doc/Changes.html - Issue 139673002: Updating Findbugs from 2.0.1 to 2.0.3

Side by Side Diff: doc/Changes.html

Issue 139673002: Updating Findbugs from 2.0.1 to 2.0.3 (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/findbugs.git@master

Patch Set: bulach's nits Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.or g/TR/html4/loose.dtd">

1 <html>	2 <html>

2 » <head>	3 <head>

3 » » <title>FindBugs Change Log</title>	4 <title>FindBugs Change Log</title>

4 » » <link rel="stylesheet" type="text/css" href="findbugs.css">	5 <link rel="stylesheet" type="text/css" href="findbugs.css">

5 » »

6 » </head>

7	6

8 » <body>	7 </head>

9	8

10 » » <table width="100%">	9 <body>

11 » » » <tr>

12	10

13 » » » »	11 » <table width="100%">

	12 » » <tr>

	13

	14 » » »

14 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%">	15 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%">

15 <table width="100%" cellspacing="0" border="0">	16 <table width="100%" cellspacing="0" border="0">

16 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="Fin dBugs"></a></td></tr>	17 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="Fin dBugs"></a></td></tr>

17	18

18 <tr><td> </td></tr>	19 <tr><td> </td></tr>

19	20

20 <tr><td><b>Docs and Info</b></td></tr>	21 <tr><td><b>Docs and Info</b></td></tr>

21 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a ></font></td></tr>	22 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a ></font></td></tr>

22 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></f ont></td></tr>	23 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></f ont></td></tr>

23 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporter s</a></font></td></tr>	24 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporter s</a></font></td></tr>

(...skipping 23 matching lines...) Expand all Loading...
47 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing </a></font></td></tr>	48 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing </a></font></td></tr>

48 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font>< /td></tr>	49 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font>< /td></tr>

49 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a clas s="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>	50 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a clas s="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>

50 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></f ont></td></tr>	51 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></f ont></td></tr>

51 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects /findbugs">SF project page</a></font></td></tr>	52 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects /findbugs">SF project page</a></font></td></tr>

52 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu gs/source/browse/">Browse source</a></font></td></tr>	53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu gs/source/browse/">Browse source</a></font></td></tr>

53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu gs/source/list">Latest code changes</a></font></td></tr>	54 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbu gs/source/list">Latest code changes</a></font></td></tr>

54 </table>	55 </table>

55 </td>	56 </td>

56	57

57 <td align="left" valign="top">	58 <td align="left" valign="top">

58	59

59	60

60 <h1>FindBugs Change Log, Version 2.0.1</ h1>	61 <h1>FindBugs Change Log, Version 2.0.3</h1>

61	62 <ul>

62 <ul>	63 <li>New Bug patterns: <a

63 <li>New bug patterns; in some cases, bugs previous reported as other bug patterns are reported	64 href="http://findbugs.sourceforg e.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FO R_PARSING</a>,

64 as instances of these new bug patterns in order to make it easier for developers to understand	65 <a

65 the bug reports</li>	66 href="http://findbugs.sourceforg e.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETUR N_RELAXING_ANNOTATION</a>,

66 <ul>	67 and

67 <li><a	68 <a

68 href="http://findbugs.sourceforge.net/bugDescription s.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL	69 href="http://findbugs.sourceforg e.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PA RAMETER_TIGHTENS_ANNOTATION</a>

69 </a>	70 </li>

70 <li><a	71 <li>Add the ability in the GUI to save t he currently viewable/filtered bugs to HTML output.

71 href="http://findbugs.sourceforge.net/bugDescription s.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL	72 <li>When dataflow does't terminate, make sure we continue with

72 </a>	73 analysis.

73 <li><a	74

74 href="http://findbugs.sourceforge.net/bugDescription s.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INI TIALIZED_IN_CONSTRUCTOR	75 <li>Fix some problems that resulting in dataflow analysis not

75 </a>	76 terminating

76 <li><a	77

77 href="http://findbugs.sourceforge.net/bugDescription s.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL	78 <li>Get parameter annotations from defau lt parameters

78 </a>	79 annotations applied to the metho d.

79 <li><a	80 <li>Add subversion change number to ecli pse plugin qualifier.

80 href="http://findbugs.sourceforge.net/bugDescription s.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE	81

81 </a>	82 <li>Disabled detector for <a

82 <li><a	83 href="http://findbugs.sourceforg e.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR _FILE_ENTRY</a>;

83 href="http://findbugs.sourceforge.net/bugDescription s.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL	84 it complaints inappropriately ab out code that creates directory

84 </a>	85 entries.

85 <li><a	86

86 href="http://findbugs.sourceforge.net/bugDescription s.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUE S_WITH_INCOMPATIBLE_TYPE_QUALIFIERS	87 <li>Add warnings about incompatible type s passed to

87 </a>	88 org.testng.Assert.assertEquals</ li>

88 </ul>	89 <li>Add logic that understands more of t he Google Guava APIs.

89 <li>Changes to fix false negatives for the following bug pat terns: <a	90 <li>Disable type qualifier validator exe cution within Eclipse plugin;

90 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>,	91 too many problems with class loa ding and security manager (see #1154 Random obscure Eclipse failures)

91 <a href="http://findbugs.sourceforge.net/bugDescriptions .html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>,	92 <li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is

92 <a href="http://findbugs.sourceforge.net/bugDescriptions .html#EQ_UNUSUAL">EQ_UNUSUAL</a>, <a	93 inconsistent about where synthetic eleme nts are marked.

93 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>,	94

94 and <a	95 <li>Fixed false positives for the following bug patterns (17

95 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NON NULL_BUT_MARKED_AS_NULLABLE</a>.	96 occurrences in findbugsTestCases ):

96	97 <ul>

	98 <li><a

	99 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC">BC</a>

	100 <li><a

	101 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIB LE_INSTANCEOF</a>

	102 <li><a

	103 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_C AST</a>

	104 <li><a

	105 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPE S</a>

	106 <li><a

	107 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_V ALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a>

	108 <li><a

	109 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTE NT_SYNC</a>

	110 <li><a

	111 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGE ROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a>

	112 <li><a

	113 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSAT ISFIED_OBLIGATION</a>

	114 <li><a

	115 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE ">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a>

	116 <li><a

	117 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SE LF_COMPARISON</a>

	118 <li><a

	119 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_ST RICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>

	120 </li>

	121 </ul>

	122 <li>Fixed false negatives for the follow ing bug patterns (45

	123 occurrences in findbugsTestCases ):

	124 <ul>

	125 <li><a

	126 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_C AST</a>

	127 <li><a

	128 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a>

	129 <li><a

	130 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_N ONARRAY</a>

	131 <li><a

	132 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INC OMPATIBLE_ARRAY_COMPARE</a>

	133 <li><a

	134 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPE S</a>

	135 <li><a

	136 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPE S</a>

	137 <li><a

	138 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GU ARDED</a>

	139 <li><a

	140 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMEN T</a>

	141 <li><a

	142 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CL ASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a>

	143 <li><a

	144 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME _PATH</a>

	145 <li><a

	146 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNUL L_PARAM_VIOLATION</a>

	147 <li><a

	148 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALU E">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a>

	149 <li><a

	150 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARK ED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>

	151 <li><a

	152 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE _INTO_NONNULL_FIELD</a>

	153 <li><a

	154 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_PO SSIBLE_UNINTENDED_PATTERN</a>

	155 <li><a

	156 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SE LF_COMPARISON</a>

	157 </ul>

	158 </ul>

	159 <h1>FindBugs Change Log, Version 2.0.2</h1>

	160

	161 <ul>

	162 <li>Fix false positions for <a

	163 href="http://findbugs.sourceforg e.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_N ONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a>

	164 - fixing <a

	165 href="https://sourceforge.net/tr acker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>,

	166 <a

	167 href="https://sourceforge.net/tr acker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>,

	168 <a

	169 href="https://sourceforge.net/tr acker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a>

	170 and <a

	171 href="https://sourceforge.net/tr acker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>.

	172

	173

	174 </li>

	175 <li>Fix false positives for <a

	176 href="http://findbugs.sourceforg e.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a>

	177 <li>Inline access methods for private fi elds,

	178 fixing false positive in <a

	179 href="https://sourceforge.net/tracker/?func=detail&aid=3 484713&group_id=96405&atid=614693">Bug3484713</a>.

	180

	181 <li>Type qualifier annotations, including nullness

	182 annotations, are now ignored on vararg parameters (including

	183 default and inherited annotation s), awaiting JSR308.

	184 <li>Defined new bug pattern to give bett er explanations of

	185 issues involving strict type qua lifiers <a

	186 href="http://findbugs.sourceforg e.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED" >TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>

	187 <li>Adjusted analysis of type qualifiers , now giving warnings

	188 where a computed value is used i n a place where a value with a

	189 strict type qualifier is require d.

	190 <li>Complain about missing classes only if they are

	191 encountered while analyzing appl ication classes; ignore missing

	192 classes that are encounted while analyzing classes loaded from the

	193 auxclasspath. Fix for <a

	194 href="https://sourceforge.net/tr acker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a>

	195 <li>Fixed false positive null pointer wa rning coming from

	196 synthetic bridge methods, fixing <a

	197 href="https://sourceforge.net/tr acker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a>

	198 <li>In general, suppress warnings in syn thetic methods.

	199 <li>Fix some false positives involving < a

	200 href="http://findbugs.sourceforg e.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>

	201 on classes that extend generic c ollection classes.

	202

	203 </li>

	204 <li>Combine multiple identical warnings about

	205 <a

	206 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a>

	207 that occur in the same method,

	208 simplifying issue triage.

97	209

98 <li>Changes to fix false positions for the following bug pat terns: <a	210 <li>Changes by Andrey Loskutov

99 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#DMI_DOH">DMI_DOH</a>, <a	211 <ul>

100 href="http://findbugs.sourceforge.net/bugDescriptions.ht ml#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>,	212 <li>fixed job scheduling errors in 3.8/4.2 Eclipse <a

101 and <a href="http://findbugs.sourceforge.net/bugDescript ions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>.	213 href="https://bu gs.eclipse.org/bugs/show_bug.cgi?id=393748">bug

102	214 report</ a>

103 </ul>	215 <li>more realistic progr ess bar updates for jobs

104	216 <li>added nullness annot ations for some common Eclipse API

105 <h1>	217 methods known to usually return null values

106 FindBugs Change Log, Version 2.0.0	218 <li>Added support for or g.eclipse.jdt.annotation.Nullable,

107 </h1>	219 NonNull and NonN ullByDefault annotations (introduced with

108	220 Eclipse 3.8/4.2) </li>

109 <h2> Changes since version 1.3.8</h2>	221 </ul>

110 <ul>	222 <li>Documentation improvements

111 <li>New bug patterns; in some cases, bugs previous repo rted as other bug patterns are reported as instances	223 <li><a href="http://code.google.com/p/fi ndbugs/source/list">lots

112 of these new bug patterns in order to make it easier for developers to understand the bug reports</li>	224 of other small changes</ a>

113 <ul>	225 </ul>

114 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST </a>	226 <h1>FindBugs Change Log, Version 2.0.1</h1>

115 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_ TOARRAY </a>	227

116 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE </a>	228 <ul>

117 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCUR RENT_MONITORENTER </a>	229 <li>New bug patterns; in some cases, bug s previous reported as

118 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_W EAK_REFERENCE </a>	230 other bug patterns are reported as instances of these new bug

119 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL </a>	231 patterns in order to make it eas ier for developers to understand

120 <li><a href="http://findbugs.sourceforge.net/b ugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACT ICE </a> <li><a href="http://findbugs.sourceforge .net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPAR ISON_BAD_PRACTICE_BOOLEAN </a> <li><a href="http: //findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_I GNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED </a> <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREAD LOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE </a> <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_U NINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONS TRUCTOR </a> <li><a href="http://findbugs.sourcef orge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED </a>	232 the bug reports

121 </ul>	233 <ul>

122 <li>Providing a bug rank (1-20), and t he ability to filter by bug rank. Eventually,	234 <li><a

123 it will be possible to specify you r own rules for ranking bugs, but the procedure for doing so hasn't been specifi ed yet.	235 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLU TE_PATH_TRAVERSAL</a></li>

124 <li>Fixed about <a href="https://sourc eforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&typ e_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&o pen_date_end=2009-08-20&form_submit=Search">45 bugs filed</a> through SourceForg e	236 <li><a

125 <li>Various reclassifications and prio rity tweaks	237 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATI VE_PATH_TRAVERSAL</a></li>

126 <li>Added more bug annotations to a va riety of bug reports.	238 <li><a

127 This provides more context for under standing bug reports	239 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_C ONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li>

128 (e.g., if the value in question was is the return value	240 <li><a

129 of a method, the method is described as the source of	241 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL"> MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li>

130 the value in a bug annotation). This also provide more	242 <li><a

131 accurate tracking of issues across v ersions of the code	243 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE"> BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li>

132 being analyzed, but has the downside that when comparing	244 <li><a

133 results from FindBugs 1.3.8 and Find Bugs 1.3.9 on the	245 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLU TE_PATH_TRAVERSAL</a></li>

134 same version of code being analyzed,	246 <li><a

135 FindBugs may think that mistakenly b elieve that the	247 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE _TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li>

136 issue reported by 1.3.8 was fixed an d a new issue was	248 </ul>

137 introduced that was reported by Find Bugs 1.3.9. While	249 </li>

138 annoying, it would be unusual for mo re than a dozen	250

139 issues per million	251 <li>Changes to fix false negatives for t he following bug

140 lines of codes to be mistracked.	252 patterns: <a

141 <li> Lots of internal changes moving towards FindBugs 2.0, but these	253 href="http://findbugs.sourceforg e.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>,

142 features are undocumented, not yet of ficially supported, and subject to	254 <a

143 radical changes before FindBugs 2.0 i s released.	255 href="http://findbugs.sourceforg e.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>,

144	256 <a

145	257 href="http://findbugs.sourceforg e.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>,

146 </ul>	258 <a

147	259 href="http://findbugs.sourceforg e.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>,

148	260 and <a

149	261 href="http://findbugs.sourceforg e.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE"> NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>.

150 <p> Changes since version 1.3.8</p>	262 </li>

151 <ul>	263

152 <li>New bug patterns; in some cases, b ugs previous reported as other bug patterns are reported as instances	264 <li>Changes to fix false positions for t he following bug

153 of these new bug patterns in order to make it easier for developers to understand the bug reports</li>	265 patterns: <a

154 <ul>	266 href="http://findbugs.sourceforg e.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>,

155 <li><a href="http://findbugs.sourcefor ge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST </a>	267 <a

156 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_ TOARRAY </a>	268 href="http://findbugs.sourceforg e.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>,

157 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE </a>	269 and <a

158 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCUR RENT_MONITORENTER </a>	270 href="http://findbugs.sourceforg e.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>.

159 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_W EAK_REFERENCE </a>	271 </li>

160 <li><a href="http://findbugs.sourceforge.net/bug Descriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL </a>	272 </ul>

161 <li><a href="http://findbugs.sourceforge.net/b ugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACT ICE </a> <li><a href="http://findbugs.sourceforge .net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPAR ISON_BAD_PRACTICE_BOOLEAN </a> <li><a href="http: //findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_I GNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED </a> <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREAD LOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE </a> <li><a href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_U NINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONS TRUCTOR </a> <li><a href="http://findbugs.sourcef orge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED </a>	273

162 </ul>	274 <h1>FindBugs Change Log, Version 2.0.0</h1>

163 <li>Providing a bug rank (1-20), and t he ability to filter by bug rank. Eventually,	275

164 it will be possible to specify you r own rules for ranking bugs, but the procedure for doing so hasn't been specifi ed yet.	276 <h2>Changes since version 1.3.8</h2>

165 <li>Fixed about <a href="https://sourc eforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&typ e_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&o pen_date_end=2009-08-20&form_submit=Search">45 bugs filed</a> through SourceForg e	277 <ul>

166 <li>Various reclassifications and prio rity tweaks	278 <li>New bug patterns; in some cases, bug s previous reported as

167 <li>Added more bug annotations to a va riety of bug reports.	279 other bug patterns are reported as instances of these new bug

168 This provides more context for under standing bug reports	280 patterns in order to make it eas ier for developers to understand

169 (e.g., if the value in question was is the return value	281 the bug reports

170 of a method, the method is described as the source of	282 <ul>

171 the value in a bug annotation). This also provide more	283 <li><a

172 accurate tracking of issues across v ersions of the code	284 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBL E_DOWNCAST

173 being analyzed, but has the downside that when comparing	285 </a></li>

174 results from FindBugs 1.3.8 and Find Bugs 1.3.9 on the	286 <li><a

175 same version of code being analyzed,	287 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">B C_IMPOSSIBLE_DOWNCAST_OF_TOARRAY

176 FindBugs may think that mistakenly b elieve that the	288 </a></li>

177 issue reported by 1.3.8 was fixed an d a new issue was	289 <li><a

178 introduced that was reported by Find Bugs 1.3.9. While	290 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_IN COMPATIBLE_ARRAY_COMPARE

179 annoying, it would be unusual for mo re than a dozen	291 </a></li>

180 issues per million	292 <li><a

181 lines of codes to be mistracked.	293 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTE R ">JLM_JSR166_UTILCONCURRENT_MONITORENTER

182 <li> Lots of internal changes moving towards FindBugs 2.0, but these	294 </a></li>

183 features are undocumented, not yet of ficially supported, and subject to	295 <li><a

184 radical changes before FindBugs 2.0 i s released.	296 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE

185	297 </a></li>

186	298 <li><a

187 </ul>	299 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL

188 <p> Changes since version 1.3.7</p>	300 </a></li>

189 <ul>	301 <li><a

190 <li>Primarily another small bugfix rel ease.</li>	302 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_R EF_COMPARISON_BAD_PRACTICE

191 <li>FindBugs base:</li>	303 </a></li>

192 <ul>	304 <li><a

193 <li>New Reports:</li>	305 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEA N ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN

194 <ul>	306 </a></li>

195 <li>SF_SWITCH_NO_DEFAULT: missin g default case in switch statement.</li>	307 <li><a

196 <li>SF_DEAD_STORE_DUE_TO_SWITCH_ FALLTHROUGH_TO_THROW: value ignored when switch fallthrough leads to	308 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORE D ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED

197 thrown exception.</li>	309 </a></li>

198 <li>INT_VACUOUS_BIT_OPERATION: b it operations that don't do any meaningful work.</li>	310 <li><a

199 <li>FB_UNEXPECTED_WARNING: warni ng generated that conflicts with @NoWarning FindBugs annotation.</li>	311 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_ THREADLOCAL_DEADLY_EMBRACE

200 <li>FB_MISSING_EXPECTED_WARNING: warning not generated despite presence of @ExpectedWarning FindBugs annotation. </li>	312 </a></li>

201 <li>NOISE category: intended for use in data mining experiments.</li>	313 <li><a

202 <ul>	314 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONS TRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR

203 <li>NOISE_NULL_DEREFERENCE: fa ke null point dereference warning.</li>	315 </a></li>

204 <li>NOISE_METHOD_CALL: fake m ethod call warning.</li>	316 <li><a

205 <li>NOISE_FIELD_REFERENCE: fa ke field dereference warning.</li>	317 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FOR MAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED

206 <li>NOISE_OPERATION: fake ope ration warning.</li>	318 </a></li>

207 </ul>	319 </ul>

208 </ul>	320 </li>

209 <li>Other:</li>	321 <li>Providing a bug rank (1-20), and the ability to filter by

210 <ul>	322 bug rank. Eventually, it will be possible to specify your own

211 <li>Garvin Leclaire has created a new Apache Maven repository for FindBugs at	323 rules for ranking bugs, but the procedure for doing so hasn't been

212 <a href="http://code.google.com/ p/findbugs/">the Google Code FindBugs SVN repository</a>. (Thanks Garvin!)</li>	324 specified yet.</li>

213 </ul>	325 <li>Fixed about <a

214 <li>Fixes:</li>	326 href="https://sourceforge.net/se arch/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=a rtifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end= 2009-08-20&form_submit=Search">45

215 <ul>	327 bugs filed</a> through S ourceForge

216 <li>[ 2317842 ] Highlighting bro ken in Windows</li>	328 </li>

217 <li>[ 2515908 ] check for oddnes s should track sign of argument</li>	329 <li>Various reclassifications and priori ty tweaks</li>

218 <li>[ 2487936 ] "L B GC&quo t; false pos cast from Map.Entry.getKey() to Map.get()</li>	330 <li>Added more bug annotations to a vari ety of bug reports.

219 <li>[ 2528264 ] Ant tasks not co mpatible with Ant 1.7.1</li>	331 This provides more context for u nderstanding bug reports (e.g., if

220 <li>[ 2539590 ] SF_SWITCH_FALLTH ROUGH wrong message reported </li>	332 the value in question was is the return value of a method, the

221 <li>[ 2020066 ] Bug history disp layed in fancy-hist.xsl is incorrect</li>	333 method is described as the sourc e of the value in a bug

222 <li>[ 2545098 ] Invalid characte r in analysis results file</li>	334 annotation). This also provide m ore accurate tracking of issues

223 <li>[ 2492673 ] Plugin sites sho uld specify 'requires Eclipse 3.3 or newer'</li>	335 across versions of the code bein g analyzed, but has the downside

224 <li>[ 2588044 ] a tiny typing er ror</li>	336 that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9

225 <li>[ 2589048 ] Documentation fo r convertXmlToText insufficient</li>	337 on the same version of code bein g analyzed, FindBugs may think

226 <li>[ 2638739 ] NullPointerExcep tion when building</li>	338 that mistakenly believe that the issue reported by 1.3.8 was fixed

227 </ul>	339 and a new issue was introduced t hat was reported by FindBugs

228 <li>Patches:</li>	340 1.3.9. While annoying, it would be unusual for more than a dozen

229 <ul>	341 issues per million lines of code s to be mistracked.</li>

230 <li>[ 2538184 ] Make BugCollecti on implement Iterable<BugInstance> (thanks to Tomas Pollak)</li>	342 <li>Lots of internal changes moving towa rds FindBugs 2.0, but

231 <li>[ 2249771 ] Add Maven2 Findb ugs plugin link to the Links page (thanks to Garvin Leclaire)</li>	343 these features are undocumented, not yet officially supported, and

232 <li>[ 2609526 ] Japanese manual update (thanks to K. Hashimoto)</li>	344 subject to radical changes befor e FindBugs 2.0 is released.</li>

233 <li>[ 2119482 ] CheckBcel checks for nonexistent classes (thanks to Jerry James)</li>	345 </ul>

234 </ul>	346

235 </ul>	347 <p>Changes since version 1.3.8</p>

236 <li>FindBugs Eclipse plugin:</li>	348 <ul>

237 <ul>	349 <li>New bug patterns; in some cases, bug s previous reported as

238 <li>Major feature enhancements (th anks to Andrey Loskutov).	350 other bug patterns are reported as instances of these new bug

239 See <a href="http://andrei.gmxhome .de/findbugs/index.html">this overview</a> for more information.</li>	351 patterns in order to make it eas ier for developers to understand

240 <li>Major test improvements (thank s to Tomas Pollak).</li>	352 the bug reports

241 <li>Fixes:</li>	353 <ul>

242 <ul>	354 <li><a

243 <li>[ 2532365 ] Compiler warning </li>	355 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBL E_DOWNCAST

244 <li>[ 2522989 ] Fix filter files selection</li>	356 </a>

245 <li>[ 2504068 ] NullPointerExcep tion</li>	357 <li><a

246 <li>[ 2640849 ] NPE in Eclipse p lugin 1.3.7 and Eclipse 3.5 M5</li>	358 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">B C_IMPOSSIBLE_DOWNCAST_OF_TOARRAY

247 </ul>	359 </a>

248 <li>Patches:</li>	360 <li><a

249 <ul>	361 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_IN COMPATIBLE_ARRAY_COMPARE

250 <li>[ 2143140 ] Unchecked conver sion fixes for Eclipse plugin (thanks to Jerry James)	362 </a>

251 </ul>	363 <li><a

252 </ul>	364 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTE R ">JLM_JSR166_UTILCONCURRENT_MONITORENTER

253 </ul>	365 </a>

254 </ul>	366 <li><a

255	367 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE

256 <p> Changes since version 1.3.6</p>	368 </a>

257 <ul>	369 <li><a

258 <li>Overall, a small bugfix release.	370 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL

259 <li>New detection of accidental vacuous/ useless calls to EasyMock methods,	371 </a>

260 and of generic signatures that proclaim the use of unhashable classes	372 <li><a

261 in ways that require that they be hashed .	373 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_R EF_COMPARISON_BAD_PRACTICE

262 <li>Eliminate some false positives where we were warning about	374 </a>

263 a useless call (e.g., comparing two incompatible types for equality),	375 <li><a

264 but the only thing the code was doin g with the result was	376 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEA N ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN

265 passing it to assertFalse.	377 </a>

	378 <li><a

	379 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORE D ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED

	380 </a>

	381 <li><a

	382 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_ THREADLOCAL_DEADLY_EMBRACE

	383 </a>

	384 <li><a

	385 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONS TRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR

	386 </a>

	387 <li><a

	388 href="http://fin dbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FOR MAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED

	389 </a>

	390 </ul>

	391 </li>

	392 <li>Providing a bug rank (1-20), and the ability to filter by

	393 bug rank. Eventually, it will be possible to specify your own

	394 rules for ranking bugs, but the procedure for doing so hasn't been

	395 specified yet.</li>

	396 <li>Fixed about <a

	397 href="https://sourceforge.net/se arch/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=a rtifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end= 2009-08-20&form_submit=Search">45

	398 bugs filed</a> through S ourceForge

	399 </li>

	400 <li>Various reclassifications and priori ty tweaks</li>

	401 <li>Added more bug annotations to a vari ety of bug reports.

	402 This provides more context for u nderstanding bug reports (e.g., if

	403 the value in question was is the return value of a method, the

	404 method is described as the sourc e of the value in a bug

	405 annotation). This also provide m ore accurate tracking of issues

	406 across versions of the code bein g analyzed, but has the downside

	407 that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9

	408 on the same version of code bein g analyzed, FindBugs may think

	409 that mistakenly believe that the issue reported by 1.3.8 was fixed

	410 and a new issue was introduced t hat was reported by FindBugs

	411 1.3.9. While annoying, it would be unusual for more than a dozen

	412 issues per million lines of code s to be mistracked.</li>

	413 <li>Lots of internal changes moving towa rds FindBugs 2.0, but

	414 these features are undocumented, not yet officially supported, and

	415 subject to radical changes befor e FindBugs 2.0 is released.</li>

	416 </ul>

	417

	418 <p>Changes since version 1.3.7</p>

	419 <ul>

	420 <li>Primarily another small bugfix relea se.</li>

	421 <li>FindBugs base:

	422 <ul>

	423 <li>New Reports:

	424 <ul>

	425 <li>SF_S WITCH_NO_DEFAULT: missing default case in switch

	426 statement.</li>

	427 <li>SF_D EAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW:

	428 value ignored when switch fallthrough leads to thrown

	429 exception.</li>

	430 <li>INT_ VACUOUS_BIT_OPERATION: bit operations that don't

	431 do any meaningful work.</li>

	432 <li>FB_U NEXPECTED_WARNING: warning generated that

	433 conflicts with @NoWarning FindBugs annotation.</li>

	434 <li>FB_M ISSING_EXPECTED_WARNING: warning not generated

	435 despite presence of @ExpectedWarning FindBugs annotation.</li>

	436 <li>NOIS E category: intended for use in data mining

	437 experiments.

	438 <ul>

	439 <li>NOISE_NULL_DEREFERENCE: fake null point dereference

	440 warning.</li>

	441 <li>NOISE_METHOD_CALL: fake method call warning.</li>

	442 <li>NOISE_FIELD_REFERENCE: fake field dereference

	443 warning.</li>

	444 <li>NOISE_OPERATION: fake operation warning.</li>

	445 </ul>

	446 </li>

	447 </ul>

	448 </li>

	449 <li>Other:

	450 <ul>

	451 <li>Garv in Leclaire has created a new Apache Maven

	452 repository for FindBugs at <a

	453 href="http://code.google.com/p/findbugs/">the Google Code

	454 FindBugs SVN repository</a>. (Thanks Garvin!)

	455 </li>

	456 </ul>

	457 </li>

	458 <li>Fixes:

	459 <ul>

	460 <li>[ 23 17842 ] Highlighting broken in Windows</li>

	461 <li>[ 25 15908 ] check for oddness should track sign of

	462 argument</li>

	463 <li>[ 24 87936 ] "L B GC" false pos cast from

	464 Map.Entry.getKey() to Map.get()</li>

	465 <li>[ 25 28264 ] Ant tasks not compatible with Ant 1.7.1</li>

	466 <li>[ 25 39590 ] SF_SWITCH_FALLTHROUGH wrong message

	467 reported</li>

	468 <li>[ 20 20066 ] Bug history displayed in fancy-hist.xsl is

	469 incorrect</li>

	470 <li>[ 25 45098 ] Invalid character in analysis results file</li>

	471 <li>[ 24 92673 ] Plugin sites should specify "requires

	472 Eclipse 3.3 or newer"</li>

	473 <li>[ 25 88044 ] a tiny typing error</li>

	474 <li>[ 25 89048 ] Documentation for convertXmlToText

	475 insufficient</li>

	476 <li>[ 26 38739 ] NullPointerException when building</li>

	477 </ul>

	478 </li>

	479 <li>Patches:

	480 <ul>

	481 <li>[ 25 38184 ] Make BugCollection implement

	482 Iterable<BugInstance> (thanks to Tomas Pollak)</li>

	483 <li>[ 22 49771 ] Add Maven2 Findbugs plugin link to the

	484 Links page (thanks to Garvin Leclaire)</li>

	485 <li>[ 26 09526 ] Japanese manual update (thanks to K.

	486 Hashimoto)</li>

	487 <li>[ 21 19482 ] CheckBcel checks for nonexistent classes

	488 (thanks to Jerry James)</li>

	489 </ul>

	490 </li>

	491 </ul>

	492 </li>

	493 <li>FindBugs Eclipse plugin:

	494 <ul>

	495 <li>Major feature enhanc ements (thanks to Andrey Loskutov).

	496 See <a href="htt p://andrei.gmxhome.de/findbugs/index.html">this

	497 overview </a> for more information.

	498 </li>

	499 <li>Major test improveme nts (thanks to Tomas Pollak).</li>

	500 <li>Fixes:

	501 <ul>

	502 <li>[ 25 32365 ] Compiler warning</li>

	503 <li>[ 25 22989 ] Fix filter files selection</li>

	504 <li>[ 25 04068 ] NullPointerException</li>

	505 <li>[ 26 40849 ] NPE in Eclipse plugin 1.3.7 and Eclipse

	506 3.5 M5</li>

	507 </ul>

	508 </li>

	509 <li>Patches:

	510 <ul>

	511 <li>[ 21 43140 ] Unchecked conversion fixes for Eclipse

	512 plugin (thanks to Jerry James)

	513 </ul>

	514 </li>

	515 </ul>

	516 </li>

	517 </ul>

	518

	519 <p>Changes since version 1.3.6</p>

	520 <ul>

	521 <li>Overall, a small bugfix release.

	522 <li>New detection of accidental vacuous/ useless calls to

	523 EasyMock methods, and of generic signatures that proclaim the use

	524 of unhashable classes in ways th at require that they be hashed.

	525 <li>Eliminate some false positives where we were warning about

	526 a useless call (e.g., comparing two incompatible types for

	527 equality), but the only thing th e code was doing with the result

	528 was passing it to assertFalse.

266 <li>Japanese localization and manual by K.Hashimoto. (Thanks!)	529 <li>Japanese localization and manual by K.Hashimoto. (Thanks!)

267 <li>Added -exclude and -outputDir comman d line options to rejarForAnalysis

268 <li>Extended -adjustPriorities option to FindBugs analysis textui so that you

269 can modify the priorities of ind ividual bug patterns as well as visitors,

270 and also completely suppress ind ividual bug patterns or visitors.

