Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(777)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: doc/bugDescriptions.html

Issue 1232833004: Update findbugs from 3.0.0 to 3.0.1. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/findbugs.git@master
Patch Set: rebase again Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « doc/allBugDescriptions.html ('k') | doc/bugDescriptions_fr.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: doc/bugDescriptions.html
diff --git a/doc/bugDescriptions.html b/doc/bugDescriptions.html
index 3c196b6c920145a044f62ce3b9a6126a94c8a7b3..33372752ee1f11b859000facbb011415d49381f5 100644
--- a/doc/bugDescriptions.html
+++ b/doc/bugDescriptions.html
@@ -1,5 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html><head><title>FindBugs Bug Descriptions</title>
+<html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>FindBugs Bug Descriptions</title>
<link rel="stylesheet" type="text/css" href="findbugs.css"/>
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/>
</head><body>
@@ -39,7 +40,7 @@
<tr><td>&nbsp;</td></tr>
<tr><td><b>Development</b></td></tr>
-<tr><td><font size="-1">&nbsp;<a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>
+<tr><td><font size="-1">&nbsp;<a class="sidebar" href="http://sourceforge.net/p/findbugs/bugs/">Open bugs</a></font></td></tr>
<tr><td><font size="-1">&nbsp;<a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>
<tr><td><font size="-1">&nbsp;<a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>
<tr><td><font size="-1">&nbsp;<a class="sidebar" href="team.html">Dev team</a></font></td></tr>
@@ -53,7 +54,7 @@
<td align="left" valign="top">
<h1>FindBugs Bug Descriptions</h1>
<p>This document lists the standard bug patterns reported by
-<a href="http://findbugs.sourceforge.net">FindBugs</a> version 3.0.0.</p>
+<a href="http://findbugs.sourceforge.net">FindBugs</a> version 3.0.1.</p>
<h2>Summary</h2>
<table width="100%">
<tr bgcolor="#b9b9fe"><th>Description</th><th>Category</th></tr>
@@ -64,6 +65,8 @@
<tr bgcolor="#eeeeee"><td><a href="#CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE">CN: Class defines clone() but doesn't implement Cloneable</a></td><td>Bad practice</td></tr>
<tr bgcolor="#ffffff"><td><a href="#CNT_ROUGH_CONSTANT_VALUE">CNT: Rough value of known constant found</a></td><td>Bad practice</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#CO_ABSTRACT_SELF">Co: Abstract class defines covariant compareTo() method</a></td><td>Bad practice</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#CO_COMPARETO_INCORRECT_FLOATING">Co: compareTo()/compare() incorrectly handles float or double value</a></td><td>Bad practice</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE</a></td><td>Bad practice</td></tr>
<tr bgcolor="#ffffff"><td><a href="#CO_SELF_NO_OBJECT">Co: Covariant compareTo() method defined</a></td><td>Bad practice</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DE_MIGHT_DROP">DE: Method might drop exception</a></td><td>Bad practice</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DE_MIGHT_IGNORE">DE: Method might ignore exception</a></td><td>Bad practice</td></tr>
@@ -99,6 +102,8 @@
<tr bgcolor="#ffffff"><td><a href="#IT_NO_SUCH_ELEMENT">It: Iterator next() method can't throw NoSuchElementException</a></td><td>Bad practice</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION">J2EE: Store of non serializable object into HttpSession</a></td><td>Bad practice</td></tr>
<tr bgcolor="#ffffff"><td><a href="#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP: Fields of immutable classes should be final</a></td><td>Bad practice</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#ME_ENUM_FIELD_SETTER">ME: Public enum method unconditionally sets its field</a></td><td>Bad practice</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#ME_MUTABLE_ENUM_FIELD">ME: Enum field is public and mutable</a></td><td>Bad practice</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_BOOLEAN_RETURN_NULL">NP: Method with Boolean return type returns explicit null</a></td><td>Bad practice</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_CLONE_COULD_RETURN_NULL">NP: Clone method may return null</a></td><td>Bad practice</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT">NP: equals() method does not check for null argument</a></td><td>Bad practice</td></tr>
@@ -152,25 +157,25 @@
<tr bgcolor="#eeeeee"><td><a href="#BIT_IOR_OF_SIGNED_BYTE">BIT: Bitwise OR of signed byte value</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#BIT_SIGNED_CHECK_HIGH_BIT">BIT: Check for sign of bitwise operation</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#BOA_BADLY_OVERRIDDEN_ADAPTER">BOA: Class overrides a method implemented in super class Adapter wrongly</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_INCREMENT_IN_RETURN">DLS: Useless increment in return statement</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_STORE_OF_CLASS_LITERAL">DLS: Dead store of class literal</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DLS_OVERWRITTEN_INCREMENT">DLS: Overwritten increment</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_ARGUMENTS_WRONG_ORDER">DMI: Reversed method arguments</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_BAD_MONTH">DMI: Bad constant value for month</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE">DMI: BigDecimal constructed from double that isn't represented precisely</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_CALLING_NEXT_FROM_HASNEXT">DMI: hasNext method invokes next</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES">DMI: Collections should not contain themselves</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_DOH">DMI: D'oh! A nonsensical method invocation</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI: Invocation of hashCode on an array</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT">DMI: Double.longBitsToDouble invoked on an int</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_VACUOUS_SELF_COLLECTION_CALL">DMI: Vacuous call to collections</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION">Dm: Can't use reflection to check for presence of annotation without runtime retention</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR">Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS">Dm: Creation of ScheduledThreadPoolExecutor with zero core threads</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD">Dm: Useless/vacuous call to EasyMock method</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#BSHIFT_WRONG_ADD_PRIORITY">BSHIFT: Possible bad parsing of shift operation</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_INCREMENT_IN_RETURN">DLS: Useless increment in return statement</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_STORE_OF_CLASS_LITERAL">DLS: Dead store of class literal</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DLS_OVERWRITTEN_INCREMENT">DLS: Overwritten increment</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_ARGUMENTS_WRONG_ORDER">DMI: Reversed method arguments</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_BAD_MONTH">DMI: Bad constant value for month</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE">DMI: BigDecimal constructed from double that isn't represented precisely</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_CALLING_NEXT_FROM_HASNEXT">DMI: hasNext method invokes next</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES">DMI: Collections should not contain themselves</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_DOH">DMI: D'oh! A nonsensical method invocation</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI: Invocation of hashCode on an array</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT">DMI: Double.longBitsToDouble invoked on an int</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_VACUOUS_SELF_COLLECTION_CALL">DMI: Vacuous call to collections</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION">Dm: Can't use reflection to check for presence of annotation without runtime retention</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR">Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS">Dm: Creation of ScheduledThreadPoolExecutor with zero core threads</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD">Dm: Useless/vacuous call to EasyMock method</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_INVALID_MIN_MAX">Dm: Incorrect combination of Math.max and Math.min</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#EC_ARRAY_AND_NONARRAY">EC: equals() used to compare array and nonarray</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#EC_BAD_ARRAY_COMPARE">EC: Invocation of equals() on an array, which is equivalent to ==</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#EC_INCOMPATIBLE_ARRAY_COMPARE">EC: equals(...) used to compare incompatible arrays</a></td><td>Correctness</td></tr>
@@ -212,7 +217,7 @@
<tr bgcolor="#eeeeee"><td><a href="#IL_INFINITE_RECURSIVE_LOOP">IL: An apparent infinite recursive loop</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#IM_MULTIPLYING_RESULT_OF_IREM">IM: Integer multiply of result of integer remainder</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_COMPARISON_WITH_INT_VALUE">INT: Bad comparison of int value with long constant</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant or zero</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#INT_BAD_COMPARISON_WITH_SIGNED_BYTE">INT: Bad comparison of signed byte</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#IO_APPENDING_TO_OBJECT_OUTPUT_STREAM">IO: Doomed attempt to append to an object output stream</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN">IP: A parameter is dead upon entry to a method but overwritten</a></td><td>Correctness</td></tr>
