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#FB_UNEXPECTED_WARNING">FB: Unexpected/undesired warning from FindBugs</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER">FE: Doomed test for equality to NaN</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#FL_MATH_USING_FLOAT_PRECISION">FL: Method performs math using floating point precision</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_BAD_ARGUMENT">FS: Format string placeholder incompatible with passed argument</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION">FS: The type of a supplied argument doesn't match format specifier</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED">FS: MessageFormat supplied where printf style format expected</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED">FS: More arguments are passed than are actually used in the format string</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_ILLEGAL">FS: Illegal format string</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_MISSING_ARGUMENT">FS: Format string references missing argument</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT">FS: No previous argument for format string</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#GC_UNRELATED_TYPES">GC: No relationship between generic parameter and method argument</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS">HE: Signature declares use of unhashable class in hashed construct</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#HE_USE_OF_UNHASHABLE_CLASS">HE: Use of class without a hashCode() method in a hashed data structure</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#ICAST_INT_2_LONG_AS_INSTANT">ICAST: int value converted to long and used as absolute time</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL">ICAST: Integral value cast to double and then passed to Math.ceil</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND">ICAST: int value cast to float and then passed to Math.round</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD">IJU: JUnit assertion in run method will not be noticed by JUnit</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IJU_BAD_SUITE_METHOD">IJU: TestCase declares a bad suite method </a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IJU_NO_TESTS">IJU: TestCase has no tests</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IJU_SETUP_NO_SUPER">IJU: TestCase defines setUp that doesn't call super.setUp()</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IJU_SUITE_NOT_STATIC">IJU: TestCase implements a non-static suite method </a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IJU_TEARDOWN_NO_SUPER">IJU: TestCase defines tearDown that doesn't call super.tearDown()</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IL_CONTAINER_ADDED_TO_ITSELF">IL: A collection is added to itself</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IL_INFINITE_LOOP">IL: An apparent infinite loop</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IL_INFINITE_RECURSIVE_LOOP">IL: An apparent infinite recursive loop</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IM_MULTIPLYING_RESULT_OF_IREM">IM: Integer multiply of result of integer remainder</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#INT_BAD_COMPARISON_WITH_INT_VALUE">INT: Bad comparison of int value with long constant</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant or zero</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#INT_BAD_COMPARISON_WITH_SIGNED_BYTE">INT: Bad comparison of signed byte</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IO_APPENDING_TO_OBJECT_OUTPUT_STREAM">IO: Doomed attempt to append to an object output stream</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN">IP: A parameter is dead upon entry to a method but overwritten</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MF_CLASS_MASKS_FIELD">MF: Class defines field that masks a superclass field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MF_METHOD_MASKS_FIELD">MF: Method defines a variable that obscures a field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_ALWAYS_NULL">NP: Null pointer dereference</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_ALWAYS_NULL_EXCEPTION">NP: Null pointer dereference in method on exception path</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_ARGUMENT_MIGHT_BE_NULL">NP: Method does not check for null argument</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_CLOSING_NULL">NP: close() invoked on a value that is always null</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_GUARANTEED_DEREF">NP: Null value is guaranteed to be dereferenced</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH">NP: Value is null and guaranteed to be dereferenced on exception path</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Non-null field is not initialized</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a non-null parameter </a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @Nonnull</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_INSTANCEOF">NP: A known null value is checked to see if it is an instance of a type</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH">NP: Possible null pointer dereference</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH_EXCEPTION">NP: Possible null pointer dereference in method on exception path</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_PARAM_DEREF">NP: Method call passes null for non-null parameter</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for non-null parameter</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for non-null parameter</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_OPTIONAL_RETURN_NULL">NP: Method with Optional return type returns explicit null</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated @Nonnull</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_UNWRITTEN_FIELD">NP: Read of unwritten field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NM_BAD_EQUAL">Nm: Class defines equal(Object); should it be equals(Object)?</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NM_LCASE_HASHCODE">Nm: Class defines hashcode(); should it be hashCode()?</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NM_LCASE_TOSTRING">Nm: Class defines tostring(); should it be toString()?</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NM_METHOD_CONSTRUCTOR_CONFUSION">Nm: Apparent method/constructor confusion</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NM_VERY_CONFUSING">Nm: Very confusing method names</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NM_WRONG_PACKAGE">Nm: Method doesn't override method in superclass due to wrong package for parameter</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT">QBA: Method assigns boolean literal in boolean expression</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RANGE_ARRAY_INDEX">RANGE: Array index is out of bounds</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RANGE_ARRAY_LENGTH">RANGE: Array length is out of bounds</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RANGE_ARRAY_OFFSET">RANGE: Array offset is out of bounds</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RANGE_STRING_INDEX">RANGE: String index is out of bounds</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RC_REF_COMPARISON">RC: Suspicious reference comparison</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE">RCN: Nullcheck of value previously dereferenced</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION">RE: Invalid syntax for regular expression</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION">RE: File.separator used for regular expression</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RE_POSSIBLE_UNINTENDED_PATTERN">RE: "." or "|" used for regular expression</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_01_TO_INT">RV: Random value from 0 to 1 is coerced to the integer 0</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_ABSOLUTE_VALUE_OF_HASHCODE">RV: Bad attempt to compute absolute value of signed 32-bit hashcode </a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_ABSOLUTE_VALUE_OF_RANDOM_INT">RV: Bad attempt to compute absolute value of signed random integer</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE">RV: Code checks for specific values returned by compareTo</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_EXCEPTION_NOT_THROWN">RV: Exception created and dropped rather than thrown</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_RETURN_VALUE_IGNORED">RV: Method ignores return value</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RpC_REPEATED_CONDITIONAL_TEST">RpC: Repeated conditional tests</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SA_FIELD_SELF_ASSIGNMENT">SA: Self assignment of field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SA_FIELD_SELF_COMPARISON">SA: Self comparison of field with itself</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SA_FIELD_SELF_COMPUTATION">SA: Nonsensical self computation involving a field (e.g., x & x)</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD">SA: Self assignment of local rather than assignment to field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_SELF_COMPARISON">SA: Self comparison of value with itself</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_SELF_COMPUTATION">SA: Nonsensical self computation involving a variable (e.g., x & x)</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH">SF: Dead store due to switch statement fall through</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW">SF: Dead store due to switch statement fall through to throw</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SIC_THREADLOCAL_DEADLY_EMBRACE">SIC: Deadly embrace of non-static inner class and thread local</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SIO_SUPERFLUOUS_INSTANCEOF">SIO: Unnecessary type check done using instanceof operator</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SQL_BAD_PREPARED_STATEMENT_ACCESS">SQL: Method attempts to access a prepared statement parameter with index 0</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SQL_BAD_RESULTSET_ACCESS">SQL: Method attempts to access a result set field with index 0</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#STI_INTERRUPTED_ON_CURRENTTHREAD">STI: Unneeded use of currentThread() call, to call interrupted() </a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#STI_INTERRUPTED_ON_UNKNOWNTHREAD">STI: Static Thread.interrupted() method invoked on thread instance</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SE_METHOD_MUST_BE_PRIVATE">Se: Method must be private in order for serialization to work</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#SE_READ_RESOLVE_IS_STATIC">Se: The readResolve method must not be declared as a static method. </a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED">TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ: Comparing values with incompatible type qualifiers</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK">TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifier</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK">TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED">TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is required</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ: Value without a type qualifier used where a value is required to have that qualifier</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS">UMAC: Uncallable method defined in anonymous class</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UR_UNINIT_READ">UR: Uninitialized read of field in constructor</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR">UR: Uninitialized read of field method called from constructor of superclass</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY">USELESS_STRING: Invocation of toString on an unnamed array</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DMI_INVOKING_TOSTRING_ON_ARRAY">USELESS_STRING: Invocation of toString on an array</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION_FROM_ARRAY">USELESS_STRING: Array formatted in useless way using format string</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UWF_NULL_FIELD">UwF: Field only ever set to null</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UWF_UNWRITTEN_FIELD">UwF: Unwritten field</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG">VA: Primitive array passed to function expecting a variable number of object arguments</a></td><td>Correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#VR_UNRESOLVABLE_REFERENCE">VR: Class makes reference to unresolvable class or method</a></td><td>Correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE">LG: Potential lost logger changes due to weak reference in OpenJDK</a></td><td>Experimental</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#OBL_UNSATISFIED_OBLIGATION">OBL: Method may fail to clean up stream or resource</a></td><td>Experimental</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE">OBL: Method may fail to clean up stream or resource on checked exception</a></td><td>Experimental</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#TESTING">TEST: Testing</a></td><td>Experimental</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DM_CONVERT_CASE">Dm: Consider using Locale parameterized version of invoked method</a></td><td>Internationalization</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DM_DEFAULT_ENCODING">Dm: Reliance on default encoding</a></td><td>Internationalization</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED">DP: Classloaders should only be created inside doPrivileged block</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DP_DO_INSIDE_DO_PRIVILEGED">DP: Method invoked that should be only be invoked inside a doPrivileged block</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EI_EXPOSE_REP">EI: May expose internal representation by returning reference to mutable object</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EI_EXPOSE_REP2">EI2: May expose internal representation by incorporating reference to mutable object</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#FI_PUBLIC_SHOULD_BE_PROTECTED">FI: Finalizer should be protected, not public</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EI_EXPOSE_STATIC_REP2">MS: May expose internal static state by storing a mutable object into a static field</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_CANNOT_BE_FINAL">MS: Field isn't final and can't be protected from malicious code</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MS_EXPOSE_REP">MS: Public static method may expose internal representation by returning array</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_FINAL_PKGPROTECT">MS: Field should be both final and package protected</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MS_MUTABLE_ARRAY">MS: Field is a mutable array</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_MUTABLE_COLLECTION">MS: Field is a mutable collection</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MS_MUTABLE_COLLECTION_PKGPROTECT">MS: Field is a mutable collection which should be package protected</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_MUTABLE_HASHTABLE">MS: Field is a mutable Hashtable</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MS_OOI_PKGPROTECT">MS: Field should be moved out of an interface and made package protected</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_PKGPROTECT">MS: Field should be package protected</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MS_SHOULD_BE_FINAL">MS: Field isn't final but should be</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS: Field isn't final but should be refactored to be so</a></td><td>Malicious code vulnerability</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">AT: Sequence of calls to concurrent abstraction may not be atomic</a></td><td>Multithreaded correctness</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DC_DOUBLECHECK">DC: Possible double check of field</a></td><td>Multithreaded correctness</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DC_PARTIALLY_CONSTRUCTED">DC: Possible exposure of partially initialized object</a></td><td>Multithreaded correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_BOOLEAN">DL: Synchronization on Boolean</a></td><td>Multithreaded correctness</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE">DL: Synchronization on boxed primitive</a></td><td>Multithreaded correctness</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_SHARED_CONSTANT">DL: Synchronization on interned String </a></td><td>Multithreaded correctness</td></tr>