271 <ul>

272 <li> e.g., -adjustPriority MS_SH OULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_R EP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise

273 </ul>

274 </ul>

275	530

276	531 » » » » » <li>Added -exclude and -outputDir comman d line options to

277 » » » » » <p> Changes since version 1.3.5</p>	532 » » » » » » rejarForAnalysis

278 » » » » » <ul>	533 » » » » » <li>Extended -adjustPriorities option to FindBugs analysis

279 » » » » » <li>Added fairly exhaustive static analy sis	534 » » » » » » textui so that you can modify th e priorities of individual bug

280 » » » » » of uses of format strings, checking for missing or	535 » » » » » » patterns as well as visitors, an d also completely suppress

281 » » » » » extra arguements, invalid format specifi ers,	536 » » » » » » individual bug patterns or visit ors.

282 » » » » » or mismatched format specifiers and argu ments (e.g,	537 » » » » » » <ul>

283 » » » » » passing a String value for a %d format s pecifier).	538 » » » » » » » <li>e.g., -adjustPriorit y

284 » » » » » The logic for doing so is derived from S un's java.util.Formatter class,	539 » » » » » » » » MS_SHOULD_BE_FIN AL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppres s,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise

285 » » » » » and available separately from FindBugs a s part of the	540 » » » » » » »

286 » » » » » <a href="https://jformatstring.dev.java. net/">jFormatString</a> project.	541 » » » » » » </ul>

	542 » » » » </ul>

	543

	544

	545 » » » » <p>Changes since version 1.3.5</p>

	546 » » » » <ul>

	547 » » » » » <li>Added fairly exhaustive static analy sis of uses of format

	548 » » » » » » strings, checking for missing or extra arguements, invalid format

	549 » » » » » » specifiers, or mismatched format specifiers and arguments (e.g,

	550 » » » » » » passing a String value for a %d format specifier). The logic for

	551 » » » » » » doing so is derived from Sun's j ava.util.Formatter class, and

	552 » » » » » » available separately from FindBu gs as part of the <a

	553 » » » » » » href="https://jformatstring.dev. java.net/">jFormatString</a>

	554 » » » » » » project.

	555 » » » » » <li>More tuning of the unsatisfied oblig ation detector. Since

	556 » » » » » » this detector is still rather no isy and an unfinished research

	557 » » » » » » project, I've moved the generate d issues to a new category:

	558 » » » » » » EXPERIMENTAL.

	559 » » » » » <li>Added check for <a

	560 » » » » » » href="http://findbugs.sourceforg e.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>;

	561 » » » » » » similar to <a

	562 » » » » » » href="http://findbugs.sourceforg e.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>,

	563 » » » » » » except that addition is being us ed to combine shifted signed

	564 » » » » » » bytes.

	565 » » » » » <li>Changed detection of EI_EXPOSE_REP2, so we only report it

	566 » » » » » » if the value stored is guarantee d to be the same value that was

	567 » » » » » » passed in as a parameter.

	568 » » » » » <li>Added <a

	569 » » » » » » href="http://findbugs.sourceforg e.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHE CK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>,

	570 » » » » » » a warning when an equals method checks to see if an operand is an

	571 » » » » » » instance of a class not compatib le with itself. For example, if

	572 » » » » » » the Foo class checks to see if t he argument is an instance of

	573 » » » » » » String. This is either a questio nable design decision or a coding

	574 » » » » » » mistake.

	575 » » » » » <li>Added <a

	576 » » » » » » href="http://findbugs.sourceforg e.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE _ON_ARRAY</a>,

	577 » » » » » » which checks for invoking <code> hashCode()</code> on an array,

	578 » » » » » » which returns a hash code that i gnores the contents of the array.

287	579

288 » » » » » <li>More tuning of the unsatisfied oblig ation detector. Since this	580 » » » » » <li>Added checks for using <code>x.remov eAll(x)</code> to

289 » » » » » detector is still rather noisy and an un finished research project,	581 » » » » » » rather than <code>x.clear()</cod e> to clear an array.

290 » » » » » I've moved the generated issues to a new category: EXPERIMENTAL.	582 » » » » » <li>Add checks for calls such as <code>x .contains(x)</code>, <code>x.remove(x)</code>

291 » » » » »	583 » » » » » » and <code>x.containsAll(x)</code >.

292 » » » » » <li>Added check for <a href="http://find bugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIG NED_BYTE</a>; similar to <a href="http://findbugs.sourceforge.net/bugDescription s.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>, except that	584 » » » » » <li>Improvements to Eclipse plugin (than ks to Andrey

293 » » » » » addition is being used to combine shifte d signed bytes.	585 » » » » » » Loskutov):

294 » » » » »	586 » » » » » » <ul>

295 » » » » » <li>Changed detection of EI_EXPOSE_REP2, so we only report it if the value stored	587 » » » » » » » <li>Report separate mark ers for each occurrence of an issue

296 » » » » » is guaranteed to be the same value that was passed in as a parameter.	588 » » » » » » » » that appears mul tiple times in a method

297 » » » » »	589 » » » » » » » <li>fine tuning for repo rted markers: add only one marker

298 » » » » » <li>Added <a href="http://findbugs.sourc eforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">E Q_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>, a warning when	590 » » » » » » » » for fields, add marker on right position

299 » » » » » » an equals method checks to see i f an operand is an instance of a class not	591 » » » » » » » <li>link bugs selected i n bug explorer view to the opened

300 » » » » » » » compatible with itself. For example, if the Foo class checks to see if the argument	592 » » » » » » » » editor and vice versa

301 » » » » » » » is an instance of String . This is either a questionable design decision or a coding mistake.	593 » » » » » » » <li>select bugs selected in editor ruler in the opened bug

302 » » » » » <li>Added <a href="http://findbugs.sourc eforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HAS HCODE_ON_ARRAY</a>,	594 » » » » » » » » explorer view

303 » » » » » » which checks for invoking <code> hashCode()</code> on an array, which returns a hash code that ignores the conten ts of the array.	595 » » » » » » » <li>consistent abbreviat ions used in both bug explorer and

304 » » » » » <li>Added checks for using <code>x.remov eAll(x)</code> to rather than <code>x.clear()</code>	596 » » » » » » » » bug details view

305 » » » » » to clear an array.	597 » » » » » » » <li>added "Expand All" b utton to the bug explorer view

306 » » » » » <li>Add checks for calls such as <code>x .contains(x)</code>, <code>x.remove(x)</code> and <code>x.containsAll(x)</code>.	598 » » » » » » » <li>added "Go Into/Go Up " buttons to the bug explorer view

307 » » » » » <li>Improvements to Eclipse plugin (than ks to Andrey Loskutov):	599 » » » » » » » <li>added "Copy to clipb oard" menu/functionality to the

308 » » » » » <ul>	600 » » » » » » » » details view lis t widget

309 » » » » » <li>Report separate markers for each occ urrence of an issue that appears multiple times in a method	601 » » » » » » » <li>fix for CNF exceptio n if loading the backup solution for

310 » » » » » <li> fine tuning for reported markers: a dd only one marker for fields, add marker on right position	602 » » » » » » » » broken browser w idget

311 » » » » » <li> link bugs selected in bug explorer view to the opened editor and vice versa	603 » » » » » » </ul>

312 » » » » » <li> select bugs selected in editor rule r in the opened bug explorer view	604 » » » » </ul>

313 » » » » » <li> consistent abbreviations used in b oth bug explorer and bug details view	605

314 » » » » » <li> added "Expand All" button to the bu g explorer view	606

315 » » » » » <li> added "Go Into/Go Up" buttons to t he bug explorer view	607

316 » » » » » <li> added "Copy to clipboard" menu/fun ctionality to the details view list widget	608 » » » » <p>Changes since version 1.3.4</p>

317 » » » » » <li> fix for CNF exception if loading th e backup solution for broken browser widget	609 » » » » <ul>

318 » » » » »

319 » » » » » </ul></ul>

320 » » » » »

321 » » » » »

322

323 » » » » » <p> Changes since version 1.3.4</p>

324 » » » » » <ul>

325 <li>Analysis about 15% faster	610 <li>Analysis about 15% faster

326 » » » » » <li><a href="http://sourceforge.net/trac ker/?atid=614693&group_id=96405&func=browse&status=closed">38 bugs closed</a></l i>	611 » » » » » <li><a

	612 » » » » » » href="http://sourceforge.net/tra cker/?atid=614693&group_id=96405&func=browse&status=closed">38

	613 » » » » » » » bugs closed</a></li>

327 <li>New defect warnings:	614 <li>New defect warnings:

328 » » » » » <ul>	615 » » » » » » <ul>

329 » » » » » <li>calls to methods that always throw	616 » » » » » » » <li>calls to methods tha t always throw

330 » » » » » » UnsupportedOperationException» (DMI_UNSUPPORTED_METHOD)	617 » » » » » » » » UnsupportedOpera tionException (DMI_UNSUPPORTED_METHOD)

331 » » » » » <li>repeated conditional tests (e.g.,	618 » » » » » » » <li>repeated conditional tests (e.g., <code>if (x

332 » » » » » » » <code>if (x < 0 \|\| x < 0) ...</code>)	619 » » » » » » » » » < 0 \| \| x < 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST)

333 » » » » » » (RpC_REPEATED_CONDITIONAL_TEST)	620 » » » » » » » <li>Complete rewrite of detector for format string problems.

334 » » » » » <li>Complete rewrite of detector for for mat string problems.	621 » » » » » » » » More accurate, f inds more problems, generates more descriptive

335 » » » » » » More accurate, finds more proble ms, generates	622 » » » » » » » » reports, several different bug pattern

336 » » » » » » » more descriptive reports , several different	623 » » » » » » » » (VA_FORMAT_STRIN G_EXTRA_ARGUMENTS_PASSED,

337 » » » » » » » » bug pattern	624 » » » » » » » » VA_FORMAT_STRING _ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT,

338 » » » » » » (VA_FORMAT_STRING_EXTRA_ARGUM ENTS_PASSED,	625 » » » » » » » » VA_FORMAT_STRING _BAD_ARGUMENT,

339 » » » » » » VA_FORMAT_STRING_ILLEGAL,	626 » » » » » » » » VA_FORMAT_STRING _NO_PREVIOUS_ARGUMENT)

340 » » » » » » VA_FORMAT_STRING_MISSING_ARGU MENT,	627 » » » » » » » <li>Fairly complete impl ementation of JSR-305 custom type

341 » » » » » » VA_FORMAT_STRING_BAD_ARGUMENT ,	628 » » » » » » » » qualifier analys is (no support for custom validators yet).

342 » » » » » » VA_FORMAT_STRING_NO_PREVIOUS_A RGUMENT)	629 » » » » » » » » (TQ_MAYBE_SOURCE _VALUE_REACHES_NEVER_SINK

343	630 » » » » » » » » TQ_EXPLICIT_UNKN OWN_SOURCE_VALUE_REACHES_ALWAYS_SINK

344 » » » » » <li>Fairly complete implementation of JS R-305 custom type qualifier	631 » » » » » » » » TQ_EXPLICIT_UNKN OWN_SOURCE_VALUE_REACHES_NEVER_SINK)

345 » » » » » » analysis (no support for custom validators yet).	632 » » » » » » » <li>New detector for uns atisfied obligations such forgetting

346 » » » » » » (TQ_MAYBE_SOURCE_VALUE_REACHE S_NEVER_SINK	633 » » » » » » » » to close a file (OBL_UNSATISFIED_OBLIGATION).

347 » » » » » » TQ_EXPLICIT_UNKNOWN_SOURCE_VA LUE_REACHES_ALWAYS_SINK	634 » » » » » » » <li>Warning when a param eter is marked as nullable, but is

348 » » » » » » TQ_EXPLICIT_UNKNOWN_SOURCE_VA LUE_REACHES_NEVER_SINK)	635 » » » » » » » » always dereferen ced.

349 » » » » » <li>New detector for unsatisfied obligat ions such forgetting to	636 » » » » » » » » (NP_PARAMETER_MU ST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)

350 » » » » » » close a file (OBL_UNSATISFIED_OB LIGATION).	637 » » » » » » » <lI>Separate warning for dereference the result of readLine

351 » » » » » <li>Warning when a parameter is marked a s nullable, but is	638 » » » » » » » » (NP_DEREFERENCE_ OF_READLINE_VALUE)

352 » » » » » » always dereferenced.	639 » » » » » » </ul>

353 » » » » » » (NP_PARAMETER_MUST_BE_NONNULL_BU T_MARKED_AS_NULLABLE)	640 » » » » » <li>When XML is generated with messages, the project stats now

354 » » » » » <lI>Separate warning for dereference the result of readLine (NP_DEREFERENCE_OF_READLINE_VALUE)	641 » » » » » » include <FileStat> element s. For each source file, this

355 » » » » » </ul>	642 » » » » » » gives the path for the file, the total number of warnings for that

356 » » » » » <li>When XML is generated with messages, the project stats now	643 » » » » » » file, and a bugHash for the file . While the instanceHash for a bug

357 » » » » » include <FileStat> elements.	644 » » » » » » is intended to be version invari ant (ignoring line numbers, etc),

358 » » » » » For each source file, this gives the pat h for the file,	645 » » » » » » the bugHash for a file is intend ed to reflect all the information

359 » » » » » the total number of warnings for that fi le, and a bugHash	646 » » » » » » about the warnings in that file. The intended use case is that if

360 » » » » » for the file. While the instanceHash for a bug is intended	647 » » » » » » the bugHash for a file is the sa me in two analysis runs, then <em>nothing</em>

361 » » » » » to be version invariant (ignoring line n umbers, etc), the	648 » » » » » » has changed about any of the war nings reported for that file

362 » » » » » bugHash for a file is intended to reflec t all the information	649 » » » » » » between the two analysis runs.

363 » » » » » about the warnings in that file. The int ended use case is that	650 » » » » » <li>More merging of similar issues withi n a method. For

364 » » » » » if the bugHash for a file is the same in two analysis runs,	651 » » » » » » example, if the result of readLi ne() is dereferences multiple

365 » » » » » then <em>nothing</em> has changed about any of the warnings	652 » » » » » » times within a method, it will b e reported as a single warning

366 » » » » » reported for that file between the two a nalysis runs.

367 » » » » » <li>More merging of similar issues withi n a method. For example,

368 » » » » » » if the result of readLine() is d ereferences multiple times

369 » » » » » » within a method, it will be repo rted as a single warning

370 with occurrences at multiple sou rce lines.	653 with occurrences at multiple sou rce lines.

371 </ul>	654 </ul>

372 <p> Changes since version 1.3.3</p>	655 <p>Changes since version 1.3.3</p>

373	656

374 <ul>	657 <ul>

375 <li>FindBugs base	658 <li>FindBugs base

376 <ul>	659 <ul>

377 <li>New Reports:</li>	660 <li>New Reports:

378 <ul>	661 <ul>

379 <li>EQ_OVERRIDING_EQUALS_NOT_SYMME TRIC:	662 <li>EQ_O VERRIDING_EQUALS_NOT_SYMMETRIC: equals method

380 equals method overrides equals in superclass and may not be symmetric</li>	663 overrides equals in superclass and may not be symmetric</li>

381 <li>EQ_ALWAYS_TRUE:	664 <li>EQ_A LWAYS_TRUE: equals method always returns true</li>

382 equals method always returns true< /li>	665 <li>EQ_A LWAYS_FALSE: equals method always returns false</li>

383 <li>EQ_ALWAYS_FALSE:	666 <li>EQ_C OMPARING_CLASS_NAMES: equals method compares class

384 equals method always returns false </li>	667 names rather than class objects</li>

385 <li>EQ_COMPARING_CLASS_NAMES:	668 <li>EQ_U NUSUAL: Unusual equals method</li>

386 equals method compares class names rather than class objects</li>	669 <li>EQ_G ETCLASS_AND_CLASS_CONSTANT: equals method fails

387 <li>EQ_UNUSUAL: Unusual equals met hod</li>	670 for subtypes</li>

388 <li>EQ_GETCLASS_AND_CLASS_CONSTANT :	671 <li>SE_R EAD_RESOLVE_IS_STATIC: The readResolve method must

389 equals method fails for subtypes</ li>	672 not be declared as a static method.</li>

390 <li>SE_READ_RESOLVE_IS_STATIC:	673 <li>SE_P RIVATE_READ_RESOLVE_NOT_INHERITED: private

391 The readResolve method must not be declared as a static method.</li>	674 readResolve method not inherited by subclasses</li>

392 <li>SE_PRIVATE_READ_RESOLVE_NOT_IN HERITED:	675 <li>MSF_ MUTABLE_SERVLET_FIELD: Mutable servlet field</li>

393 private readResolve method not inh erited by subclasses</li>	676 <li>XSS_ REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected

394 <li>MSF_MUTABLE_SERVLET_FIELD: Mut able servlet field</li>	677 cross site scripting vulnerability</li>

395 <li>XSS_REQUEST_PARAMETER_TO_SEND_ ERROR:	678 <li>SKIP PED_CLASS_TOO_BIG: Class too big for analysis</li>

396 Servlet reflected cross site scrip ting vulnerability</li>	679 </ul>

397 <li>SKIPPED_CLASS_TOO_BIG: Class t oo big for analysis</li>	680 </li>

398 </ul>	681 <li>Other:

399 <li>Other:</li>	682 <ul>

400 <ul>	683 <li>Valu e-number analysis now more space-efficient</li>

401 <li>Value-number analysis now more space-efficient</li>	684 <li>Enha ncements to reduce memory overhead when analyzing

402 <li>Enhancements to reduce memory overhead when	685 very large classes</li>

403 analyzing very large classes</ li>	686 <li>Now skips very large classes that would otherwise take

404 <li>Now skips very large classes t hat would otherwise	687 too much time and memory to analyze</li>

405 take too much time and memory to analyze</li>	688 <li>Infr astructure for tracking effectively-constant/

406 <li>Infrastructure for tracking ef fectively-constant/	689 effectively-final fields</li>

407 effectively-final fields</li>	690 <li>Adde d more cweids</li>

408 <li>Added more cweids</li>	691 <li>Enha nced taint tracking for taint-based detectors</li>

409 <li>Enhanced taint tracking for ta int-based detectors</li>	692 <li>Igno re doomed calls to equals if result is used as an

410 <li>Ignore doomed calls to equals if result is used	693 argument to assertFalse</li>

411 as an argument to assertFalse< /li>	694 <li>EQ_O VERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li>

412 <li>EQ_OVERRIDING_EQUALS_NOT_SYMME TRIC handles compareTo</li>	695 <li>Prio rity tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG

413 <li>Priority tweak for ICAST_INTEG ER_MULTIPLY_CAST_TO_LONG	696 (only low priority if multiplying by 1000)</li>

414 (only low priority if multiply ing by 1000)</li>	697 <li>Impr oved tracking of fields across method calls</li>

415 <li>Improved tracking of fields ac ross method calls</li>	698 </ul>

416 </ul>	699 </li>

417 <li>Fixes:</li>	700 <li>Fixes:

418 <ul>	701 <ul>

419 <li>[ 1941450 ] DLS_DEAD_LOCAL_STO RE not reported</li>	702 <li>[ 19 41450 ] DLS_DEAD_LOCAL_STORE not reported</li>

420 <li>[ 1953323 ] Omitted break stat ement in SynchronizeAndNullCheckField</li>	703 <li>[ 19 53323 ] Omitted break statement in

421 <li>[ 1942620 ] Source Directories selection dialog interface confusion (partial)</li>	704 SynchronizeAndNullCheckField</li>

422 <li>[ 1948275 ] Unhelpful "Load of known null"</li>	705 <li>[ 19 42620 ] Source Directories selection dialog

423 <li>[ 1933922 ] MWM error in findb ugs</li>	706 interface confusion (partial)</li>

424 <li>[ 1934772 ] 1.3.3 appears to r ely on JDK 1.6, JNLP still specifies 1.5</li>	707 <li>[ 19 48275 ] Unhelpful "Load of known null"</li>

425 <li>[ 1933945 ] -loadbugs doesn't work</li>	708 <li>[ 19 33922 ] MWM error in findbugs</li>

426 <li>Fixed problems for class names starting with '$'</li>	709 <li>[ 19 34772 ] 1.3.3 appears to rely on JDK 1.6, JNLP

427 <li>Fixed bugs and incomplete hand ling of annotations in	710 still specifies 1.5</li>

428 VersionInsensitiveBugComparato r</li>	711 <li>[ 19 33945 ] -loadbugs doesn't work</li>

429 </ul>	712 <li>Fixe d problems for class names starting with '$'</li>

430 <li>Patches:</li>	713 <li>Fixe d bugs and incomplete handling of annotations in

431 <ul>	714 VersionInsensitiveBugComparator</li>

432 <li>[ 1955106 ] Javadoc fixes</li>	715 </ul>

433 <li>[ 1951930 ] Superfluous import statements (thanks to Jerry James)</li>	716 </li>

434 <li>[ 1951907 ] Missing @Deprecate d annotations (thanks to Jerry James)</li>	717 <li>Patches:

435 <li>[ 1951876 ] Infonode Docking W indows compile fix (thanks to Jerry James)</li>	718 <ul>

436 <li>[ 1936055 ] bugfix for findbug s.de.comment not working (thanks to Peter Fokkinga)	719 <li>[ 19 55106 ] Javadoc fixes</li>

437 </ul>	720 <li>[ 19 51930 ] Superfluous import statements (thanks to

438 </ul>	721 Jerry James)</li>

439 <li>FindBugs BlueJ plugin</li>	722 <li>[ 19 51907 ] Missing @Deprecated annotations (thanks to

440 <ul>	723 Jerry James)</li>

441 <li>Updated to use FindBugs 1.3.4 (f irst new release since 1.1.3)</li>	724 <li>[ 19 51876 ] Infonode Docking Windows compile fix

442 </ul>	725 (thanks to Jerry James)</li>

443 </ul>	726 <li>[ 19 36055 ] bugfix for findbugs.de.comment not working

444	727 (thanks to Peter Fokkinga)

445 <p> Changes since version 1.3.2</p>	728 </ul>

446	729 </li>

447 <ul>	730 </ul>

448 <li>FindBugs base</li>	731 <li>FindBugs BlueJ plugin

449 <ul>	732 <ul>

450 <li>New Detectors:</li>	733 <li>Updated to use FindB ugs 1.3.4 (first new release since

451 <ul>	734 1.1.3)</li>

452 <li>FieldItemSummary: Produces sum mary information	735 </ul>

453 for what is stored into fields </li>	736 </li>

454 <li>SynchronizeOnClassLiteralNotGe tClass: Look for	737 </ul>

455 code that synchronizes on the results of get Class	738

456 rather than on class literals</li>	739 <p>Changes since version 1.3.2</p>

457 <li>SynchronizingOnContentsOfField ToProtectField: This	740

458 detector looks for code that s eems to be	741 <ul>

459 synchronizing on a field in or der to guard updates	742 <li>FindBugs base

460 of that field </li>	743 <ul>

461 </ul>	744 <li>New Detectors:

462 <li>New BugCode:</li>	745 <ul>

463 <ul>	746 <li>Fiel dItemSummary: Produces summary information for

464 <li> HRS: HTTP Response splitting vulnerability </li>	747 what is stored into fields</li>

465 <li> WL: Possible locking on wrong object </li>	748 <li>Sync hronizeOnClassLiteralNotGetClass: Look for code

466 </ul>	749 that synchronizes on the results of getClass rather than on

467 <li>New Reports:</li>	750 class literals</li>

468 <ul>	751 <li>Sync hronizingOnContentsOfFieldToProtectField: This

469 <li>DMI_CONSTANT_DB_PASSWORD:	752 detector looks for code that seems to be synchronizing on a

470 This code creates a database c onnect using a hard coded, constant password </li>	753 field in order to guard updates of that field</li>

471 <li>HRS_REQUEST_PARAMETER_TO_COOKI E:	754 </ul>

472 HTTP cookie formed from untrus ted input </li>	755 </li>

473 <li>HRS_REQUEST_PARAMETER_TO_HTTP_ HEADER:	756 <li>New BugCode:

474 HTTP parameter directly writte n to HTTP header output </li>	757 <ul>

475 <li>CN_IMPLEMENTS_CLONE_BUT_NOT_CL ONEABLE:	758 <li>HRS: HTTP Response splitting vulnerability</li>

476 Class defines clone() but does n't implement Cloneable </li>	759 <li>WL: Possible locking on wrong object</li>

477 <li>DL_SYNCHRONIZATION_ON_BOXED_PR IMITIVE:	760 </ul>

478 Synchronization on boxed primi tive could lead to deadlock </li>	761 </li>

479 <li> DL_SYNCHRONIZATION_ON_BOOLEAN :	762 <li>New Reports:

480 Synchronization on Boolean cou ld lead to deadlock </li>	763 <ul>

481 <li> ML_SYNC_ON_FIELD_TO_GUARD_CHA NGING_THAT_FIELD:	764 <li>DMI_ CONSTANT_DB_PASSWORD: This code creates a database

482 Synchronization on field in fu tile attempt to guard that field </li>	765 connect using a hard coded, constant password</li>

483 <li> DLS_DEAD_LOCAL_STORE_IN_RETUR N:	766 <li>HRS_ REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed

484 Useless assignment in return s tatement </li>	767 from untrusted input</li>

485 <li> WL_USING_GETCLASS_RATHER_THAN _CLASS_LITERAL:	768 <li>HRS_ REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter

486 Synchronization on getClass ra ther than class literal </li>	769 directly written to HTTP header output</li>

487 </ul>	770 <li>CN_I MPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines

488 <li>Other:</li>	771 clone() but doesn't implement Cloneable</li>

489 <ul>	772 <li>DL_S YNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization

490 <li>Many enhancements to cross-sit e scripting detector and its documentation</li>	773 on boxed primitive could lead to deadlock</li>

491 <li> Enhanced switch fall through handling </li>	774 <li>DL_S YNCHRONIZATION_ON_BOOLEAN: Synchronization on

492 <li> Enhanced unread field handlin g (look for IF_ACMPEQ and IF_ACMPNE) </li>	775 Boolean could lead to deadlock</li>

493 <li> Clarified documentation for @ Nullable in manual </li>	776 <li>ML_S YNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD:

494 <li> Fewer DeadLocalStore false po sitives </li>	777 Synchronization on field in futile attempt to guard that field

495 <li> Fewer UnreadField false posit ives </li>	778 </li>

496 <li> Fewer StaticCalendarDetector false positives </li>	779 <li>DLS_ DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in

497 <li> Performance fix for slow file system IO e.g. Clearcase repositories (thanks, Andrei!) </li>	780 return statement</li>

498 <li> Other, general performance en hancements (thanks, Andrei!) </li>	781 <li>WL_U SING_GETCLASS_RATHER_THAN_CLASS_LITERAL:

499 <li> Enhancements for using FindBu gs scripts with MKS on Windows (thanks, Kelly O'Hair!) </li>	782 Synchronization on getClass rather than class literal</li>

500 <li> Noted in the manual that jsr3 05.jar must be present for annotations to compile </li>	783 </ul>

501 <li> Added and fine-tuned default- nullness annotations </li>	784 </li>

502 <li> More CWE IDs added </li>	785 <li>Other:

503 <li> Check and warning for unexpec ted BCEL version in classpath </li>	786 <ul>

504 </ul>	787 <li>Many enhancements to cross-site scripting detector and

505 <li>Fixes:</li>	788 its documentation</li>

506 <ul>	789 <li>Enha nced switch fall through handling</li>

507 <li>Bug fix to handling of local v ariable tables in BCEL</li>	790 <li>Enha nced unread field handling (look for IF_ACMPEQ and

508 <li>Refined documentation for MTIA _SUSPECT_STRUTS_INSTANCE_FIELD</li>	791 IF_ACMPNE)</li>

509 <li>[ 1927295 ] NPE when called on project root</li>	792 <li>Clar ified documentation for @Nullable in manual</li>

510 <li>[ 1926405 ] Incorrect dead sto re warning</li>	793 <li>Fewe r DeadLocalStore false positives</li>

511 <li>[ 1926409 ] Incorrect redundan t nullcheck warning</li>	794 <li>Fewe r UnreadField false positives</li>

512 <li>[ 1926389 ] Wrong line number printed/highlighted in bug</li>	795 <li>Fewe r StaticCalendarDetector false positives</li>

513 <li>[ 1927040 ] typo in bug descri ption</li>	796 <li>Perf ormance fix for slow file system IO e.g. Clearcase

514 <li>[ 1926263 ] Minor glitch in HT ML output</li>	797 repositories (thanks, Andrei!)</li>

515 <li>[ 1926240 ] Minor error in sta ndard options in manual</li>	798 <li>Othe r, general performance enhancements (thanks,

516 <li>[ 1926236 ] Minor bug in insta llation section of manual</li>	799 Andrei!)</li>

517 <li>[ 1925539 ] ZIP is default fil e system code base</li>	800 <li>Enha ncements for using FindBugs scripts with MKS on

518 <li>[ 1894701 ] Livelock / memory leak in ObjectTypeFactory (thanks, Andrei!)</li>	801 Windows (thanks, Kelly O'Hair!)</li>

519 <li>[ 1867491 ] Doesn't reload ann otations after code changes in IDE (thanks, Andrei!)</li>	802 <li>Note d in the manual that jsr305.jar must be present

520 <li>[ 1921399 ] -project option no t supported</li>	803 for annotations to compile</li>

521 <li>[ 1913834 ] "Dead" store to va riable with method call</li>	804 <li>Adde d and fine-tuned default-nullness annotations</li>

522 <li>[ 1917352 ] H B se:...field in serializable class</li>	805 <li>More CWE IDs added</li>

523 <li>[ 1911617 ] CloneIdiom relies on getNameConstantOperand for INSTANCEOF</li>	806 <li>Chec k and warning for unexpected BCEL version in

524 <li>[ 1911620 ] False +: DLS prede crement before return</li>	807 classpath</li>

525 <li>[ 1871376 ] False negative: no n-serializable Map field</li>	808 </ul>

526 <li>[ 1871051 ] non standard clone () method</li>	809 </li>

527 <li>[ 1908854 ] Error in TestASM</ li>	810 <li>Fixes:

528 <li>[ 1907539 ] 22 minor errors in bug checker documentation</li>	811 <ul>

529 <li>[ 1897323 ] EJB implementation class false positives</li>	812 <li>Bug fix to handling of local variable tables in BCEL</li>

530 <li>[ 1899648 ] Crash on startup o n Vista with Java 1.6.0_04</li>	813 <li>Refi ned documentation for

531 </ul>	814 MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li>

532 </ul>	815 <li>[ 19 27295 ] NPE when called on project root</li>

533 <li>FindBugs Eclipse plugin (change lo g by Andrey Loskutov)</li>	816 <li>[ 19 26405 ] Incorrect dead store warning</li>

534 <ul>	817 <li>[ 19 26409 ] Incorrect redundant nullcheck warning</li>

535 <li> new feature: export basic FindB ugs numbers for projects via File->Export->Java->BugCounts (Andrey Losk utov) </li>	818 <li>[ 19 26389 ] Wrong line number printed/highlighted in

536 <li> new feature: jobs for different projects will be run in parallel per default if running on a	819 bug</li>

537 multi-core PC ("fb.allowParallelBuild" system prope rty not used anymore) (Andrey Loskutov) </li>	820 <li>[ 19 27040 ] typo in bug description</li>

538 <li> fixed performance slowdown in t he multi-threaded build, caused by workspace operation locks during	821 <li>[ 19 26263 ] Minor glitch in HTML output</li>

539 assigning marker attributes (Andrey Loskutov)</li>	822 <li>[ 19 26240 ] Minor error in standard options in manual</li>

540 </ul>	823 <li>[ 19 26236 ] Minor bug in installation section of

541 </ul>	824 manual</li>

542	825 <li>[ 19 25539 ] ZIP is default file system code base</li>

543 <p> Changes since version 1.3.1</p>	826 <li>[ 18 94701 ] Livelock / memory leak in

544	827 ObjectTypeFactory (thanks, Andrei!)</li>

545 <ul>	828 <li>[ 18 67491 ] Doesn't reload annotations after code

546 <li>FindBugs base</li>	829 changes in IDE (thanks, Andrei!)</li>

547 <ul>	830 <li>[ 19 21399 ] -project option not supported</li>

548 <li>New Bug Category:</li>	831 <li>[ 19 13834 ] "Dead" store to variable with method call</li>