@@ -224,17 +229,17 @@
<tr bgcolor="#eeeeee"><td><a href="#NP_CLOSING_NULL">NP: close() invoked on a value that is always null</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_GUARANTEED_DEREF">NP: Null value is guaranteed to be dereferenced</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH">NP: Value is null and guaranteed to be dereferenced on exception path</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Nonnull field is not initialized</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a nonnull parameter </a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @NonNull</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Non-null field is not initialized</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a non-null parameter </a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @Nonnull</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_INSTANCEOF">NP: A known null value is checked to see if it is an instance of a type</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH">NP: Possible null pointer dereference</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_EXCEPTION">NP: Possible null pointer dereference in method on exception path</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF">NP: Method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for nonnull parameter</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF">NP: Method call passes null for non-null parameter</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for non-null parameter</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for non-null parameter</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_OPTIONAL_RETURN_NULL">NP: Method with Optional return type returns explicit null</a></td><td>Correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated NonNull</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated @Nonnull</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_UNWRITTEN_FIELD">NP: Read of unwritten field</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NM_BAD_EQUAL">Nm: Class defines equal(Object); should it be equals(Object)?</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NM_LCASE_HASHCODE">Nm: Class defines hashcode(); should it be hashCode()?</a></td><td>Correctness</td></tr>
@@ -243,6 +248,10 @@
<tr bgcolor="#ffffff"><td><a href="#NM_VERY_CONFUSING">Nm: Very confusing method names</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NM_WRONG_PACKAGE">Nm: Method doesn't override method in superclass due to wrong package for parameter</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT">QBA: Method assigns boolean literal in boolean expression</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#RANGE_ARRAY_INDEX">RANGE: Array index is out of bounds</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#RANGE_ARRAY_LENGTH">RANGE: Array length is out of bounds</a></td><td>Correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#RANGE_ARRAY_OFFSET">RANGE: Array offset is out of bounds</a></td><td>Correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#RANGE_STRING_INDEX">RANGE: String index is out of bounds</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RC_REF_COMPARISON">RC: Suspicious reference comparison</a></td><td>Correctness</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE">RCN: Nullcheck of value previously dereferenced</a></td><td>Correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION">RE: Invalid syntax for regular expression</a></td><td>Correctness</td></tr>
@@ -301,6 +310,8 @@
<tr bgcolor="#ffffff"><td><a href="#MS_EXPOSE_REP">MS: Public static method may expose internal representation by returning array</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#MS_FINAL_PKGPROTECT">MS: Field should be both final and package protected</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#ffffff"><td><a href="#MS_MUTABLE_ARRAY">MS: Field is a mutable array</a></td><td>Malicious code vulnerability</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#MS_MUTABLE_COLLECTION">MS: Field is a mutable collection</a></td><td>Malicious code vulnerability</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#MS_MUTABLE_COLLECTION_PKGPROTECT">MS: Field is a mutable collection which should be package protected</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#MS_MUTABLE_HASHTABLE">MS: Field is a mutable Hashtable</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#ffffff"><td><a href="#MS_OOI_PKGPROTECT">MS: Field should be moved out of an interface and made package protected</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#MS_PKGPROTECT">MS: Field should be package protected</a></td><td>Malicious code vulnerability</td></tr>
@@ -308,69 +319,69 @@
<tr bgcolor="#eeeeee"><td><a href="#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS: Field isn't final but should be refactored to be so</a></td><td>Malicious code vulnerability</td></tr>
<tr bgcolor="#ffffff"><td><a href="#AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION">AT: Sequence of calls to concurrent abstraction may not be atomic</a></td><td>Multithreaded correctness</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DC_DOUBLECHECK">DC: Possible double check of field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_BOOLEAN">DL: Synchronization on Boolean</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE">DL: Synchronization on boxed primitive</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_SHARED_CONSTANT">DL: Synchronization on interned String </a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DL_SYNCHRONIZATION_ON_UNSHARED_BOXED_PRIMITIVE">DL: Synchronization on boxed primitive values</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_MONITOR_WAIT_ON_CONDITION">Dm: Monitor wait() called on Condition</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_USELESS_THREAD">Dm: A thread was created using the default empty run method</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#ESync_EMPTY_SYNC">ESync: Empty synchronized block</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#IS2_INCONSISTENT_SYNC">IS: Inconsistent synchronization</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#IS_FIELD_NOT_GUARDED">IS: Field not guarded against concurrent access</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#JLM_JSR166_LOCK_MONITORENTER">JLM: Synchronization performed on Lock</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#JLM_JSR166_UTILCONCURRENT_MONITORENTER">JLM: Synchronization performed on util.concurrent instance</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT">JLM: Using monitor style wait methods on util.concurrent abstraction</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#LI_LAZY_INIT_STATIC">LI: Incorrect lazy initialization of static field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#LI_LAZY_INIT_UPDATE_STATIC">LI: Incorrect lazy initialization and update of static field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD">ML: Synchronization on field in futile attempt to guard that field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#ML_SYNC_ON_UPDATED_FIELD">ML: Method synchronizes on an updated field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#MSF_MUTABLE_SERVLET_FIELD">MSF: Mutable servlet field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#MWN_MISMATCHED_NOTIFY">MWN: Mismatched notify()</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#MWN_MISMATCHED_WAIT">MWN: Mismatched wait()</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#NN_NAKED_NOTIFY">NN: Naked notify</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#NP_SYNC_AND_NULL_CHECK_FIELD">NP: Synchronize and null check on the same field.</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#NO_NOTIFY_NOT_NOTIFYALL">No: Using notify() rather than notifyAll()</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#RS_READOBJECT_SYNC">RS: Class's readObject() method is synchronized</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED">RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reused</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#RU_INVOKE_RUN">Ru: Invokes run on a thread (did you mean to start it instead?)