@@ -368,7 +381,9 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#ffffff"><td><a href="#NOISE_OPERATION">NOISE: Bogus warning about an operation</a></td><td>Bogus random noise</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED">Bx: Primitive value is boxed and then immediately unboxed</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION">Bx: Primitive value is boxed then unboxed to perform primitive coercion</a></td><td>Performance</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#BX_UNBOXING_IMMEDIATELY_REBOXED">Bx: Boxed value is unboxed and then immediately reboxed</a></td><td>Performance</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator</a></td><td>Performance</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#BX_UNBOXING_IMMEDIATELY_REBOXED">Bx: Boxed value is unboxed and then immediately reboxed</a></td><td>Performance</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DM_BOXED_PRIMITIVE_FOR_COMPARE">Bx: Boxing a primitive to compare</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DM_BOXED_PRIMITIVE_FOR_PARSING">Bx: Boxing/unboxing to parse a primitive</a></td><td>Performance</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#DM_BOXED_PRIMITIVE_TOSTRING">Bx: Method allocates a boxed primitive just to call toString</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DM_FP_NUMBER_CTOR">Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead</a></td><td>Performance</td></tr>

@@ -383,6 +398,10 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#eeeeee"><td><a href="#DM_STRING_TOSTRING">Dm: Method invokes toString() method on a String</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#DM_STRING_VOID_CTOR">Dm: Method invokes inefficient new String() constructor</a></td><td>Performance</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#HSC_HUGE_SHARED_STRING_CONSTANT">HSC: Huge string constants is duplicated across multiple class files</a></td><td>Performance</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IIL_ELEMENTS_GET_LENGTH_IN_LOOP">IIL: NodeList.getLength() called in a loop</a></td><td>Performance</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IIL_PATTERN_COMPILE_IN_LOOP">IIL: Method calls Pattern.compile in a loop</a></td><td>Performance</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT">IIL: Method compiles the regular expression in a loop</a></td><td>Performance</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IIL_PREPARE_STATEMENT_IN_LOOP">IIL: Method calls prepareStatement in a loop</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#IIO_INEFFICIENT_INDEX_OF">IIO: Inefficient use of String.indexOf(String)</a></td><td>Performance</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#IIO_INEFFICIENT_LAST_INDEX_OF">IIO: Inefficient use of String.lastIndexOf(String)</a></td><td>Performance</td></tr>

<tr bgcolor="#ffffff"><td><a href="#IMA_INEFFICIENT_MEMBER_ACCESS">IMA: Method accesses a private member variable of owning class</a></td><td>Performance</td></tr>

@@ -403,7 +422,7 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#eeeeee"><td><a href="#HRS_REQUEST_PARAMETER_TO_HTTP_HEADER">HRS: HTTP Response splitting vulnerability</a></td><td>Security</td></tr>

<tr bgcolor="#ffffff"><td><a href="#PT_ABSOLUTE_PATH_TRAVERSAL">PT: Absolute path traversal in servlet</a></td><td>Security</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#PT_RELATIVE_PATH_TRAVERSAL">PT: Relative path traversal in servlet</a></td><td>Security</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute method on an SQL statement</a></td><td>Security</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute or addBatch method on an SQL statement</a></td><td>Security</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING">SQL: A prepared statement is generated from a nonconstant String</a></td><td>Security</td></tr>