549 <ul>	832 <li>[ 19 17352 ] H B se:...field in serializable class</li>

550 <li>SECURITY (Abbrev: S), A use of untrusted input in	833 <li>[ 19 11617 ] CloneIdiom relies on

551 a way that could create a remo tely exploitable	834 getNameConstantOperand for INSTANCEOF</li>

552 security vulnerability</li>	835 <li>[ 19 11620 ] False +: DLS predecrement before return</li>

553 </ul>	836 <li>[ 18 71376 ] False negative: non-serializable Map field</li>

554 <li>New Detectors:</li>	837 <li>[ 18 71051 ] non standard clone() method</li>

555 <ul>	838 <li>[ 19 08854 ] Error in TestASM</li>

556 <li>CrossSiteScripting: This detec tor looks for	839 <li>[ 19 07539 ] 22 minor errors in bug checker

557 obvious/blatant cases of cross site scripting	840 documentation</li>

558 vulnerabilities</li>	841 <li>[ 18 97323 ] EJB implementation class false positives</li>

559 </ul>	842 <li>[ 18 99648 ] Crash on startup on Vista with Java

560 <li>New BugCode:</li>	843 1.6.0_04</li>

561 <ul>	844 </ul>

562 <li>XSS: Cross site scripting</li>	845 </li>

563 </ul>	846 </ul>

564 <li>New Reports:</li>	847 </li>

565 <ul>	848 <li>FindBugs Eclipse plugin (change log by Andrey Loskutov)

566 <li>XSS_REQUEST_PARAMETER_TO_SERVL ET_WRITER: HTTP	849 <ul>

567 parameter directly written to Servlet output,	850 <li>new feature: export basic FindBugs numbers for projects

568 giving XSS vulnerability</li>	851 via File->Exp ort->Java->BugCounts (Andrey Loskutov)</li>

569 <li>XSS_REQUEST_PARAMETER_TO_JSP_W RITER: HTTP	852 <li>new feature: jobs fo r different projects will be run in

570 parameter directly written to JSP output, giving	853 parallel per def ault if running on a multi-core PC

571 XSS vulnerability</li>	854 ("fb.allowParall elBuild" system property not used anymore)

572 <li>EQ_OTHER_USE_OBJECT: equals() method defined that	855 (Andrey Loskutov )</li>

573 doesn't override Object.equals (Object)</li>	856 <li>fixed performance sl owdown in the multi-threaded build,

574 <li>EQ_OTHER_NO_OBJECT: equals() m ethod inherits	857 caused by worksp ace operation locks during assigning marker

575 rather than overrides equals(O bject)</li>	858 attributes (Andr ey Loskutov)</li>

576 <li>NP_NULL_ON_SOME_PATH_MIGHT_BE_ INFEASIBLE:	859 </ul>

577 Possible null pointer derefere nce on path that	860 </li>

578 might be infeasible</li>	861 </ul>

579 </ul>	862

580 <li>Other:</li>	863 <p>Changes since version 1.3.1</p>

581 <ul>	864

582 <li>Added -noClassOk command-line parameter to	865 <ul>

583 command-line and ant interfaces ; when -noClassOk	866 <li>FindBugs base

584 is specified and no classfiles are given, FindBugs	867 <ul>

585 will print a warning message an d output a well-	868 <li>New Bug Category:

586 formed file with no warnings</l i>	869 <ul>

587 <li>Fewer false positives for null pointer bugs</li>	870 <li>SECU RITY (Abbrev: S), A use of untrusted input in a

588 <li>Suppress dead-local-store fals e positives in .jsp	871 way that could create a remotely exploitable security

589 code</li>	872 vulnerability</li>

590 <li>Type fixes in warning messages </li>	873 </ul>

591 <li>Better warning message for	874 </li>

592 NP_NULL_ON_SOME_PATH</li>	875 <li>New Detectors:

593 <li>"WMI" bug code description ren amed from "Wrong	876 <ul>

594 Map Iterator" to "Inefficient Map Iterator"</li>	877 <li>Cros sSiteScripting: This detector looks for

595 </ul>	878 obvious/blatant cases of cross site scripting vulnerabilities</li>

596 <li>Fixes:</li>	879 </ul>

597 <ul>	880 </li>

598 <li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li>	881 <li>New BugCode:

599 <li>[ 1878528 ] XSL xforms don't s upport history features</li>	882 <ul>

600 <li>[ 1876584 ] two default.xsl fl aws</li>	883 <li>XSS: Cross site scripting</li>

601 <li>[ 1874856 ] Format string bug detector doesn't handle special operators</li>	884 </ul>

602 <li>[ 1872645 ] computeBugHistory - java.lang.IllegalArgumentException</li>	885 </li>

603 <li>[ 1872237 ] Ant task fails whe n no .class files</li>	886 <li>New Reports:

604 <li>[ 1868670 ] Filters: include A ND exclude don't allowed</li>	887 <ul>

605 <li>[ 1868666 ] check-for-oddness reported, but array length can never be negative</li>	888 <li>XSS_ REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP

606 <li>[ 1866108 ] SetBugDatabaseInfo Task strips dir from output filename</li>	889 parameter directly written to Servlet output, giving XSS

607 <li>[ 1866021 ] MineBugHistoryTask strips dir of output filename</li>	890 vulnerability</li>

608 <li>[ 1865265 ] code doesn't handl e StringBuffer.append([CII) right</li>	891 <li>XSS_ REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter

609 <li>[ 1864793 ] Warning when casti ng a null reference compared to a String</li>	892 directly written to JSP output, giving XSS vulnerability</li>

610 <li>[ 1863376 ] Typo in manual cha p 8: Filter Files</li>	893 <li>EQ_O THER_USE_OBJECT: equals() method defined that

611 <li>[ 1862705 ] Transient fields t hat default to null</li>	894 doesn't override Object.equals(Object)</li>

612 <li>[ 1842545 ] DLS on catch varia ble (with priority tweaking)</li>	895 <li>EQ_O THER_NO_OBJECT: equals() method inherits rather

613 <li>[ 1816258 ] false positive BC_ IMPOSSIBLE_CAST</li>	896 than overrides equals(Object)</li>

614 <li>[ 1551732 ] Get erroneous DLS with while loop</li>	897 <li>NP_N ULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible

615 </ul>	898 null pointer dereference on path that might be infeasible</li>

616 </ul>	899 </ul>

617 <li>FindBugs Eclipse plugin (change lo g by Andrey Loskutov)</li>	900 </li>

618 <ul>	901 <li>Other:

619 <li>new feature: added Bug explorer view (replacing Bug tree view), based on Common Navigator framework (Andrey Losk utov)</li>	902 <ul>

620 <li>bug 1873860 fixed: empty project s are no longer shown in Bug tree view (Andrey Loskutov)</li>	903 <li>Adde d -noClassOk command-line parameter to

621 <li>new feature: bug counts decorato rs for projects, folders and files (has to be activated	904 command-line and ant interfaces; when -noClassOk is specified

622 via Preferences -> general -> appearance -> label decorations)(Andrey Loskutov)</li>	905 and no classfiles are given, FindBugs will print a warning

623 <li>patch 1746499: better icons (Ale ssandro Nistico)</li>	906 message and output a well- formed file with no warnings</li>

624 <li>patch 1893685: Find bug actions on change sets bug (Alessandro Nistico)</li>	907 <li>Fewe r false positives for null pointer bugs</li>

625 <li>fixed bug 1855384: Bug configura tion is broken in Eclipse (Andrey Loskutov)</li>	908 <li>Supp ress dead-local-store false positives in .jsp code</li>

626 <li>refactored FindBugs properties p age (Andrey Loskutov)</li>	909 <li>Type fixes in warning messages</li>

627 <li>refactored FindBugs worker/build er/run action (Andrey Loskutov)</li>	910 <li>Bett er warning message for NP_NULL_ON_SOME_PATH</li>

628 <li>FB detects now only bugs from cl asses on project's classpath (no double work on	911 <li>"WMI " bug code description renamed from "Wrong Map

629 duplicated class files) (Andrey Loskutov)</li>	912 Iterator" to "Inefficient Map Iterator"</li>

630 <li>fixed bug introduced by the bad patch for 1867951: FB cannot be executed incrementally	913 </ul>

631 on a folder of file (Andrey Loskutov)</li>	914 </li>

632 <li>fixed job rule: now jobs for dif ferent projects may run in parallel if running on a	915 <li>Fixes:

633 multi-core PC and "fb.allowParallelBuild" system pro perty is set to true (Andrey Loskutov)</li>	916 <ul>

634 <li>fixed FB auto-build not started if .fbprefs or .classpath was changed (Andrey Loskutov)</li>	917 <li>[ 18 93048 ] FindBugs confused by a findbugs.xml file</li>

635 <li>fixed not reporting bugs on seco ndary types (classes defined in java files with	918 <li>[ 18 78528 ] XSL xforms don't support history features</li>

636 different name) (Andrey Loskutov ) </li>	919 <li>[ 18 76584 ] two default.xsl flaws</li>

637 </ul>	920 <li>[ 18 74856 ] Format string bug detector doesn't handle

638 </ul>	921 special operators</li>

639	922 <li>[ 18 72645 ] computeBugHistory -

640 <p> Changes since version 1.3.0</p>	923 java.lang.IllegalArgumentException</li>

641 <ul>	924 <li>[ 18 72237 ] Ant task fails when no .class files</li>

642 <li>New Reports</li>	925 <li>[ 18 68670 ] Filters: include AND exclude don't allowed</li>

643 <ul>	926 <li>[ 18 68666 ] check-for-oddness reported, but array

644 <li>VA_FORMAT_STRING_ARG_MISMATCH:	927 length can never be negative</li>

645 A format-string method with a va riable number of arguments is called,	928 <li>[ 18 66108 ] SetBugDatabaseInfoTask strips dir from

646 but the number of arguments passed does not match wi th the number of	929 output filename</li>

647 % placeholders in the format string. This is probab ly not what the	930 <li>[ 18 66021 ] MineBugHistoryTask strips dir of output

648 author intended.	931 filename</li>

649 <li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM:	932 <li>[ 18 65265 ] code doesn't handle

650 This code opens a file in append mode and that wraps the result in an object output stream.	933 StringBuffer.append([CII) right</li>

651 This won't allow you to append to an existing object output stream stored in a file. If you want to be	934 <li>[ 18 64793 ] Warning when casting a null reference

652 able to append to an object output stream, you need to keep the object output stream open.	935 compared to a String</li>

653 The only situation in which opening a file in append mode and the writing an object output stream	936 <li>[ 18 63376 ] Typo in manual chap 8: Filter Files</li>

654 could work is if on reading the file you plan to ope n it in random access mode and seek to the byte offset	937 <li>[ 18 62705 ] Transient fields that default to null</li>

655 where the append started.	938 <li>[ 18 42545 ] DLS on catch variable (with priority

656 <li>NP_BOOLEAN_RETURN_NULL:	939 tweaking)</li>

657 A method that returns either Boolean.TRUE, Boolean.F ALSE or null is an accident waiting to happen.	940 <li>[ 18 16258 ] false positive BC_IMPOSSIBLE_CAST</li>

658 This method can be invoked as though it returned a v alue of type boolean, and	941 <li>[ 15 51732 ] Get erroneous DLS with while loop</li>

659 the compiler will insert automatic unboxing of the B oolean value. If a null value is returned,	942 </ul>

660 this will result in a NullPointerException.	943 </li>

661 </ul>	944 </ul>

662 <li>Changes to Existing Reports</li>	945 </li>

663 <ul>	946 <li>FindBugs Eclipse plugin (change log by Andrey Loskutov)

664 <li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -> STYLE</li>	947 <ul>

665 <li>DMI_INVOKING_TOSTRING_ON_ARRAY: Lo ng description mentions array name whenever possible</li>	948 <li>new feature: added B ug explorer view (replacing Bug tree

666 </ul>	949 view), based on Common Navigator framework (Andrey Loskutov)</li>

667 <li>Fixes:</li>	950 <li>bug 1873860 fixed: e mpty projects are no longer shown in

668 <ul>	951 Bug tree view (A ndrey Loskutov)</li>

669 <li>Updated manual to mention that Java 1.5 is now a requirement for running FindBugs	952 <li>new feature: bug cou nts decorators for projects, folders

670 <li>Applied patch 1840206 fixing issue " Ant task does not work when presetdef is used" - thanks to phejl	953 and files (has t o be activated via Preferences -> general

671 <li>Applied patch 1778690 fixing issue " Ant task: tolerate but complain about invalid auxClasspath" - thanks to David Sc hmidt	954 -> appearance -> label decorations)(Andrey Loskutov)</li>

672 <li>Applied patch 1852125 adding a Chine se-language GUI bundle props file - thanks to fifi	955 <li>patch 1746499: bette r icons (Alessandro Nistico)</li>

673 <li>Applied patch 1845903 adding ability to load XML results with the Eclipse plugin - thanks to Alex Mont	956 <li>patch 1893685: Find bug actions on change sets bug

674 <li>Fixed issue 1844671 - "FP for "rever sed" null check in catch for stream close"	957 (Alessandro Nist ico)</li>

675 <li>Fixed issue 1836050 - "-onlyAnalyze broken"	958 <li>fixed bug 1855384: B ug configuration is broken in

676 <li>Fixed issue 1853011 - "Typo: Field n ames should start with aN lower case letter"	959 Eclipse (Andrey Loskutov)</li>

677 <li>Fixed issue 1844181 - "JNLP file doe s not contain all necessary JARs"	960 <li>refactored FindBugs properties page (Andrey Loskutov)</li>

678 <li>Fixed issue 1840245 - "xxxException class does not derive from Exception"	961 <li>refactored FindBugs worker/builder/run action (Andrey

679 <li>Fixed issue 1840277 - "[M D EC] Typo in bug documentation"	962 Loskutov)</li>

680 <li>Fixed issue 1782447 - "OutOfMemoryEr ror if i activate Findbugs on my project"	963 <li>FB detects now only bugs from classes on project's

681 <li>Fixed issue 1830576 - "[regression] keySet/entrySet false positive"	964 classpath (no do uble work on duplicated class files) (Andrey

682 </ul>	965 Loskutov)</li>

683 <li>Other:</li>	966 <li>fixed bug introduced by the bad patch for 1867951: FB

684 <ul>	967 cannot be execut ed incrementally on a folder of file (Andrey

685 <li>New bug code: "IO" (for IO_APPENDING _TO_OBJECT_OUTPUT_STREAM)</li>	968 Loskutov)</li>

686 <li>Added "-onlyMostRecent" option for c omputeBugHistory script/ant task	969 <li>fixed job rule: now jobs for different projects may run

687 <li>More explicit language in RV_RETURN_ VALUE_IGNORED_BAD_PRACTICE messages	970 in parallel if r unning on a multi-core PC and

688 <li>Modified ResourceValueAnalysis to co rrectly identify null == X or null != X as a null check (for issue 1844671)	971 "fb.allowParalle lBuild" system property is set to true (Andrey

689 <li>Modified DMI_HARDCODED_ABSOLUTE_FILE NAME logic in DumbMethodInvocations to ignore files from /etc or /dev and increa se priority of files from /home	972 Loskutov)</li>

690 <li>Better bug details for infinite loop warnings	973 <li>fixed FB auto-build not started if .fbprefs or

691 <li>Modified unread-fields detector to r educe false positives from reflective fields	974 .classpath was c hanged (Andrey Loskutov)</li>

692 <li>build.xml "classes" target now build s all sources in one step	975 <li>fixed not reporting bugs on secondary types (classes

693 </ul>	976 defined in java files with different name) (Andrey Loskutov)</li>

694 </ul>	977 </ul>

695	978 </li>

696 <p> Changes since version 1.2.1</p>	979 </ul>

697 <ul>	980

698 <li>New Detectors and Reports</li>	981 <p>Changes since version 1.3.0</p>

699 <ul>	982 <ul>

700 <li>SynchronizationOnSharedBuiltinCons tant</li>	983 <li>New Reports

701 <ul>	984 <ul>

702 <li>DL_SYNCHRONIZATION_ON_SHARED_CON STANT:	985 <li>VA_FORMAT_STRING_ARG _MISMATCH: A format-string method

703 The code synchronizes on a share d primitive	986 with a variable number of arguments is called, but the number of

704 constant, such as an interned St ring. Such	987 arguments passed does not match with the number of %

705 constants are interned and share d across all other	988 placeholders in the format string. This is probably not what the

706 classes loaded by the JVM. Thus, this could be	989 author intended.

707 locking on something that other code might also be	990 <li>IO_APPENDING_TO_OBJE CT_OUTPUT_STREAM: This code opens a

708 locking. This could result in ve ry strange and hard	991 file in append m ode and that wraps the result in an object

709 to diagnose blocking and deadloc k behavior. See	992 output stream. T his won't allow you to append to an existing

710 <a href="http://www.javalobby.or g/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a>	993 object output st ream stored in a file. If you want to be able to

711 and	994 append to an obj ect output stream, you need to keep the object

712 <a href="http://jira.codehaus.or g/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>.	995 output stream op en. The only situation in which opening a file

713 </ul>	996 in append mode a nd the writing an object output stream could

714 <li>OverridingEqualsNotSymmetrical</li >	997 work is if on re ading the file you plan to open it in random

715 <ul>	998 access mode and seek to the byte offset where the append

716 <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETR IC:	999 started.

717 Looks for equals methods that overri de equals	1000 <li>NP_BOOLEAN_RETURN_NU LL: A method that returns either

718 methods in a superclass where the eq uivalence	1001 Boolean.TRUE, Bo olean.FALSE or null is an accident waiting to

719 relationship might not be symmetrica l.	1002 happen. This met hod can be invoked as though it returned a value

720 </ul>	1003 of type boolean, and the compiler will insert automatic unboxing

721 <li>CheckTypeQualifiers</li>	1004 of the Boolean v alue. If a null value is returned, this will

722 <ul>	1005 result in a Null PointerException.

723 <li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER _REQUIRED:	1006 </ul>

724 A value specified as carrying a type qualifier	1007 </li>

725 annotation is consumed in a location or locations	1008 <li>Changes to Existing Reports

726 requiring that the value not carry t hat annotation.	1009 <ul>

727 More precisely, a value annotated wi th a type	1010 <li>RV_DONT_JUST_NULL_CH ECK_READLINE: CORRECTNESS ->

728 qualifier specifying when=ALWAYS is guaranteed to reach	1011 STYLE</li>

729 a use or uses where the same type qu alifier specifies	1012 <li>DMI_INVOKING_TOSTRIN G_ON_ARRAY: Long description

730 when=NEVER.	1013 mentions array n ame whenever possible</li>

731 </li>	1014 </ul>

732 <li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS _REQUIRED:	1015 </li>

733 A value specified as not carrying a type qualifier	1016 <li>Fixes:

734 annotation is guaranteed to be consu med in a location	1017 <ul>

735 or locations requiring that the valu e does carry that	1018 <li>Updated manual to me ntion that Java 1.5 is now a

736 annotation. More precisely, a value annotated with a	1019 requirement for running FindBugs

737 type qualifier specifying when=NEVER is guaranteed to	1020 <li>Applied patch 184020 6 fixing issue "Ant task does not

738 reach a use or uses where the same t ype qualifier	1021 work when preset def is used" - thanks to phejl

739 specifies when=ALWAYS.	1022 <li>Applied patch 177869 0 fixing issue "Ant task: tolerate

740 </li>	1023 but complain abo ut invalid auxClasspath" - thanks to David

741 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_AL WAYS_SINK:	1024 Schmidt

742 A value that might not carry a type qualifier	1025 <li>Applied patch 185212 5 adding a Chinese-language GUI

743 annotation reaches a use which requi res that	1026 bundle props fil e - thanks to fifi

744 annotation.	1027 <li>Applied patch 184590 3 adding ability to load XML results

745 </li>	1028 with the Eclipse plugin - thanks to Alex Mont

746 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_NE VER_SINK:	1029 <li>Fixed issue 1844671 - "FP for "reversed" null check in

747 A value which might carry a type qua lifier annotation	1030 catch for stream close"

748 reaches a use which forbids values c arrying that	1031 <li>Fixed issue 1836050 - "-onlyAnalyze broken"

749 annotation.	1032 <li>Fixed issue 1853011 - "Typo: Field names should start

750 </li>	1033 with aN lower ca se letter"

751 </ul>	1034 <li>Fixed issue 1844181 - "JNLP file does not contain all

752 </ul>	1035 necessary JARs"

753 <li>New Reports (existing detectors)</li >	1036 <li>Fixed issue 1840245 - "xxxException class does not

754 <ul>	1037 derive from Exce ption"

755 <li>FindHEmismatch</li>	1038 <li>Fixed issue 1840277 - "[M D EC] Typo in bug

756 <ul>	1039 documentation"

757 <li>EQ_DOESNT_OVERRIDE_EQUALS:	1040 <li>Fixed issue 1782447 - "OutOfMemoryError if i activate

758 This class extends a class that defi nes an equals	1041 Findbugs on my p roject"

759 method and adds fields, but doesn't define an equals	1042 <li>Fixed issue 1830576 - "[regression] keySet/entrySet

760 method itself. Thus, equality on ins tances of this	1043 false positive"

761 class will ignore the identity of th e subclass and the	1044 </ul>

762 added fields. Be sure this is what i s intended, and	1045 </li>

763 that you don't need to override the equals method. Even	1046 <li>Other:

764 if you don't need to override the eq uals method,	1047 <ul>

765 consider overriding it anyway to doc ument the fact that	1048 <li>New bug code: "IO" ( for

766 the equals method for the subclass j ust return the	1049 IO_APPENDING_TO_ OBJECT_OUTPUT_STREAM)</li>

767 result of invoking super.equals(o).	1050 <li>Added "-onlyMostRece nt" option for computeBugHistory

768 </li>	1051 script/ant task

769 </ul>	1052 <li>More explicit langua ge in

770 <li>Naming	1053 RV_RETURN_VALUE_ IGNORED_BAD_PRACTICE messages

771 <ul>	1054 <li>Modified ResourceVal ueAnalysis to correctly identify

772 <li>NM_WRONG_PACKAGE, NM_WRONG_PACKA GE_INTENTIONAL:	1055 null == X or nul l != X as a null check (for issue 1844671)

773 The method in the subclass doesn't o verride a similar	1056 <li>Modified DMI_HARDCOD ED_ABSOLUTE_FILENAME logic in

774 method in a superclass because the t ype of a parameter	1057 DumbMethodInvoca tions to ignore files from /etc or /dev and

775 doesn't exactly match the type of th e corresponding	1058 increase priorit y of files from /home

776 parameter in the superclass.	1059 <li>Better bug details f or infinite loop warnings

777 </li>	1060 <li>Modified unread-fiel ds detector to reduce false

778 <li>NM_SAME_SIMPLE_NAME_AS_SUPERCLAS S:	1061 positives from r eflective fields

779 This class has a simple name that is identical to that	1062 <li>build.xml "classes" target now builds all sources in one

780 of its superclass, except that its s uperclass is in a	1063 step

781 different package (e.g., <code>alpha .Foo</code>	1064 </ul>

782 extends <code>beta.Foo</code>). Thi s can be	1065 </li>

783 exceptionally confusing, create lots of situations in	1066 </ul>

784 which you have to look at import sta tements to resolve	1067

785 references and creates many opportun ities to	1068 <p>Changes since version 1.2.1</p>

786 accidently define methods that do no t override methods	1069 <ul>

787 in their superclasses.	1070 <li>New Detectors and Reports

788 </li>	1071 <ul>

789 <li>NM_SAME_SIMPLE_NAME_AS_INTERFACE :	1072 <li>SynchronizationOnSha redBuiltinConstant

790 This class/interface has a simple na me that is	1073 <ul>

791 identical to that of an implemented/ extended	1074 <li>DL_S YNCHRONIZATION_ON_SHARED_CONSTANT: The code

792 interface, except that the interface is in a different	1075 synchronizes on a shared primitive constant, such as an

793 package (e.g., <code>alpha.Foo</code > extends	1076 interned String. Such constants are interned and shared across

794 <code>beta.Foo</code>). This can be exceptionally	1077 all other classes loaded by the JVM. Thus, this could be

795 confusing, create lots of situations in which you have	1078 locking on something that other code might also be locking.

796 to look at import statements to reso lve references and	1079 This could result in very strange and hard to diagnose

797 creates many opportunities to accide ntly define methods	1080 blocking and deadlock behavior. See <a

798 that do not override methods in thei r superclasses.	1081 href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org /java/forums/t96352.html</a>

799 </li>	1082 and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org /browse/JETTY-352</a>.

800 </ul>	1083

801 <li>FindRefComparison</li>	1084 </ul>

802 <ul>	1085 </li>

803 <li>EC_UNRELATED_TYPES_USING_POINTER _EQUALITY:	1086 <li>OverridingEqualsNotS ymmetrical

804 This method uses using pointer equal ity to compare two	1087 <ul>

805 references that seem to be of differ ent types. The	1088 <li>EQ_O VERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals

806 result of this comparison will alway s be false at	1089 methods that override equals methods in a superclass where the

807 runtime.	1090 equivalence relationship might not be symmetrical.

808 </li>	1091 </ul>

809 </ul>	1092 </li>

810 <li>IncompatMask</li>	1093 <li>CheckTypeQualifiers

811 <ul>	1094 <ul>

812 <li>BIT_SIGNED_CHECK, BIT_SIGNED_CHE CK_HIGH_BIT:	1095 <li>TQ_A LWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value

813 This method compares an expression s uch as	1096 specified as carrying a type qualifier annotation is consumed

814 <tt>((event.detail & SWT.SELECTE D) > 0)</tt>. Using	1097 in a location or locations requiring that the value not carry

815 bit arithmetic and then comparing wi th the greater than	1098 that annotation. More precisely, a value annotated with a type

816 operator can lead to unexpected resu lts (of course	1099 qualifier specifying when=ALWAYS is guaranteed to reach a use

817 depending on the value of SWT.SELECT ED). If	1100 or uses where the same type qualifier specifies when=NEVER.</li>

818 SWT.SELECTED is a negative number, t his is a candidate	1101 <li>TQ_N EVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value

819 for a bug. Even when SWT.SELECTED is not negative, it	1102 specified as not carrying a type qualifier annotation is

820 seems good practice to use '!= 0' in stead of '> 0'.	1103 guaranteed to be consumed in a location or locations requiring

821 </li>	1104 that the value does carry that annotation. More precisely, a

822 </ul>	1105 value annotated with a type qualifier specifying when=NEVER is

823 <li>LazyInit</li>	1106 guaranteed to reach a use or uses where the same type

824 <ul>	1107 qualifier specifies when=ALWAYS.</li>

825 <li>LI_LAZY_INIT_UPDATE_STATIC:	1108 <li>TQ_M AYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value

826 This method contains an unsynchroniz ed lazy	1109 that might not carry a type qualifier annotation reaches a use

827 initialization of a static field. A fter the field is	1110 which requires that annotation.</li>

828 set, the object stored into that loc ation is further	1111 <li>TQ_M AYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value

829 accessed. The setting of the field is visible to other	1112 which might carry a type qualifier annotation reaches a use

830 threads as soon as it is set. If the further accesses in	1113 which forbids values carrying that annotation.</li>

831 the method that set the field serve to initialize the	1114 </ul>

832 object, then you have a <em>very ser ious</em>	1115 </li>

833 multithreading bug, unless something else prevents any	1116 </ul>

834 other thread from accessing the stor ed object until it	1117 </li>

835 is fully initialized.	1118 <li>New Reports (existing detectors)

836 </li>	1119 <ul>

837 </ul>	1120 <li>FindHEmismatch

838 <li>FindDeadLocalStores</li>	1121 <ul>

839 <ul>	1122 <li>EQ_D OESNT_OVERRIDE_EQUALS: This class extends a class

840 <li>DLS_DEAD_STORE_OF_CLASS_LITERAL:	1123 that defines an equals method and adds fields, but doesn't

841 This instruction assigns a class lit eral to a variable	1124 define an equals method itself. Thus, equality on instances of

842 and then never uses it.	1125 this class will ignore the identity of the subclass and the

843 <a href="//java.sun.com/j2se/1.5.0/c ompatibility.html#literal">The behavior of this differs in Java 1.4 and in Java 5.</a>	1126 added fields. Be sure this is what is intended, and that you

844 In Java 1.4 and earlier, a reference to	1127 don't need to override the equals method. Even if you don't

845 <code>Foo.class</code> would force t he static	1128 need to override the equals method, consider overriding it

846 initializer for <code>Foo</code> to be executed, if it	1129 anyway to document the fact that the equals method for the

847 has not been executed already. In J ava 5 and later, it	1130 subclass just return the result of invoking super.equals(o).</li>

848 does not. See Sun's	1131 </ul>

849 <a href="//java.sun.com/j2se/1.5.0/c ompatibility.html#literal">article on Java SE compatibility</a>	1132 </li>

850 for more details and examples, and s uggestions on how	1133 <li>Naming

851 to force class initialization in Jav a 5.	1134 <ul>

852 </li>	1135 <li>NM_W RONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The

853 </ul>	1136 method in the subclass doesn't override a similar method in a

854 <li>MethodReturnCheck</li>	1137 superclass because the type of a parameter doesn't exactly

855 <ul>	1138 match the type of the corresponding parameter in the

856 <li>RV_RETURN_VALUE_IGNORED_BAD_PRAC TICE:	1139 superclass.</li>

857 This method returns a value that is not checked. The	1140 <li>NM_S AME_SIMPLE_NAME_AS_SUPERCLASS: This class has a

858 return value should be checked since it can indication	1141 simple name that is identical to that of its superclass,

859 an unusual or unexpected function ex ecution. For	1142 except that its superclass is in a different package (e.g., <code>alpha.Foo</cod e>

860 example, the <code>File.delete()</co de> method returns	1143 extends <code>beta.Foo</code>). This can be exceptionally

861 false if the file could not be succe ssfully deleted	1144 confusing, create lots of situations in which you have to look

862 (rather than throwing an Exception). If you don't	1145 at import statements to resolve references and creates many

863 check the result, you won't notice i f the method	1146 opportunities to accidently define methods that do not

864 invocation signals unexpected behavi or by returning an	1147 override methods in their superclasses.

865 atypical return value.	1148 </li>

866 </li>	1149 <li>NM_S AME_SIMPLE_NAME_AS_INTERFACE: This class/interface

867 <li>RV_EXCEPTION_NOT_THROWN:	1150 has a simple name that is identical to that of an

868 This code creates an exception (or e rror) object, but	1151 implemented/extended interface, except that the interface is

869 doesn't do anything with it.	1152 in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</cod e>).

870 </li>	1153 This can be exceptionally confusing, create lots of situations

871 </ul>	1154 in which you have to look at import statements to resolve

872 </ul>	1155 references and creates many opportunities to accidently define

873 <li>Changes to Existing Reports</li>	1156 methods that do not override methods in their superclasses.

874 <ul>	1157 </li>

875 <li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -> STYLE</li>	1158 </ul>

876 <li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CO RRECTNESS -> STYLE</li>	1159 <li>FindRefComparison

877 <li>RC_REF_COMPARISON: CORRECTNESS -&g t; BAD_PRACTICE</li>	1160 <ul>

878 </ul>	1161 <li>EC_U NRELATED_TYPES_USING_POINTER_EQUALITY: This method

879 <li>GUI Changes</li>	1162 uses using pointer equality to compare two references that

880 <ul>	1163 seem to be of different types. The result of this comparison

881 <li>Added importing and exporting of b ug filters</li>	1164 will always be false at runtime.</li>

882 <li>Better handling of failed analysis runs</li>	1165 </ul>

883 <li>Added "-look" parameter for select ing look-and-feel</li>	1166 </li>

884 <li>Fixed incorrect package filtering< /li>	1167 <li>IncompatMask

885 <li>Fixed issue where "synchronized" w as not syntax-highlighted</li>	1168 <ul>

886 </ul>	1169 <li>BIT_ SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This

887 <li>Ant-task Changes</li>	1170 method compares an expression such as <tt>((event.detail

888 <ul>	1171 & SWT.SELECTED) > 0)</tt>. Using bit arithmetic and then

889 <li>Refactored common ant-task code to AbstractFindBugsTask</li>	1172 comparing with the greater than operator can lead to

890 <li>Added tasks for computeBugHistory, convertXmlToText, filterBugs, mineBugHistory, setBugDatabaseInfo</li>	1173 unexpected results (of course depending on the value of

891 </ul>	1174 SWT.SELECTED). If SWT.SELECTED is a negative number, this is a

892 <li>Manual</li>	1175 candidate for a bug. Even when SWT.SELECTED is not negative,

893 <ul>	1176 it seems good practice to use '!= 0' instead of '> 0'.