</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SC_START_IN_CTOR">SC: Constructor invokes Thread.start()</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#SP_SPIN_ON_FIELD">SP: Method spins on field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE">STCAL: Call to static Calendar</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE">STCAL: Call to static DateFormat</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#STCAL_STATIC_CALENDAR_INSTANCE">STCAL: Static Calendar field</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE">STCAL: Static DateFormat</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SWL_SLEEP_WITH_LOCK_HELD">SWL: Method calls Thread.sleep() with a lock held</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#TLW_TWO_LOCK_WAIT">TLW: Wait with two locks held</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#UG_SYNC_SET_UNSYNC_GET">UG: Unsynchronized get method, synchronized set method</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#UL_UNRELEASED_LOCK">UL: Method does not release lock on all paths</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#UL_UNRELEASED_LOCK_EXCEPTION_PATH">UL: Method does not release lock on all exception paths</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#UW_UNCOND_WAIT">UW: Unconditional wait</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#VO_VOLATILE_INCREMENT">VO: An increment to a volatile field isn't atomic</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#VO_VOLATILE_REFERENCE_TO_ARRAY">VO: A volatile reference to an array doesn't treat the array elements as volatile</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL">WL: Synchronization on getClass rather than class literal</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#WS_WRITEOBJECT_SYNC">WS: Class's writeObject() method is synchronized but nothing else is</a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#WA_AWAIT_NOT_IN_LOOP">Wa: Condition.await() not in loop </a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#WA_NOT_IN_LOOP">Wa: Wait not in loop </a></td><td>Multithreaded correctness</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED">Bx: Primitive value is boxed and then immediately unboxed</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION">Bx: Primitive value is boxed then unboxed to perform primitive coercion</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DC_PARTIALLY_CONSTRUCTED">DC: Possible exposure of partially initialized object</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DL_SYNCHRONIZATION_ON_BOOLEAN">DL: Synchronization on Boolean</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE">DL: Synchronization on boxed primitive</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DL_SYNCHRONIZATION_ON_SHARED_CONSTANT">DL: Synchronization on interned String </a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DL_SYNCHRONIZATION_ON_UNSHARED_BOXED_PRIMITIVE">DL: Synchronization on boxed primitive values</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_MONITOR_WAIT_ON_CONDITION">Dm: Monitor wait() called on Condition</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_USELESS_THREAD">Dm: A thread was created using the default empty run method</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#ESync_EMPTY_SYNC">ESync: Empty synchronized block</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#IS2_INCONSISTENT_SYNC">IS: Inconsistent synchronization</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#IS_FIELD_NOT_GUARDED">IS: Field not guarded against concurrent access</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#JLM_JSR166_LOCK_MONITORENTER">JLM: Synchronization performed on Lock</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#JLM_JSR166_UTILCONCURRENT_MONITORENTER">JLM: Synchronization performed on util.concurrent instance</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT">JLM: Using monitor style wait methods on util.concurrent abstraction</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#LI_LAZY_INIT_STATIC">LI: Incorrect lazy initialization of static field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#LI_LAZY_INIT_UPDATE_STATIC">LI: Incorrect lazy initialization and update of static field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD">ML: Synchronization on field in futile attempt to guard that field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#ML_SYNC_ON_UPDATED_FIELD">ML: Method synchronizes on an updated field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#MSF_MUTABLE_SERVLET_FIELD">MSF: Mutable servlet field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#MWN_MISMATCHED_NOTIFY">MWN: Mismatched notify()</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#MWN_MISMATCHED_WAIT">MWN: Mismatched wait()</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NN_NAKED_NOTIFY">NN: Naked notify</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#NP_SYNC_AND_NULL_CHECK_FIELD">NP: Synchronize and null check on the same field.</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#NO_NOTIFY_NOT_NOTIFYALL">No: Using notify() rather than notifyAll()</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#RS_READOBJECT_SYNC">RS: Class's readObject() method is synchronized</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED">RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reused</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#RU_INVOKE_RUN">Ru: Invokes run on a thread (did you mean to start it instead?)</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#SC_START_IN_CTOR">SC: Constructor invokes Thread.start()</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SP_SPIN_ON_FIELD">SP: Method spins on field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE">STCAL: Call to static Calendar</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE">STCAL: Call to static DateFormat</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#STCAL_STATIC_CALENDAR_INSTANCE">STCAL: Static Calendar field</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE">STCAL: Static DateFormat</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#SWL_SLEEP_WITH_LOCK_HELD">SWL: Method calls Thread.sleep() with a lock held</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#TLW_TWO_LOCK_WAIT">TLW: Wait with two locks held</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#UG_SYNC_SET_UNSYNC_GET">UG: Unsynchronized get method, synchronized set method</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#UL_UNRELEASED_LOCK">UL: Method does not release lock on all paths</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#UL_UNRELEASED_LOCK_EXCEPTION_PATH">UL: Method does not release lock on all exception paths</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#UW_UNCOND_WAIT">UW: Unconditional wait</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#VO_VOLATILE_INCREMENT">VO: An increment to a volatile field isn't atomic</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#VO_VOLATILE_REFERENCE_TO_ARRAY">VO: A volatile reference to an array doesn't treat the array elements as volatile</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL">WL: Synchronization on getClass rather than class literal</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#WS_WRITEOBJECT_SYNC">WS: Class's writeObject() method is synchronized but nothing else is</a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#WA_AWAIT_NOT_IN_LOOP">Wa: Condition.await() not in loop </a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#WA_NOT_IN_LOOP">Wa: Wait not in loop </a></td><td>Multithreaded correctness</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED">Bx: Primitive value is boxed and then immediately unboxed</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION">Bx: Primitive value is boxed then unboxed to perform primitive coercion</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator</a></td><td>Performance</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#BX_UNBOXING_IMMEDIATELY_REBOXED">Bx: Boxed value is unboxed and then immediately reboxed</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_BOXED_PRIMITIVE_FOR_PARSING">Bx: Boxing/unboxing to parse a primitive</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_BOXED_PRIMITIVE_TOSTRING">Bx: Method allocates a boxed primitive just to call toString</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_FP_NUMBER_CTOR">Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_NUMBER_CTOR">Bx: Method invokes inefficient Number constructor; use static valueOf instead</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DMI_BLOCKING_METHODS_ON_URL">Dm: The equals and hashCode methods of URL are blocking</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DMI_COLLECTION_OF_URLS">Dm: Maps and sets of URLs can be performance hogs</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_BOOLEAN_CTOR">Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_GC">Dm: Explicit garbage collection; extremely dubious except in benchmarking code</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_NEW_FOR_GETCLASS">Dm: Method allocates an object, only to get the class object</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_NEXTINT_VIA_NEXTDOUBLE">Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_STRING_CTOR">Dm: Method invokes inefficient new String(String) constructor</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#DM_STRING_TOSTRING">Dm: Method invokes toString() method on a String</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#DM_STRING_VOID_CTOR">Dm: Method invokes inefficient new String() constructor</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#HSC_HUGE_SHARED_STRING_CONSTANT">HSC: Huge string constants is duplicated across multiple class files</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#IIO_INEFFICIENT_INDEX_OF">IIO: Inefficient use of String.indexOf(String)</a></td><td>Performance</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#IIO_INEFFICIENT_LAST_INDEX_OF">IIO: Inefficient use of String.lastIndexOf(String)</a></td><td>Performance</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#ITA_INEFFICIENT_TO_ARRAY">ITA: Method uses toArray() with zero-length