<tr bgcolor="#ffffff"><td><a href="#XSS_REQUEST_PARAMETER_TO_JSP_WRITER">XSS: JSP reflected cross site scripting vulnerability</a></td><td>Security</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#XSS_REQUEST_PARAMETER_TO_SEND_ERROR">XSS: Servlet reflected cross site scripting vulnerability in error page</a></td><td>Security</td></tr>

@@ -414,59 +433,63 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#ffffff"><td><a href="#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC: Unchecked/unconfirmed cast of return value from method</a></td><td>Dodgy code</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#BC_VACUOUS_INSTANCEOF">BC: instanceof will always return true</a></td><td>Dodgy code</td></tr>

<tr bgcolor="#ffffff"><td><a href="#ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT">BSHIFT: Unsigned right shift cast to short/byte</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#CD_CIRCULAR_DEPENDENCY">CD: Test for circular dependencies among classes</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#CI_CONFUSED_INHERITANCE">CI: Class is final but declares protected field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DB_DUPLICATE_BRANCHES">DB: Method uses the same code for two branches</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DB_DUPLICATE_SWITCH_CLAUSES">DB: Method uses the same code for two switch clauses</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_STORE">DLS: Dead store to local variable</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_STORE_IN_RETURN">DLS: Useless assignment in return statement</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_STORE_OF_NULL">DLS: Dead store of null to local variable</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD">DLS: Dead store to local variable that shadows field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DMI_HARDCODED_ABSOLUTE_FILENAME">DMI: Code contains a hard coded reference to an absolute pathname</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DMI_NONSERIALIZABLE_OBJECT_WRITTEN">DMI: Non serializable object written to ObjectOutput</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DMI_USELESS_SUBSTRING">DMI: Invocation of substring(0), which returns the original value</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED">Dm: Thread passed where Runnable expected</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#DMI_UNSUPPORTED_METHOD">Dm: Call to unsupported method</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#EQ_DOESNT_OVERRIDE_EQUALS">Eq: Class doesn't override equals in superclass</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#EQ_UNUSUAL">Eq: Unusual equals method </a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#FE_FLOATING_POINT_EQUALITY">FE: Test for floating point equality</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN">FS: Non-Boolean argument formatted using %b format specifier</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD">IA: Potentially ambiguous invocation of either an inherited or outer method</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IC_INIT_CIRCULARITY">IC: Initialization circularity</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#ICAST_IDIV_CAST_TO_DOUBLE">ICAST: Integral division result cast to double or float</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#ICAST_INTEGER_MULTIPLY_CAST_TO_LONG">ICAST: Result of integer multiplication cast to long</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#IM_AVERAGE_COMPUTATION_COULD_OVERFLOW">IM: Computation of average could overflow</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#IM_BAD_CHECK_FOR_ODD">IM: Check for oddness that won't work for negative numbers </a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#INT_BAD_REM_BY_1">INT: Integer remainder modulo 1</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#INT_VACUOUS_BIT_OPERATION">INT: Vacuous bit mask operation on integer value</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#INT_VACUOUS_COMPARISON">INT: Vacuous comparison of integer value</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#MTIA_SUSPECT_SERVLET_INSTANCE_FIELD">MTIA: Class extends Servlet class and uses instance variables</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#MTIA_SUSPECT_STRUTS_INSTANCE_FIELD">MTIA: Class extends Struts Action class and uses instance variables</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_DEREFERENCE_OF_READLINE_VALUE">NP: Dereference of the result of readLine() without nullcheck</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_IMMEDIATE_DEREFERENCE_OF_READLINE">NP: Immediate dereference of the result of readLine()</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_LOAD_OF_KNOWN_NULL_VALUE">NP: Load of known null value</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP: Method tightens nullness annotation on parameter</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP: Method relaxes nullness annotation on return value</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP: Possible null pointer dereference due to return value of called method</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE">NP: Possible null pointer dereference on branch that might be infeasible</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be nonnull but is marked as nullable</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">NP: Read of unwritten public or protected field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#NS_DANGEROUS_NON_SHORT_CIRCUIT">NS: Potentially dangerous use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#NS_NON_SHORT_CIRCUIT">NS: Questionable use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#PS_PUBLIC_SEMAPHORES">PS: Class exposes synchronization and semaphores in its public interface</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#PZLA_PREFER_ZERO_LENGTH_ARRAYS">PZLA: Consider returning a zero length array rather than null</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#QF_QUESTIONABLE_FOR_LOOP">QF: Complicated, subtle or wrong increment in for-loop </a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE">RCN: Redundant comparison of non-null value to null</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES">RCN: Redundant comparison of two null values</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE">RCN: Redundant nullcheck of value known to be non-null</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN: Redundant nullcheck of value known to be null</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#REC_CATCH_EXCEPTION">REC: Exception is caught when Exception is not thrown</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RI_REDUNDANT_INTERFACES">RI: Class implements same interface as superclass</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_CHECK_FOR_POSITIVE_INDEXOF">RV: Method checks to see if result of String.indexOf is positive</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is nonnull</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_REM_OF_HASHCODE">RV: Remainder of hashCode could be negative</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#RV_REM_OF_RANDOM_INT">RV: Remainder of 32-bit signed random integer</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#RV_RETURN_VALUE_IGNORED_INFERRED">RV: Method ignores return value, is this OK?</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#CAA_COVARIANT_ARRAY_FIELD">CAA: Covariant array assignment to a field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#CAA_COVARIANT_ARRAY_LOCAL">CAA: Covariant array assignment to a local variable</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#CAA_COVARIANT_ARRAY_RETURN">CAA: Covariant array is returned from the method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#CD_CIRCULAR_DEPENDENCY">CD: Test for circular dependencies among classes</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#CI_CONFUSED_INHERITANCE">CI: Class is final but declares protected field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DB_DUPLICATE_BRANCHES">DB: Method uses the same code for two branches</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DB_DUPLICATE_SWITCH_CLAUSES">DB: Method uses the same code for two switch clauses</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_STORE">DLS: Dead store to local variable</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_STORE_IN_RETURN">DLS: Useless assignment in return statement</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_STORE_OF_NULL">DLS: Dead store of null to local variable</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD">DLS: Dead store to local variable that shadows field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DMI_HARDCODED_ABSOLUTE_FILENAME">DMI: Code contains a hard coded reference to an absolute pathname</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DMI_NONSERIALIZABLE_OBJECT_WRITTEN">DMI: Non serializable object written to ObjectOutput</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DMI_USELESS_SUBSTRING">DMI: Invocation of substring(0), which returns the original value</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED">Dm: Thread passed where Runnable expected</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#DMI_UNSUPPORTED_METHOD">Dm: Call to unsupported method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#EQ_DOESNT_OVERRIDE_EQUALS">Eq: Class doesn't override equals in superclass</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#EQ_UNUSUAL">Eq: Unusual equals method </a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#FE_FLOATING_POINT_EQUALITY">FE: Test for floating point equality</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN">FS: Non-Boolean argument formatted using %b format specifier</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD">IA: Potentially ambiguous invocation of either an inherited or outer method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IC_INIT_CIRCULARITY">IC: Initialization circularity</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#ICAST_IDIV_CAST_TO_DOUBLE">ICAST: Integral division result cast to double or float</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#ICAST_INTEGER_MULTIPLY_CAST_TO_LONG">ICAST: Result of integer multiplication cast to long</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#IM_AVERAGE_COMPUTATION_COULD_OVERFLOW">IM: Computation of average could overflow</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#IM_BAD_CHECK_FOR_ODD">IM: Check for oddness that won't work for negative numbers </a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_REM_BY_1">INT: Integer remainder modulo 1</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#INT_VACUOUS_BIT_OPERATION">INT: Vacuous bit mask operation on integer value</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#INT_VACUOUS_COMPARISON">INT: Vacuous comparison of integer value</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#MTIA_SUSPECT_SERVLET_INSTANCE_FIELD">MTIA: Class extends Servlet class and uses instance variables</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#MTIA_SUSPECT_STRUTS_INSTANCE_FIELD">MTIA: Class extends Struts Action class and uses instance variables</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_DEREFERENCE_OF_READLINE_VALUE">NP: Dereference of the result of readLine() without nullcheck</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_IMMEDIATE_DEREFERENCE_OF_READLINE">NP: Immediate dereference of the result of readLine()</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_LOAD_OF_KNOWN_NULL_VALUE">NP: Load of known null value</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP: Method tightens nullness annotation on parameter</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP: Method relaxes nullness annotation on return value</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP: Possible null pointer dereference due to return value of called method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE">NP: Possible null pointer dereference on branch that might be infeasible</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be non-null but is marked as nullable</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">NP: Read of unwritten public or protected field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#NS_DANGEROUS_NON_SHORT_CIRCUIT">NS: Potentially dangerous use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#NS_NON_SHORT_CIRCUIT">NS: Questionable use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#PS_PUBLIC_SEMAPHORES">PS: Class exposes synchronization and semaphores in its public interface</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#PZLA_PREFER_ZERO_LENGTH_ARRAYS">PZLA: Consider returning a zero length array rather than null</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#QF_QUESTIONABLE_FOR_LOOP">QF: Complicated, subtle or wrong increment in for-loop </a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE">RCN: Redundant comparison of non-null value to null</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES">RCN: Redundant comparison of two null values</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE">RCN: Redundant nullcheck of value known to be non-null</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN: Redundant nullcheck of value known to be null</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#REC_CATCH_EXCEPTION">REC: Exception is caught when Exception is not thrown</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RI_REDUNDANT_INTERFACES">RI: Class implements same interface as superclass</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_CHECK_FOR_POSITIVE_INDEXOF">RV: Method checks to see if result of String.indexOf is positive</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is non-null</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_REM_OF_HASHCODE">RV: Remainder of hashCode could be negative</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_REM_OF_RANDOM_INT">RV: Remainder of 32-bit signed random integer</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#RV_RETURN_VALUE_IGNORED_INFERRED">RV: Method ignores return value, is this OK?</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT">RV: Return value of method without side effect is ignored</a></td><td>Dodgy code</td></tr>