894 <li>Updates to GUI section, including new screenshots</li>	1177 </li>

895 <li>Added description of rejarForAnaly sis</li>	1178 </ul>

896 <li>Revamp of data-mining section</li>	1179 </li>

897 </ul>	1180 <li>LazyInit

898 <li>Other Major</li>	1181 <ul>

899 <ul>	1182 <li>LI_L AZY_INIT_UPDATE_STATIC: This method contains an

900 <li>Internal restructuring for lower m emory overhead</li>	1183 unsynchronized lazy initialization of a static field. After

901 </ul>	1184 the field is set, the object stored into that location is

902 <li>Other Minor</li>	1185 further accessed. The setting of the field is visible to other

903 <ul>	1186 threads as soon as it is set. If the further accesses in the

904 <li>Fixed typo: was STCAL_STATIC_SIMPL E_DATA_FORMAT_INSTANCE now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li>	1187 method that set the field serve to initialize the object, then

905 <li>-outputFile parameter became -outp ut</li>	1188 you have a <em>very serious</em> multithreading bug, unless

906 <li>More sensitivity and specificity i nLazyInit detector</li>	1189 something else prevents any other thread from accessing the

907 <li>More sensitivity and specificity i n Naming detector</li>	1190 stored object until it is fully initialized.

908 <li>More sensitivity and specificity i n UnreadFields detector</li>	1191 </li>

909 <li>More sensitivity in FindNullDeref detector</li>	1192 </ul>

910 <li>More sensitivity in FindBadCast2 d etector</li>	1193 </li>

911 <li>More specificity in FindReturnRef detector</li>	1194 <li>FindDeadLocalStores

912 <li>Many other tweaks and bug fixes</l i>	1195 <ul>

913 </ul>	1196 <li>DLS_ DEAD_STORE_OF_CLASS_LITERAL: This instruction

914 </ul>	1197 assigns a class literal to a variable and then never uses it.

915	1198 <a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The

916 <p> Changes since version 1.2.0</p>	1199 behavior of this differs in Java 1.4 and in Java 5.</a> In Java

917 <ul>	1200 1.4 and earlier, a reference to <code>Foo.class</code> would

	1201 force the static initializer for <code>Foo</code> to be

	1202 executed, if it has not been executed already. In Java 5 and

	1203 later, it does not. See Sun's <a

	1204 href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article

	1205 on Java SE compatibility</a> for more details and examples, and

	1206 suggestions on how to force class initialization in Java 5.

	1207 </li>

	1208 </ul>

	1209 </li>

	1210 <li>MethodReturnCheck

	1211 <ul>

	1212 <li>RV_R ETURN_VALUE_IGNORED_BAD_PRACTICE: This method

	1213 returns a value that is not checked. The return value should

	1214 be checked since it can indication an unusual or unexpected

	1215 function execution. For example, the <code>File.delete()</code>

	1216 method returns false if the file could not be successfully

	1217 deleted (rather than throwing an Exception). If you don't

	1218 check the result, you won't notice if the method invocation

	1219 signals unexpected behavior by returning an atypical return

	1220 value.

	1221 </li>

	1222 <li>RV_E XCEPTION_NOT_THROWN: This code creates an

	1223 exception (or error) object, but doesn't do anything with it.

	1224 </li>

	1225 </ul>

	1226 </li>

	1227 </ul>

	1228 </li>

	1229 <li>Changes to Existing Reports

	1230 <ul>

	1231 <li>NS_NON_SHORT_CIRCUIT : BAD_PRACTICE -> STYLE</li>

	1232 <li>NS_DANGEROUS_NON_SHO RT_CIRCUIT: CORRECTNESS -> STYLE</li>

	1233 <li>RC_REF_COMPARISON: C ORRECTNESS -> BAD_PRACTICE</li>

	1234 </ul>

	1235 </li>

	1236 <li>GUI Changes

	1237 <ul>

	1238 <li>Added importing and exporting of bug filters</li>

	1239 <li>Better handling of f ailed analysis runs</li>

	1240 <li>Added "-look" parame ter for selecting look-and-feel</li>

	1241 <li>Fixed incorrect pack age filtering</li>

	1242 <li>Fixed issue where "s ynchronized" was not

	1243 syntax-highlight ed</li>

	1244 </ul>

	1245 </li>

	1246 <li>Ant-task Changes

	1247 <ul>

	1248 <li>Refactored common an t-task code to AbstractFindBugsTask</li>

	1249 <li>Added tasks for comp uteBugHistory, convertXmlToText,

	1250 filterBugs, mine BugHistory, setBugDatabaseInfo</li>

	1251 </ul>

	1252 </li>

	1253 <li>Manual

	1254 <ul>

	1255 <li>Updates to GUI secti on, including new screenshots</li>

	1256 <li>Added description of rejarForAnalysis</li>

	1257 <li>Revamp of data-minin g section</li>

	1258 </ul>

	1259 </li>

	1260 <li>Other Major

	1261 <ul>

	1262 <li>Internal restructuri ng for lower memory overhead</li>

	1263 </ul>

	1264 </li>

	1265 <li>Other Minor

	1266 <ul>

	1267 <li>Fixed typo: was STCA L_STATIC_SIMPLE_DATA_FORMAT_INSTANCE

	1268 now STCAL_STATIC _SIMPLE_DATE_FORMAT_INSTANCE</li>

	1269 <li>-outputFile paramete r became -output</li>

	1270 <li>More sensitivity and specificity inLazyInit detector</li>

	1271 <li>More sensitivity and specificity in Naming detector</li>

	1272 <li>More sensitivity and specificity in UnreadFields

	1273 detector</li>

	1274 <li>More sensitivity in FindNullDeref detector</li>

	1275 <li>More sensitivity in FindBadCast2 detector</li>

	1276 <li>More specificity in FindReturnRef detector</li>

	1277 <li>Many other tweaks an d bug fixes</li>

	1278 </ul>

	1279 </li>

	1280 </ul>

	1281

	1282 <p>Changes since version 1.2.0</p>

	1283 <ul>

918 <li>Bug fixes:	1284 <li>Bug fixes:

919 » » » » » <ul>	1285 » » » » » » <ul>

920 » » » » » <li><a href="http://fisheye2.cenqua.com/ changelog/findbugs/?cs=8219">Fix</a> <a href="http://sourceforge.net/tracker/ind ex.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a> with detector s that were requested to be disabled but were enabled due to requirements of oth er detectors.</li>	1286 » » » » » » » <li><a

921 » » » » » <li>Fix bugs in incremental analysis wit hin Eclipse plugin</li>	1287 » » » » » » » » href="http://fis heye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a>

922 » » » » » <li>Fix some analysis errors</li>	1288 » » » » » » » » <a

923 » » » » » <li>Fix some threading bugs in GUI2</li>	1289 » » » » » » » » href="http://sou rceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=61469 3">bug</a>

924 » » » » » <li>Report version as version when it wa s compiled, not when it was run</li>	1290 » » » » » » » » with detectors t hat were requested to be disabled but were

925 » » » » » <li>Copy analysis time stamp when filter ing or transforming analysis files.</li>	1291 » » » » » » » » enabled due to r equirements of other detectors.</li>

926 » » » » » </ul>	1292 » » » » » » » <li>Fix bugs in incremen tal analysis within Eclipse plugin</li>

927 » » » » » <li>Enabled StaticCalendarDetector	1293 » » » » » » » <li>Fix some analysis er rors</li>

928 » » » » » </li>	1294 » » » » » » » <li>Fix some threading b ugs in GUI2</li>

	1295 » » » » » » » <li>Report version as ve rsion when it was compiled, not when

	1296 » » » » » » » » it was run</li>

	1297 » » » » » » » <li>Copy analysis time s tamp when filtering or transforming

	1298 » » » » » » » » analysis files.< /li>

	1299 » » » » » » </ul>

	1300 » » » » » <li>Enabled StaticCalendarDetector</li>

929 <li>Reworked GUI2 to use standard FindBu gs filters	1301 <li>Reworked GUI2 to use standard FindBu gs filters

930 » » » » » </li>	1302 » » » » » » <ul>

931 » » » » » <ul>	1303 » » » » » » » <li>Allow a suppression filter to be stored in a project and

932 » » » » » <li>Allow a suppression filter to be sto red in a project and persisted to the XML representation of a project.	1304 » » » » » » » » persisted to the XML representation of a project.</li>

933 » » » » » </li>	1305 » » » » » » </ul>

934 » » » » » </ul>	1306 » » » » » </li>

935 » » » » »	1307

936 » » » » » <li>Move away from old GUI2 save format (a directory containing an xml file and another file containing serialized filte rs).	1308 » » » » » <li>Move away from old GUI2 save format (a directory

937 » » » » » </li>	1309 » » » » » » containing an xml file and anoth er file containing serialized

	1310 » » » » » » filters).</li>

938 <li>Support/recommend use of two new fil e extensions/formats:	1311 <li>Support/recommend use of two new fil e extensions/formats:

939 » » » » » <dl><dt>.fba - FindBugs Analysis File</d t>	1312 » » » » » » <dl>

940 » » » » » <dd>Exactly the same as an existing bug collection file stored in XML format, but using a distinct file extension	1313 » » » » » » » <dt>.fba - FindBugs Anal ysis File</dt>

941 » » » » » to make it easier to figure out which xm l files contain FindBugs results.</dd>	1314 » » » » » » » <dd>Exactly the same as an existing bug collection file

942 » » » » » <dt>.fbp - FindBugs Project File</dt><dd >Contains just the information needed to run FindBugs and display the results (e .g., the files to be analyzed, the auxiliary class path and the location of sour ce files)</dl></li>	1315 » » » » » » » » stored in XML fo rmat, but using a distinct file extension to

943 » » » » » </ul>	1316 » » » » » » » » make it easier t o figure out which xml files contain FindBugs

944 » » » » » <p> Changes since version 1.1.3</p>	1317 » » » » » » » » results.</dd>

945 » » » » » <ul>	1318 » » » » » » » <dt>.fbp - FindBugs Proj ect File</dt>

946 » » » » » <li>Added -xml:withAbridgedMessages opti on to generate xml containing shorter messages.	1319 » » » » » » » <dd>Contains just the in formation needed to run FindBugs and

947 » » » » » The messages will be shorted by doin g things like eliding package names, and leaving off	1320 » » » » » » » » display the resu lts (e.g., the files to be analyzed, the

948 » » » » » the source line from the LongMessage .	1321 » » » » » » » » auxiliary class path and the location of source files)

949 » » » » » These messages are appropriate if be ing used in a context where	1322 » » » » » » </dl>

950 » » » » » the non-message components of the bu g annotations will be used to provide more information	1323 » » » » » </li>

951 » » » » » (e.g., clicking on the message for a MethodAnnotation will display the source for the method).	1324 » » » » </ul>

952 » » » » » <ul><li>FindBugsDisplayFeatures.setAbrid gedMessages(true) can be used to generate abridged messages	1325 » » » » <p>Changes since version 1.1.3</p>

953 » » » » » when FindBugs is being accessed dire ctly (not via generated XML) from a GUI or IDE.	1326 » » » » <ul>

954 » » » » » </li>	1327 » » » » » <li>Added -xml:withAbridgedMessages opti on to generate xml

955 » » » » » </ul>	1328 » » » » » » containing shorter messages. The messages will be shorted by doing

956 » » » » » <li>In null pointer analysis, try to be better about always showing two locations: where it is known null and	1329 » » » » » » things like eliding package name s, and leaving off the source line

957 » » » » » where it is dereferenced.	1330 » » » » » » from the LongMessage. These mess ages are appropriate if being used

958 » » » » » <li>Interprocedural analysis of which me thods return nonnull values	1331 » » » » » » in a context where the non-messa ge components of the bug

959 » » » » » <li>Use method calls to select order in which classes are analyzed, and order in which methods	1332 » » » » » » annotations will be used to prov ide more information (e.g.,

960 » » » » » are analyzed, to improve interprocedural analysis results.	1333 » » » » » » clicking on the message for a Me thodAnnotation will display the

961 » » » » » <li>Significant improvements in memory f ootprint, memory allocation and CPU utilization	1334 » » » » » » source for the method).

962 » » » » » (20-30% reduction in all three)	1335 » » » » » » <ul>

963 » » » » » <li>Added a project name, to provide bet ter descriptions in the HTML output.	1336 » » » » » » » <li>FindBugsDisplayFeatu res.setAbridgedMessages(true) can be

964 » » » » » <li>Added new bug pattern: Casting to ch ar, or bit masking with nonnegative value, and then checking to see	1337 » » » » » » » » used to generate abridged messages when FindBugs is being

965 » » » » » » if the result is negative.	1338 » » » » » » » » accessed directl y (not via generated XML) from a GUI or IDE.</li>

966 » » » » » <li>Stopped reporting transient fields	1339 » » » » » » </ul>

967 » » » » » of classes not marked as serializable. T ransient is used by other persistence frameworks.	1340 » » » » » <li>In null pointer analysis, try to be better about always

968 » » » » » <li>Improvements to detector for SQL inj ection (Thanks to <a href="http://www.clock.org/~matt">Matt Hargett</a> for	1341 » » » » » » showing two locations: where it is known null and where it is

969 » » » » » his contributions	1342 » » » » » » dereferenced.

970 » » » » » <li>Changed open/save options in GUI2 to not distinguish between FindBugs projects	1343 » » » » » <li>Interprocedural analysis of which me thods return nonnull

971 » » » » » and saved FindBugs analysis results.	1344 » » » » » » values

972 » » » » » <li>Improvements to detection of serious non-short-circuit evaluation.	1345 » » » » » <li>Use method calls to select order in which classes are

	1346 » » » » » » analyzed, and order in which met hods are analyzed, to improve

	1347 » » » » » » interprocedural analysis results .

	1348 » » » » » <li>Significant improvements in memory f ootprint, memory

	1349 » » » » » » allocation and CPU utilization ( 20-30% reduction in all three)

	1350 » » » » » <li>Added a project name, to provide bet ter descriptions in

	1351 » » » » » » the HTML output.

	1352 » » » » » <li>Added new bug pattern: Casting to ch ar, or bit masking

	1353 » » » » » » with nonnegative value, and then checking to see if the result is

	1354 » » » » » » negative.

	1355 » » » » » <li>Stopped reporting transient fields o f classes not marked

	1356 » » » » » » as serializable. Transient is us ed by other persistence

	1357 » » » » » » frameworks.

	1358 » » » » » <li>Improvements to detector for SQL inj ection (Thanks to <a

	1359 » » » » » » href="http://www.clock.org/~matt ">Matt Hargett</a> for his

	1360 » » » » » » contributions

	1361 » » » » » <li>Changed open/save options in GUI2 to not distinguish

	1362 » » » » » » between FindBugs projects and sa ved FindBugs analysis results.

	1363 » » » » » <li>Improvements to detection of serious non-short-circuit

	1364 » » » » » » evaluation.

973 <li>Updated Japanese localization (thank s to Ruimo Uno)	1365 <li>Updated Japanese localization (thank s to Ruimo Uno)

974

975 <li>Eclipse plugin changes:	1366 <li>Eclipse plugin changes:

976 » » » » » <ul>	1367 » » » » » » <ul>

977 » » » » » <li>Created Bug User Annotations and Bug Tree Views	1368 » » » » » » » <li>Created Bug User Ann otations and Bug Tree Views

978 » » » » » <li>Use different icons for different bu g priorities	1369 » » » » » » » <li>Use different icons for different bug priorities

979 » » » » » <li>Provide more information in Bug Deta ils view	1370 » » » » » » » <li>Provide more informa tion in Bug Details view

980 » » » » » </ul>	1371 » » » » » » </ul>

981 » » » » » </ul>	1372 » » » » </ul>

982 » » » » »	1373

983 » » » » » <p>	1374 » » » » <p>Changes since version 1.1.2:</p>

984 » » » » » » Changes since version 1.1.2:	1375 » » » » <ul>

985 » » » » » </p>

986 » » » » » <ul>

987 <li>Fixed broken Ant task	1376 <li>Fixed broken Ant task

988 <li>Added running ant task to smoke test	1377 <li>Added running ant task to smoke test

989 <li>Added validating xml and html output to smoke test	1378 <li>Added validating xml and html output to smoke test

990 » » » » » <li>Fixed some (but not all) issues wit h html output validation	1379 » » » » » <li>Fixed some (but not all) issues with html output

	1380 » » » » » » validation

991 <li>Added check for x.equals(x) and x.co mpareTo(x)	1381 <li>Added check for x.equals(x) and x.co mpareTo(x)

992 <li>Various bug fixes	1382 <li>Various bug fixes

993 </ul>	1383 </ul>

994 <p>	1384 <p>Changes since version 1.1.1:</p>

995 Changes since version 1.1.1:	1385 <ul>

996 </p>	1386 <li>Added check for infinite iterative l oops</li>

997 <ul>	1387 <li>Added check for use of incompatible types in a collection

998 <li>	1388 (e.g., checking to see if a Set& lt;String> contains a

999 Added check for infinite iterative loops	1389 StringBuffer).</li>

1000 </li>	1390 <li>Added check for invocations of equal s or hashCode on a

1001 <li>	1391 URL, which, <a

1002 Added check for use of i ncompatible types in a collection (e.g.,	1392 href="http://michaelscharf.blogs pot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising

1003 checking to see if a Set <String> contains a StringBuffer).	1393 many people</a>, require s DNS resolution.

1004 </li>	1394 </li>

1005 <li>	1395 <li>Added check for classes that define compareTo but not

1006 Added check for invocati ons of equals or hashCode on a URL,	1396 equals; such classes can exhibit some anomalous behavior (e.g.,

1007 which,	1397 they are treated differently by PriorityQueues in Java 5 and Java

1008 <a	1398 6).</li>

1009 href="http://mic haelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surpris ing	1399 <li>Added a check for useless self opera tions (e.g., x < x

1010 many people</a>, requires DNS resolution.	1400 or x ^ x).</li>

1011 </li>	1401 <li>Fixed a data race that could cause t he GUI to fail on

1012 <li>	1402 startup</li>

1013 Added check for classes that define compareTo but not equals;	1403 <li>Partial internationalization of the new GUI</li>

1014 such classes can exhibit some anomalous behavior (e.g., they are	1404 <li>Fix bug in "Redo analysis" option of new GUI</li>

1015 treated differently by P riorityQueues in Java 5 and Java 6).	1405 <li>Tuning to reduce false positives</li >

1016 </li>	1406 <li>Fixed a bug in null pointer analysis that was generating

1017 <li>	1407 false positive null pointer warn ings on exception paths. Fixing

1018 Added a check for useles s self operations (e.g., x < x or x ^ x).	1408 this bug eliminates about 1/4 of the warnings on null pointer

1019 </li>	1409 exceptions on exception paths.</ li>

1020 <li>	1410 <li>Fixed a bug in the processing of phi nodes for fields in

1021 Fixed a data race that c ould cause the GUI to fail on startup	1411 the null pointer analysis</li>

1022 </li>	1412 <li>Applied contributed patch that provi des more quick fixes

1023 <li>	1413 in Eclipse plugin.</li>

1024 Partial internationaliza tion of the new GUI	1414 <li>Fixed a number of bugs in the Eclips e auto update sites,

1025 </li>	1415 and in the way date qualifiers w ere being used in the Eclipse

1026 <li>	1416 plugin. You may need to manually disable your existing version of

1027 Fix bug in "Redo analysi s" option of new GUI	1417 the plugin and download the 1.1. 2 from the update site to get the

1028 </li>	1418 automatic update function workin g correctly. The Eclipse update

1029 <li>	1419 sites are described at <a

1030 Tuning to reduce false p ositives	1420 href="http://findbugs.cs.umd.edu /eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>.

1031 </li>	1421

1032 <li>	1422 </li>

1033 Fixed a bug in null poin ter analysis that was generating false	1423 <li>Fixed progress bar in Eclipse plugin </li>

1034 positive null pointer wa rnings on exception paths. Fixing this	1424 <li>A number of other bug fixes.</li>

1035 bug eliminates about 1/4 of the warnings on null pointer	1425 </ul>

1036 exceptions on exception paths.	1426

1037 </li>	1427 <p>Changes since version 1.1.0:</p>

1038 <li>	1428 <ul>

1039 Fixed a bug in the proce ssing of phi nodes for fields in the null	1429 <li>less scanning of classes not on the analysis path (This

1040 pointer analysis	1430 was causing some performance pro blems.)</li>

1041 </li>	1431 <li>no unread field warnings for fields annotated with

1042 <li>	1432 javax.persistent or javax.ejb3</ li>

1043 Applied contributed patc h that provides more quick fixes in	1433 <li>Eclipse plugin

1044 Eclipse plugin.	1434 <ul>

1045 </li>	1435 <li>bug annotation info displayed in Bug Details tab</li>

1046 <li>	1436 <li>.fbwarnings data fil e now stored in .metadata (not in

1047 Fixed a number of bugs in the Ec lipse auto update sites, and in the way	1437 the project itse lf)</li>

1048 date qualifiers were being used in the Eclipse plugin. You may need to manually	1438 </ul>

1049 disable your existing version of the plugin and download the 1.1.2 from the update	1439 </li>

1050 site to get the automatic update function working correctly.	1440 <li>new SE_BAD_FIELD_INNER_CLASS pattern </li>

1051 The Eclipse update sites are des cribed at <a href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.e du/eclipse/</a>.	1441 <li>updates to Japanese translation (rui mo)</li>

1052	1442 <li>fix some internal slashed/dotted pat h confusion</li>

1053 </li>	1443 <li>other minor improvements</li>

1054 <li>	1444 </ul>

1055 Fixed progress bar in Ec lipse plugin	1445

1056 </li>	1446 <p>Changes since version 1.0.0:</p>

1057 <li>	1447

1058 A number of other bug fi xes.	1448 <ul>

1059 </li>	1449 <li>Overall, the change from FindBugs 1. 0.0 to FindBugs 1.1.0

1060 </ul>	1450 has been a big change. We've don e a lot of work in a lot of areas,

1061	1451 and aren't even going to try to enumerate all the changes.</li>

1062 <p>	1452 <li>We spent a lot of time reviewing the results generated by

1063 Changes since version 1.1.0:	1453 FindBugs for open source and com mercial code bases, and made a

1064 </p>	1454 number of changes, small and lar ge, to minimize the number of

1065 <ul>	1455 false positives. Our primary foc us for this was warnings reported

1066 <li>	1456 as high and medium priority corr ectness warnings. Our internal

1067 less scanning of classes not on the analysis path (This was	1457 evaluation is that we produce ve ry few high/medium priority

1068 causing some performance problems.)	1458 correctness warnings where the a nalysis is actually wrong, and

1069 </li>	1459 that more than 75% of the high/m edium priority correctness

1070 <li>	1460 warnings correspond to real codi ng defects that need addressing in

1071 no unread field warnings for fields annotated with	1461 the source code. The remaining 2 5% are largely cases such as a

1072 javax.persistent or java x.ejb3	1462 branch or statement that if take n would lead to an error, but in

1073 </li>	1463 fact is a dead branch or stateme nt that can never be taken. Such

1074 <li>	1464 coding is confusing and hard to maintain, so it should arguably be

1075 Eclipse plugin	1465 fixed, but it is unlikely to act ually result in an error during

1076 <ul>	1466 execution. Thus, some might clas sify those warnings as false

1077 <li>	1467 positives.</li>

1078 bug anno tation info displayed in Bug Details tab	1468 <li>We've substantially improved the ana lysis for errors that

1079 </li>	1469 could result in null pointer der eferences. Overall, our experience

1080 <li>	1470 has been that these changes have roughly doubled the number of

1081 .fbwarni ngs data file now stored in .metadata (not in the	1471 null pointer errors we detect, w ithout increasing the number of

1082 project itself)	1472 false positives (in fact, our fa lse positive rate has gone down).

1083 </li>	1473 The improvements are due to four factors:

1084 </ul>	1474 <ul>

1085 </li>	1475 <li>By default, we now d o some interprocedural analysis to

1086 <li>	1476 determine method s that unconditionally dereference their

1087 new SE_BAD_FIELD_INNER_C LASS pattern	1477 parameters.</li>

1088 </li>	1478 <li>FindBugs also comes with a model of which JDK methods

1089 <li>	1479 unconditionally dereference their parameters.</li>

1090 updates to Japanese tran slation (ruimo)	1480 <li>We do limited tracki ng of fields, so that we can detect

1091 </li>	1481 null values stor ed in fields that lead to exceptions.</li>

1092 <li>	1482 <li>We implemented a new analysis technique to find

1093 fix some internal slashe d/dotted path confusion	1483 guaranteed deref erences. Consider the following example: <pre>public int f(Object x, boolean b) {

1094 </li>

1095 <li>

1096 other minor improvements

1097 </li>

1098 </ul>

1099

1100 <p>

1101 Changes since version 1.0.0:

1102 </p>

1103

1104 <ul>

1105 <li>

1106 Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0 has

1107 been a big change. We've done a lot of work in a lot of areas,

1108 and aren't even going to try to enumerate all the changes.

1109 </li>

1110 <li>

1111 We spent a lot of time r eviewing the results generated by

1112 FindBugs for open source and commercial code bases, and made a

1113 number of changes, small and large, to minimize the number of

1114 false positives. Our pri mary focus for this was warnings reported

1115 as high and medium prior ity correctness warnings. Our internal

1116 evaluation is that we pr oduce very few high/medium priority

1117 correctness warnings whe re the analysis is actually wrong, and

1118 that more than 75% of th e high/medium priority correctness

1119 warnings correspond to r eal coding defects that need addressing

1120 in the source code. The remaining 25% are largely cases such as a

1121 branch or statement that if taken would lead to an error, but in

1122 fact is a dead branch or statement that can never be taken. Such

1123 coding is confusing and hard to maintain, so it should arguably

1124 be fixed, but it is unli kely to actually result in an error

1125 during execution. Thus, some might classify those warnings as

1126 false positives.

1127

1128 </li>

1129 <li>

1130 We've substantially impr oved the analysis for errors that could

1131 result in null pointer d ereferences. Overall, our experience has

1132 been that these changes have roughly doubled the number of null

1133 pointer errors we detect , without increasing the number of false

1134 positives (in fact, our false positive rate has gone down). The

1135 improvements are due to four factors:

1136 <ul>

1137 <li>

1138 By defau lt, we now do some interprocedural analysis to

1139 determin e methods that unconditionally dereference their

1140 paramete rs.

1141 </li>

1142 <li>

1143 FindBugs also comes with a model of which JDK methods

1144 uncondit ionally dereference their parameters.

1145 </li>

1146 <li>

1147 We do li mited tracking of fields, so that we can detect null

1148 values s tored in fields that lead to exceptions.

1149 </li>

1150 <li>

1151 We imple mented a new analysis technique to find guaranteed

1152 derefere nces. Consider the following example:

1153

1154 <code>

1155 <pre>public int f(Object x, boolean b) {

1156 int result = 0;	1484 int result = 0;

1157 if (x == null) result++;	1485 if (x == null) result++;

1158 else result--;	1486 else result--;

1159 // at this point, we know x is null on a simple path	1487 // at this point, we know x is null on a simple path

1160 if (b) {	1488 if (b) {

1161 // at this point, x is only null on a complex path	1489 // at this point, x is only null on a complex path

1162 // we don't know if the path in which x is null and b is true is feasible	1490 // we don't know if the path in which x is null and b is true is feasible

1163 return result + x.hashCode();	1491 return result + x.hashCode();

1164 }	1492 }

1165 else {	1493 else {

1166 // at this point, x is only null on a complex path	1494 // at this point, x is only null on a complex path

1167 // we don't know if the path in which x is null and b is false is feasible	1495 // we don't know if the path in which x is null and b is false is feasible

1168 return result - x.hashCode();	1496 return result - x.hashCode();

1169 }	1497 }

1170 </pre>	1498 </pre>

1171 </code>	1499

1172	1500 <p>

1173 <p>	1501 FindBugs 1.0 used forward dataflow analysis to determine

1174 FindBugs 1.0 used forward dataflow analysis to determine	1502 whether each value is definitely null, null on a simple path,

1175 whether each value is definitely null, null on a simple path,	1503 possible null on a complex path, or definitely nonnull. Thus,

1176 possible null on a complex path, or definitely nonnull. Thus,	1504 at the s tatement where

1177 at the statement where	1505 <code> r esult </code>

1178 <code>	1506 is decre mented, we know that

1179 result	1507 <code> x </code>

1180 </code>	1508 is defin itely null, and at the point before

1181 is decremented, we know that	1509 <code> i f (b) </code>

1182 <code>	1510 , we kno w that

1183 x	1511 <code> x </code>

1184 </code>	1512 is null on a simple path. If

1185 is definitely null, and at the point before	1513 <code> x </code>

1186 <code>	1514 were to be dereferenced here, we would generate a warning,

1187 if (b)	1515 because if the else branch of the

1188 </code>	1516 <code> i f (x == null) </code>

1189 , we know that	1517 were eve r taken, a null pointer exception would result.

1190 <code>	1518 </p>

1191 x	1519

1192 </code>	1520 <p>

1193 is null on a simple path. If	1521 However, in both the then and else branches of the

1194 <code>	1522 <code> i f (b) </code>

1195 x	1523 statemen t,

1196 </code>	1524 <code> x </code>

1197 were to be dereferenced here, we would generate a warning,	1525 is only null on a complex path that may be infeasible. It might

1198 because if the else branch of the	1526 be that the program logic is such that if

1199 <code>	1527 <code> x </code>

1200 if (x == null)	1528 is null, then

1201 </code>	1529 <code> b </code>

1202 were ever taken, a null pointer exception would result.	1530 is never true, so generating a warning about the dereference in

1203 </p>	1531 the then clause might be a false positive. We could try to

1204	1532 analyze the program to determine whether it is possible for

1205 <p>	1533 <code> x </code>

1206 However, in both the then and else branches of the	1534 to be nu ll and

1207 <code>	1535 <code> b </code>

1208 if (b)	1536 to be tr ue, but that can be a hard analysis problem.

1209 </code>	1537 </p>

1210 statement,	1538

1211 <code>	1539 <p>

1212 x	1540 However,

1213 </code>	1541 <code> x </code>

1214 is only null on a complex path that may be infeasible. It	1542 is deref erenced in both the then <em>and</em> else branches of

1215 might be that the program logic is such that if	1543 the

1216 <code>	1544 <code> i f (b) </code>

1217 x	1545 statemen t. So at the point immediately before

1218 </code>	1546 <code> i f (b) </code>

1219 is null, then	1547 , we kno w that

1220 <code>	1548 <code> x </code>

1221 b	1549 is null on a simple path <em>and</em> that

1222 </code>	1550 <code> x </code>

1223 is never true, so generating a warning about the dereference	1551 is guara nteed to be dereferenced on all paths from this point

1224 in the then clause might be a false positive. We could try to	1552 forward. FindBugs 1.1 performs a backwards data flow analysis

1225 analyze the program to determine whether it is possible for	1553 to deter mine the values that are guaranteed to be dereferenced,

1226 <code>	1554 and will generate a warning in this case.