array argument</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_BOXED_PRIMITIVE_FOR_COMPARE">Bx: Boxing a primitive to compare</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_BOXED_PRIMITIVE_FOR_PARSING">Bx: Boxing/unboxing to parse a primitive</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_BOXED_PRIMITIVE_TOSTRING">Bx: Method allocates a boxed primitive just to call toString</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_FP_NUMBER_CTOR">Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_NUMBER_CTOR">Bx: Method invokes inefficient Number constructor; use static valueOf instead</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DMI_BLOCKING_METHODS_ON_URL">Dm: The equals and hashCode methods of URL are blocking</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DMI_COLLECTION_OF_URLS">Dm: Maps and sets of URLs can be performance hogs</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_BOOLEAN_CTOR">Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_GC">Dm: Explicit garbage collection; extremely dubious except in benchmarking code</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_NEW_FOR_GETCLASS">Dm: Method allocates an object, only to get the class object</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_NEXTINT_VIA_NEXTDOUBLE">Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_STRING_CTOR">Dm: Method invokes inefficient new String(String) constructor</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#DM_STRING_TOSTRING">Dm: Method invokes toString() method on a String</a></td><td>Performance</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#DM_STRING_VOID_CTOR">Dm: Method invokes inefficient new String() constructor</a></td><td>Performance</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#HSC_HUGE_SHARED_STRING_CONSTANT">HSC: Huge string constants is duplicated across multiple class files</a></td><td>Performance</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#SBSC_USE_STRINGBUFFER_CONCATENATION">SBSC: Method concatenates strings using + in a loop</a></td><td>Performance</td></tr>
<tr bgcolor="#ffffff"><td><a href="#SIC_INNER_SHOULD_BE_STATIC">SIC: Should be a static inner class</a></td><td>Performance</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#SIC_INNER_SHOULD_BE_STATIC_ANON">SIC: Could be refactored into a named static inner class</a></td><td>Performance</td></tr>
@@ -387,7 +398,7 @@
<tr bgcolor="#ffffff"><td><a href="#HRS_REQUEST_PARAMETER_TO_HTTP_HEADER">HRS: HTTP Response splitting vulnerability</a></td><td>Security</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#PT_ABSOLUTE_PATH_TRAVERSAL">PT: Absolute path traversal in servlet</a></td><td>Security</td></tr>
<tr bgcolor="#ffffff"><td><a href="#PT_RELATIVE_PATH_TRAVERSAL">PT: Relative path traversal in servlet</a></td><td>Security</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute method on an SQL statement</a></td><td>Security</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute or addBatch method on an SQL statement</a></td><td>Security</td></tr>
<tr bgcolor="#ffffff"><td><a href="#SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING">SQL: A prepared statement is generated from a nonconstant String</a></td><td>Security</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#XSS_REQUEST_PARAMETER_TO_JSP_WRITER">XSS: JSP reflected cross site scripting vulnerability</a></td><td>Security</td></tr>
<tr bgcolor="#ffffff"><td><a href="#XSS_REQUEST_PARAMETER_TO_SEND_ERROR">XSS: Servlet reflected cross site scripting vulnerability in error page</a></td><td>Security</td></tr>
@@ -431,7 +442,7 @@
<tr bgcolor="#ffffff"><td><a href="#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP: Method relaxes nullness annotation on return value</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP: Possible null pointer dereference due to return value of called method</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE">NP: Possible null pointer dereference on branch that might be infeasible</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be nonnull but is marked as nullable</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be non-null but is marked as nullable</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD">NP: Read of unwritten public or protected field</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NS_DANGEROUS_NON_SHORT_CIRCUIT">NS: Potentially dangerous use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NS_NON_SHORT_CIRCUIT">NS: Questionable use of non-short-circuit logic</a></td><td>Dodgy code</td></tr>
@@ -444,20 +455,26 @@
<tr bgcolor="#eeeeee"><td><a href="#REC_CATCH_EXCEPTION">REC: Exception is caught when Exception is not thrown</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RI_REDUNDANT_INTERFACES">RI: Class implements same interface as superclass</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RV_CHECK_FOR_POSITIVE_INDEXOF">RV: Method checks to see if result of String.indexOf is positive</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is nonnull</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is non-null</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RV_REM_OF_HASHCODE">RV: Remainder of hashCode could be negative</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RV_REM_OF_RANDOM_INT">RV: Remainder of 32-bit signed random integer</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RV_RETURN_VALUE_IGNORED_INFERRED">RV: Method ignores return value, is this OK?</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#SA_FIELD_DOUBLE_ASSIGNMENT">SA: Double assignment of field</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_DOUBLE_ASSIGNMENT">SA: Double assignment of local variable </a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT">SA: Self assignment of local variable</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SF_SWITCH_FALLTHROUGH">SF: Switch statement found where one case falls through to the next case</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#SF_SWITCH_NO_DEFAULT">SF: Switch statement found where default case is missing</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD">ST: Write to static field from instance method</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#SE_PRIVATE_READ_RESOLVE_NOT_INHERITED">Se: Private readResolve method not inherited by subclasses</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS">Se: Transient field of class that isn't Serializable. </a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#ffffff"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK">TQ: Value required to have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>
-<tr bgcolor="#eeeeee"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK">TQ: Value required to not have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT">RV: Return value of method without side effect is ignored</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SA_FIELD_DOUBLE_ASSIGNMENT">SA: Double assignment of field</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_DOUBLE_ASSIGNMENT">SA: Double assignment of local variable </a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT">SA: Self assignment of local variable</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#SF_SWITCH_FALLTHROUGH">SF: Switch statement found where one case falls through to the next case</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SF_SWITCH_NO_DEFAULT">SF: Switch statement found where default case is missing</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD">ST: Write to static field from instance method</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#SE_PRIVATE_READ_RESOLVE_NOT_INHERITED">Se: Private readResolve method not inherited by subclasses</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS">Se: Transient field of class that isn't Serializable. </a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK">TQ: Value required to have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK">TQ: Value required to not have type qualifier, but marked as unknown</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#UC_USELESS_CONDITION">UC: Condition has no effect</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#UC_USELESS_CONDITION_TYPE">UC: Condition has no effect due to the variable type</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#UC_USELESS_OBJECT">UC: Useless object created</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#ffffff"><td><a href="#UC_USELESS_OBJECT_STACK">UC: Useless object created on stack</a></td><td>Dodgy code</td></tr>
+<tr bgcolor="#eeeeee"><td><a href="#UC_USELESS_VOID_METHOD">UC: Useless non-empty void method</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#UCF_USELESS_CONTROL_FLOW_NEXT_LINE">UCF: Useless control flow to next line</a></td><td>Dodgy code</td></tr>
<tr bgcolor="#ffffff"><td><a href="#URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD">UrF: Unread public/protected field</a></td><td>Dodgy code</td></tr>
@@ -538,6 +555,26 @@ can clone themselves), but just make sure that this is what you intended.
must have type <code>java.lang.Object</code>.</p>
+<h3><a name="CO_COMPARETO_INCORRECT_FLOATING">Co: compareTo()/compare() incorrectly handles float or double value (CO_COMPARETO_INCORRECT_FLOATING)</a></h3>
+
+
+ <p>This method compares double or float values using pattern like this: val1 &gt; val2 ? 1 : val1 &lt; val2 ? -1 : 0.