<tr bgcolor="#ffffff"><td><a href="#SA_FIELD_DOUBLE_ASSIGNMENT">SA: Double assignment of field</a></td><td>Dodgy code</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_DOUBLE_ASSIGNMENT">SA: Double assignment of local variable </a></td><td>Dodgy code</td></tr>

<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT">SA: Self assignment of local variable</a></td><td>Dodgy code</td></tr>

@@ -477,15 +500,20 @@ as well as bug patterns that are not enabled by default.

<tr bgcolor="#eeeeee"><td><a href="#SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS">Se: Transient field of class that isn't Serializable. </a></td><td>Dodgy code</td></tr>

<tr bgcolor="#ffffff"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK">TQ: Value required to have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>

<tr bgcolor="#eeeeee"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK">TQ: Value required to not have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UCF_USELESS_CONTROL_FLOW_NEXT_LINE">UCF: Useless control flow to next line</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#USM_USELESS_ABSTRACT_METHOD">USM: Abstract Method is already defined in implemented interface</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#USM_USELESS_SUBCLASS_METHOD">USM: Method superfluously delegates to parent class method</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">UrF: Unread public/protected field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD">UuF: Unused public or protected field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">UwF: Field not initialized in constructor but dereferenced without null check</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#eeeeee"><td><a href="#UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">UwF: Unwritten public or protected field</a></td><td>Dodgy code</td></tr>

-<tr bgcolor="#ffffff"><td><a href="#XFB_XML_FACTORY_BYPASS">XFB: Method directly allocates a specific implementation of xml interfaces</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UC_USELESS_CONDITION">UC: Condition has no effect</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UC_USELESS_CONDITION_TYPE">UC: Condition has no effect due to the variable type</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UC_USELESS_OBJECT">UC: Useless object created</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UC_USELESS_OBJECT_STACK">UC: Useless object created on stack</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UC_USELESS_VOID_METHOD">UC: Useless non-empty void method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UCF_USELESS_CONTROL_FLOW_NEXT_LINE">UCF: Useless control flow to next line</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#USM_USELESS_ABSTRACT_METHOD">USM: Abstract Method is already defined in implemented interface</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#USM_USELESS_SUBCLASS_METHOD">USM: Method superfluously delegates to parent class method</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">UrF: Unread public/protected field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD">UuF: Unused public or protected field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">UwF: Field not initialized in constructor but dereferenced without null check</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#ffffff"><td><a href="#UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">UwF: Unwritten public or protected field</a></td><td>Dodgy code</td></tr>

+<tr bgcolor="#eeeeee"><td><a href="#XFB_XML_FACTORY_BYPASS">XFB: Method directly allocates a specific implementation of xml interfaces</a></td><td>Dodgy code</td></tr>

</table>

<h2>Descriptions</h2>

<h3><a name="AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM: Creates an empty jar file entry (AM_CREATES_EMPTY_JAR_FILE_ENTRY)</a></h3>

@@ -581,6 +609,26 @@ can clone themselves), but just make sure that this is what you intended.

must have type <code>java.lang.Object</code>.</p>

+<h3><a name="CO_COMPARETO_INCORRECT_FLOATING">Co: compareTo()/compare() incorrectly handles float or double value (CO_COMPARETO_INCORRECT_FLOATING)</a></h3>

+ <p>This method compares double or float values using pattern like this: val1 > val2 ? 1 : val1 < val2 ? -1 : 0.

+This pattern works incorrectly for -0.0 and NaN values which may result in incorrect sorting result or broken collection

+(if compared values are used as keys). Consider using Double.compare or Float.compare static methods which handle all

+the special cases correctly.</p>

+<h3><a name="CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE (CO_COMPARETO_RESULTS_MIN_VALUE)</a></h3>

+ <p> In some situation, this compareTo or compare method returns

+the constant Integer.MIN_VALUE, which is an exceptionally bad practice.

+ The only thing that matters about the return value of compareTo is the sign of the result.

+ But people will sometimes negate the return value of compareTo, expecting that this will negate

+ the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE.

+ So just return -1 rather than Integer.MIN_VALUE.