1227 x	1555 </p>

1228 </code>	1556 </li>

1229 to be null and	1557 </ul>

1230 <code>	1558 <p>

1231 b	1559 The following screen sho t of our new GUI shows an example of this

1232 </code>	1560 analysis, as well as sho wing off our new GUI and points out a

1233 to be true, but that can be a hard analysis problem.	1561 limitation of our curren t plugins for Eclipse and NetBeans. The

1234 </p>	1562 screen shot shows a null pointer bug in HelpDisplay.java. The

1235	1563 test for

1236 <p>	1564 <code> href!=null </code >

1237 However,	1565 on line 78 suggests that

1238 <code>	1566 <code> href </code>

1239 x	1567 could be null. If it is, then

1240 </code>	1568 <code> href </code>

1241 is dereferenced in both the then	1569 will be dereferenced on either line 87 or on line 90, generating

1242 <em>and</em> else branches of the	1570 a NPE. Note that our ana lysis here also understands that passing

1243 <code>	1571 <code> href </code>

1244 if (b)	1572 to

1245 </code>	1573 <code> URLEncoder.encode </code>

1246 statement. So at the point immediately before	1574 will deference it, and t hus treats line 87 as a dereference, even

1247 <code>	1575 though

1248 if (b)	1576 <code> href </code>

1249 </code>	1577 is not actually derefere nced at that line. Within our new GUI,

1250 , we know that	1578 all of these locations a re highlighted and listed in the summary

1251 <code>	1579 panel. In the original G UI (and in HTML output) we list all of

1252 x	1580 the locations, but only the primary location is highlighted by

1253 </code>	1581 the original GUI. In the Eclipse and NetBeans plugins, only the

1254 is null on a simple path	1582 primary location is disp layed; fixing this is on our todo list

1255 <em>and</em> that	1583 (contributions welcome).

1256 <code>	1584 </p>

1257 x	1585 <p>

1258 </code>	1586 <img src="guaranteedDere ference.png" alt="">

1259 is guaranteed to be dereferenced on all paths from this point	1587

1260 forward. FindBugs 1.1 performs a backwards data flow analysis	1588

1261 to determine the values that are guaranteed to be	1589 </p>

1262 dereferenced, and will generate a warning in this case.	1590

1263 </p>	1591 </li>

1264 </li>	1592 <li>Preliminary support for detectors us ing the frameworks

1265 </ul>	1593 other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a>

1266 <p>	1594 bytecode framework. You may expe riment with writing ASM-based

1267 The following sc reen shot of our new GUI shows an example of	1595 detectors, but beware the API ma y still change (which could

1268 this analysis, a s well as showing off our new GUI and points out	1596 possibly also affect BCEL-based detectors). In general, we've

1269 a limitation of our current plugins for Eclipse and NetBeans.	1597 started trying to move away from a deep dependence on BCEL, but

1270 The screen shot shows a null pointer bug in HelpDisplay.java.	1598 that change is only partially co mplete. Probably best to just

1271 The test for	1599 avoid this until we complete mor e work on this. This change is

1272 <code>	1600 only visible to FindBugs plugin developers, and shouldn't be

1273 href!=nu ll	1601 visible to FindBugs users.

1274 </code>	1602 </li>

1275 on line 78 sugge sts that	1603 <li>

1276 <code>	1604 <p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no

1277 href	1605 longer hard-coded, but r ather defined in xml files associated

1278 </code>	1606 with plugins, including the core plugin which defines the

1279 could be null. I f it is, then	1607 standard categories. Thi rd-party plugins can define their own

1280 <code>	1608 categories.</p>

1281 href	1609 </li>

1282 </code>	1610 <li>

1283 will be derefere nced on either line 87 or on line 90, generating	1611 <p>Several bug patterns have bee n moved from CORRECTNESS and

1284 a NPE. Note that our analysis here also understands that passing	1612 STYLE into a new categor y, BAD_PRACTICE. The English localization

1285 <code>	1613 of STYLE has changed fro m "Style" to "Dodgy."</p>

1286 href	1614 <p>In general, we've worked very hard to limit CORRECTNESS

1287 </code>	1615 bugs to be real programm ing errors and sins of commission. We

1288 to	1616 have reclassified as BAD _PRACTICE a number of bad design

1289 <code>	1617 practices that result in overly fragile code, such as defining an

1290 URLEncod er.encode	1618 equals method that doesn 't accept null or defining class with a

1291 </code>	1619 equals method that inher its hashCode from class Object.</p>

1292 will deference i t, and thus treats line 87 as a dereference,	1620 <p>In general, our guidelines fo r deciding whether a bug

1293 even though	1621 should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p>

1294 <code>	1622 <dl>

1295 href	1623 <dt>CORRECTNESS</dt>

1296 </code>	1624 <dd>A problem that we ca n recognize with high confidence and

1297 is not actually dereferenced at that line. Within our new GUI,	1625 is an issue that we believe almost all developers would want to

1298 all of these loc ations are highlighted and listed in the summary	1626 examine and addr ess. We recommend that software teams review all

1299 panel. In the or iginal GUI (and in HTML output) we list all of	1627 high and medium priority warnings in their entire code base.</dd>

1300 the locations, b ut only the primary location is highlighted by	1628 <dt>BAD_PRACTICE</dt>

1301 the original GUI . In the Eclipse and NetBeans plugins, only the	1629 <dd>A problem that we ca n recognize with high confidence and

1302 primary location is displayed; fixing this is on our todo list	1630 represents a cle ar violation of recommended and standard coding

1303 (contributions w elcome).	1631 practice. We bel ieve each software team should decide which bad

1304 </p>	1632 practices identi fied by FindBugs it wants to prohibit in the

1305 <p>	1633 team's coding st andard, and take action to remedy violations of

1306 <img src="guaran teedDereference.png" alt="">	1634 those coding sta ndards.</dd>

1307	1635 <dt>STYLE</dt>

1308	1636 <dd>These are places whe re something strange or dodgy is

1309 </p>	1637 going on, such a s a dead store to a local variable. Typically,

1310	1638 less than half o f these represent actionable programming

1311 </li>	1639 defects. Reviewi ng these warnings in any code under active

1312 <li>	1640 development is p robably a good idea, but reviewing all such

1313 Preliminary support for detectors using the frameworks other than	1641 warnings in your entire code base might be appropriate only in

1314 BCEL, such as the	1642 some situations. Individual or team programming styles can

1315 <a href="http://asm.obje ctweb.org/">ASM</a> bytecode framework.	1643 substantially in fluence the effectiveness of each of these

1316 You may experiment with writing ASM-based detectors, but beware	1644 warnings (e.g., you might have a coding practice or style in

1317 the API may still change (which could possibly also affect	1645 your group that confuses one of the detectors into generating a

1318 BCEL-based detectors). I n general, we've started trying to move	1646 lot of STYLE war nings); you will likely want to selectively

1319 away from a deep depende nce on BCEL, but that change is only	1647 suppress or repo rt the STYLE warnings that are effective for

1320 partially complete. Prob ably best to just avoid this until we	1648 your group.</dd>

1321 complete more work on th is. This change is only visible to	1649 </dl>

1322 FindBugs plugin develope rs, and shouldn't be visible to FindBugs	1650 </li>

1323 users.	1651 <li>Released a preliminary version of a new GUI (known

1324 </li>	1652 internally as GUI2 -- not very c reative, huh?)</li>

1325 <li>	1653 <li>Provided standard ways to mark user designations of bug

1326 <p>	1654 warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic

1327 Bug categories ( CORRECTNESS, MT_CORRECTNESS, etc.) are no longer	1655 now records this, it is represen ted in the XML file, and GUI2

1328 hard-coded, but rather defined in xml files associated with	1656 allows the designations to be ap plied (along with free-form user

1329 plugins, includi ng the core plugin which defines the standard	1657 annotations about each warning). The user designations and

1330 categories. Thir d-party plugins can define their own categories.	1658 annotations are not yet supporte d by the Eclipse plugin, but we

1331 </p>	1659 clearly want to support it in Ec lipse shortly.</li>

1332 </li>	1660 <li>Added a check for a bad comparison w ith a signed byte with

1333 <li>	1661 a value not in the range -128..1 27. For example: <pre>boolean find200(byte b[]) {

1334 <p>

1335 Several bug patt erns have been moved from CORRECTNESS and STYLE

1336 into a new categ ory, BAD_PRACTICE. The English localization of

1337 STYLE has change d from "Style" to "Dodgy."

1338 </p>

1339 <p>

1340 In general, we'v e worked very hard to limit CORRECTNESS bugs to

1341 be real programm ing errors and sins of commission. We have

1342 reclassified as BAD_PRACTICE a number of bad design practices

1343 that result in o verly fragile code, such as defining an equals

1344 method that does n't accept null or defining class with a equals

1345 method that inhe rits hashCode from class Object.

1346 </p>

1347 <p>

1348 In general, our guidelines for deciding whether a bug should be

1349 classified as CO RRECTNESS, BAD_PRACTICE or STYLE are:

1350 </p>

1351 <dl>

1352 <dt>

1353 CORRECTN ESS

1354 </dt>

1355 <dd>

1356 A proble m that we can recognize with high confidence and is an

1357 issue th at we believe almost all developers would want to

1358 examine and address. We recommend that software teams review

1359 all high and medium priority warnings in their entire code

1360 base.

1361 </dd>

1362 <dt>

1363 BAD_PRAC TICE

1364 </dt>

1365 <dd>

1366 A proble m that we can recognize with high confidence and

1367 represen ts a clear violation of recommended and standard coding

1368 practice . We believe each software team should decide which bad

1369 practice s identified by FindBugs it wants to prohibit in the

1370 team's c oding standard, and take action to remedy violations of

1371 those co ding standards.

1372 </dd>

1373 <dt>

1374 STYLE

1375 </dt>

1376 <dd>

1377 These ar e places where something strange or dodgy is going on,

1378 such as a dead store to a local variable. Typically, less than

1379 half of these represent actionable programming defects.

1380 Reviewin g these warnings in any code under active development

1381 is proba bly a good idea, but reviewing all such warnings in

1382 your ent ire code base might be appropriate only in some

1383 situatio ns. Individual or team programming styles can

1384 substant ially influence the effectiveness of each of these

1385 warnings (e.g., you might have a coding practice or style in

1386 your gro up that confuses one of the detectors into generating a

1387 lot of S TYLE warnings); you will likely want to selectively

1388 suppress or report the STYLE warnings that are effective for

1389 your gro up.

1390 </dd>

1391 </dl>

1392 </li>

1393 <li>

1394 Released a preliminary v ersion of a new GUI (known internally as

1395 GUI2 -- not very creativ e, huh?)

1396 </li>

1397 <li>

1398 Provided standard ways t o mark user designations of bug warnings

1399 (e.g., as NOT_A_BUG or S HOULD_FIX). The internal logic now

1400 records this, it is repr esented in the XML file, and GUI2 allows

1401 the designations to be a pplied (along with free-form user

1402 annotations about each w arning). The user designations and

1403 annotations are not yet supported by the Eclipse plugin, but we

1404 clearly want to support it in Eclipse shortly.

1405 </li>

1406 <li>

1407 Added a check for a bad comparison with a signed byte with a

1408 value not in the range - 128..127. For example:

1409 <code>

1410 <pre>boolean fin d200(byte b[]) {

1411 for(int i = 0; i < b.length; i++) if (b[i] == 200) return i;	1662 for(int i = 0; i < b.length; i++) if (b[i] == 200) return i;

1412 return -1;	1663 return -1;

1413 }	1664 }

1414 </pre>	1665 </pre>

1415 » » » » » » » </code>	1666 » » » » » </li>

1416 » » » » » » </li>	1667 » » » » » <li>Added a checking for testing if a va lue is equal to

1417 » » » » » » <li>	1668 » » » » » » Double.NaN (no value is equal to NaN, not even NaN).</li>

1418 » » » » » » » Added a checking for tes ting if a value is equal to Double.NaN	1669 » » » » » <li>Added a check for using a class with an equals method but

1419 » » » » » » » (no value is equal to Na N, not even NaN).	1670 » » » » » » no hashCode method in a hashed d ata structure.</li>

1420 » » » » » » </li>	1671 » » » » » <li>Added check for uncallable method of an anonymous inner

1421 » » » » » » <li>	1672 » » » » » » class. For example, in the follo wing code, it is impossible to

1422 » » » » » » » Added a check for using a class with an equals method but no	1673 » » » » » » invoke the initalValue method (b ecause the name is misspelled and

1423 » » » » » » » hashCode method in a has hed data structure.	1674 » » » » » » as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new Thread Local() {

1424 » » » » » » </li>

1425 » » » » » » <li>

1426 » » » » » » » Added check for uncallab le method of an anonymous inner class.

1427 » » » » » » » For example, in the foll owing code, it is impossible to invoke

1428 » » » » » » » the initalValue method ( because the name is misspelled and as a

1429 » » » » » » » result is doesn't overri de a method in ThreadLocal).

1430 » » » » » » » <code>

1431 » » » » » » » » <pre>private sta tic ThreadLocal serialNum = new ThreadLocal() {

1432 protected synchronized Object initalValue() {	1675 protected synchronized Object initalValue() {

1433 return new Integer(nextSerialNum++);	1676 return new Integer(nextSerialNum++);

1434 }	1677 }

1435 };	1678 };

1436 </pre>	1679 </pre>

1437 </code>	1680 </li>

1438 </li>	1681 <li>Added check for a dead local store c aused by a switch

1439 <li>	1682 statement fall through</li>

1440 Added check for a dead l ocal store caused by a switch statement	1683 <li>Added check for computing the absolu te value of a random

1441 fall through	1684 32 bit integer or of a hashcode. This is broken because <code>

1442 </li>	1685 Math.abs(Integer.MIN_VAL UE) == Integer.MIN_VALUE </code> , and thus

1443 <li>	1686 result of calling Math.abs, whic h is expected to be nonnegative,

1444 Added check for computin g the absolute value of a random 32 bit	1687 will in fact be negative one tim e out of 2 <sup> 32 </sup> , which

1445 integer or of a hashcode . This is broken because	1688 will invariably be the time your boss is demoing the software to

1446 <code>	1689 your customers.

1447 Math.abs(Integer .MIN_VALUE) == Integer.MIN_VALUE	1690

1448 </code>	1691 </li>

1449 , and thus result of cal ling Math.abs, which is expected to be	1692 <li>More careful resolution of inherited methods and fields.

1450 nonnegative, will in fac t be negative one time out of 2	1693 Some of the shortcuts we were ta king in FindBugs 1.0.0 were

1451 <sup>	1694 leading to inaccurate results, a nd it was fairly easy to address

1452 32	1695 this by making the analysis more accurate.</li>

1453 </sup>	1696 <li>Overall, analysis times are about 1. 6 times longer in

1454 , which will invariably be the time your boss is demoing the	1697 FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have

1455 software to your custome rs.	1698 enabled substantial additional a nalysis at the default effort

1456	1699 level (the actual analysis engin e is significantly faster than in

1457 </li>	1700 FindBugs 1.0). On a recent AMD A thlon processor, analyzing

1458 <li>	1701 JDK1.6.0 (about 1 million lines of code) requires about 15 minutes

1459 More careful resolution of inherited methods and fields. Some of	1702 of wall clock time.</li>

1460 the shortcuts we were ta king in FindBugs 1.0.0 were leading to	1703 <li>Provided class and script (printClas s) to print classfile

1461 inaccurate results, and it was fairly easy to address this by	1704 in the human readable format pro duced by BCEL</li>

1462 making the analysis more accurate.	1705 <li>Provided -findSource option to setBu gDatabaseInfo</li>

1463 </li>	1706 </ul>

1464 <li>	1707

1465 Overall, analysis times are about 1.6 times longer in FindBugs	1708

1466 1.1.0 than in FindBugs 1 .0.0. This is because we have enabled	1709 <p>Changes since version 0.9.7:</p>

1467 substantial additional a nalysis at the default effort level (the	1710

1468 actual analysis engine i s significantly faster than in FindBugs	1711 <ul>

1469 1.0). On a recent AMD At hlon processor, analyzing JDK1.6.0 (about	1712 <li>fix ObjectTypeFactory bug that was s uppressing some bugs</li>

1470 1 million lines of code) requires about 15 minutes of wall clock	1713 <li>opcode stack may determine definite zeros on some paths</li>

1471 time.	1714 <li>opcode stack can track some constant string concatenations

1472 </li>	1715 (dbrosius)</li>

1473 <li>	1716 <li>default effort performs iterative op code analysis (but min

1474 Provided class and scrip t (printClass) to print classfile in the	1717 effort does not)</li>

1475 human readable format pr oduced by BCEL	1718 <li>default heap size upped to 384m</li>

1476 </li>	1719 <li>schema for XML output available: bug collection.xsd</li>

1477 <li>	1720 <li>fixed some internal confusion betwee n dotted and slashed

1478 Provided -findSource opt ion to setBugDatabaseInfo	1721 class names</li>

1479 </li>	1722 <li>New detectors

1480 </ul>	1723 <ul>

1481	1724 <li>CheckImmutableAnnota tion.java: checks JCIP annotations</li>

1482	1725 </ul>

1483 <p>	1726 </li>

1484 Changes since version 0.9.7:	1727 <li>Updated detectors

1485 </p>	1728 <ul>

1486	1729 <li>BadRegEx.java: under stands Pattern.LITERAL, warns about

1487 <ul>	1730 "."</li>

1488 <li>	1731 <li>FindUnreleasedLock.j ava: fewer false positives</li>

1489 fix ObjectTypeFactory bu g that was suppressing some bugs	1732 <li>DumbMethods.java: ch eck for vacuous comparisons to

1490 </li>	1733 MAX_INTEGER or M IN_INTEGER, fix bugs detecting

1491 <li>	1734 DM_NEXTINT_VIA_N EXTDOUBLE</li>

1492 opcode stack may determi ne definite zeros on some paths	1735 <li>FindPuzzlers.java: d etect <tt>n%2==1</tt>, detect

1493 </li>	1736 toString() on ar ray types

1494 <li>	1737 </li>

1495 opcode stack can track s ome constant string concatenations	1738 <li>FindInconsistentSync 2.java: detects IS_FIELD_NOT_GUARDED

1496 (dbrosius)	1739 </li>

1497 </li>	1740 <li>MethodReturnCheck.ja va: add check for discarded newly

1498 <li>	1741 constructed valu es, increase priority of some ignored

1499 default effort performs iterative opcode analysis (but min effort	1742 constructed exce ptions, better handling of bytecode compiled by

1500 does not)	1743 Eclipse</li>

1501 </li>	1744 <li>FindEmptySynchronize dBlock.java: better handling of

1502 <li>	1745 bytecode compile d by Eclipse</li>

1503 default heap size upped to 384m	1746 <li>DoInsideDoPrivileged .java: warn if call to setAccessible

1504 </li>	1747 isn't in doPrivi ledged, don't report private methods</li>

1505 <li>	1748 <li>LoadOfKnownNullValue .java: fix bug that was reporting

1506 schema for XML output av ailable: bugcollection.xsd	1749 false positives on <code> finally </code> blocks

1507 </li>	1750 </li>

1508 <li>	1751 <li>CheckReturnAnnotatio nDatabase.java: better checks for

1509 fixed some internal conf usion between dotted and slashed class	1752 unstarted thread s</li>

1510 names	1753 <li>ConfusionBetweenInhe ritedAndOuterMethod.java: fewer

1511 </li>	1754 false positives, fixed a package-handling bug</li>

1512 <li>	1755 <li>BadResultSetAccess.j ava: separate bug pattern for

1513 New detectors	1756 PreparedStatemen ts, <code> BRZA </code> category folded into <code>

1514 <ul>	1757 SQL </co de> category

1515 <li>	1758 </li>

1516 CheckImm utableAnnotation.java: checks JCIP annotations	1759 <li>FindDeadLocalStores. java, FindBadCast2.java,

1517 </li>	1760 DumbMethods.java , RuntimeExceptionCapture.java: coalesce similar

1518 </ul>	1761 bugs within a me thod into a single bug instance with multiple

1519 </li>	1762 source lines</li >

1520 <li>	1763 </ul>

1521 Updated detectors	1764 </li>

1522 <ul>	1765 <li>Eclipse plugin

1523 <li>	1766 <ul>

1524 BadRegEx .java: understands Pattern.LITERAL, warns about "."	1767 <li>plugin ID changed fr om <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt>

1525 </li>	1768 </li>

1526 <li>	1769 <li>support for findbugs eclipse auto-update site</li>

1527 FindUnre leasedLock.java: fewer false positives	1770 </ul>

1528 </li>	1771 </li>

1529 <li>	1772 <li>Updated test case files

1530 DumbMeth ods.java: check for vacuous comparisons to MAX_INTEGER	1773 <ul>

1531 or MIN_I NTEGER, fix bugs detecting DM_NEXTINT_VIA_NEXTDOUBLE	1774 <li>BadRegEx.java</li>

1532 </li>	1775 <li>JSR166.java</li>

1533 <li>	1776 <li>ConcurrentModificati onBug.java</li>

1534 FindPuzz lers.java: detect	1777 <li>DeadStore.java</li>

1535 <tt>n%2= =1</tt>, detect toString() on array types	1778 <li>InstanceOf.java</li>

1536 </li>	1779 <li>LoadKnownNull.java</ li>

1537 <li>	1780 <li>NeedsToCheckReturnVa lue.java</li>

1538 FindInco nsistentSync2.java: detects IS_FIELD_NOT_GUARDED	1781 <li>BadResultSetAccessTe st.java</li>

1539 </li>	1782 <li>DeadStore.java</li>

1540 <li>	1783 <li>TestNonNull2.java</l i>

1541 MethodRe turnCheck.java: add check for discarded newly	1784 <li>TestImmutable.java</ li>

1542 construc ted values, increase priority of some ignored	1785 <li>TestGuardedBy.java</ li>

1543 construc ted exceptions, better handling of bytecode compiled by	1786 <li>BadRandomInt.java</l i>

1544 Eclipse	1787 <li>six test cases added to new <code> TigerTraps </code>

1545 </li>	1788 directory

1546 <li>	1789 </li>

1547 FindEmpt ySynchronizedBlock.java: better handling of bytecode	1790 </ul>

1548 compiled by Eclipse	1791 </li>

1549 </li>	1792 <li>fix bug that was generating duplicat e uids</li>

1550 <li>	1793 <li>fix bug with <code> -onlyAnalyze som e.package.* </code> on

1551 DoInside DoPrivileged.java: warn if call to setAccessible isn't	1794 jdk1.4

1552 in doPri viledged, don't report private methods	1795 </li>

1553 </li>	1796 <li>fix regression bug in

1554 <li>	1797 DismantleByteCode.getRefConstant Operand()</li>

1555 LoadOfKn ownNullValue.java: fix bug that was reporting false	1798 <li>fix some minor bugs with the Swing G UI</li>

1556 positive s on	1799 <li>reordered some bugInstances so that source line

1557 <code>	1800 annotations come last</li>

1558 finally	1801 <li>removed references to unused java sy stem properties</li>

1559 </code>	1802 <li>French translation updates (David Co tton)</li>

1560 blocks	1803 <li>Japanese translation updates (Hanai Shisei)</li>

1561 </li>	1804 <li>content cleanup for findbugs.xml and messages.xml</li>

1562 <li>	1805 <li>references to cvs hostname updated t o

1563 CheckRet urnAnnotationDatabase.java: better checks for unstarted	1806 findbugs.cvs.sourceforge.net</li >

1564 threads	1807 <li>documented xdoc output options, new

1565 </li>	1808 mineBugHistory/computeBugHistory options</li>

1566 <li>	1809 </ul>

1567 Confusio nBetweenInheritedAndOuterMethod.java: fewer false	1810

1568 positive s, fixed a package-handling bug	1811 <p>Changes since version 0.9.6:</p>

1569 </li>	1812

1570 <li>	1813 <ul>

1571 BadResul tSetAccess.java: separate bug pattern for	1814 <li>performance improvements</li>

1572 Prepared Statements,	1815 <li>ObjectType instances are cached to r educe memory footprint

1573 <code>	1816 </li>

1574 BRZA	1817 <li>for performance and memory reasons s tateless detectors are

1575 </code>	1818 no longer cloned, must clear the ir own state between .class files

1576 category folded into	1819 </li>

1577 <code>	1820 <li>fixed bug in bytecode-set lookup for methods (was causing

1578 SQL	1821 bad results for IS2, perhaps oth ers)</li>

1579 </code>	1822 <li>fix some OpcodeStack bugs with integ er and long

1580 category	1823 operations, perform iterative an alysis when effort is <tt>max</tt>

1581 </li>	1824 </li>

1582 <li>	1825 <li>HTML output includes LongMessage tex t again (regression in

1583 FindDead LocalStores.java, FindBadCast2.java, DumbMethods.java,	1826 0.95 - 0.96)</li>

1584 RuntimeE xceptionCapture.java: coalesce similar bugs within a	1827 <li>New detectors

1585 method i nto a single bug instance with multiple source lines	1828 <ul>

1586 </li>	1829 <li>CalledMethods.java: builds a list of invoked methods for

1587 </ul>	1830 other detectors to consult (non-reporting)</li>

1588 </li>	1831 <li>UncallableMethodOfAn onymousClass.java: detect anonymous

1589 <li>	1832 inner classes th at define methods that are probably intended to

1590 Eclipse plugin	1833 but do not overr ide methods in a superclass.</li>

1591 <ul>	1834 </ul>

1592 <li>	1835 </li>

1593 plugin I D changed from	1836 <li>Updated detectors

1594 <tt>de.t object.findbugs</tt> to	1837 <ul>

1595 <tt>edu. umd.cs.findbugs.plugin.eclipse</tt>	1838 <li>FindFieldSelfAssignm ent.java: recognize separate fields

1596 </li>	1839 with the same na me (one from superclass)</li>

1597 <li>	1840 <li>FindLocalSelfAssignm ent2.java: handles backward branches

1598 support for findbugs eclipse auto-update site	1841 better (Dave Bro sius)</li>

1599 </li>	1842 <li>FindBadCast2.java: B C_NULL_INSTANCEOF changed to

1600 </ul>	1843 NP_NULL_INSTANCE OF</li>

1601 </li>	1844 <li>FindPuzzlers.java: e liminate false positive on setDate()

1602 <li>	1845 (Dave Brosius)</ li>

1603 Updated test case files	1846 </ul>

1604 <ul>	1847 </li>

1605 <li>	1848 <li>Eclipse plugin

1606 BadRegEx .java	1849 <ul>

1607 </li>	1850 <li>fix serious threadin g bug</li>

1608 <li>	1851 <li>preferences for Filt ers and effort (Peter Hendriks)</li>

1609 JSR166.j ava	1852 <li>French localization (David Cotton)</li>

1610 </li>	1853 <li>fix bug when reporti ng inner classes (Peter Friese)</li>

1611 <li>	1854 </ul>

1612 Concurre ntModificationBug.java	1855 </li>

1613 </li>	1856 <li>Updated test case files

1614 <li>	1857 <ul>

1615 DeadStor e.java	1858 <li>Mwn.java (Carl Burke /Dave Brosius)</li>

1616 </li>	1859 <li>DumbMethodInvocation s.java (Anto paul/Dave Brosius)</li>

1617 <li>	1860 <!--sic-->

1618 Instance Of.java	1861 </ul>

1619 </li>	1862 </li>

1620 <li>	1863 <li>XML output includes garbage collecti on duration</li>

1621 LoadKnow nNull.java	1864 <li>French messages updated (David Cotto n)</li>

1622 </li>	1865 <li>Swing GUI shows file name after Load Bugs command</li>

1623 <li>	1866 <li>Ant task to launch the findbugs fram e (Mark McKay)</li>

1624 NeedsToC heckReturnValue.java	1867 <li>miscellaneous code cleanup</li>

1625 </li>	1868 </ul>

1626 <li>	1869

1627 BadResul tSetAccessTest.java	1870 <p>Changes since version 0.9.5:</p>

1628 </li>	1871

1629 <li>	1872 <ul>

1630 DeadStor e.java	1873 <li>Updated detectors

1631 </li>	1874 <ul>

1632 <li>	1875 <li>FindNullDeref.java: respect NonNull and CheckForNull

1633 TestNonN ull2.java	1876 field annotation s</li>

1634 </li>	1877 <li>SerializableIdiom.ja va: detect non-private readObject

1635 <li>	1878 and writeObject methods</li>

1636 TestImmu table.java	1879 <li>FindRefComparison.ja va: smarter array comparison

1637 </li>	1880 detection</li>

1638 <li>	1881 <li>IsNullValueAnalysis. java: detect <tt>null

1639 TestGuar dedBy.java	1882 instance of</tt>

1640 </li>	1883 </li>

1641 <li>	1884 <li>FindLocalSelfAssignm ent2.java: suppress some false

1642 BadRando mInt.java	1885 positives (Dave Brosius)</li>

1643 </li>	1886 <li>FindUnreleasedLock.j ava: don't waste time processing

1644 <li>	1887 classes that don 't refer to java.util.concurrent.locks</li>

1645 six test cases added to new	1888 <li>MutableStaticFields. java: report the source line (Dave

1646 <code>	1889 Brosius)</li>

1647 TigerTraps	1890 <li>SwitchFallthrough.ja va: better handling of System.exit()

1648 </code>	1891 (Dave Brosius)</ li>

1649 director y	1892 <li>MultithreadedInstanc eAccess.java: better handling of

1650 </li>	1893 Servlet.init() ( Dave Brosius)</li>

1651 </ul>	1894 <li>ConfusionBetweenInhe ritedAndOuterMethod.java: now

1652 </li>	1895 enabled</li>

1653 <li>	1896 </ul>

1654 fix bug that was generat ing duplicate uids	1897 </li>

1655 </li>	1898 <li>Eclipse plugin

1656 <li>	1899 <ul>

1657 fix bug with	1900 <li>background processin g (Peter Friese)</li>

1658 <code>	1901 <li>internationalization , Japanese localization (Takashi

1659 -onlyAnalyze som e.package.*	1902 Okamoto)</li>

1660 </code>	1903 </ul>

1661 on jdk1.4	1904 </li>

1662 </li>	1905 <li>findbugs <tt>-onlyAnalyze</tt> optio n now works on windows

1663 <li>	1906 platforms

1664 fix regression bug in Di smantleByteCode.getRefConstantOperand()	1907 </li>

1665 </li>	1908 <li>mineBugHistory <tt>-noTabs</tt> opti on for better

1666 <li>	1909 alignment of output columns

1667 fix some minor bugs with the Swing GUI	1910 </li>

1668 </li>	1911 <li>filterBugs <tt>-fixed</tt> option (a lso: will now

1669 <li>	1912 recognize the most recent versio n string)

1670 reordered some bugInstan ces so that source line annotations come	1913 </li>

1671 last	1914 <li>XML output includes running time and memory usage data</li>

1672 </li>	1915 <li>miscellaneous minor corrections to t he manual</li>

1673 <li>	1916 <li>better bytecode analysis of the <tt> iinc</tt> instruction

1674 removed references to un used java system properties	1917 </li>

1675 </li>	1918 <li>fix bug in null pointer analysis</li >

1676 <li>	1919 <li>improved catch block heuristics</li>

1677 French translation updat es (David Cotton)	1920 <li>some type analysis tweaks</li>

1678 </li>	1921 <li>Bug priority changes

1679 <li>	1922 <ul>

1680 Japanese translation upd ates (Hanai Shisei)	1923 <li>DumbMethodInvocation s.java: decrease priority of

1681 </li>	1924 hard-coded <tt>/ tmp</tt> filenames

1682 <li>	1925 </li>

1683 content cleanup for find bugs.xml and messages.xml	1926 <li>ComparatorIdiom.java : decrease priority of

1684 </li>	1927 non-serializable anonymous comparators</li>

1685 <li>	1928 <li>FindSqlInjection.jav a: decrease priority of appending a

1686 references to cvs hostna me updated to	1929 constant or a st atic</li>

1687 findbugs.cvs.sourceforge .net	1930 </ul>

1688 </li>	1931 </li>

1689 <li>	1932 <li>Updated bug explanations

1690 documented xdoc output o ptions, new	1933 <ul>

1691 mineBugHistory/computeBu gHistory options	1934 <li>NM_VERY_CONFUSING (D ave Brosius)</li>