+This pattern works incorrectly for -0.0 and NaN values which may result in incorrect sorting result or broken collection
+(if compared values are used as keys). Consider using Double.compare or Float.compare static methods which handle all
+the special cases correctly.</p>
+
+
+<h3><a name="CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE (CO_COMPARETO_RESULTS_MIN_VALUE)</a></h3>
+
+
+ <p> In some situation, this compareTo or compare method returns
+the constant Integer.MIN_VALUE, which is an exceptionally bad practice.
+ The only thing that matters about the return value of compareTo is the sign of the result.
+ But people will sometimes negate the return value of compareTo, expecting that this will negate
+ the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE.
+ So just return -1 rather than Integer.MIN_VALUE.
+
+
<h3><a name="CO_SELF_NO_OBJECT">Co: Covariant compareTo() method defined (CO_SELF_NO_OBJECT)</a></h3>
@@ -679,7 +716,7 @@ is symmetric and transitive. Without those properties, very unexpected behavoirs
equals returns true. If this is violated, weird and unpredictable
failures will occur in classes such as PriorityQueue.
In Java 5 the PriorityQueue.remove method uses the compareTo method,
- while in Java 6 it uses the equals method.
+ while in Java 6 it uses the equals method.</p>
<p>From the JavaDoc for the compareTo method in the Comparable interface:
<blockquote>
@@ -687,7 +724,7 @@ It is strongly recommended, but not strictly required that <code>(x.compareTo(y)
Generally speaking, any class that implements the Comparable interface and violates this condition
should clearly indicate this fact. The recommended language
is "Note: this class has a natural ordering that is inconsistent with equals."
-</blockquote>
+</blockquote></p>
<h3><a name="EQ_GETCLASS_AND_CLASS_CONSTANT">Eq: equals method fails for subtypes (EQ_GETCLASS_AND_CLASS_CONSTANT)</a></h3>
@@ -725,14 +762,14 @@ It is better to check if <code>this.getClass() == o.getClass()</code>.
<p>If a connected set of objects beings finalizable, then the VM will invoke the
finalize method on all the finalizable object, possibly at the same time in different threads.
Thus, it is a particularly bad idea, in the finalize method for a class X, invoke finalize
-on objects referenced by X, because they may already be getting finalized in a separate thread.
+on objects referenced by X, because they may already be getting finalized in a separate thread.</p>
<h3><a name="FI_FINALIZER_NULLS_FIELDS">FI: Finalizer nulls fields (FI_FINALIZER_NULLS_FIELDS)</a></h3>
<p> This finalizer nulls out fields. This is usually an error, as it does not aid garbage collection,
- and the object is going to be garbage collected anyway.
+ and the object is going to be garbage collected anyway.</p>
<h3><a name="FI_FINALIZER_ONLY_NULLS_FIELDS">FI: Finalizer only nulls fields (FI_FINALIZER_ONLY_NULLS_FIELDS)</a></h3>
@@ -740,7 +777,7 @@ on objects referenced by X, because they may already be getting finalized in a s
<p> This finalizer does nothing except null out fields. This is completely pointless, and requires that
the object be garbage collected, finalized, and then garbage collected again. You should just remove the finalize
-method.
+method.</p>
<h3><a name="FI_MISSING_SUPER_CALL">FI: Finalizer does not call superclass finalizer (FI_MISSING_SUPER_CALL)</a></h3>
@@ -920,6 +957,22 @@ If this session is passivated or migrated, an error will result.
.</p>
+<h3><a name="ME_ENUM_FIELD_SETTER">ME: Public enum method unconditionally sets its field (ME_ENUM_FIELD_SETTER)</a></h3>
+
+
+ <p>This public method declared in public enum unconditionally sets enum field, thus this field can be changed by malicious code
+ or by accident from another package. Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.
+ Consider removing this method or declaring it package-private.</p>
+
+
+<h3><a name="ME_MUTABLE_ENUM_FIELD">ME: Enum field is public and mutable (ME_MUTABLE_ENUM_FIELD)</a></h3>
+
+
+ <p>A mutable public field is defined inside a public enum, thus can be changed by malicious code or by accident from another package.
+ Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.
+ Consider declaring this field final and/or package-private.</p>
+
+
<h3><a name="NP_BOOLEAN_RETURN_NULL">NP: Method with Boolean return type returns explicit null (NP_BOOLEAN_RETURN_NULL)</a></h3>
@@ -1022,7 +1075,7 @@ Methods should be verbs, in mixed case with the first letter lowercase, with the
that the interface is in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).
This can be exceptionally confusing, create lots of situations in which you have to look at import statements
to resolve references and creates many
-opportunities to accidently define methods that do not override methods in their superclasses.
+opportunities to accidentally define methods that do not override methods in their superclasses.
</p>
@@ -1033,7 +1086,7 @@ opportunities to accidently define methods that do not override methods in their
that its superclass is in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).
This can be exceptionally confusing, create lots of situations in which you have to look at import statements
to resolve references and creates many
-opportunities to accidently define methods that do not override methods in their superclasses.
+opportunities to accidentally define methods that do not override methods in their superclasses.
</p>
@@ -1555,6 +1608,16 @@ a listener defined in the java.awt.event or javax.swing.event package. As a resu
get called when the event occurs.</p>
+<h3><a name="BSHIFT_WRONG_ADD_PRIORITY">BSHIFT: Possible bad parsing of shift operation (BSHIFT_WRONG_ADD_PRIORITY)</a></h3>
+
+
+<p>
+The code performs an operation like (x &lt;&lt; 8 + y). Although this might be correct, probably it was meant
+to perform (x &lt;&lt; 8) + y, but shift operation has
+a lower precedence, so it's actually parsed as x &lt;&lt; (8 + y).
+</p>
+
+
<h3><a name="ICAST_BAD_SHIFT_AMOUNT">BSHIFT: 32 bit int shifted by an amount not in the range -31..31 (ICAST_BAD_SHIFT_AMOUNT)</a></h3>
@@ -1568,30 +1631,6 @@ and it is at least confusing.
</p>
-<h3><a name="BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator (BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR)</a></h3>
-
-
- <p>A wrapped primitive value is unboxed and converted to another primitive type as part of the
-evaluation of a conditional ternary operator (the <code> b ? e1 : e2</code> operator). The
-semantics of Java mandate that if <code>e1</code> and <code>e2</code> are wrapped
-numeric values, the values are unboxed and converted/coerced to their common type (e.g,
-if <code>e1</code> is of type <code>Integer</code>
-and <code>e2</code> is of type <code>Float</code>, then <code>e1</code> is unboxed,
-converted to a floating point value, and boxed. See JLS Section 15.25.
-</p>
-
-
-<h3><a name="CO_COMPARETO_RESULTS_MIN_VALUE">Co: compareTo()/compare() returns Integer.MIN_VALUE (CO_COMPARETO_RESULTS_MIN_VALUE)</a></h3>
-
-
- <p> In some situation, this compareTo or compare method returns
-the constant Integer.MIN_VALUE, which is an exceptionally bad practice.