<h3><a name="CO_SELF_NO_OBJECT">Co: Covariant compareTo() method defined (CO_SELF_NO_OBJECT)</a></h3>

@@ -722,7 +770,7 @@ is symmetric and transitive. Without those properties, very unexpected behavoirs

equals returns true. If this is violated, weird and unpredictable

failures will occur in classes such as PriorityQueue.

In Java 5 the PriorityQueue.remove method uses the compareTo method,

- while in Java 6 it uses the equals method.

+ while in Java 6 it uses the equals method.</p>

<p>From the JavaDoc for the compareTo method in the Comparable interface:

@@ -730,7 +778,7 @@ It is strongly recommended, but not strictly required that <code>(x.compareTo(y)

Generally speaking, any class that implements the Comparable interface and violates this condition

should clearly indicate this fact. The recommended language

is "Note: this class has a natural ordering that is inconsistent with equals."

-</blockquote>

+</blockquote></p>

<h3><a name="EQ_GETCLASS_AND_CLASS_CONSTANT">Eq: equals method fails for subtypes (EQ_GETCLASS_AND_CLASS_CONSTANT)</a></h3>

@@ -768,14 +816,14 @@ It is better to check if <code>this.getClass() == o.getClass()</code>.

<p>If a connected set of objects beings finalizable, then the VM will invoke the

finalize method on all the finalizable object, possibly at the same time in different threads.

Thus, it is a particularly bad idea, in the finalize method for a class X, invoke finalize

-on objects referenced by X, because they may already be getting finalized in a separate thread.

+on objects referenced by X, because they may already be getting finalized in a separate thread.</p>

<h3><a name="FI_FINALIZER_NULLS_FIELDS">FI: Finalizer nulls fields (FI_FINALIZER_NULLS_FIELDS)</a></h3>

<p> This finalizer nulls out fields. This is usually an error, as it does not aid garbage collection,

- and the object is going to be garbage collected anyway.

+ and the object is going to be garbage collected anyway.</p>

<h3><a name="FI_FINALIZER_ONLY_NULLS_FIELDS">FI: Finalizer only nulls fields (FI_FINALIZER_ONLY_NULLS_FIELDS)</a></h3>

@@ -783,7 +831,7 @@ on objects referenced by X, because they may already be getting finalized in a s

<p> This finalizer does nothing except null out fields. This is completely pointless, and requires that

the object be garbage collected, finalized, and then garbage collected again. You should just remove the finalize

-method.

+method.</p>

<h3><a name="FI_MISSING_SUPER_CALL">FI: Finalizer does not call superclass finalizer (FI_MISSING_SUPER_CALL)</a></h3>

@@ -963,6 +1011,22 @@ If this session is passivated or migrated, an error will result.

.</p>

+<h3><a name="ME_ENUM_FIELD_SETTER">ME: Public enum method unconditionally sets its field (ME_ENUM_FIELD_SETTER)</a></h3>

+ <p>This public method declared in public enum unconditionally sets enum field, thus this field can be changed by malicious code

+ or by accident from another package. Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.

+ Consider removing this method or declaring it package-private.</p>

+<h3><a name="ME_MUTABLE_ENUM_FIELD">ME: Enum field is public and mutable (ME_MUTABLE_ENUM_FIELD)</a></h3>

+ <p>A mutable public field is defined inside a public enum, thus can be changed by malicious code or by accident from another package.

+ Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.

+ Consider declaring this field final and/or package-private.</p>

<h3><a name="NP_BOOLEAN_RETURN_NULL">NP: Method with Boolean return type returns explicit null (NP_BOOLEAN_RETURN_NULL)</a></h3>

@@ -1065,7 +1129,7 @@ Methods should be verbs, in mixed case with the first letter lowercase, with the

that the interface is in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).

This can be exceptionally confusing, create lots of situations in which you have to look at import statements

to resolve references and creates many

-opportunities to accidently define methods that do not override methods in their superclasses.

+opportunities to accidentally define methods that do not override methods in their superclasses.

</p>

@@ -1076,7 +1140,7 @@ opportunities to accidently define methods that do not override methods in their

that its superclass is in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).

This can be exceptionally confusing, create lots of situations in which you have to look at import statements

to resolve references and creates many

-opportunities to accidently define methods that do not override methods in their superclasses.

+opportunities to accidentally define methods that do not override methods in their superclasses.

</p>

@@ -1608,6 +1672,16 @@ a listener defined in the java.awt.event or javax.swing.event package. As a resu

get called when the event occurs.</p>

+<h3><a name="BSHIFT_WRONG_ADD_PRIORITY">BSHIFT: Possible bad parsing of shift operation (BSHIFT_WRONG_ADD_PRIORITY)</a></h3>

+<p>

+The code performs an operation like (x << 8 + y). Although this might be correct, probably it was meant

+to perform (x << 8) + y, but shift operation has

+a lower precedence, so it's actually parsed as x << (8 + y).

+</p>

<h3><a name="ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31 (ICAST_BAD_SHIFT_AMOUNT)</a></h3>

@@ -1621,30 +1695,16 @@ and it is at least confusing.

</p>

-<h3><a name="BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator (BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR)</a></h3>

+<h3><a name="CAA_COVARIANT_ARRAY_ELEMENT_STORE">CAA: Possibly incompatible element is stored in covariant array (CAA_COVARIANT_ARRAY_ELEMENT_STORE)</a></h3>

- <p>A wrapped primitive value is unboxed and converted to another primitive type as part of the

-evaluation of a conditional ternary operator (the <code> b ? e1 : e2</code> operator). The

-semantics of Java mandate that if <code>e1</code> and <code>e2</code> are wrapped

-numeric values, the values are unboxed and converted/coerced to their common type (e.g,

-if <code>e1</code> is of type <code>Integer</code>

-and <code>e2</code> is of type <code>Float</code>, then <code>e1</code> is unboxed,

-converted to a floating point value, and boxed. See JLS Section 15.25.

+<p>Value is stored into the array and the value type doesn't match the array type.

+It's known from the analysis that actual array type is narrower than the declared type of its variable or field

+and this assignment doesn't satisfy the original array type. This assignment may cause ArrayStoreException

+at runtime.

</p>

-<h3><a name="CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE (CO_COMPARETO_RESULTS_MIN_VALUE)</a></h3>

- <p> In some situation, this compareTo or compare method returns

-the constant Integer.MIN_VALUE, which is an exceptionally bad practice.

- The only thing that matters about the return value of compareTo is the sign of the result.

- But people will sometimes negate the return value of compareTo, expecting that this will negate

- the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE.

- So just return -1 rather than Integer.MIN_VALUE.

<h3><a name="DLS_DEAD_LOCAL_INCREMENT_IN_RETURN">DLS: Useless increment in return statement (DLS_DEAD_LOCAL_INCREMENT_IN_RETURN)</a></h3>

@@ -1804,6 +1864,14 @@ A ScheduledThreadPoolExecutor with zero core threads will never execute anything

+<h3><a name="DM_INVALID_MIN_MAX">Dm: Incorrect combination of Math.max and Math.min (DM_INVALID_MIN_MAX)</a></h3>

+ <p>This code tries to limit the value bounds using the construct like Math.min(0, Math.max(100, value)). However the order of

+ the constants is incorrect: it should be Math.min(100, Math.max(0, value)). As the result this code always produces the same result

+ (or NaN if the value is NaN).</p>

<h3><a name="EC_ARRAY_AND_NONARRAY">EC: equals() used to compare array and nonarray (EC_ARRAY_AND_NONARRAY)</a></h3>

@@ -1889,16 +1957,11 @@ the result of this comparison will always be false at runtime.