1692 </li>	1935 </ul>

1693 </ul>	1936 </li>

1694	1937 <li>Updated test case files

1695 <p>	1938 <ul>

1696 Changes since version 0.9.6:	1939 <li>BadStoreOfNonSeriali zableObject.java</li>

1697 </p>	1940 <li>BadRandomInt.java</l i>

1698	1941 <li>TestFieldAnnotations .java</li>

1699 <ul>	1942 <li>UseInitCause.java</l i>

1700 <li>	1943 <li>SqlInjection.java</l i>

1701 performance improvements	1944 <li>ArrayEquality.java</ li>

1702 </li>	1945 <li>BadIntegerOperations .java</li>

1703 <li>	1946 <li>Pilhuhn.java</li>

1704 ObjectType instances are cached to reduce memory footprint	1947 <li>InstanceOf.java</li>

1705 </li>	1948 <li>SwitchFallthrough.ja va (Dave Brosius)</li>

1706 <li>	1949 </ul>

1707 for performance and memo ry reasons stateless detectors are no	1950 </li>

1708 longer cloned, must clea r their own state between .class files	1951 <li>fix URL decoding bug when running un der Java Web Start

1709 </li>	1952 (Dave Brosius)</li>

1710 <li>	1953 <li>distribution includes <tt>project.xm l</tt> file for

1711 fixed bug in bytecode-se t lookup for methods (was causing bad	1954 NetBeans

1712 results for IS2, perhaps others)	1955 </li>

1713 </li>	1956 </ul>

1714 <li>	1957

1715 fix some OpcodeStack bug s with integer and long operations,	1958 <p>Changes since version 0.9.4:</p>

1716 perform iterative analys is when effort is	1959 <ul>

1717 <tt>max</tt>	1960 <li>New detectors

1718 </li>	1961 <ul>

1719 <li>	1962 <li>VarArgsProblems.java </li>

1720 HTML output includes Lon gMessage text again (regression in 0.95 -	1963 <li>FindSqlInjection.jav a: now enabled</li>

1721 0.96)	1964 <li>ComparatorIdiom.java : comparators usually implement

1722 </li>	1965 serializable</li >

1723 <li>	1966 <li>Naming.java: detect methods not overridden due to

1724 New detectors	1967 eponymously type d args from different packages</li>

1725 <ul>	1968 </ul>

1726 <li>	1969 </li>

1727 CalledMe thods.java: builds a list of invoked methods for other	1970 <li>Updated detectors

1728 detector s to consult (non-reporting)	1971 <ul>

1729 </li>	1972 <li>SwitchFallthrough.ja va: surpress some false positives</li>

1730 <li>	1973 <li>DuplicateBranches.ja va: surpress some false positives</li>

1731 Uncallab leMethodOfAnonymousClass.java: detect anonymous inner	1974 <li>IteratorIdioms.java: surpress some false positives</li>

1732 classes that define methods that are probably intended to but	1975 <li>FindHEmismatch.java: surpress some false positives</li>

1733 do not o verride methods in a superclass.	1976 <li>QuestionableBooleanA ssignment.java: finds more cases of

1734 </li>	1977 <tt>if (b=true)< /tt> ilk

1735 </ul>	1978 </li>

1736 </li>	1979 <li>DumbMethods.java: de tect int remainder by 1, delayed gc

1737 <li>	1980 errors</li>

1738 Updated detectors	1981 <li>SerializableIdiom.ja va: detect store of nonserializable

1739 <ul>	1982 object into fiel d of serializable class</li>

1740 <li>	1983 <li>FindNullDeref.java: fix potential exception</li>

1741 FindFiel dSelfAssignment.java: recognize separate fields with	1984 <li>IsNullValue.java: fi x potential exception</li>

1742 the same name (one from superclass)	1985 <li>MultithreadedInstanc eAccess.java: fix potential

1743 </li>	1986 exception</li>

1744 <li>	1987 <li>PreferZeroLengthArra ys.java: flag the method, not the

1745 FindLoca lSelfAssignment2.java: handles backward branches better	1988 line</li>

1746 (Dave Br osius)	1989 </ul>

1747 </li>	1990 </li>

1748 <li>	1991 <li>Remove some inadvertent dependencies on JDK 1.5</li>

1749 FindBadC ast2.java: BC_NULL_INSTANCEOF changed to	1992 <li>Sort order should be more consistent </li>

1750 NP_NULL_ INSTANCEOF	1993 <li>XML output changes

1751 </li>	1994 <ul>

1752 <li>	1995 <li>Option to sort XML b ug output</li>

1753 FindPuzz lers.java: eliminate false positive on setDate() (Dave	1996 <li>Now contains instanc e IDs</li>

1754 Brosius)	1997 <li>uid no longer missin g (was causing problems with fancy

1755 </li>	1998 HTML output)</li >

1756 </ul>	1999 <li>Typo fixed</li>

1757 </li>	2000 </ul>

1758 <li>	2001 </li>

1759 Eclipse plugin	2002 <li>Internal changes to track source fil es, <tt>-sourceInfo</tt>

1760 <ul>	2003 option

1761 <li>	2004 </li>

1762 fix seri ous threading bug	2005 <li>Bug matching: first try exact bug pa ttern matching, option

1763 </li>	2006 to compare priorities, option to disable package moves</li>

1764 <li>	2007 <li>Architecture documentation in <tt>de sign/architecture</tt>

1765 preferen ces for Filters and effort (Peter Hendriks)	2008 </li>

1766 </li>	2009 <li>Test cases move into their own CVS p roject</li>

1767 <li>	2010 <li>Don't report warnings that occur out side the analyzed

1768 French l ocalization (David Cotton)	2011 classes</li>

1769 </li>	2012 <li>Fixes to the build.xml files</li>

1770 <li>	2013 <li>Better handling of @CheckReturnValue and @CheckForNull

1771 fix bug when reporting inner classes (Peter Friese)	2014 annotations (also, some addition al methods searched for check

1772 </li>	2015 return value and check for null) </li>

1773 </ul>	2016 <li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave

1774 </li>	2017 Brosius)

1775 <li>	2018 </li>

1776 Updated test case files	2019 <li>Bug priority changes

1777 <ul>	2020 <ul>

1778 <li>	2021 <li>increase priority of ignoring return value of

1779 Mwn.java (Carl Burke/Dave Brosius)	2022 java.sql.Connect ion methods</li>

1780 </li>	2023 <li>increase priority of comparing classes like Integer

1781 <li>	2024 using <tt>==</tt >

1782 DumbMeth odInvocations.java (Anto paul/Dave Brosius)	2025 </li>

1783 </li>	2026 <li>decrease priority of IT_NO_SUCH_ELEMENT if we see any

1784 <!--sic-->	2027 call to <tt>next ()</tt>

1785 </ul>	2028 </li>

1786 </li>	2029 <li>tweak priority of NM _METHOD_CONSTRUCTOR_CONFUSION</li>

1787 <li>	2030 <li>decrease priority of RV_RETURN_VALUE_IGNORED for an

1788 XML output includes garb age collection duration	2031 inherited annota tion that doesn't return same type as class</li>

1789 </li>	2032 </ul>

1790 <li>	2033 </li>

1791 French messages updated (David Cotton)	2034 <li>Updated bug explanations

1792 </li>	2035 <ul>

1793 <li>	2036 <li>RCN_REDUNDANT_NULLCH ECK_WOULD_HAVE_BEEN_A_NPE</li>

1794 Swing GUI shows file nam e after Load Bugs command	2037 <li>DP_CREATE_CLASSLOADE R_INSIDE_DO_PRIVILEGED</li>

1795 </li>	2038 <li>IMA_INEFFICIENT_MEMB ER_ACCESS (Dave Brosius)</li>

1796 <li>	2039 <li>some Japanese improv ements to messages_ja.xml ( <tt>ruimo</tt>)

1797 Ant task to launch the f indbugs frame (Mark McKay)	2040 </li>

1798 </li>	2041 <li>some German improvem ents to findbugs_de.properties (Dave

1799 <li>	2042 Brosius, <tt>dvh olten</tt>)

1800 miscellaneous code clean up	2043 </li>

1801 </li>	2044 </ul>

1802 </ul>	2045 </li>

1803	2046 <li>Updated test case files

1804 <p>	2047 <ul>

1805 Changes since version 0.9.5:	2048 <li>BadIntegerOperations .java</li>

1806 </p>	2049 <li>SecondKaboom.java</l i>

1807	2050 <li>OpenDatabase.java (D ave Brosius)</li>

1808 <ul>	2051 <li>FindOpenStream.java (Dave Brosius)</li>

1809 <li>	2052 <li>BadRandomInt.java</l i>

1810 Updated detectors	2053 </ul>

1811 <ul>	2054 </li>

1812 <li>	2055 <li>Source-lines info maintained for met hods (handy for

1813 FindNull Deref.java: respect NonNull and CheckForNull field	2056 abstract and native methods)</li >

1814 annotati ons	2057 <li>Remove surrounding opcodes from sour ce line annotations</li>

1815 </li>	2058 <li>Better error when can't read file</l i>

1816 <li>	2059 <li>Swing GUI: removed console pane from FindBugsFrame, fix

1817 Serializ ableIdiom.java: detect non-private readObject and	2060 missing classes bug</li>

1818 writeObj ect methods	2061 <li>Fixes to OpcodeStack.java</li>

1819 </li>	2062 <li>Detectors may attach a custom value to an OpcodeStack.Item

1820 <li>	2063 (Dave Brosius)</li>

1821 FindRefC omparison.java: smarter array comparison detection	2064 <li>Filter.java: ability to add text mes sages to XML output,

1822 </li>	2065 fix bug with <tt>-withMessages</ tt>

1823 <li>	2066 </li>

1824 IsNullVa lueAnalysis.java: detect	2067 <li>SourceInfoMap supports ranges of sou rce lines</li>

1825 <tt>null instanceof</tt>	2068 <li>Ant task supports the <tt>timestampN ow</tt> attribute

1826 </li>	2069 </li>

1827 <li>	2070 </ul>

1828 FindLoca lSelfAssignment2.java: suppress some false positives	2071

1829 (Dave Br osius)	2072 <p>Changes since version 0.9.3:</p>

1830 </li>	2073 <ul>

1831 <li>	2074 <li>Substantial rework of datamining cod e</li>

1832 FindUnre leasedLock.java: don't waste time processing classes	2075 <li>Removed bogus warnings about await o n things other than

1833 that don 't refer to java.util.concurrent.locks	2076 Condition not being in a loop</l i>

1834 </li>	2077 <li>Fixed bug in OpcodeStack handling of dup2 of long/double

1835 <li>	2078 values</li>

1836 MutableS taticFields.java: report the source line (Dave Brosius)	2079 <li>Don't report array types as missing classes</li>

1837 </li>	2080 <li>Adjustment of some warnings on ignor ed return values</li>

1838 <li>	2081 <li>Added thread safety annotations from Java Concurrency in

1839 SwitchFa llthrough.java: better handling of System.exit() (Dave	2082 Practice (no detectors written f or these yet)</li>

1840 Brosius)	2083 <li>Added annotation for methods that, i f overridden, should

1841 </li>	2084 be invoked by overriding methods via a call to super</li>

1842 <li>	2085 <li>Updated -html:fancy.xsl (Etienne Gir audy)</li>

1843 Multithr eadedInstanceAccess.java: better handling of	2086 </ul>

1844 Servlet. init() (Dave Brosius)	2087

1845 </li>	2088 <p>Note: there was no version 0.9.2</p>

1846 <li>	2089

1847 Confusio nBetweenInheritedAndOuterMethod.java: now enabled	2090 <p>Changes since version 0.9.1:</p>

1848 </li>	2091 <ul>

1849 </ul>	2092 <!-- New detectors -->

1850 </li>	2093 <li>Embellish USM to find abstract metho ds that implement an

1851 <li>	2094 interface method (Dave Brosius)< /li>

1852 Eclipse plugin	2095 <li>New detector to find stores of liter al booleans inside if

1853 <ul>	2096 or while expressions (Dave Brosi us)</li>

1854 <li>	2097 <li>New style detector to find final cla sses that declare

1855 backgrou nd processing (Peter Friese)	2098 protected fields (Dave Brosius)< /li>

1856 </li>	2099 <li>New detector to find subclass method s that simply forward,

1857 <li>	2100 verbatim, to the super class (Da ve Brosius)</li>

1858 internat ionalization, Japanese localization (Takashi Okamoto)	2101 <li>Detector to find instances where cod e is attempting to

1859 </li>	2102 write an object out via an imple mentation of DataOutput, but the

1860 </ul>	2103 object is not guaranteed to be S erializable (Jon Christiansen,

1861 </li>	2104 Bill Pugh)</li>

1862 <li>	2105

1863 findbugs	2106 <!-- Feature enhancements -->

1864 <tt>-onlyAnalyze</tt> op tion now works on windows platforms	2107 <li>Large (35%) analysis speedup (Bill P ugh)</li>

1865 </li>	2108 <li>Add line numbers to Swing GUI code p anel (Dave Brosius)</li>

1866 <li>	2109 <li>Added effort options to Swing GUI (D ave Brosius)</li>

1867 mineBugHistory	2110 <li>Add ability to specify bugs file to open from command line

1868 <tt>-noTabs</tt> option for better alignment of output columns	2111 for GUI version, through -loadbu gs (Phillip Martin)</li>

1869 </li>	2112 <li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt>

1870 <li>	2113 (Chris Nappin)

1871 filterBugs	2114 </li>

1872 <tt>-fixed</tt> option ( also: will now recognize the most recent	2115 <li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt>

1873 version string)	2116 (Etienne Giraudy)

1874 </li>	2117 </li>

1875 <li>	2118 <li>Updated Japanese bug message transla tions (Shisei Hanai)</li>

1876 XML output includes runn ing time and memory usage data	2119

1877 </li>	2120 <!-- Bug fixes -->

1878 <li>	2121 <li>XHTML compliance fixes for bug detai ls (Etienne Giraudy)</li>

1879 miscellaneous minor corr ections to the manual	2122 <li>Various detector fixes (Shisei Hanai )</li>

1880 </li>	2123 <li>Fixed bugs in the project preference s dialog int the

1881 <li>	2124 Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li>

1882 better bytecode analysis of the	2125 <li>Lowered priority of analysis thread in Swing GUI (David

1883 <tt>iinc</tt> instructio n	2126 Hovemeyer, suggested by Shisei H anai and Jeffrey W. Badorek)</li>

1884 </li>	2127 <li>Fixed EclipsePlugin to correctly pic k up auxclasspath

1885 <li>	2128 entries (Jon Christiansen)</li>

1886 fix bug in null pointer analysis	2129 </ul>

1887 </li>	2130

1888 <li>	2131 <p>Changes since version 0.9.0:</p>

1889 improved catch block heu ristics	2132 <ul>

1890 </li>	2133 <li>Fixed dependence on JRE 1.5: all fea tures should work on

1891 <li>	2134 JRE 1.4 again</li>

1892 some type analysis tweak s	2135 <li>Fixed -effort command line option ha ndling for Swing GUI</li>

1893 </li>	2136 <li>Fixed conserveSpace and workHard att ributes int Ant task</li>

1894 <li>	2137 <li>Added support for effort attribute i n Ant task</li>

1895 Bug priority changes	2138 </ul>

1896 <ul>	2139

1897 <li>	2140 <p>Changes since version 0.8.8:</p>

1898 DumbMeth odInvocations.java: decrease priority of hard-coded	2141 <ul>

1899 <tt>/tmp </tt> filenames	2142 <!-- New detectors and bug patterns -->

1900 </li>	2143 <li>XMLFactoryBypass detector to find di rect allocation of xml

1901 <li>	2144 class implementations (Dave Bros ius)</li>

1902 Comparat orIdiom.java: decrease priority of non-serializable	2145 <li>InefficientMemberAccess detector to find accesses to

1903 anonymou s comparators	2146 owning class private members (Da ve Brosius)</li>

1904 </li>	2147 <li>DuplicateBranches detector checks sw itch statements too

1905 <li>	2148 (Dave Brosius)</li>

1906 FindSqlI njection.java: decrease priority of appending a	2149

1907 constant or a static	2150 <!-- Feature enhancements -->

1908 </li>	2151 <li>FindBugs available from findbugs.sou rceforge.net as Java

1909 </ul>	2152 Web Start application (Dave Bros ius)</li>

1910 </li>	2153 <li>Updated Japanese bug message transla tions (Shisei Hanai)</li>

1911 <li>	2154 <li>Improved bug detail message for cova riant equals() (Shisei

1912 Updated bug explanations	2155 Hanai)</li>

1913 <ul>	2156 <li>Modeling of instanceof checks is now enabled by default,

1914 <li>	2157 making the bad cast detector muc h more useful (Bill Pugh, David

1915 NM_VERY_ CONFUSING (Dave Brosius)	2158 Hovemeyer)</li>

1916 </li>	2159 <li>Support for detector ordering constr aints in plugin

1917 </ul>	2160 descriptor (David Hovemeyer)</li >

1918 </li>	2161 <li>Simpler option to control analysis e ffort: -effort: <i>value</i>,

1919 <li>	2162 where <i>value</i> is one of <co de> min </code> , <code>

1920 Updated test case files	2163 default </code> , or <co de> max </code> (David Hovemeyer)

1921 <ul>	2164 </li>

1922 <li>	2165 <li>Using -effort:max, FindNullDeref che cks for null arguments

1923 BadStore OfNonSerializableObject.java	2166 passed to methods which derefere nce them unconditionally (David

1924 </li>	2167 Hovemeyer)</li>

1925 <li>	2168 <li>FindNullDeref checks @Null and @NonN ull annotations for

1926 BadRando mInt.java	2169 parameters and return values (Da vid Hovemeyer)</li>

1927 </li>	2170

1928 <li>	2171 <!-- Bug fixes -->

1929 TestFiel dAnnotations.java	2172 </ul>

1930 </li>	2173

1931 <li>	2174 <p>Changes since version 0.8.7:</p>

1932 UseInitC ause.java	2175

1933 </li>	2176 <ul>

1934 <li>	2177 <!-- New detectors and bug patterns -->

1935 SqlInjec tion.java	2178 <li>New detector to find duplicate code in if/else statements

1936 </li>	2179 (Dave Brosius)</li>

1937 <li>	2180 <li>Look for calls to wait() on Conditio n objects (David

1938 ArrayEqu ality.java	2181 Hovemeyer)</li>

1939 </li>	2182 <li>Look for java.util.concurrent.Lock o bjects not released on

1940 <li>	2183 every path out of method (David Hovemeyer)</li>

1941 BadInteg erOperations.java	2184 <li>Look for calls to Thread.sleep() wit h a lock held (David

1942 </li>	2185 Hovemeyer)</li>

1943 <li>	2186 <li>More accurate detection of impossibl e casts (Bill Pugh,

1944 Pilhuhn. java	2187 David Hovemeyer)</li>

1945 </li>	2188

1946 <li>	2189 <!-- Feature enhancements -->

1947 Instance Of.java	2190 <li>Saved XML now contains project stati stics (Jay Dunning)</li>

1948 </li>	2191 <li>Filter files can select by bug patte rn type and warning

1949 <li>	2192 priority (David Hovemeyer)</li>

1950 SwitchFa llthrough.java (Dave Brosius)	2193

1951 </li>	2194 <!-- Bug fixes -->

1952 </ul>	2195 <li>Restored some files inadvertently om itted from previous

1953 </li>	2196 release (Rohan Lloyd, David Hove meyer)</li>

1954 <li>	2197 <li>Make sure detectors requiring JDK 1. 5 runtime classes are

1955 fix URL decoding bug whe n running under Java Web Start (Dave	2198 only executed if those classes a re available (David Hovemeyer)</li>

1956 Brosius)	2199 <li>Don't display analysis error dialog unless there is really

1957 </li>	2200 an error (David Hovemeyer)</li>

1958 <li>	2201 <li>Updated and expanded French translat ions of bug patterns

1959 distribution includes	2202 and Swing GUI (Olivier Parent)</ li>

1960 <tt>project.xml</tt> fil e for NetBeans	2203 <li>Fixed invalid character encoding in German Swing GUI

1961 </li>	2204 translation (Olivier Parent)</li >

1962 </ul>	2205 <li>Fix locale used for date format in p roject stats (K.

1963	2206 Hashimoto)</li>

1964 <p>	2207 <li>Fixed LongDescription elements in xm l:withMessages output

1965 Changes since version 0.9.4:	2208 format (K. Hashimoto)</li>

1966 </p>	2209 </ul>

1967 <ul>	2210

1968 <li>	2211 <p>Changes since version 0.8.6:</p>

1969 New detectors	2212

1970 <ul>	2213 <ul>

1971 <li>	2214 <!-- new detectors -->

1972 VarArgsP roblems.java	2215 <li>Extend Naming detector to look for c lasses that are named

1973 </li>	2216 XXXException but that are not Ex ceptions (Dave Brosius)</li>

1974 <li>	2217 <li>New detector to find classes that ex pose semaphores in the

1975 FindSqlI njection.java: now enabled	2218 public implementation through th e 'this' reference. (Dave Brosius)

1976 </li>	2219 </li>

1977 <li>	2220 <li>New Style detector to find Struts Ac tion/Servlet derived

1978 Comparat orIdiom.java: comparators usually implement	2221 classes that reference instance member variable not in

1979 serializ able	2222 synchronized blocks. (Dave Brosi us)</li>

1980 </li>	2223 <li>New Style detector to find classes t hat declare

1981 <li>	2224 implementation of interfaces tha t are already implemented by super

1982 Naming.j ava: detect methods not overridden due to eponymously	2225 classes (Dave Brosius)</li>

1983 typed ar gs from different packages	2226 <li>New Style detector to find circular dependencies between

1984 </li>	2227 classes (Dave Brosius)</li>

1985 </ul>	2228 <li>New Style detector to find unnecessa ry math on constants

1986 </li>	2229 (Dave Brosius)</li>

1987 <li>	2230 <li>New detector to find equality compar isons using floating

1988 Updated detectors	2231 point math (Jay Dunning)</li>

1989 <ul>	2232 <li>New faster detector to find local se lf assignments (Bill

1990 <li>	2233 Pugh)</li>

1991 SwitchFa llthrough.java: surpress some false positives	2234 <li>New detector to find infinite recurs ive loops (Bill Pugh)

1992 </li>	2235 </li>

1993 <li>	2236 <li>New detector to find for loops with an incorrect increment

1994 Duplicat eBranches.java: surpress some false positives	2237 (Bill Pugh)</li>

1995 </li>	2238 <li>New detector to find suspicious uses of

1996 <li>	2239 BufferedReader.readLine() and St ring.indexOf() (Bill Pugh)</li>

1997 Iterator Idioms.java: surpress some false positives	2240 <li>New detector to find suspicious inte ger to double casts

1998 </li>	2241 (David Hovemeyer, Bill Pugh)</li >

1999 <li>	2242 <li>New detector to find invalid regular expression patterns

2000 FindHEmi smatch.java: surpress some false positives	2243 (Bill Pugh)</li>

2001 </li>	2244 <li>New detector to find Bloch/Gafter Ja va puzzlers (Bill

2002 <li>	2245 Pugh)</li>

2003 Question ableBooleanAssignment.java: finds more cases of	2246

2004 <tt>if ( b=true)</tt> ilk	2247 <!-- feature enhancements -->

2005 </li>	2248 <li>New system property to suppress repo rting of DLS based on

2006 <li>	2249 local variable name (Glenn Boysk o)</li>

2007 DumbMeth ods.java: detect int remainder by 1, delayed gc errors	2250 <li>Enhancements to configuration dialog in Eclipse plugin,

2008 </li>	2251 allow for saving enabled detecto rs in Eclipse projects (Phil

2009 <li>	2252 Crosby)</li>

2010 Serializ ableIdiom.java: detect store of nonserializable object	2253 <li>Sortable columns in detector dialog (Dave Brosius)</li>

2011 into fie ld of serializable class	2254 <li>New tab in gui for showing bugs grou ped by category (Dave

2012 </li>	2255 Brosius)</li>

2013 <li>	2256 <li>Improved German translation of Swing GUI (Thomas Kuehne)</li>

2014 FindNull Deref.java: fix potential exception	2257 <li>Improved source file reporting in Em acs output format (Len

2015 </li>	2258 Trigg)</li>

2016 <li>	2259 <li>Improvements to redundant null compa rison detector (Bill

2017 IsNullVa lue.java: fix potential exception	2260 Pugh)</li>

2018 </li>	2261 <li>Localization of run analysis and ana lysis error dialogs in

2019 <li>	2262 Swing GUI (K. Hashimoto)</li>

2020 Multithr eadedInstanceAccess.java: fix potential exception	2263

2021 </li>	2264 <!-- Bug fixes -->

2022 <li>	2265 <li>Don't scan equals methods in FindHEM ismatch if code is

2023 PreferZe roLengthArrays.java: flag the method, not the line	2266 native (Greg Bentz)</li>

2024 </li>	2267 <li>French translation fixes (David Cott on)</li>

2025 </ul>	2268 <li>Internationalization report fixes (K . Hashimoto)</li>

2026 </li>	2269 <li>Japanese translations updates (SHISE I Hanai)</li>

2027 <li>	2270 </ul>

2028 Remove some inadvertent dependencies on JDK 1.5	2271

2029 </li>	2272 <p>Changes since version 0.8.5:</p>

2030 <li>	2273 <ul>

2031 Sort order should be mor e consistent	2274 <!-- new detectors -->

2032 </li>	2275 <li>New detector to find catch blocks th at may inadvertently

2033 <li>	2276 catch runtime exceptions (Brian Goetz)</li>

2034 XML output changes	2277 <li>New detector to find objects that ar e instantiated based

2035 <ul>	2278 on classes that only have static methods and fields, using the

2036 <li>	2279 synthesized constructor (Dave Br osius)</li>

2037 Option t o sort XML bug output	2280 <li>New detector to find calls to Thread .interrupted() in a

2038 </li>	2281 non static context, and especial ly with non currentThread()

2039 <li>	2282 threads (Dave Brosius)</li>

2040 Now cont ains instance IDs	2283 <li>New detector to find calls to equals () methods that use

2041 </li>	2284 Object's version. (Dave Brosius) </li>

2042 <li>	2285 <li>New detector to find Applets that ca ll methods in the

2043 uid no l onger missing (was causing problems with fancy HTML	2286 constructor refering to the Appl etStub (Dave Brosius)</li>

2044 output)	2287 <li>New detector to find some cases of i nfinite recursion

2045 </li>	2288 (Bill Pugh)</li>

2046 <li>	2289 <li>New detector to find dead stores to local variables (David

2047 Typo fix ed	2290 Hovemeyer, Bill Pugh)</li>

2048 </li>	2291 <li>Extend Dumb Method detector for toUp perCase(),

2049 </ul>	2292 toLowerCase() without a locale, new Integer(1).toString(), new

2050 </li>	2293 XXX().getClass(), and new Thread () without a run implementation

2051 <li>	2294 (Dave Brosius) <!-- feature enha ncements -->

2052 Internal changes to trac k source files,	2295 </li>

2053 <tt>-sourceInfo</tt> opt ion	2296 <li>Ant task supports "errorProperty" at tribute, which sets an

2054 </li>	2297 Ant property to "true" if an err or occurs running FindBugs

2055 <li>	2298 (Michael Tamm)</li>

2056 Bug matching: first try exact bug pattern matching, option to	2299 <li>Eclipse plugin allows filtering of w arnings by bug

2057 compare priorities, opti on to disable package moves	2300 category, priority (David Hoveme yer)</li>

2058 </li>	2301 <li>Swing GUI allows filtering of warnin gs by bug category

2059 <li>	2302 (David Hovemeyer)</li>

2060 Architecture documentati on in	2303 <li>Ability to annotate methods using Ja va 1.5 annotations

2061 <tt>design/architecture< /tt>	2304 that suppress FindBugs warnings (Bill Pugh)</li>

2062 </li>	2305 <li>New -adjustExperimental for lowering priority of

2063 <li>	2306 BugPatterns that are experimenta l (Dave Brosius)</li>

2064 Test cases move into the ir own CVS project	2307 <li>Allow for command line options 'file s' using the @ symbol

2065 </li>	2308 (David Hovemeyer)</li>

2066 <li>	2309 <li>New -adjustPriority command line opt ion to for adjusting

2067 Don't report warnings th at occur outside the analyzed classes	2310 bug priorites (David Hovemeyer)< /li>

2068 </li>	2311 <li>Added an Edit menu (cut/copy/paste) to Swing GUI (Dave

2069 <li>	2312 Brosius)</li>

2070 Fixes to the build.xml f iles	2313 <li>French translation supplied (David C otton) <!-- Bug fixes -->

2071 </li>	2314 </li>

2072 <li>	2315 </ul>

2073 Better handling of @Chec kReturnValue and @CheckForNull	2316

2074 annotations (also, some additional methods searched for check	2317 <p>Changes since version 0.8.4:</p>

2075 return value and check f or null)	2318 <ul>

2076 </li>	2319 <!-- new detectors -->

2077 <li>	2320 <li>New detector for volatile references to arrays (Bill Pugh)

2078 Fixed some stream-closin g bugs (one by	2321 </li>

2079 <tt>z-fb-user</tt>/Dave Brosius)	2322 <li>New detector to find instanceof usag e where inheritance

2080 </li>	2323 can be determined statically (Da ve Brosius)</li>

2081 <li>	2324 <li>New detector to find ResultSet.getXX X updateXXX calls

2082 Bug priority changes	2325 using index 0 (Dave Brosius)</li >

2083 <ul>	2326 <li>New detector to find empty zip or ja r entries (Bill Pugh)

2084 <li>

2085 increase priority of ignoring return value of

2086 java.sql .Connection methods

2087 </li>

2088 <li>

2089 increase priority of comparing classes like Integer using

2090 <tt>==</ tt>

2091 </li>

2092 <li>

2093 decrease priority of IT_NO_SUCH_ELEMENT if we see any call to

2094 <tt>next ()</tt>

2095 </li>

2096 <li>

2097 tweak pr iority of NM_METHOD_CONSTRUCTOR_CONFUSION

2098 </li>

2099 <li>

2100 decrease priority of RV_RETURN_VALUE_IGNORED for an inherited

2101 annotati on that doesn't return same type as class

2102 </li>

2103 </ul>

2104 </li>

2105 <li>

2106 Updated bug explanations

2107 <ul>

2108 <li>

2109 RCN_REDU NDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

2110 </li>

2111 <li>

2112 DP_CREAT E_CLASSLOADER_INSIDE_DO_PRIVILEGED

2113 </li>

2114 <li>

2115 IMA_INEF FICIENT_MEMBER_ACCESS (Dave Brosius)

2116 </li>

2117 <li>

2118 some Jap anese improvements to messages_ja.xml (

2119 <tt>ruim o</tt>)

2120 </li>

2121 <li>

2122 some Ger man improvements to findbugs_de.properties (Dave

2123 Brosius,

2124 <tt>dvho lten</tt>)

2125 </li>

2126 </ul>

2127 </li>

2128 <li>

2129 Updated test case files

2130 <ul>

2131 <li>

2132 BadInteg erOperations.java

2133 </li>

2134 <li>

2135 SecondKa boom.java

2136 </li>

2137 <li>

2138 OpenData base.java (Dave Brosius)

2139 </li>

2140 <li>

2141 FindOpen Stream.java (Dave Brosius)

2142 </li>

2143 <li>

2144 BadRando mInt.java

2145 </li>

2146 </ul>

2147 </li>

2148 <li>

2149 Source-lines info mainta ined for methods (handy for abstract and

2150 native methods)

2151 </li>

2152 <li>

2153 Remove surrounding opcod es from source line annotations

2154 </li>

2155 <li>

2156 Better error when can't read file

2157 </li>

2158 <li>

2159 Swing GUI: removed conso le pane from FindBugsFrame, fix missing

2160 classes bug

2161 </li>

2162 <li>

2163 Fixes to OpcodeStack.jav a

2164 </li>

2165 <li>

2166 Detectors may attach a c ustom value to an OpcodeStack.Item (Dave

2167 Brosius)

2168 </li>

2169 <li>

2170 Filter.java: ability to add text messages to XML output, fix bug

2171 with

2172 <tt>-withMessages</tt>

2173 </li>

2174 <li>

2175 SourceInfoMap supports r anges of source lines

2176 </li>

2177 <li>

2178 Ant task supports the

2179 <tt>timestampNow</tt> at tribute

2180 </li>

2181 </ul>

2182

2183 <p>

2184 Changes since version 0.9.3:

2185 </p>

2186 <ul>

2187 <li>

2188 Substantial rework of da tamining code

2189 </li>

2190 <li>

2191 Removed bogus warnings a bout await on things other than Condition

2192 not being in a loop

2193 </li>

2194 <li>

2195 Fixed bug in OpcodeStack handling of dup2 of long/double values

2196 </li>

2197 <li>

2198 Don't report array types as missing classes

2199 </li>

2200 <li>

2201 Adjustment of some warni ngs on ignored return values

2202 </li>

2203 <li>

2204 Added thread safety anno tations from Java Concurrency in Practice

2205 (no detectors written fo r these yet)