- The only thing that matters about the return value of compareTo is the sign of the result.
- But people will sometimes negate the return value of compareTo, expecting that this will negate
- the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE.
- So just return -1 rather than Integer.MIN_VALUE.
-
-
<h3><a name="DLS_DEAD_LOCAL_INCREMENT_IN_RETURN">DLS: Useless increment in return statement (DLS_DEAD_LOCAL_INCREMENT_IN_RETURN)</a></h3>
@@ -1751,6 +1790,14 @@ A ScheduledThreadPoolExecutor with zero core threads will never execute anything
+<h3><a name="DM_INVALID_MIN_MAX">Dm: Incorrect combination of Math.max and Math.min (DM_INVALID_MIN_MAX)</a></h3>
+
+
+ <p>This code tries to limit the value bounds using the construct like Math.min(0, Math.max(100, value)). However the order of
+ the constants is incorrect: it should be Math.min(100, Math.max(0, value)). As the result this code always produces the same result
+ (or NaN if the value is NaN).</p>
+
+
<h3><a name="EC_ARRAY_AND_NONARRAY">EC: equals() used to compare array and nonarray (EC_ARRAY_AND_NONARRAY)</a></h3>
@@ -1836,16 +1883,11 @@ the result of this comparison will always be false at runtime.
<p> This method calls equals(Object) on two references of different
-class types with no common subclasses.
-Therefore, the objects being compared
-are unlikely to be members of the same class at runtime
-(unless some application classes were not analyzed, or dynamic class
-loading can occur at runtime).
-According to the contract of equals(),
-objects of different
-classes should always compare as unequal; therefore, according to the
-contract defined by java.lang.Object.equals(Object),
-the result of this comparison will always be false at runtime.
+class types and analysis suggests they will be to objects of different classes
+at runtime. Further, examination of the equals methods that would be invoked suggest that either
+this call will always return false, or else the equals method is not be symmetric (which is
+a property required by the contract
+for equals in class Object).
</p>
@@ -2099,7 +2141,7 @@ This code converts a 32-bit int value to a 64-bit long value, and then
passes that value for a method parameter that requires an absolute time value.
An absolute time value is the number
of milliseconds since the standard base time known as "the epoch", namely January 1, 1970, 00:00:00 GMT.
-For example, the following method, intended to convert seconds since the epoc into a Date, is badly
+For example, the following method, intended to convert seconds since the epoch into a Date, is badly
broken:</p>
<pre>
Date getDate(int seconds) { return new Date(seconds * 1000); }
@@ -2241,10 +2283,10 @@ This comparison is vacuous and possibily to be incorrect.
</p>
-<h3><a name="INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant (INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE)</a></h3>
+<h3><a name="INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT: Bad comparison of nonnegative value with negative constant or zero (INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE)</a></h3>
-<p> This code compares a value that is guaranteed to be non-negative with a negative constant.
+<p> This code compares a value that is guaranteed to be non-negative with a negative constant or zero.
</p>
@@ -2353,7 +2395,7 @@ something that should be closed.
</p>
<p>Note that a check such as
<code>if (x == null) throw new NullPointerException();</code>
- is treated as a dereference of <code>x</code>.
+ is treated as a dereference of <code>x</code>.</p>
<h3><a name="NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH">NP: Value is null and guaranteed to be dereferenced on exception path (NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH)</a></h3>
@@ -2368,32 +2410,32 @@ something that should be closed.
</p>
-<h3><a name="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Nonnull field is not initialized (NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR)</a></h3>
+<h3><a name="NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP: Non-null field is not initialized (NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR)</a></h3>
- <p> The field is marked as nonnull, but isn't written to by the constructor.
+ <p> The field is marked as non-null, but isn't written to by the constructor.
The field might be initialized elsewhere during constructor, or might always
be initialized before use.
</p>
-<h3><a name="NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a nonnull parameter (NP_NONNULL_PARAM_VIOLATION)</a></h3>
+<h3><a name="NP_NONNULL_PARAM_VIOLATION">NP: Method call passes null to a non-null parameter (NP_NONNULL_PARAM_VIOLATION)</a></h3>
<p>
This method passes a null value as the parameter of a method which
- must be nonnull. Either this parameter has been explicitly marked
+ must be non-null. Either this parameter has been explicitly marked
as @Nonnull, or analysis has determined that this parameter is
always dereferenced.
</p>
-<h3><a name="NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @NonNull (NP_NONNULL_RETURN_VIOLATION)</a></h3>
+<h3><a name="NP_NONNULL_RETURN_VIOLATION">NP: Method may return null, but is declared @Nonnull (NP_NONNULL_RETURN_VIOLATION)</a></h3>
<p>
This method may return a null value, but the method (or a superclass method
- which it overrides) is declared to return @NonNull.
+ which it overrides) is declared to return @Nonnull.
</p>
@@ -2431,36 +2473,36 @@ this may be a false warning.</p>
be an exception path, since the default case is often infeasible.</p>
-<h3><a name="NP_NULL_PARAM_DEREF">NP: Method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF)</a></h3>
+<h3><a name="NP_NULL_PARAM_DEREF">NP: Method call passes null for non-null parameter (NP_NULL_PARAM_DEREF)</a></h3>
<p>
- This method call passes a null value for a nonnull method parameter.
+ This method call passes a null value for a non-null method parameter.
Either the parameter is annotated as a parameter that should
- always be nonnull, or analysis has shown that it will always be
+ always be non-null, or analysis has shown that it will always be
dereferenced.
</p>
-<h3><a name="NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS)</a></h3>
+<h3><a name="NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP: Method call passes null for non-null parameter (NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS)</a></h3>
<p>
A possibly-null value is passed at a call site where all known
- target methods require the parameter to be nonnull.
+ target methods require the parameter to be non-null.
Either the parameter is annotated as a parameter that should
- always be nonnull, or analysis has shown that it will always be
+ always be non-null, or analysis has shown that it will always be
dereferenced.
</p>
-<h3><a name="NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF_NONVIRTUAL)</a></h3>
+<h3><a name="NP_NULL_PARAM_DEREF_NONVIRTUAL">NP: Non-virtual method call passes null for non-null parameter (NP_NULL_PARAM_DEREF_NONVIRTUAL)</a></h3>
<p>
- A possibly-null value is passed to a nonnull method parameter.
+ A possibly-null value is passed to a non-null method parameter.
Either the parameter is annotated as a parameter that should
- always be nonnull, or analysis has shown that it will always be
+ always be non-null, or analysis has shown that it will always be
dereferenced.
</p>
@@ -2469,15 +2511,16 @@ be an exception path, since the default case is often infeasible.</p>
<p>
- The usage of Optional return type always mean that explicit null returns were not desired by design.
+ The usage of Optional return type (java.util.Optional or com.google.common.base.Optiona)
+ always mean that explicit null returns were not desired by design.
Returning a null value in such case is a contract violation and will most likely break clients code.