<p> This method calls equals(Object) on two references of different

-class types with no common subclasses.

-Therefore, the objects being compared

-are unlikely to be members of the same class at runtime

-(unless some application classes were not analyzed, or dynamic class

-loading can occur at runtime).

-According to the contract of equals(),

-objects of different

-classes should always compare as unequal; therefore, according to the

-contract defined by java.lang.Object.equals(Object),

-the result of this comparison will always be false at runtime.

+class types and analysis suggests they will be to objects of different classes

+at runtime. Further, examination of the equals methods that would be invoked suggest that either

+this call will always return false, or else the equals method is not be symmetric (which is

+a property required by the contract

+for equals in class Object).

</p>

@@ -2175,7 +2238,7 @@ This code converts a 32-bit int value to a 64-bit long value, and then

passes that value for a method parameter that requires an absolute time value.

An absolute time value is the number

of milliseconds since the standard base time known as "the epoch", namely January 1, 1970, 00:00:00 GMT.

-For example, the following method, intended to convert seconds since the epoc into a Date, is badly

+For example, the following method, intended to convert seconds since the epoch into a Date, is badly

broken:</p>

<pre>

Date getDate(int seconds) { return new Date(seconds * 1000); }

@@ -2317,10 +2380,10 @@ This comparison is vacuous and possibily to be incorrect.

</p>

-<h3><a name="INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant (INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE)</a></h3>

+<h3><a name="INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant or zero (INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE)</a></h3>

-<p> This code compares a value that is guaranteed to be non-negative with a negative constant.

+<p> This code compares a value that is guaranteed to be non-negative with a negative constant or zero.

</p>

@@ -2429,7 +2492,7 @@ something that should be closed.

</p>

<p>Note that a check such as

<code>if (x == null) throw new NullPointerException();</code>

- is treated as a dereference of <code>x</code>.

+ is treated as a dereference of <code>x</code>.</p>

<h3><a name="NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH">NP: Value is null and guaranteed to be dereferenced on exception path (NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH)</a></h3>

@@ -2444,32 +2507,32 @@ something that should be closed.

</p>

-<h3><a name="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Nonnull field is not initialized (NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR)</a></h3>

+<h3><a name="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Non-null field is not initialized (NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR)</a></h3>

- <p> The field is marked as nonnull, but isn't written to by the constructor.

+ <p> The field is marked as non-null, but isn't written to by the constructor.

The field might be initialized elsewhere during constructor, or might always

be initialized before use.

</p>

-<h3><a name="NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a nonnull parameter (NP_NONNULL_PARAM_VIOLATION)</a></h3>

+<h3><a name="NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a non-null parameter (NP_NONNULL_PARAM_VIOLATION)</a></h3>

<p>

This method passes a null value as the parameter of a method which

- must be nonnull. Either this parameter has been explicitly marked

+ must be non-null. Either this parameter has been explicitly marked

as @Nonnull, or analysis has determined that this parameter is

always dereferenced.

</p>

-<h3><a name="NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @NonNull (NP_NONNULL_RETURN_VIOLATION)</a></h3>

+<h3><a name="NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @Nonnull (NP_NONNULL_RETURN_VIOLATION)</a></h3>

<p>

This method may return a null value, but the method (or a superclass method

- which it overrides) is declared to return @NonNull.

+ which it overrides) is declared to return @Nonnull.

</p>

@@ -2507,36 +2570,36 @@ this may be a false warning.</p>

be an exception path, since the default case is often infeasible.</p>

-<h3><a name="NP_NULL_PARAM_DEREF">NP: Method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF)</a></h3>

+<h3><a name="NP_NULL_PARAM_DEREF">NP: Method call passes null for non-null parameter (NP_NULL_PARAM_DEREF)</a></h3>

<p>

- This method call passes a null value for a nonnull method parameter.

+ This method call passes a null value for a non-null method parameter.

Either the parameter is annotated as a parameter that should

- always be nonnull, or analysis has shown that it will always be

+ always be non-null, or analysis has shown that it will always be

dereferenced.

</p>

-<h3><a name="NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS)</a></h3>

+<h3><a name="NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for non-null parameter (NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS)</a></h3>

<p>

A possibly-null value is passed at a call site where all known

- target methods require the parameter to be nonnull.

+ target methods require the parameter to be non-null.

Either the parameter is annotated as a parameter that should

- always be nonnull, or analysis has shown that it will always be

+ always be non-null, or analysis has shown that it will always be

dereferenced.

</p>

-<h3><a name="NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF_NONVIRTUAL)</a></h3>

+<h3><a name="NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for non-null parameter (NP_NULL_PARAM_DEREF_NONVIRTUAL)</a></h3>

<p>

- A possibly-null value is passed to a nonnull method parameter.

+ A possibly-null value is passed to a non-null method parameter.

Either the parameter is annotated as a parameter that should

- always be nonnull, or analysis has shown that it will always be

+ always be non-null, or analysis has shown that it will always be

dereferenced.

</p>

@@ -2545,15 +2608,16 @@ be an exception path, since the default case is often infeasible.</p>

<p>

- The usage of Optional return type always mean that explicit null returns were not desired by design.

+ The usage of Optional return type (java.util.Optional or com.google.common.base.Optiona)

+ always mean that explicit null returns were not desired by design.

Returning a null value in such case is a contract violation and will most likely break clients code.

</p>

-<h3><a name="NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated NonNull (NP_STORE_INTO_NONNULL_FIELD)</a></h3>

+<h3><a name="NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated @Nonnull (NP_STORE_INTO_NONNULL_FIELD)</a></h3>

-<p> A value that could be null is stored into a field that has been annotated as NonNull. </p>

+<p> A value that could be null is stored into a field that has been annotated as @Nonnull. </p>

<h3><a name="NP_UNWRITTEN_FIELD">NP: Read of unwritten field (NP_UNWRITTEN_FIELD)</a></h3>

@@ -2594,7 +2658,7 @@ which is probably what was intended.</p>

<p> This regular method has the same name as the class it is defined in. It is likely that this was intended to be a constructor.

If it was intended to be a constructor, remove the declaration of a void return value.

- If you had accidently defined this method, realized the mistake, defined a proper constructor

+ If you had accidentally defined this method, realized the mistake, defined a proper constructor

but can't get rid of this method due to backwards compatibility, deprecate the method.

</p>

@@ -2645,6 +2709,30 @@ types are <code>Foo</code>'s from different packages.