2206 </li>

2207 <li>

2208 Added annotation for met hods that, if overridden, should be

2209 invoked by overriding me thods via a call to super

2210 </li>

2211 <li>

2212 Updated -html:fancy.xsl (Etienne Giraudy)

2213 </li>

2214 </ul>

2215

2216 <p>

2217 Note: there was no version 0.9.2

2218 </p>

2219

2220 <p>

2221 Changes since version 0.9.1:

2222 </p>

2223 <ul>

2224 <!-- New detectors -->

2225 <li>

2226 Embellish USM to find ab stract methods that implement an

2227 interface method (Dave B rosius)

2228 </li>

2229 <li>

2230 New detector to find sto res of literal booleans inside if or

2231 while expressions (Dave Brosius)

2232 </li>

2233 <li>

2234 New style detector to fi nd final classes that declare protected

2235 fields (Dave Brosius)

2236 </li>

2237 <li>

2238 New detector to find sub class methods that simply forward,

2239 verbatim, to the super c lass (Dave Brosius)

2240 </li>

2241 <li>

2242 Detector to find instanc es where code is attempting to write an

2243 object out via an implem entation of DataOutput, but the object is

2244 not guaranteed to be Ser ializable (Jon Christiansen, Bill Pugh)

2245 </li>

2246

2247 <!-- Feature enhancements -->

2248 <li>

2249 Large (35%) analysis spe edup (Bill Pugh)

2250 </li>

2251 <li>

2252 Add line numbers to Swin g GUI code panel (Dave Brosius)

2253 </li>

2254 <li>

2255 Added effort options to Swing GUI (Dave Brosius)

2256 </li>

2257 <li>

2258 Add ability to specify b ugs file to open from command line for

2259 GUI version, through -lo adbugs (Phillip Martin)

2260 </li>

2261 <li>

2262 New stylesheet for gener ating HTML: use option

2263 <tt>-html:plain.xsl</tt> (Chris Nappin)

2264 </li>

2265 <li>

2266 New stylesheet for gener ating HTML: use option

2267 <tt>-html:fancy.xsl</tt> (Etienne Giraudy)

2268 </li>

2269 <li>

2270 Updated Japanese bug mes sage translations (Shisei Hanai)

2271 </li>

2272

2273 <!-- Bug fixes -->

2274 <li>

2275 XHTML compliance fixes f or bug details (Etienne Giraudy)

2276 </li>

2277 <li>

2278 Various detector fixes ( Shisei Hanai)

2279 </li>

2280 <li>

2281 Fixed bugs in the projec t preferences dialog int the Eclipse

2282 plugin (Takashi Okamoto, Thomas Einwaller)

2283 </li>

2284 <li>

2285 Lowered priority of anal ysis thread in Swing GUI (David

2286 Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)

2287 </li>

2288 <li>

2289 Fixed EclipsePlugin to c orrectly pick up auxclasspath entries

2290 (Jon Christiansen)

2291 </li>

2292 </ul>

2293

2294 <p>

2295 Changes since version 0.9.0:

2296 </p>

2297 <ul>

2298 <li>

2299 Fixed dependence on JRE 1.5: all features should work on JRE 1.4

2300 again

2301 </li>

2302 <li>

2303 Fixed -effort command li ne option handling for Swing GUI

2304 </li>

2305 <li>

2306 Fixed conserveSpace and workHard attributes int Ant task

2307 </li>

2308 <li>

2309 Added support for effort attribute in Ant task

2310 </li>

2311 </ul>

2312

2313 <p>

2314 Changes since version 0.8.8:

2315 </p>

2316 <ul>

2317 <!-- New detectors and bug patte rns -->

2318 <li>

2319 XMLFactoryBypass detecto r to find direct allocation of xml class

2320 implementations (Dave Br osius)

2321 </li>

2322 <li>

2323 InefficientMemberAccess detector to find accesses to owning class

2324 private members (Dave Br osius)

2325 </li>

2326 <li>

2327 DuplicateBranches detect or checks switch statements too (Dave

2328 Brosius)

2329 </li>

2330

2331 <!-- Feature enhancements -->

2332 <li>

2333 FindBugs available from findbugs.sourceforge.net as Java Web

2334 Start application (Dave Brosius)

2335 </li>

2336 <li>

2337 Updated Japanese bug mes sage translations (Shisei Hanai)

2338 </li>

2339 <li>

2340 Improved bug detail mess age for covariant equals() (Shisei Hanai)

2341 </li>

2342 <li>

2343 Modeling of instanceof c hecks is now enabled by default, making

2344 the bad cast detector mu ch more useful (Bill Pugh, David

2345 Hovemeyer)

2346 </li>

2347 <li>

2348 Support for detector ord ering constraints in plugin descriptor

2349 (David Hovemeyer)

2350 </li>

2351 <li>

2352 Simpler option to contro l analysis effort: -effort:

2353 <i>value</i>, where

2354 <i>value</i> is one of

2355 <code>

2356 min

2357 </code>

2358 ,

2359 <code>

2360 default

2361 </code>

2362 , or

2363 <code>

2364 max

2365 </code>

2366 (David Hovemeyer)

2367 </li>

2368 <li>

2369 Using -effort:max, FindN ullDeref checks for null arguments passed

2370 to methods which derefer ence them unconditionally (David

2371 Hovemeyer)

2372 </li>

2373 <li>

2374 FindNullDeref checks @Nu ll and @NonNull annotations for

2375 parameters and return va lues (David Hovemeyer)

2376 </li>

2377

2378 <!-- Bug fixes -->

2379 </ul>

2380

2381 <p>

2382 Changes since version 0.8.7:

2383 </p>

2384

2385 <ul>

2386 <!-- New detectors and bug patte rns -->

2387 <li>

2388 New detector to find dup licate code in if/else statements (Dave

2389 Brosius)

2390 </li>

2391 <li>

2392 Look for calls to wait() on Condition objects (David Hovemeyer)

2393 </li>

2394 <li>

2395 Look for java.util.concu rrent.Lock objects not released on every

2396 path out of method (Davi d Hovemeyer)

2397 </li>

2398 <li>

2399 Look for calls to Thread .sleep() with a lock held (David

2400 Hovemeyer)

2401 </li>

2402 <li>

2403 More accurate detection of impossible casts (Bill Pugh, David

2404 Hovemeyer)

2405 </li>

2406

2407 <!-- Feature enhancements -->

2408 <li>

2409 Saved XML now contains p roject statistics (Jay Dunning)

2410 </li>

2411 <li>

2412 Filter files can select by bug pattern type and warning priority

2413 (David Hovemeyer)

2414 </li>

2415

2416 <!-- Bug fixes -->

2417 <li>

2418 Restored some files inad vertently omitted from previous release

2419 (Rohan Lloyd, David Hove meyer)

2420 </li>

2421 <li>

2422 Make sure detectors requ iring JDK 1.5 runtime classes are only

2423 executed if those classe s are available (David Hovemeyer)

2424 </li>

2425 <li>

2426 Don't display analysis e rror dialog unless there is really an

2427 error (David Hovemeyer)

2428 </li>

2429 <li>

2430 Updated and expanded Fre nch translations of bug patterns and

2431 Swing GUI (Olivier Paren t)

2432 </li>

2433 <li>

2434 Fixed invalid character encoding in German Swing GUI translation

2435 (Olivier Parent)

2436 </li>

2437 <li>

2438 Fix locale used for date format in project stats (K. Hashimoto)

2439 </li>

2440 <li>

2441 Fixed LongDescription el ements in xml:withMessages output format

2442 (K. Hashimoto)

2443 </li>

2444 </ul>

2445

2446 <p>

2447 Changes since version 0.8.6:

2448 </p>

2449

2450 <ul>

2451 <!-- new detectors -->

2452 <li>

2453 Extend Naming detector t o look for classes that are named

2454 XXXException but that ar e not Exceptions (Dave Brosius)

2455 </li>

2456 <li>

2457 New detector to find cla sses that expose semaphores in the public

2458 implementation through t he 'this' reference. (Dave Brosius)

2459 </li>

2460 <li>

2461 New Style detector to fi nd Struts Action/Servlet derived classes

2462 that reference instance member variable not in synchronized

2463 blocks. (Dave Brosius)

2464 </li>

2465 <li>

2466 New Style detector to fi nd classes that declare implementation of

2467 interfaces that are alre ady implemented by super classes (Dave

2468 Brosius)

2469 </li>

2470 <li>

2471 New Style detector to fi nd circular dependencies between classes

2472 (Dave Brosius)

2473 </li>

2474 <li>

2475 New Style detector to fi nd unnecessary math on constants (Dave

2476 Brosius)

2477 </li>

2478 <li>

2479 New detector to find equ ality comparisons using floating point

2480 math (Jay Dunning)

2481 </li>

2482 <li>

2483 New faster detector to f ind local self assignments (Bill Pugh)

2484 </li>

2485 <li>

2486 New detector to find inf inite recursive loops (Bill Pugh)

2487 </li>

2488 <li>

2489 New detector to find for loops with an incorrect increment (Bill

2490 Pugh)

2491 </li>

2492 <li>

2493 New detector to find sus picious uses of BufferedReader.readLine()

2494 and String.indexOf() (Bi ll Pugh)

2495 </li>

2496 <li>

2497 New detector to find sus picious integer to double casts (David

2498 Hovemeyer, Bill Pugh)

2499 </li>

2500 <li>

2501 New detector to find inv alid regular expression patterns (Bill

2502 Pugh)

2503 </li>

2504 <li>

2505 New detector to find Blo ch/Gafter Java puzzlers (Bill Pugh)

2506 </li>

2507	2327

2508 <!-- feature enhancements -->	2328 <!-- feature enhancements -->

2509 <li>	2329 </li>

2510 New system property to s uppress reporting of DLS based on local	2330 <li>HTML output generation using built-i n XSLT stylesheet or

2511 variable name (Glenn Boy sko)	2331 user-defined stylesheet (David H ovemeyer)</li>

2512 </li>	2332 <li>Allow URLs to be specified to analyz e zip/jar files, local

2513 <li>	2333 directories, and single classfil es (David Hovemeyer)</li>

2514 Enhancements to configur ation dialog in Eclipse plugin, allow for	2334 <li>New command line option -onlyAnalyze restricts analysis to

2515 saving enabled detectors in Eclipse projects (Phil Crosby)	2335 selected classes and packages wi thout reducing accuracy (David

2516 </li>	2336 Hovemeyer)</li>

2517 <li>	2337 <li>Allow Swing GUI to show source code in jar files on

2518 Sortable columns in dete ctor dialog (Dave Brosius)	2338 Windows systems (Dave Brosius) < !-- Bug fixes -->

2519 </li>	2339 </li>

2520 <li>	2340 <li>Fix the Switch Fall Thru detector (D ave Brosius, David

2521 New tab in gui for showi ng bugs grouped by category (Dave	2341 Hovemeyer, Bill Pugh)</li>

2522 Brosius)	2342 <li>MacOS GUI fixes (Rohan Lloyd)</li>

2523 </li>	2343 <li>Fix false positive in BOA in case wh ere method is

2524 <li>	2344 correctly and 'incorrectly' over ridden (Dave Brosius)</li>

2525 Improved German translat ion of Swing GUI (Thomas Kuehne)	2345 <li>Fixed memory blowup when analyzing m ethods which access a

2526 </li>	2346 large number of fields (David Ho vemeyer)</li>

2527 <li>	2347 </ul>

2528 Improved source file rep orting in Emacs output format (Len Trigg)	2348

2529 </li>	2349 <p>Changes since version 0.8.3:</p>

2530 <li>	2350 <ul>

2531 Improvements to redundan t null comparison detector (Bill Pugh)	2351 <li>Initial and preliminary localization of the Swing

2532 </li>	2352 GUI.  Translations by:

2533 <li>	2353 <ul>

2534 Localization of run anal ysis and analysis error dialogs in Swing	2354 <li>German - Peter D. St out, Holger Stenzhorn</li>

2535 GUI (K. Hashimoto)	2355 <li>Finnish - Juha Knuut ila</li>

2536 </li>	2356 <li>Estonian - Tanel Leb edev</li>

2537	2357 <li>Japanese - Hanai Shi sei</li>

2538 <!-- Bug fixes -->	2358 </ul>

2539 <li>	2359 </li>

2540 Don't scan equals method s in FindHEMismatch if code is native	2360 <li>Eliminated debug print statements in advertently left

2541 (Greg Bentz)	2361 enabled</li>

2542 </li>	2362 <li>Reverted some changes in the open st ream detector: this

2543 <li>	2363 should fix some false positives that were introduced in the

2544 French translation fixes (David Cotton)	2364 previous release</li>

2545 </li>	2365 <li>Fixed a couple missing class reports </li>

2546 <li>	2366 </ul>

2547 Internationalization rep ort fixes (K. Hashimoto)	2367

2548 </li>	2368 <p>Changes since version 0.8.2:</p>

2549 <li>	2369 <ul>

2550 Japanese translations up dates (SHISEI Hanai)	2370

2551 </li>	2371 <!-- New detectors -->

2552 </ul>	2372 <li>New detector to find improperly over ridden GUI Adapter

2553	2373 classes (Dave Brosius)</li>

2554 <p>	2374 <li>New detector to find improperly setu p JUnit TestCases

2555 Changes since version 0.8.5:	2375 (Dave Brosius)</li>

2556	2376 <li>New detector to find variables that mask class level

2557 </p>	2377 fields (Dave Brosius)</li>

2558 <ul>	2378 <li>New detector to find comparisons of values computed with

2559 <!-- new detectors -->	2379 bitwise operators that always yi eld the same result (Tom Truscott)

2560 <li>	2380 </li>

2561 New detector to find cat ch blocks that may inadvertently catch	2381 <li>New detector to find unsafe getClass ().getResource() calls

2562 runtime exceptions (Bria n Goetz)	2382 (Bill Pugh)</li>

2563 </li>	2383 <li>New detector to find GUI changes not in GUI thread but in

2564 <li>	2384 static main (Bill Pugh)</li>

2565 New detector to find obj ects that are instantiated based on	2385 <li>New detector to find calls to Collec tion.toArray() with

2566 classes that only have s tatic methods and fields, using the	2386 zero-length array argument; it i s more efficient to pass an array

2567 synthesized constructor (Dave Brosius)	2387 the size of the collection, whic h can be populated and returned as

2568 </li>	2388 the result (Dave Brosius) <!-- A nalysis improvements -->

2569 <li>	2389 </li>

2570 New detector to find cal ls to Thread.interrupted() in a non	2390 <li>Better suppression of false warnings in various detectors

2571 static context, and espe cially with non currentThread() threads	2391 (Bill Pugh, David Hovemeyer)</li >

2572 (Dave Brosius)	2392 <li>Enhancement to ReadReturnShouldBeChe cked detector for

2573 </li>	2393 skip() (Dave Brosius)</li>

2574 <li>	2394 <li>Enhancement to DumbMethods detector (Dave Brosius)</li>

2575 New detector to find cal ls to equals() methods that use Object's	2395 <li>Open stream detector does not report wrappers of streams

2576 version. (Dave Brosius)	2396 passed as method parameters (Dav id Hovemeyer) <!-- Feature enhancements -->

2577 </li>	2397 </li>

2578 <li>	2398 <li>Cancel confirmation dialog in Swing GUI (Pete Angstadt)</li>

2579 New detector to find App lets that call methods in the constructor	2399 <li>Better relative path saving in Proje ct file (Dave Brosius)

2580 refering to the AppletSt ub (Dave Brosius)	2400 </li>

2581 </li>	2401 <li>Detector Priority in GUI is now save d in prefs file (Dave

2582 <li>	2402 Brosius)</li>

2583 New detector to find som e cases of infinite recursion (Bill Pugh)	2403 <li>Controls in GUI to reorder source an d classpath entries,

2584 </li>	2404 and ability to flip between Proj ect details and bugs pages (Dave

2585 <li>	2405 Brosius)</li>

2586 New detector to find dea d stores to local variables (David	2406 <li>In Swing GUI, analysis error dialog supports "Select All"

2587 Hovemeyer, Bill Pugh)	2407 and "Copy" operations for easy g eneration of error reports (Dave

2588 </li>	2408 Brosius)</li>

2589 <li>	2409 <li>Complete translation of bug descript ions and messages into

2590 Extend Dumb Method detec tor for toUpperCase(), toLowerCase()	2410 Japanese (Hanai Shisei) <!-- Bug fixes -->

2591 without a locale, new In teger(1).toString(), new	2411 </li>

2592 XXX().getClass(), and ne w Thread() without a run implementation	2412 <li>Fixed bug in DroppedException detect or (Dave Brosius) <!-- Development stuff -->

2593 (Dave Brosius)	2413 </li>

2594 <!-- feature enhancement s -->	2414 <li>The source distribution defaults to using JDK 1.5 javac to

2595 </li>	2415 compile, but support for compili ng with JSR-14 prototype is still

2596 <li>	2416 supported</li>

2597 Ant task supports "error Property" attribute, which sets an Ant	2417 </ul>

2598 property to "true" if an error occurs running FindBugs (Michael	2418

2599 Tamm)	2419 <p>Changes since version 0.8.1:</p>

2600 </li>	2420 <ul>

2601 <li>	2421 <li>Fixed a critical ClassCastException bug (triggered if the

2602 Eclipse plugin allows fi ltering of warnings by bug category,	2422 -workHard option was used, and a n exception type was merged with

2603 priority (David Hovemeye r)	2423 an array type during type infere nce)</li>

2604 </li>	2424 </ul>

2605 <li>	2425

2606 Swing GUI allows filteri ng of warnings by bug category (David	2426 <p>Changes since version 0.8.0:</p>

2607 Hovemeyer)	2427 <ul>

2608 </li>	2428 <li>Disabled SwitchFallthrough detector to work around

2609 <li>	2429 NullPointerExceptions</li>

2610 Ability to annotate meth ods using Java 1.5 annotations that	2430 <li>Added some additional false positive suppression

2611 suppress FindBugs warnin gs (Bill Pugh)	2431 heuristics</li>

2612 </li>	2432 </ul>

2613 <li>	2433

2614 New -adjustExperimental for lowering priority of BugPatterns that	2434 <p>Also, two contributors to the 0.8.0 release w ere

2615 are experimental (Dave B rosius)	2435 inadvertently left out of the credits:</ p>

2616 </li>	2436 <ul>

2617 <li>	2437 <li>Pete Angstadt fixed several problems in the Swing GUI</li>

2618 Allow for command line o ptions 'files' using the @ symbol (David	2438 <li>Francis Lalonde provided a task reso urce file for the

2619 Hovemeyer)	2439 FindBugs Ant task</li>

2620 </li>	2440 </ul>

2621 <li>	2441

2622 New -adjustPriority comm and line option to for adjusting bug	2442 <p>Changes since version 0.7.4:</p>

2623 priorites (David Hovemey er)	2443 <ul>

2624 </li>	2444 <li>New detector to look for uses of "+" operator to

2625 <li>	2445 concatenate String objects in a loop (Dave Brosius)</li>

2626 Added an Edit menu (cut/ copy/paste) to Swing GUI (Dave Brosius)	2446 <li>Reference comparison detector looks for places where the

2627 </li>	2447 argument passed to the equals(Ob ject) method isn't the same type

2628 <li>	2448 as the receiver object</li>

2629 French translation suppl ied (David Cotton)	2449 <li>Better suppression of false warnings in many detectors</li>

2630 <!-- Bug fixes -->	2450 <li>Many improvements to Eclipse plugin (Andrey Loskutov,

2631 </li>	2451 Peter Friese)</li>

2632 </ul>	2452 <li>Fixed problem with building Eclipse plugin on Windows

2633	2453 (Thomas Klaeger)</li>

2634 <p>	2454 <li>Open stream detector looks for unclo sed PreparedStatement

2635 Changes since version 0.8.4:	2455 objects (Thomas Klaeger, Rohan L loyd)</li>

2636	2456 <li>Fix for open stream detector: it was n't detecting close()

2637 </p>	2457 methods called through an invoke interface instruction (Thomas

2638 <ul>	2458 Klaeger)</li>

2639 <!-- new detectors -->	2459 <li>Refactoring of visitor classes to en force use of accessors

2640 <li>	2460 for visited class features (Bria n Goetz)</li>

2641 New detector for volatil e references to arrays (Bill Pugh)	2461 </ul>

2642 </li>	2462

2643 <li>	2463 <p>Changes since version 0.7.3:</p>

2644 New detector to find ins tanceof usage where inheritance can be	2464 <ul>

2645 determined statically (D ave Brosius)	2465 <li>Experimental modification of open st ream detector to look

2646 </li>	2466 for non-escaping JDBC resources (connections and statements) that

2647 <li>	2467 aren't closed on all paths out o f method</li>

2648 New detector to find Res ultSet.getXXX updateXXX calls using index	2468 <li>Eclipse plugin fixed so it compiles and runs on Eclipse

2649 0 (Dave Brosius)	2469 2.1.x (Peter Friese)</li>

2650 </li>	2470 <li>Option to Swing GUI and command line to generate project

2651 <li>	2471 file using relative paths for ar chives, source directories, and

2652 New detector to find emp ty zip or jar entries (Bill Pugh)	2472 aux classpath entries (Dave Bros ius)</li>

2653	2473 <li>Improvements to findbugs.bat script for launching FindBugs

2654 <!-- feature enhancement s -->	2474 on Windows (Dave Brosius)</li>

2655 </li>	2475 <li>Updated Japanese message translation s (Hiroshi Okugawa)</li>

2656 <li>	2476 <li>Uncalled private methods are now rep orted as low priority,

2657 HTML output generation u sing built-in XSLT stylesheet or	2477 unless they have the same name a s another method in the class

2658 user-defined stylesheet (David Hovemeyer)	2478 (which is more likely to indicat e an actual bug)</li>

2659 </li>	2479 <li>Added some missing data in the bug m essages XML files</li>

2660 <li>	2480 <li>Fixed some problems building from so urce on Windows

2661 Allow URLs to be specifi ed to analyze zip/jar files, local	2481 systems</li>

2662 directories, and single classfiles (David Hovemeyer)	2482 <li>Various minor bug fixes</li>

2663 </li>	2483 </ul>

2664 <li>	2484

2665 New command line option -onlyAnalyze restricts analysis to	2485 <p>Changes since version 0.7.2:</p>

2666 selected classes and pac kages without reducing accuracy (David	2486 <ul>

2667 Hovemeyer)	2487 <li>Enhanced Eclipse plugin, which displ ays the detailed bug

2668 </li>	2488 description in a view (Phil Cros by)</li>

2669 <li>	2489 <li>Various tweaks to existing detectors to reduce false

2670 Allow Swing GUI to show source code in jar files on Windows	2490 warnings</li>

2671 systems (Dave Brosius)	2491 <li>New command line option <code> -work Hard </code> enables

2672	2492 pruning of infeasible or unlikel y exception edges, which results

2673 <!-- Bug fixes -->	2493 in better accuracy in the open s tream detector, at the expense of

2674 </li>	2494 a 30%-100% slowdown

2675 <li>	2495 </li>

2676 Fix the Switch Fall Thru detector (Dave Brosius, David Hovemeyer,	2496 <li>New website and HTML documentation d esign</li>

2677 Bill Pugh)	2497 <li>Documentation includes an HTML docum ent with descriptions

2678 </li>	2498 of all bug patterns reported by FindBugs</li>

2679 <li>	2499 <li>Web page has a link to a <a

2680 MacOS GUI fixes (Rohan L loyd)	2500 href="http://www.simeji.com/find bugs/doc/manual_ja/index.html">Japanese

2681 </li>	2501 translation</a> of the F indBugs manual, contributed by Hiroshi

2682 <li>	2502 Okugawa

2683 Fix false positive in BO A in case where method is correctly and	2503 </li>

2684 'incorrectly' overridden (Dave Brosius)	2504 <li>Changed the Inconsistent Synchroniza tion detector so that

2685 </li>	2505 fields synchronized 50% of the t ime (or more) are reported as

2686 <li>	2506 medium priority bugs (previously they were reported as low)</li>

2687 Fixed memory blowup when analyzing methods which access a large	2507 <li>New detector to find code that catch es

2688 number of fields (David Hovemeyer)	2508 IllegalMonitorStateException</li >

2689 </li>	2509 <li>New detector to find private methods that are never called

2690 </ul>	2510 </li>

2691	2511 <li>New detector to find suspicious uses of

2692 <p>	2512 non-short-circuiting boolean ope rators ( <code> & </code> and

2693 Changes since version 0.8.3:	2513 <code> \| </code> , rather than < code> && </code> and <code>

2694 </p>	2514 \|\| </code> )

2695 <ul>	2515 </li>

2696 <li>	2516 </ul>

2697 Initial and preliminary localization of the Swing GUI.	2517

2698 Translations by:	2518 <p>Changes since version 0.7.1:</p>

2699 <ul>	2519 <ul>

2700 <li>	2520 <li>Incorporated patched version of BCEL , which allows classes

2701 German - Peter D. Stout, Holger Stenzhorn	2521 compiled with JDK 1.5.0 beta to be analyzed</li>

2702 </li>	2522 <li>Fixed some bugs related to lookups o f array classes</li>

2703 <li>	2523 <li>Fixed bug that prevented GUI from lo ading XML result files

2704 Finnish - Juha Knuutila	2524 when running under JDK 1.5.0 bet a</li>

2705 </li>	2525 <li>Added new experimental bug detector, LazyInit, which looks

2706 <li>	2526 for potentially buggy lazy initi alizations of static fields</li>

2707 Estonian - Tanel Lebedev	2527 <li>Because of long filenames, switched to distributing the

2708 </li>	2528 source archive as a zip file rat her than a tar file</li>

2709 <li>	2529 <li>The 0.7.1 source tarfile was botched - 0.7.2 has a valid

2710 Japanese - Hanai Shisei	2530 source archive</li>

2711 </li>	2531 <li>Fixed some problems in the Ant build script</li>

2712 </ul>	2532 <li>Fixed NullPointerException when chec king Class-Path

2713 </li>	2533 attribute for Jar files without manifests</li>

2714 <li>	2534 <li>Generate version numbers for the cor e and UI Eclipse

2715 Eliminated debug print s tatements inadvertently left enabled	2535 plugins using the Version class; all version numbers are now in a

2716 </li>	2536 common location</li>

2717 <li>	2537 </ul>

2718 Reverted some changes in the open stream detector: this should	2538

2719 fix some false positives that were introduced in the previous	2539 <p>Changes since version 0.7.0:</p>

2720 release	2540 <ul>

2721 </li>	2541 <li>Eclipse plugin (contributed by Peter Friese)</li>

2722 <li>	2542 <li>Source package structure rearranged: all source (other

2723 Fixed a couple missing c lass reports	2543 than Eclipse plugin UI) is in th e edu.umd.cs.findbugs package, or

2724 </li>	2544 a subpackage</li>

2725 </ul>	2545 <li>Class-Path attributes of manifests o f analyzed jar files

2726	2546 are used to set the aux classpat h automatically (Peter D. Stout)</li>

2727 <p>	2547 <li>GUI starts in directory specified by user.home property

2728 Changes since version 0.8.2:	2548 (Peter D. Stout)</li>

2729 </p>	2549 <li>Added -project option to GUI (Mikko T.)</li>

2730 <ul>	2550 <li>Added -look:{plastic,gtk,native} opt ion to GUI, for

2731	2551 setting look and feel (Mikko T.) </li>

2732 <!-- New detectors -->	2552 <li>Fixed DataflowAnalysisException in i nconsistent

2733 <li>	2553 synchronization detector</li>

2734 New detector to find imp roperly overridden GUI Adapter classes	2554 <li>Ant task supports failOnError parame ter (Rohan Lloyd)</li>

2735 (Dave Brosius)	2555 <li>Serializable class warnings are down graded to low priority

2736 </li>	2556 for GUI classes</li>

2737 <li>	2557 <li>MWN detector will only report calls to wait(), notify(),

2738 New detector to find imp roperly setup JUnit TestCases (Dave	2558 and notifyAll() methods that hav e the correct signature</li>

2739 Brosius)	2559 <li>FindBugs works with latest CVS versi on of BCEL</li>

2740 </li>	2560 <li>Zip and Jar files may be added to th e source path</li>

2741 <li>	2561 <li>The GUI will automatically find sour ce files residing in

2742 New detector to find var iables that mask class level fields (Dave	2562 analyzed Zip or Jar files</li>

2743 Brosius)	2563 </ul>

2744 </li>	2564

2745 <li>	2565 <p>Note that the version number jumped from 0.6. 6 to 0.6.9;

2746 New detector to find com parisons of values computed with bitwise	2566 there were no 0.6.7 or 0.6.8 releases.</ p>

2747 operators that always yi eld the same result (Tom Truscott)	2567 <p>Changes since version 0.6.9:</p>

2748 </li>	2568 <ul>

2749 <li>	2569 <li>Added -conserveSpace option to reduc e memory use at the

2750 New detector to find uns afe getClass().getResource() calls (Bill	2570 expense of analysis precision</l i>

2751 Pugh)	2571 <li>Bug fixes in findbugs.bat script: JA VA_HOME handling,

2752 </li>	2572 autodetection of FINDBUGS_HOME, missing output with -textui</li>

2753 <li>	2573 <li>Fixed NullPointerException when a mi ssing class is

2754 New detector to find GUI changes not in GUI thread but in static	2574 encountered</li>

2755 main (Bill Pugh)	2575 </ul>

2756 </li>	2576

2757 <li>	2577 <p>Changes since version 0.6.6:</p>

2758 New detector to find cal ls to Collection.toArray() with	2578 <ul>

2759 zero-length array argume nt; it is more efficient to pass an array	2579 <li>The null pointer dereference detecto r is more powerful</li>

2760 the size of the collecti on, which can be populated and returned	2580 <li>Significantly improved heuristics an d bug fixes in

2761 as the result (Dave Bros ius)	2581 inconsistent synchronization det ector</li>

2762	2582 <li>Improved heuristics in open stream a nd dropped exception

2763 <!-- Analysis improvemen ts -->	2583 detectors; fewer false positives should be reported</li>

2764 </li>	2584 <li>Save HTML summary in XML results fil es, rather than

2765 <li>	2585 recomputing; this makes loading results in GUI much faster</li>

2766 Better suppression of fa lse warnings in various detectors (Bill	2586 <li>Report at most one String comparison using == or != per

2767 Pugh, David Hovemeyer)	2587 method</li>

2768 </li>	2588 <li>The findbugs.bat script on Windows a utodetects

2769 <li>	2589 FINDBUGS_HOME, and doesn't open a DOS window when launching the

2770 Enhancement to ReadRetur nShouldBeChecked detector for skip()	2590 GUI (contributed by TJSB)</li>

2771 (Dave Brosius)	2591 <li>Emacs reporting format (contributed by David Li)</li>

2772 </li>	2592 <li>Various bug fixes</li>

2773 <li>	2593 </ul>

2774 Enhancement to DumbMetho ds detector (Dave Brosius)	2594

2775 </li>	2595 <p>Changes since 0.6.5:</p>

2776 <li>	2596 <ul>

2777 Open stream detector doe s not report wrappers of streams passed	2597 <li>Rewritten inconsistent synchronizati on detector; accuracy

2778 as method parameters (Da vid Hovemeyer)	2598 is significantly improved, and b ug reports are prioritized</li>

2779	2599 <li>New detector to find self assignment (x=x) of local

2780 <!-- Feature enhancement s -->	2600 variables (suggested by Jeff Mar tin)</li>

2781 </li>	2601 <li>New detector to find calls to wait() , notify(), and

2782 <li>	2602 notifyAll() on an object which i s not obviously locked</li>

2783 Cancel confirmation dial og in Swing GUI (Pete Angstadt)	2603 <li>Open stream detector now reports Rea ders and Writers</li>

2784 </li>	2604 <li>Fixed bug in finalizer idioms detect or which caused

2785 <li>	2605 spurious warnings about failure to call super.finalize() (reported

2786 Better relative path sav ing in Project file (Dave Brosius)	2606 by Jim Menard)</li>

2787 </li>	2607 <li>Fixed bug where output stream was no t closed using non-XML

2788 <li>	2608 output (reported by Sigiswald Ma dou)</li>

2789 Detector Priority in GUI is now saved in prefs file (Dave	2609 <li>Fixed corrupted HTML bug detail mess age (reported by

2790 Brosius)	2610 Trevor Harmon)</li>

2791 </li>	2611 </ul>

2792 <li>	2612

2793 Controls in GUI to reord er source and classpath entries, and	2613 <p>Changes since version 0.6.4:</p>

2794 ability to flip between Project details and bugs pages (Dave	2614 <ul>

2795 Brosius)	2615 <li>For redundant comparison of referenc e values, fixed false

2796 </li>	2616 positives resulting from duplica tion of code in finally blocks</li>

2797 <li>	2617 <li>Fixed false positives resulting from wrapped byte array

2798 In Swing GUI, analysis e rror dialog supports "Select All" and	2618 streams left open</li>

2799 "Copy" operations for ea sy generation of error reports (Dave	2619 <li>Fixed bug in Ant task preventing out put file from working

2800 Brosius)	2620 properly if a relative path was used</li>

2801 </li>	2621 </ul>

2802 <li>	2622

2803 Complete translation of bug descriptions and messages into	2623 <p>Changes since version 0.6.3:</p>

2804 Japanese (Hanai Shisei)	2624 <ul>

2805	2625 <li>Fixed bug in Ant task where output w ould be corrupted, and

2806 <!-- Bug fixes -->	2626 added a <code> timeout </code> a ttribute

2807 </li>	2627 </li>

2808 <li>	2628 <li>Added -outputFile option to text UI, for explicitly

2809 Fixed bug in DroppedExce ption detector (Dave Brosius)	2629 specifying an output file</li>

2810	2630 <li>GUI has a summary window, for statis tics about overall bug

2811 <!-- Development stuff - ->	2631 densities (contributed by Mike F agan)</li>

2812 </li>	2632 <li>Find redundant comparisons of refere nce values</li>

2813 <li>	2633 <li>More accurate detection of Strings c ompared with == and !=

2814 The source distribution defaults to using JDK 1.5 javac to	2634 operators</li>

2815 compile, but support for compiling with JSR-14 prototype is still	2635 <li>Detection of other reference types w hich should generally

2816 supported	2636 not be compared with == and != o perators; Boolean, Integer, etc.</li>

2817 </li>	2637 <li>Find non-transient non-serializable instance fields in

2818 </ul>	2638 Serializable classes</li>

2819	2639 <li>Source code may be compiled with lat est early access

2820 <p>	2640 generics-enabled javac (version 2.2)</li>

2821 Changes since version 0.8.1:	2641 </ul>

2822 </p>	2642

2823 <ul>	2643 <p>Changes since version 0.6.2:</p>

2824 <li>	2644 <ul>

2825 Fixed a critical ClassCa stException bug (triggered if the	2645 <li>GUI supports filtering bugs by prior ity</li>

2826 -workHard option was use d, and an exception type was merged with	2646 <li>Ant task rewritten; supports all fun ctionality offered by

2827 an array type during typ e inference)	2647 Text UI (contributed by Mike Fag an)</li>

2828 </li>	2648 <li>Ant task is fully documented in the manual</li>

2829 </ul>	2649 <li>Classes in nested archives are analy zed; this allows full

2830	2650 support for analyzing .ear and . war files (contributed by Mike

2831 <p>	2651 Fagan)</li>

2832 Changes since version 0.8.0:	2652 <li>DepthFirstSearch changed to use non- recursive

2833	2653 implementation; this should fix the StackOverflowErrors that

2834 </p>	2654 several users reported</li>

2835 <ul>	2655 <li>Various minor bugfixes and improveme nts</li>

2836 <li>	2656 </ul>

2837 Disabled SwitchFallthrou gh detector to work around	2657

2838 NullPointerExceptions	2658 <p>Changes since version 0.6.1:</p>

2839 </li>	2659 <ul>

2840 <li>	2660 <li>New detector to look for useless con trol flow (suggested

2841 Added some additional fa lse positive suppression heuristics	2661 by Richard P. King and Mike Faga n)</li>

2842 </li>	2662 <li>Look for places where return value o f

2843 </ul>	2663 java.io.File.createNewFile() is ignored (suggested by Richard P.