</p>
-<h3><a name="NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated NonNull (NP_STORE_INTO_NONNULL_FIELD)</a></h3>
+<h3><a name="NP_STORE_INTO_NONNULL_FIELD">NP: Store of null value into field annotated @Nonnull (NP_STORE_INTO_NONNULL_FIELD)</a></h3>
-<p> A value that could be null is stored into a field that has been annotated as NonNull. </p>
+<p> A value that could be null is stored into a field that has been annotated as @Nonnull. </p>
<h3><a name="NP_UNWRITTEN_FIELD">NP: Read of unwritten field (NP_UNWRITTEN_FIELD)</a></h3>
@@ -2518,7 +2561,7 @@ which is probably what was intended.</p>
<p> This regular method has the same name as the class it is defined in. It is likely that this was intended to be a constructor.
If it was intended to be a constructor, remove the declaration of a void return value.
- If you had accidently defined this method, realized the mistake, defined a proper constructor
+ If you had accidentally defined this method, realized the mistake, defined a proper constructor
but can't get rid of this method due to backwards compatibility, deprecate the method.
</p>
@@ -2569,6 +2612,30 @@ types are <code>Foo</code>'s from different packages.
</p>
+<h3><a name="RANGE_ARRAY_INDEX">RANGE: Array index is out of bounds (RANGE_ARRAY_INDEX)</a></h3>
+
+
+ <p> Array operation is performed, but array index is out of bounds, which will result in ArrayIndexOutOfBoundsException at runtime.</p>
+
+
+<h3><a name="RANGE_ARRAY_LENGTH">RANGE: Array length is out of bounds (RANGE_ARRAY_LENGTH)</a></h3>
+
+
+ <p> Method is called with array parameter and length parameter, but the length is out of bounds. This will result in IndexOutOfBoundsException at runtime. </p>
+
+
+<h3><a name="RANGE_ARRAY_OFFSET">RANGE: Array offset is out of bounds (RANGE_ARRAY_OFFSET)</a></h3>
+
+
+ <p> Method is called with array parameter and offset parameter, but the offset is out of bounds. This will result in IndexOutOfBoundsException at runtime. </p>
+
+
+<h3><a name="RANGE_STRING_INDEX">RANGE: String index is out of bounds (RANGE_STRING_INDEX)</a></h3>
+
+
+ <p> String method is called and specified string index is out of bounds. This will result in StringIndexOutOfBoundsException at runtime. </p>
+
+
<h3><a name="RC_REF_COMPARISON">RC: Suspicious reference comparison (RC_REF_COMPARISON)</a></h3>
@@ -3331,6 +3398,25 @@ after the call to initLogging, the logger configuration is lost
This code can freely modify the contents of the array.</p>
+<h3><a name="MS_MUTABLE_COLLECTION">MS: Field is a mutable collection (MS_MUTABLE_COLLECTION)</a></h3>
+
+
+ <p>A mutable collection instance is assigned to a final static field,
+ thus can be changed by malicious code or by accident from another package.
+ Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc.
+ to avoid this vulnerability.</p>
+
+
+<h3><a name="MS_MUTABLE_COLLECTION_PKGPROTECT">MS: Field is a mutable collection which should be package protected (MS_MUTABLE_COLLECTION_PKGPROTECT)</a></h3>
+
+
+ <p>A mutable collection instance is assigned to a final static field,
+ thus can be changed by malicious code or by accident from another package.
+ The field could be made package protected to avoid this vulnerability.
+ Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc.
+ to avoid this vulnerability.</p>
+
+
<h3><a name="MS_MUTABLE_HASHTABLE">MS: Field is a mutable Hashtable (MS_MUTABLE_HASHTABLE)</a></h3>
@@ -3407,6 +3493,17 @@ to the field, so doing so will require some refactoring.
>http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html</a>.</p>
+<h3><a name="DC_PARTIALLY_CONSTRUCTED">DC: Possible exposure of partially initialized object (DC_PARTIALLY_CONSTRUCTED)</a></h3>
+
+
+ <p>Looks like this method uses lazy field initialization with double-checked locking.
+ While the field is correctly declared as volatile, it's possible that the internal structure of
+ the object is changed after the field assignment, thus another thread may see the partially initialized object.</p>
+ <p>To fix this problem consider storing the object into the local variable first
+ and save it to the volatile field only after it's fully constructed.
+ </p>
+
+
<h3><a name="DL_SYNCHRONIZATION_ON_BOOLEAN">DL: Synchronization on Boolean (DL_SYNCHRONIZATION_ON_BOOLEAN)</a></h3>
@@ -3985,6 +4082,19 @@ to immediately undo the work of the boxing.
(e.g., <code>new Double(d).intValue()</code>). Just perform direct primitive coercion (e.g., <code>(int) d</code>).</p>
+<h3><a name="BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR">Bx: Primitive value is unboxed and coerced for ternary operator (BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR)</a></h3>
+
+
+ <p>A wrapped primitive value is unboxed and converted to another primitive type as part of the
+evaluation of a conditional ternary operator (the <code> b ? e1 : e2</code> operator). The
+semantics of Java mandate that if <code>e1</code> and <code>e2</code> are wrapped
+numeric values, the values are unboxed and converted/coerced to their common type (e.g,
+if <code>e1</code> is of type <code>Integer</code>
+and <code>e2</code> is of type <code>Float</code>, then <code>e1</code> is unboxed,
+converted to a floating point value, and boxed. See JLS Section 15.25.
+</p>
+
+
<h3><a name="BX_UNBOXING_IMMEDIATELY_REBOXED">Bx: Boxed value is unboxed and then immediately reboxed (BX_UNBOXING_IMMEDIATELY_REBOXED)</a></h3>
@@ -3992,6 +4102,14 @@ to immediately undo the work of the boxing.
</p>
+<h3><a name="DM_BOXED_PRIMITIVE_FOR_COMPARE">Bx: Boxing a primitive to compare (DM_BOXED_PRIMITIVE_FOR_COMPARE)</a></h3>
+
+
+ <p>A boxed primitive is created just to call compareTo method. It's more efficient to use static compare method
+ (for double and float since Java 1.4, for other primitive types since Java 1.7) which works on primitives directly.
+ </p>
+
+
<h3><a name="DM_BOXED_PRIMITIVE_FOR_PARSING">Bx: Boxing/unboxing to parse a primitive (DM_BOXED_PRIMITIVE_FOR_PARSING)</a></h3>
@@ -4149,34 +4267,6 @@ that classfile. See <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=
</p>
-<h3><a name="IIO_INEFFICIENT_INDEX_OF">IIO: Inefficient use of String.indexOf(String) (IIO_INEFFICIENT_INDEX_OF)</a></h3>
-
-
-<p> This code passes a constant string of length 1 to String.indexOf().
-It is more efficient to use the integer implementations of String.indexOf().
-f. e. call <code>myString.indexOf('.')</code> instead of <code>myString.indexOf(".")</code></p>
-
-
-<h3><a name="IIO_INEFFICIENT_LAST_INDEX_OF">IIO: Inefficient use of String.lastIndexOf(String) (IIO_INEFFICIENT_LAST_INDEX_OF)</a></h3>
-
-
-<p> This code passes a constant string of length 1 to String.lastIndexOf().