</p>

+<h3><a name="RANGE_ARRAY_INDEX">RANGE: Array index is out of bounds (RANGE_ARRAY_INDEX)</a></h3>

+ <p> Array operation is performed, but array index is out of bounds, which will result in ArrayIndexOutOfBoundsException at runtime.</p>

+<h3><a name="RANGE_ARRAY_LENGTH">RANGE: Array length is out of bounds (RANGE_ARRAY_LENGTH)</a></h3>

+ <p> Method is called with array parameter and length parameter, but the length is out of bounds. This will result in IndexOutOfBoundsException at runtime. </p>

+<h3><a name="RANGE_ARRAY_OFFSET">RANGE: Array offset is out of bounds (RANGE_ARRAY_OFFSET)</a></h3>

+ <p> Method is called with array parameter and offset parameter, but the offset is out of bounds. This will result in IndexOutOfBoundsException at runtime. </p>

+<h3><a name="RANGE_STRING_INDEX">RANGE: String index is out of bounds (RANGE_STRING_INDEX)</a></h3>

+ <p> String method is called and specified string index is out of bounds. This will result in StringIndexOutOfBoundsException at runtime. </p>

<h3><a name="RC_REF_COMPARISON">RC: Suspicious reference comparison (RC_REF_COMPARISON)</a></h3>

@@ -3423,6 +3511,25 @@ bug detectors.</p>

This code can freely modify the contents of the array.</p>

+<h3><a name="MS_MUTABLE_COLLECTION">MS: Field is a mutable collection (MS_MUTABLE_COLLECTION)</a></h3>

+ <p>A mutable collection instance is assigned to a final static field,

+ thus can be changed by malicious code or by accident from another package.

+ Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc.

+ to avoid this vulnerability.</p>

+<h3><a name="MS_MUTABLE_COLLECTION_PKGPROTECT">MS: Field is a mutable collection which should be package protected (MS_MUTABLE_COLLECTION_PKGPROTECT)</a></h3>

+ <p>A mutable collection instance is assigned to a final static field,

+ thus can be changed by malicious code or by accident from another package.

+ The field could be made package protected to avoid this vulnerability.

+ Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc.

+ to avoid this vulnerability.</p>

<h3><a name="MS_MUTABLE_HASHTABLE">MS: Field is a mutable Hashtable (MS_MUTABLE_HASHTABLE)</a></h3>

@@ -3499,6 +3606,17 @@ to the field, so doing so will require some refactoring.

>http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html</a>.</p>

+<h3><a name="DC_PARTIALLY_CONSTRUCTED">DC: Possible exposure of partially initialized object (DC_PARTIALLY_CONSTRUCTED)</a></h3>

+ <p>Looks like this method uses lazy field initialization with double-checked locking.

+ While the field is correctly declared as volatile, it's possible that the internal structure of

+ the object is changed after the field assignment, thus another thread may see the partially initialized object.</p>

+ <p>To fix this problem consider storing the object into the local variable first

+ and save it to the volatile field only after it's fully constructed.

+ </p>

<h3><a name="DL_SYNCHRONIZATION_ON_BOOLEAN">DL: Synchronization on Boolean (DL_SYNCHRONIZATION_ON_BOOLEAN)</a></h3>

@@ -4101,6 +4219,19 @@ to immediately undo the work of the boxing.

(e.g., <code>new Double(d).intValue()</code>). Just perform direct primitive coercion (e.g., <code>(int) d</code>).</p>

+<h3><a name="BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator (BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR)</a></h3>

+ <p>A wrapped primitive value is unboxed and converted to another primitive type as part of the

+evaluation of a conditional ternary operator (the <code> b ? e1 : e2</code> operator). The

+semantics of Java mandate that if <code>e1</code> and <code>e2</code> are wrapped

+numeric values, the values are unboxed and converted/coerced to their common type (e.g,

+if <code>e1</code> is of type <code>Integer</code>

+and <code>e2</code> is of type <code>Float</code>, then <code>e1</code> is unboxed,

+converted to a floating point value, and boxed. See JLS Section 15.25.

+</p>

<h3><a name="BX_UNBOXING_IMMEDIATELY_REBOXED">Bx: Boxed value is unboxed and then immediately reboxed (BX_UNBOXING_IMMEDIATELY_REBOXED)</a></h3>

@@ -4108,6 +4239,14 @@ to immediately undo the work of the boxing.

</p>

+<h3><a name="DM_BOXED_PRIMITIVE_FOR_COMPARE">Bx: Boxing a primitive to compare (DM_BOXED_PRIMITIVE_FOR_COMPARE)</a></h3>

+ <p>A boxed primitive is created just to call compareTo method. It's more efficient to use static compare method

+ (for double and float since Java 1.4, for other primitive types since Java 1.7) which works on primitives directly.

+ </p>

<h3><a name="DM_BOXED_PRIMITIVE_FOR_PARSING">Bx: Boxing/unboxing to parse a primitive (DM_BOXED_PRIMITIVE_FOR_PARSING)</a></h3>

@@ -4265,6 +4404,38 @@ that classfile. See <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=

</p>

+<h3><a name="IIL_ELEMENTS_GET_LENGTH_IN_LOOP">IIL: NodeList.getLength() called in a loop (IIL_ELEMENTS_GET_LENGTH_IN_LOOP)</a></h3>

+<p> The method calls NodeList.getLength() inside the loop and NodeList was produced by getElementsByTagName call.

+This NodeList doesn't store its length, but computes it every time in not very optimal way.

+Consider storing the length to the variable before the loop.

+</p>

+<h3><a name="IIL_PATTERN_COMPILE_IN_LOOP">IIL: Method calls Pattern.compile in a loop (IIL_PATTERN_COMPILE_IN_LOOP)</a></h3>

+<p> The method calls Pattern.compile inside the loop passing the constant arguments.

+If the Pattern should be used several times there's no reason to compile it for each loop iteration.

+Move this call outside of the loop or even into static final field.</p>

+<h3><a name="IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT">IIL: Method compiles the regular expression in a loop (IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT)</a></h3>

+<p> The method creates the same regular expression inside the loop, so it will be compiled every iteration.

+It would be more optimal to precompile this regular expression using Pattern.compile outside of the loop.</p>

+<h3><a name="IIL_PREPARE_STATEMENT_IN_LOOP">IIL: Method calls prepareStatement in a loop (IIL_PREPARE_STATEMENT_IN_LOOP)</a></h3>

+<p> The method calls Connection.prepareStatement inside the loop passing the constant arguments.

+If the PreparedStatement should be executed several times there's no reason to recreate it for each loop iteration.

+Move this call outside of the loop.</p>

<h3><a name="IIO_INEFFICIENT_INDEX_OF">IIO: Inefficient use of String.indexOf(String) (IIO_INEFFICIENT_INDEX_OF)</a></h3>

@@ -4568,10 +4739,10 @@ consider using a commercial static analysis or pen-testing tool.

-<h3><a name="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute method on an SQL statement (SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE)</a></h3>

+<h3><a name="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute or addBatch method on an SQL statement (SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE)</a></h3>

- <p>The method invokes the execute method on an SQL statement with a String that seems

+ <p>The method invokes the execute or addBatch method on an SQL statement with a String that seems

to be dynamically generated. Consider using

a prepared statement instead. It is more efficient and less vulnerable to

SQL injection attacks.

@@ -4698,6 +4869,39 @@ a signed and unsigned right shift (depending upon the size of the shift).