2844	2664 King)</li>

2845 <p>	2665 <li>Fixed bug in resolution of source fi les (only the first

2846 Also, two contributors to the 0. 8.0 release were inadvertently	2666 source directory was searched)</ li>

2847 left out of the credits:	2667 <li>Fixed a NullPointerException in the bytecode pattern

2848	2668 matching code</li>

2849 </p>	2669 <li>Ant task supports project files (con tributed by Mike

2850 <ul>	2670 Fagan)</li>

2851 <li>	2671 <li>Unix findbugs script honors the <cod e> JAVA_HOME </code>

2852 Pete Angstadt fixed seve ral problems in the Swing GUI	2672 environment variable (contribute d by Pedro Morais)

2853 </li>	2673 </li>

2854 <li>	2674 <li>Allow .war and .ear files to be anal yzed</li>

2855 Francis Lalonde provided a task resource file for the FindBugs	2675 </ul>

2856 Ant task	2676

2857 </li>	2677 <p>Changes since version 0.6.0:</p>

2858 </ul>	2678 <ul>

2859	2679 <li>New bug pattern detector which looks for places where a

2860 <p>	2680 null pointer might be dereferenc ed</li>

2861 Changes since version 0.7.4:	2681 <li>New bug pattern detector which looks for IO streams that

2862	2682 are opened, do not escape the me thod, and are not closed on all

2863 </p>	2683 paths out of the method</li>

2864 <ul>	2684 <li>New bug pattern detector to find met hods that can return

2865 <li>	2685 null instead of a zero-length ar ray</li>

2866 New detector to look for uses of "+" operator to concatenate	2686 <li>New bug pattern detector to find pla ces where the == or !=

2867 String objects in a loop (Dave Brosius)	2687 operators are used to compare St ring objects</li>

2868 </li>	2688 <li>Command line interface can save bugs as XML</li>

2869 <li>	2689 <li>GUI can save bugs to and load bugs f rom XML</li>

2870 Reference comparison det ector looks for places where the argument	2690 <li>An "Annotations" window in the GUI a llows the user to add

2871 passed to the equals(Obj ect) method isn't the same type as the	2691 textual annotations to bug repor ts; these annotations are

2872 receiver object	2692 preserved when bugs are saved as XML</li>

2873 </li>	2693 <li>In this release, the Japanese bug su mmary translations by

2874 <li>	2694 Germano Leichsenring are really included (they were inadvertently

2875 Better suppression of fa lse warnings in many detectors	2695 omitted in the previous release) </li>

2876 </li>	2696 <li>Completely rewrote the control flow graph builder,

2877 <li>	2697 hopefully for the last time</li>

2878 Many improvements to Ecl ipse plugin (Andrey Loskutov, Peter	2698 <li>Simplified implementation of control flow graphs, which

2879 Friese)	2699 should reduce memory use and pos sibly improve performance</li>

2880 </li>	2700 <li>Improvements to command line interfa ce (list bug

2881 <li>	2701 priorities, filter by priority, specify aux classpath, specify

2882 Fixed problem with build ing Eclipse plugin on Windows (Thomas	2702 project to analyze)</li>

2883 Klaeger)	2703 <li>Various bug fixes and enhancements</ li>

2884 </li>	2704 </ul>

2885 <li>	2705

2886 Open stream detector loo ks for unclosed PreparedStatement objects	2706 <p>Changes since version 0.5.4</p>

2887 (Thomas Klaeger, Rohan L loyd)	2707 <ul>

2888 </li>	2708 <li>Added an <a href="http://ant.apache. org/">Ant</a> task for

2889 <li>	2709 FindBugs, contributed by Mike Fa gan.

2890 Fix for open stream dete ctor: it wasn't detecting close() methods	2710 </li>

2891 called through an invoke interface instruction (Thomas Klaeger)	2711 <li>Added a GUI dialog which allows indi vidual bug pattern

2892 </li>	2712 detectors to be enabled or disab led.  Disabling certain slow

2893 <li>	2713 detectors can greatly speed up a nalysis of large programs, at the

2894 Refactoring of visitor c lasses to enforce use of accessors for	2714 expense of reducing the number o f potential bugs found.</li>

2895 visited class features ( Brian Goetz)	2715 <li>Added a new detector for finding imp roperly ignored return

2896 </li>	2716 values for methods such as <code > String.trim() </code> .

2897 </ul>	2717 Suggested by Andreas Mandel.

2898	2718 </li>

2899 <p>	2719 <li>Japanese translations of the bug sum maries, contributed by

2900 Changes since version 0.7.3:	2720 Germano Leichsenring.</li>

2901	2721 <li>Filtering of results is supported in command line

2902 </p>	2722 interface. See the <a href="manu al/index.html">FindBugs manual</a>

2903 <ul>	2723 for details.

2904 <li>	2724 </li>

2905 Experimental modificatio n of open stream detector to look for	2725 <li>Added "byte code patterns", a genera l pattern matching

2906 non-escaping JDBC resour ces (connections and statements) that	2726 infrastructure for bytecode inst ructions.  This feature

2907 aren't closed on all pat hs out of method	2727 significantly reduces the comple xity of implementing new bug

2908 </li>	2728 pattern detectors.</li>

2909 <li>	2729 <li>Enabled a new general dataflow analy sis to track values in

2910 Eclipse plugin fixed so it compiles and runs on Eclipse 2.1.x	2730 methods.</li>

2911 (Peter Friese)	2731 <li>Switched to new control-flow graph b uilder implementation.

2912 </li>	2732 </li>

2913 <li>	2733 </ul>

2914 Option to Swing GUI and command line to generate project file	2734

2915 using relative paths for archives, source directories, and aux	2735 <p>Changes since version 0.5.3</p>

2916 classpath entries (Dave Brosius)	2736 <ul>

2917 </li>	2737 <li>Fixed a bug in the script used to la unch FindBugs on

2918 <li>	2738 Windows platforms.</li>

2919 Improvements to findbugs .bat script for launching FindBugs on	2739 <li>Fixed crashes when analyzing class f iles without source

2920 Windows (Dave Brosius)	2740 line information.</li>

2921 </li>	2741 <li>All major errors are reported using an error dialog; file

2922 <li>	2742 not found errors are more inform ative.</li>

2923 Updated Japanese message translations (Hiroshi Okugawa)	2743 <li>Minor GUI improvements.</li>

2924 </li>	2744 </ul>

2925 <li>	2745

2926 Uncalled private methods are now reported as low priority, unless	2746 <p>Changes since version 0.5.2</p>

2927 they have the same name as another method in the class (which is	2747 <ul>

2928 more likely to indicate an actual bug)	2748 <li>All of the source code and related f iles are in a single

2929 </li>	2749 directory tree.</li>

2930 <li>	2750 <li>Updated some of the detectors to pro duce source line

2931 Added some missing data in the bug messages XML files	2751 information.</li>

2932 </li>	2752 <li><a href="http://ant.apache.org/">Ant </a> build script and

2933 <li>	2753 several GUI enhancements and fix es contributed by Mike Fagan.</li>

2934 Fixed some problems buil ding from source on Windows systems	2754 <li>Converted to use a <a href="AddingDe tectors.txt">plugin

2935 </li>	2755 architecture</a> for loa ding bug detectors.

2936 <li>	2756 </li>

2937 Various minor bug fixes	2757 <li>Eliminated generics-related compiler warnings.</li>

2938 </li>	2758 <li>More complete documentation has been added.</li>

2939 </ul>	2759 </ul>

2940	2760

2941 <p>	2761 <p>Changes since version 0.5.1:</p>

2942 Changes since version 0.7.2:	2762 <ul>

2943	2763 <li>Fixed a large number of bugs in the BCEL Repository and

2944 </p>	2764 FindBugs's use of the Repository .  With these changes,

2945 <ul>	2765 FindBugs should <em>never</em> c rash or otherwise misbehave

2946 <li>	2766 because of Repository lookup fai lures.  Because of these

2947 Enhanced Eclipse plugin, which displays the detailed bug	2767 changes, you must use a modified version of <code> bcel.jar

2948 description in a view (P hil Crosby)	2768 </code> with FindBugs.  Thi s jar file is included in the FindBugs

2949 </li>	2769 0.5.2 binary release.  A co mplete patch containing the <a

2950 <li>	2770 href="http://faculty.ycp.edu/~dh ovemey/bcel-30-April-2003.patch">modifications

2951 Various tweaks to existi ng detectors to reduce false warnings	2771 against the BCEL CVS mai n branch as of April 30, 2003</a> is also

2952 </li>	2772 available.

2953 <li>	2773 </li>

2954 New command line option	2774 <li>Implemented the "auxiliary classpath entry list".

2955 <code>	2775 Aux classpath entries can be add ed to a project to provide classes

2956 -workHard	2776 that are referenced by the analy zed application, but should not

2957 </code>	2777 themselves be analyzed.  Ha ving all referenced classes

2958 enables pruning of infea sible or unlikely exception edges, which	2778 available allows FindBugs to pro duce more accurate results.</li>

2959 results in better accura cy in the open stream detector, at the	2779 </ul>

2960 expense of a 30%-100% sl owdown	2780

2961 </li>	2781 <p>Changes since version 0.5.0:</p>

2962 <li>	2782 <ul>

2963 New website and HTML doc umentation design	2783 <li>Many user interface bugs have been f ixed.</li>

2964 </li>	2784 <li>Upgraded to a recent CVS version of BCEL, with some bug

2965 <li>	2785 fixes.  This should prevent FindBugs from crashing when there

2966 Documentation includes a n HTML document with descriptions of all	2786 is a failure to find a class on the classpath.</li>

2967 bug patterns reported by FindBugs	2787 <li>Added support for Plastic look and f eel from <a

2968 </li>	2788 href="http://www.jgoodies.com/"> jgoodies.com</a>.

2969 <li>	2789 </li>

2970 Web page has a link to a	2790 <li>Major overhaul of infrastructure for doing dataflow

2971 <a href="http://www.sime ji.com/findbugs/doc/manual_ja/index.html">Japanese	2791 analysis.</li>

2972 translation</a> of the FindBugs manual, contributed by Hiroshi	2792 </ul>

2973 Okugawa

2974 </li>

2975 <li>

2976 Changed the Inconsistent Synchronization detector so that fields

2977 synchronized 50% of the time (or more) are reported as medium

2978 priority bugs (previousl y they were reported as low)

2979 </li>

2980 <li>

2981 New detector to find cod e that catches

2982 IllegalMonitorStateExcep tion

2983 </li>

2984 <li>

2985 New detector to find pri vate methods that are never called

2986 </li>

2987 <li>

2988 New detector to find sus picious uses of non-short-circuiting

2989 boolean operators (

2990 <code>

2991 &

2992 </code>

2993 and

2994 <code>

2995 \|

2996 </code>

2997 , rather than

2998 <code>

2999 &&

3000 </code>

3001 and

3002 <code>

3003 \|\|

3004 </code>

3005 )

3006 </li>

3007 </ul>

3008

3009 <p>

3010 Changes since version 0.7.1:

3011

3012 </p>

3013 <ul>

3014 <li>

3015 Incorporated patched ver sion of BCEL, which allows classes

3016 compiled with JDK 1.5.0 beta to be analyzed

3017 </li>

3018 <li>

3019 Fixed some bugs related to lookups of array classes

3020 </li>

3021 <li>

3022 Fixed bug that prevented GUI from loading XML result files when

3023 running under JDK 1.5.0 beta

3024 </li>

3025 <li>

3026 Added new experimental b ug detector, LazyInit, which looks for

3027 potentially buggy lazy i nitializations of static fields

3028 </li>

3029 <li>

3030 Because of long filename s, switched to distributing the source

3031 archive as a zip file ra ther than a tar file

3032 </li>

3033 <li>

3034 The 0.7.1 source tarfile was botched - 0.7.2 has a valid source

3035 archive

3036 </li>

3037 <li>

3038 Fixed some problems in t he Ant build script

3039 </li>

3040 <li>

3041 Fixed NullPointerExcepti on when checking Class-Path attribute for

3042 Jar files without manife sts

3043 </li>

3044 <li>

3045 Generate version numbers for the core and UI Eclipse plugins

3046 using the Version class; all version numbers are now in a common

3047 location

3048 </li>

3049 </ul>

3050

3051 <p>

3052 Changes since version 0.7.0:

3053

3054 </p>

3055 <ul>

3056 <li>

3057 Eclipse plugin (contribu ted by Peter Friese)

3058 </li>

3059 <li>

3060 Source package structure rearranged: all source (other than

3061 Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or a

3062 subpackage

3063 </li>

3064 <li>

3065 Class-Path attributes of manifests of analyzed jar files are used

3066 to set the aux classpath automatically (Peter D. Stout)

3067 </li>

3068 <li>

3069 GUI starts in directory specified by user.home property (Peter D.

3070 Stout)

3071 </li>

3072 <li>

3073 Added -project option to GUI (Mikko T.)

3074 </li>

3075 <li>

3076 Added -look:{plastic,gtk ,native} option to GUI, for setting look

3077 and feel (Mikko T.)

3078 </li>

3079 <li>

3080 Fixed DataflowAnalysisEx ception in inconsistent synchronization

3081 detector

3082 </li>

3083 <li>

3084 Ant task supports failOn Error parameter (Rohan Lloyd)

3085 </li>

3086 <li>

3087 Serializable class warni ngs are downgraded to low priority for

3088 GUI classes

3089 </li>

3090 <li>

3091 MWN detector will only r eport calls to wait(), notify(), and

3092 notifyAll() methods that have the correct signature

3093 </li>

3094 <li>

3095 FindBugs works with late st CVS version of BCEL

3096 </li>

3097 <li>

3098 Zip and Jar files may be added to the source path

3099 </li>

3100 <li>

3101 The GUI will automatical ly find source files residing in analyzed

3102 Zip or Jar files

3103 </li>

3104 </ul>

3105

3106 <p>

3107 Note that the version number jum ped from 0.6.6 to 0.6.9; there

3108 were no 0.6.7 or 0.6.8 releases.

3109

3110 </p>

3111 <p>

3112 Changes since version 0.6.9:

3113 </p>

3114 <ul>

3115 <li>

3116 Added -conserveSpace opt ion to reduce memory use at the expense

3117 of analysis precision

3118 </li>

3119 <li>

3120 Bug fixes in findbugs.ba t script: JAVA_HOME handling,

3121 autodetection of FINDBUG S_HOME, missing output with -textui

3122 </li>

3123 <li>

3124 Fixed NullPointerExcepti on when a missing class is encountered

3125 </li>

3126 </ul>

3127

3128 <p>

3129 Changes since version 0.6.6:

3130

3131 </p>

3132 <ul>

3133 <li>

3134 The null pointer derefer ence detector is more powerful

3135 </li>

3136 <li>

3137 Significantly improved h euristics and bug fixes in inconsistent

3138 synchronization detector

3139 </li>

3140 <li>

3141 Improved heuristics in o pen stream and dropped exception

3142 detectors; fewer false p ositives should be reported

3143 </li>

3144 <li>

3145 Save HTML summary in XML results files, rather than recomputing;

3146 this makes loading resul ts in GUI much faster

3147 </li>

3148 <li>

3149 Report at most one Strin g comparison using == or != per method

3150 </li>

3151 <li>

3152 The findbugs.bat script on Windows autodetects FINDBUGS_HOME, and

3153 doesn't open a DOS windo w when launching the GUI (contributed by

3154 TJSB)

3155 </li>

3156 <li>

3157 Emacs reporting format ( contributed by David Li)

3158 </li>

3159 <li>

3160 Various bug fixes

3161 </li>

3162 </ul>

3163

3164 <p>

3165 Changes since 0.6.5:

3166

3167 </p>

3168 <ul>

3169 <li>

3170 Rewritten inconsistent s ynchronization detector; accuracy is

3171 significantly improved, and bug reports are prioritized

3172 </li>

3173 <li>

3174 New detector to find sel f assignment (x=x) of local variables

3175 (suggested by Jeff Marti n)

3176 </li>

3177 <li>

3178 New detector to find cal ls to wait(), notify(), and notifyAll()

3179 on an object which is no t obviously locked

3180 </li>

3181 <li>

3182 Open stream detector now reports Readers and Writers

3183 </li>

3184 <li>

3185 Fixed bug in finalizer i dioms detector which caused spurious

3186 warnings about failure t o call super.finalize() (reported by Jim

3187 Menard)

3188 </li>

3189 <li>

3190 Fixed bug where output s tream was not closed using non-XML output

3191 (reported by Sigiswald M adou)

3192 </li>

3193 <li>

3194 Fixed corrupted HTML bug detail message (reported by Trevor

3195 Harmon)

3196 </li>

3197 </ul>

3198

3199 <p>

3200 Changes since version 0.6.4:

3201

3202 </p>

3203 <ul>

3204 <li>

3205 For redundant comparison of reference values, fixed false

3206 positives resulting from duplication of code in finally blocks

3207 </li>

3208 <li>

3209 Fixed false positives re sulting from wrapped byte array streams

3210 left open

3211 </li>

3212 <li>

3213 Fixed bug in Ant task pr eventing output file from working

3214 properly if a relative p ath was used

3215 </li>

3216 </ul>

3217

3218 <p>

3219 Changes since version 0.6.3:

3220

3221 </p>

3222 <ul>

3223 <li>

3224 Fixed bug in Ant task wh ere output would be corrupted, and added

3225 a

3226 <code>

3227 timeout

3228 </code>

3229 attribute

3230 </li>

3231 <li>

3232 Added -outputFile option to text UI, for explicitly specifying an

3233 output file

3234 </li>

3235 <li>

3236 GUI has a summary window , for statistics about overall bug

3237 densities (contributed b y Mike Fagan)

3238 </li>

3239 <li>

3240 Find redundant compariso ns of reference values

3241 </li>

3242 <li>

3243 More accurate detection of Strings compared with == and !=

3244 operators

3245 </li>

3246 <li>

3247 Detection of other refer ence types which should generally not be

3248 compared with == and != operators; Boolean, Integer, etc.

3249 </li>

3250 <li>

3251 Find non-transient non-s erializable instance fields in

3252 Serializable classes

3253 </li>

3254 <li>

3255 Source code may be compi led with latest early access

3256 generics-enabled javac ( version 2.2)

3257 </li>

3258 </ul>

3259

3260 <p>

3261 Changes since version 0.6.2:

3262

3263 </p>

3264 <ul>

3265 <li>

3266 GUI supports filtering b ugs by priority

3267 </li>

3268 <li>

3269 Ant task rewritten; supp orts all functionality offered by Text UI

3270 (contributed by Mike Fag an)

3271 </li>

3272 <li>

3273 Ant task is fully docume nted in the manual

3274 </li>

3275 <li>

3276 Classes in nested archiv es are analyzed; this allows full support

3277 for analyzing .ear and . war files (contributed by Mike Fagan)

3278 </li>

3279 <li>

3280 DepthFirstSearch changed to use non-recursive implementation;

3281 this should fix the Stac kOverflowErrors that several users

3282 reported

3283 </li>

3284 <li>

3285 Various minor bugfixes a nd improvements

3286 </li>

3287 </ul>

3288

3289 <p>

3290 Changes since version 0.6.1:

3291

3292 </p>

3293 <ul>

3294 <li>

3295 New detector to look for useless control flow (suggested by

3296 Richard P. King and Mike Fagan)

3297 </li>

3298 <li>

3299 Look for places where re turn value of

3300 java.io.File.createNewFi le() is ignored (suggested by Richard P.

3301 King)

3302 </li>

3303 <li>

3304 Fixed bug in resolution of source files (only the first source

3305 directory was searched)

3306 </li>

3307 <li>

3308 Fixed a NullPointerExcep tion in the bytecode pattern matching

3309 code

3310 </li>

3311 <li>

3312 Ant task supports projec t files (contributed by Mike Fagan)

3313 </li>

3314 <li>

3315 Unix findbugs script hon ors the

3316 <code>

3317 JAVA_HOME

3318 </code>

3319 environment variable (co ntributed by Pedro Morais)

3320 </li>

3321 <li>

3322 Allow .war and .ear file s to be analyzed

3323 </li>

3324 </ul>

3325

3326 <p>

3327 Changes since version 0.6.0:

3328

3329 </p>

3330 <ul>

3331 <li>

3332 New bug pattern detector which looks for places where a null

3333 pointer might be derefer enced

3334 </li>

3335 <li>

3336 New bug pattern detector which looks for IO streams that are

3337 opened, do not escape th e method, and are not closed on all paths

3338 out of the method

3339 </li>

3340 <li>

3341 New bug pattern detector to find methods that can return null

3342 instead of a zero-length array

3343 </li>

3344 <li>

3345 New bug pattern detector to find places where the == or !=

3346 operators are used to co mpare String objects

3347 </li>

3348 <li>

3349 Command line interface c an save bugs as XML

3350 </li>

3351 <li>

3352 GUI can save bugs to and load bugs from XML

3353 </li>

3354 <li>

3355 An "Annotations" window in the GUI allows the user to add textual

3356 annotations to bug repor ts; these annotations are preserved when

3357 bugs are saved as XML

3358 </li>

3359 <li>

3360 In this release, the Jap anese bug summary translations by Germano

3361 Leichsenring are really included (they were inadvertently omitted

3362 in the previous release)

3363 </li>

3364 <li>

3365 Completely rewrote the c ontrol flow graph builder, hopefully for

3366 the last time

3367 </li>

3368 <li>

3369 Simplified implementatio n of control flow graphs, which should

3370 reduce memory use and po ssibly improve performance

3371 </li>

3372 <li>

3373 Improvements to command line interface (list bug priorities,

3374 filter by priority, spec ify aux classpath, specify project to

3375 analyze)

3376 </li>

3377 <li>

3378 Various bug fixes and en hancements

3379 </li>

3380 </ul>

3381

3382 <p>

3383 Changes since version 0.5.4

3384

3385 </p>

3386 <ul>

3387 <li>

3388 Added an

3389 <a href="http://ant.apac he.org/">Ant</a> task for FindBugs,

3390 contributed by Mike Faga n.

3391 </li>

3392 <li>

3393 Added a GUI dialog which allows individual bug pattern detectors

3394 to be enabled or disable d.  Disabling certain slow detectors

3395 can greatly speed up ana lysis of large programs, at the expense

3396 of reducing the number o f potential bugs found.

3397 </li>

3398 <li>

3399 Added a new detector for finding improperly ignored return values

3400 for methods such as

3401 <code>

3402 String.trim()

3403 </code>

3404 .  Suggested by And reas Mandel.

3405 </li>

3406 <li>

3407 Japanese translations of the bug summaries, contributed by

3408 Germano Leichsenring.

3409 </li>

3410 <li>

3411 Filtering of results is supported in command line interface. See

3412 the

3413 <a href="manual/index.ht ml">FindBugs manual</a> for details.

3414 </li>

3415 <li>

3416 Added "byte code pattern s", a general pattern matching

3417 infrastructure for bytec ode instructions.  This feature

3418 significantly reduces th e complexity of implementing new bug

3419 pattern detectors.

3420 </li>

3421 <li>

3422 Enabled a new general da taflow analysis to track values in

3423 methods.

3424 </li>

3425 <li>

3426 Switched to new control- flow graph builder implementation.

3427 </li>

3428 </ul>

3429

3430 <p>

3431 Changes since version 0.5.3

3432

3433 </p>

3434 <ul>

3435 <li>

3436 Fixed a bug in the scrip t used to launch FindBugs on Windows

3437 platforms.

3438 </li>

3439 <li>

3440 Fixed crashes when analy zing class files without source line

3441 information.

3442 </li>

3443 <li>

3444 All major errors are rep orted using an error dialog; file not

3445 found errors are more in formative.

3446 </li>

3447 <li>

3448 Minor GUI improvements.

3449 </li>

3450 </ul>

3451

3452 <p>

3453 Changes since version 0.5.2

3454

3455 </p>

3456 <ul>

3457 <li>

3458 All of the source code a nd related files are in a single

3459 directory tree.

3460 </li>

3461 <li>

3462 Updated some of the dete ctors to produce source line information.

3463 </li>

3464 <li>

3465 <a href="http://ant.apac he.org/">Ant</a> build script and several

3466 GUI enhancements and fix es contributed by Mike Fagan.

3467 </li>

3468 <li>

3469 Converted to use a

3470 <a href="AddingDetectors .txt">plugin architecture</a> for loading

3471 bug detectors.

3472 </li>

3473 <li>

3474 Eliminated generics-rela ted compiler warnings.

3475 </li>

3476 <li>

3477 More complete documentat ion has been added.

3478 </li>

3479 </ul>

3480

3481 <p>

3482 Changes since version 0.5.1:

3483 </p>

3484 <ul>

3485 <li>

3486 Fixed a large number of bugs in the BCEL Repository and

3487 FindBugs's use of the Re pository.  With these changes,

3488 FindBugs should

3489 <em>never</em> crash or otherwise misbehave because of Repository

3490 lookup failures.  B ecause of these changes, you must use a

3491 modified version of

3492 <code>

3493 bcel.jar

3494 </code>

3495 with FindBugs.  Thi s jar file is included in the FindBugs

3496 0.5.2 binary release.&nb sp; A complete patch containing the

3497 <a

3498 href="http://fac ulty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications

3499 against the BCEL CVS main branch as of April 30, 2003</a> is also

3500 available.

3501 </li>

3502 <li>

3503 Implemented the "auxilia ry classpath entry list".  Aux

3504 classpath entries can be added to a project to provide classes

3505 that are referenced by t he analyzed application, but should not

3506 themselves be analyzed.& nbsp; Having all referenced classes

3507 available allows FindBug s to produce more accurate results.

3508 </li>

3509 </ul>

3510

3511 <p>

3512 Changes since version 0.5.0:

3513 </p>

3514 <ul>

3515 <li>

3516 Many user interface bugs have been fixed.

3517 </li>

3518 <li>

3519 Upgraded to a recent CVS version of BCEL, with some bug

3520 fixes.  This should prevent FindBugs from crashing when

3521 there is a failure to fi nd a class on the classpath.

3522 </li>

3523 <li>

3524 Added support for Plasti c look and feel from

3525 <a href="http://www.jgoo dies.com/">jgoodies.com</a>.

3526 </li>

3527 <li>

3528 Major overhaul of infras tructure for doing dataflow analysis.

3529 </li>

3530 </ul>

3531

3532

3533 <hr> <p>	2793 <hr> <p>

3534 <script language="JavaScript" type="text/javascript">	2794 <script language="JavaScript" type="text/javascript">

3535 <!---//hide script from old browsers	2795 <!---//hide script from old browsers

3536 document.write( "Last updated "+ document.lastModified + "." );	2796 document.write( "Last updated "+ document.lastModified + "." );

3537 //end hiding contents --->	2797 //end hiding contents --->

3538 </script>	2798 </script>

3539 <p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbu gs@cs.umd.edu</a>	2799 <p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbu gs@cs.umd.edu</a>

3540 <p>	2800 <p>

3541 <A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?gro up_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>	2801 <A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?gro up_id=96405&type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>

3542	2802

3543 » » » » </td>	2803 » » » </td>

3544	2804

3545 » » » </tr>	2805 » » </tr>

3546 » » </table>	2806 » </table>

3547	2807

3548 » </body>	2808 </body>

3549	2809

3550 </html>	2810 </html>

OLD	NEW

« no previous file with comments | « README.chromium ('k') | doc/FAQ.html » ('j') | no next file with comments »