-It is more efficient to use the integer implementations of String.lastIndexOf().
-f. e. call <code>myString.lastIndexOf('.')</code> instead of <code>myString.lastIndexOf(".")</code></p>
-
-
-<h3><a name="ITA_INEFFICIENT_TO_ARRAY">ITA: Method uses toArray() with zero-length array argument (ITA_INEFFICIENT_TO_ARRAY)</a></h3>
-
-
-<p> This method uses the toArray() method of a collection derived class, and passes
-in a zero-length prototype array argument. It is more efficient to use
-<code>myCollection.toArray(new Foo[myCollection.size()])</code>
-If the array passed in is big enough to store all of the
-elements of the collection, then it is populated and returned
-directly. This avoids the need to create a second array
-(by reflection) to return as the result.</p>
-
-
<h3><a name="SBSC_USE_STRINGBUFFER_CONCATENATION">SBSC: Method concatenates strings using + in a loop (SBSC_USE_STRINGBUFFER_CONCATENATION)</a></h3>
@@ -4441,10 +4531,10 @@ consider using a commercial static analysis or pen-testing tool.
-<h3><a name="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute method on an SQL statement (SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE)</a></h3>
+<h3><a name="SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE">SQL: Nonconstant string passed to execute or addBatch method on an SQL statement (SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE)</a></h3>
- <p>The method invokes the execute method on an SQL statement with a String that seems
+ <p>The method invokes the execute or addBatch method on an SQL statement with a String that seems
to be dynamically generated. Consider using
a prepared statement instead. It is more efficient and less vulnerable to
SQL injection attacks.
@@ -4724,7 +4814,7 @@ this code, but it is worth reviewing.
<p>
An argument not of type Boolean is being formatted with a %b format specifier. This won't throw an
-exception; instead, it will print true for any nonnull value, and false for null.
+exception; instead, it will print true for any non-null value, and false for null.
This feature of format strings is strange, and may not be what you intended.
</p>
@@ -4906,7 +4996,7 @@ to read, readLine() will return null and dereferencing that will generate a null
<p> The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see if the
-variable is null should have been a check to see if it was nonnull).
+variable is null should have been a check to see if it was non-null).
</p>
@@ -4949,10 +5039,10 @@ this is a definite possibility.
</p>
-<h3><a name="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be nonnull but is marked as nullable (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)</a></h3>
+<h3><a name="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be non-null but is marked as nullable (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)</a></h3>
-<p> This parameter is always used in a way that requires it to be nonnull,
+<p> This parameter is always used in a way that requires it to be non-null,
but the parameter is explicitly annotated as being Nullable. Either the use
of the parameter or the annotation is wrong.
</p>
@@ -5104,7 +5194,7 @@ the constant null.</p>
the String.</p>
-<h3><a name="RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is nonnull (RV_DONT_JUST_NULL_CHECK_READLINE)</a></h3>
+<h3><a name="RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is non-null (RV_DONT_JUST_NULL_CHECK_READLINE)</a></h3>
<p> The value returned by readLine is discarded after checking to see if the return
@@ -5159,6 +5249,23 @@ is important or acceptable.
</p>
+<h3><a name="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT">RV: Return value of method without side effect is ignored (RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT)</a></h3>
+
+
+<p>This code calls a method and ignores the return value. However our analysis shows that
+the method (including its implementations in subclasses if any) does not produce any effect
+other than return value. Thus this call can be removed.
+</p>
+<p>We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.
+Common false-positive cases include:</p>
+<p>- The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis.</p>
+<p>- The method is called to trigger the class loading which may have a side effect.</p>
+<p>- The method is called just to get some exception.</p>
+<p>If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation
+to instruct FindBugs that ignoring the return value of this method is acceptable.
+</p>
+
+
<h3><a name="SA_FIELD_DOUBLE_ASSIGNMENT">SA: Double assignment of field (SA_FIELD_DOUBLE_ASSIGNMENT)</a></h3>
@@ -5215,7 +5322,8 @@ Such assignments are useless, and may indicate a logic error or typo.
<p> This method contains a switch statement where default case is missing.
Usually you need to provide a default case.</p>
<p>Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if
-the default case is at the end of the switch statement and doesn't end with a break statement.
+the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other
+cases.
<h3><a name="ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD">ST: Write to static field from instance method (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD)</a></h3>
@@ -5265,6 +5373,51 @@ it may indicate a misunderstanding of how serialization works.
</p>
+<h3><a name="UC_USELESS_CONDITION">UC: Condition has no effect (UC_USELESS_CONDITION)</a></h3>
+
+
+<p>This condition always produces the same result as the value of the involved variable was narrowed before.
+Probably something else was meant or condition can be removed.</p>
+
+
+<h3><a name="UC_USELESS_CONDITION_TYPE">UC: Condition has no effect due to the variable type (UC_USELESS_CONDITION_TYPE)</a></h3>
+
+
+<p>This condition always produces the same result due to the type range of the involved variable.
+Probably something else was meant or condition can be removed.</p>
+
+
+<h3><a name="UC_USELESS_OBJECT">UC: Useless object created (UC_USELESS_OBJECT)</a></h3>
+
+
+<p>Our analysis shows that this object is useless.
+It's created and modified, but its value never go outside of the method or produce any side-effect.
+Either there is a mistake and object was intended to be used or it can be removed.</p>
+<p>This analysis rarely produces false-positives. Common false-positive cases include:</p>
+<p>- This object used to implicitly throw some obscure exception.</p>
+<p>- This object used as a stub to generalize the code.</p>
+<p>- This object used to hold strong references to weak/soft-referenced objects.</p>
+
+
+<h3><a name="UC_USELESS_OBJECT_STACK">UC: Useless object created on stack (UC_USELESS_OBJECT_STACK)</a></h3>
+
+
+<p>This object is created just to perform some modifications which don't have any side-effect.
+Probably something else was meant or the object can be removed.</p>
+
+
+<h3><a name="UC_USELESS_VOID_METHOD">UC: Useless non-empty void method (UC_USELESS_VOID_METHOD)</a></h3>
+
+
+<p>Our analysis shows that this non-empty void method does not actually perform any useful work.
+Please check it: probably there's a mistake in its code or its body can be fully removed.
+</p>
+<p>We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.
+Common false-positive cases include:</p>
+<p>- The method is intended to trigger loading of some class which may have a side effect.</p>
+<p>- The method is intended to implicitly throw some obscure exception.</p>
+
+
<h3><a name="UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow (UCF_USELESS_CONTROL_FLOW)</a></h3>
@@ -5357,6 +5510,6 @@ document.write( "Last updated "+ document.lastModified + "." );
</script>
<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a>
<p>
-<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>
+<a href="http://sourceforge.net/projects/findbugs/"><img src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="FindBugs on SourceForge.net" /></a>
</td></tr></table>
</body></html>
« no previous file with comments | « doc/allBugDescriptions.html ('k') | doc/bugDescriptions_fr.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698