</p>

+<h3><a name="CAA_COVARIANT_ARRAY_FIELD">CAA: Covariant array assignment to a field (CAA_COVARIANT_ARRAY_FIELD)</a></h3>

+<p>Array of covariant type is assigned to a field. This is confusing and may lead to ArrayStoreException at runtime

+if the reference of some other type will be stored in this array later like in the following code:

+</p>

+<p><code>Number[] arr = new Integer[10];

+arr[0] = 1.0;

+</code></p>

+<p>Consider changing the type of created array or the field type.</p>

+<h3><a name="CAA_COVARIANT_ARRAY_LOCAL">CAA: Covariant array assignment to a local variable (CAA_COVARIANT_ARRAY_LOCAL)</a></h3>

+<p>Array of covariant type is assigned to a local variable. This is confusing and may lead to ArrayStoreException at runtime

+if the reference of some other type will be stored in this array later like in the following code:

+</p>

+<p><code>Number[] arr = new Integer[10];

+arr[0] = 1.0;

+</code></p>

+<p>Consider changing the type of created array or the local variable type.</p>

+<h3><a name="CAA_COVARIANT_ARRAY_RETURN">CAA: Covariant array is returned from the method (CAA_COVARIANT_ARRAY_RETURN)</a></h3>

+<p>Array of covariant type is returned from the method. This is confusing and may lead to ArrayStoreException at runtime

+if the calling code will try to store the reference of some other type in the returned array.

+</p>

+<p>Consider changing the type of created array or the method return type.</p>

<h3><a name="CD_CIRCULAR_DEPENDENCY">CD: Test for circular dependencies among classes (CD_CIRCULAR_DEPENDENCY)</a></h3>

@@ -4869,7 +5073,7 @@ this code, but it is worth reviewing.

<p>

An argument not of type Boolean is being formatted with a %b format specifier. This won't throw an

-exception; instead, it will print true for any nonnull value, and false for null.

+exception; instead, it will print true for any non-null value, and false for null.

This feature of format strings is strange, and may not be what you intended.

</p>

@@ -5051,7 +5255,7 @@ to read, readLine() will return null and dereferencing that will generate a null

<p> The variable referenced at this point is known to be null due to an earlier

check against null. Although this is valid, it might be a mistake (perhaps you

intended to refer to a different variable, or perhaps the earlier check to see if the

-variable is null should have been a check to see if it was nonnull).

+variable is null should have been a check to see if it was non-null).

</p>

@@ -5094,10 +5298,10 @@ this is a definite possibility.

</p>

-<h3><a name="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be nonnull but is marked as nullable (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)</a></h3>

+<h3><a name="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be non-null but is marked as nullable (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)</a></h3>

-<p> This parameter is always used in a way that requires it to be nonnull,

+<p> This parameter is always used in a way that requires it to be non-null,

but the parameter is explicitly annotated as being Nullable. Either the use

of the parameter or the annotation is wrong.

</p>

@@ -5261,7 +5465,7 @@ the constant null.</p>

the String.</p>

-<h3><a name="RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is nonnull (RV_DONT_JUST_NULL_CHECK_READLINE)</a></h3>

+<h3><a name="RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is non-null (RV_DONT_JUST_NULL_CHECK_READLINE)</a></h3>

<p> The value returned by readLine is discarded after checking to see if the return

@@ -5316,6 +5520,23 @@ is important or acceptable.

</p>

+<h3><a name="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT">RV: Return value of method without side effect is ignored (RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT)</a></h3>

+<p>This code calls a method and ignores the return value. However our analysis shows that

+the method (including its implementations in subclasses if any) does not produce any effect

+other than return value. Thus this call can be removed.

+</p>

+<p>We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.

+Common false-positive cases include:</p>

+<p>- The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis.</p>

+<p>- The method is called to trigger the class loading which may have a side effect.</p>

+<p>- The method is called just to get some exception.</p>

+<p>If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation

+to instruct FindBugs that ignoring the return value of this method is acceptable.

+</p>

<h3><a name="SA_FIELD_DOUBLE_ASSIGNMENT">SA: Double assignment of field (SA_FIELD_DOUBLE_ASSIGNMENT)</a></h3>

@@ -5372,7 +5593,8 @@ Such assignments are useless, and may indicate a logic error or typo.

<p> This method contains a switch statement where default case is missing.

Usually you need to provide a default case.</p>

<p>Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if

-the default case is at the end of the switch statement and doesn't end with a break statement.

+the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other

+cases.

<h3><a name="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD">ST: Write to static field from instance method (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD)</a></h3>

@@ -5422,6 +5644,51 @@ it may indicate a misunderstanding of how serialization works.

</p>

+<h3><a name="UC_USELESS_CONDITION">UC: Condition has no effect (UC_USELESS_CONDITION)</a></h3>

+<p>This condition always produces the same result as the value of the involved variable was narrowed before.

+Probably something else was meant or condition can be removed.</p>

+<h3><a name="UC_USELESS_CONDITION_TYPE">UC: Condition has no effect due to the variable type (UC_USELESS_CONDITION_TYPE)</a></h3>

+<p>This condition always produces the same result due to the type range of the involved variable.

+Probably something else was meant or condition can be removed.</p>

+<h3><a name="UC_USELESS_OBJECT">UC: Useless object created (UC_USELESS_OBJECT)</a></h3>

+<p>Our analysis shows that this object is useless.

+It's created and modified, but its value never go outside of the method or produce any side-effect.

+Either there is a mistake and object was intended to be used or it can be removed.</p>

+<p>This analysis rarely produces false-positives. Common false-positive cases include:</p>

+<p>- This object used to implicitly throw some obscure exception.</p>

+<p>- This object used as a stub to generalize the code.</p>

+<p>- This object used to hold strong references to weak/soft-referenced objects.</p>

+<h3><a name="UC_USELESS_OBJECT_STACK">UC: Useless object created on stack (UC_USELESS_OBJECT_STACK)</a></h3>

+<p>This object is created just to perform some modifications which don't have any side-effect.

+Probably something else was meant or the object can be removed.</p>

+<h3><a name="UC_USELESS_VOID_METHOD">UC: Useless non-empty void method (UC_USELESS_VOID_METHOD)</a></h3>

+<p>Our analysis shows that this non-empty void method does not actually perform any useful work.

+Please check it: probably there's a mistake in its code or its body can be fully removed.

+</p>

+<p>We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.

+Common false-positive cases include:</p>

+<p>- The method is intended to trigger loading of some class which may have a side effect.</p>

+<p>- The method is intended to implicitly throw some obscure exception.</p>

<h3><a name="UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow (UCF_USELESS_CONTROL_FLOW)</a></h3>

@@ -5532,6 +5799,6 @@ document.write( "Last updated "+ document.lastModified + "." );

</script>

<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a>

<p>

-<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>

+<a href="http://sourceforge.net/projects/findbugs/"><img src="http://sourceforge.net/sflogo.php?group_id=96405&type=5" width="210" height="62" border="0" alt="FindBugs on SourceForge.net" /></a>

</td></tr></table>

</body></html>

« no previous file with comments | « doc/FAQ.html ('k') | doc/bugDescriptions.html » ('j') | no next file with comments »