FindBugs Bug Descriptions

FindBugs Bug Descriptions

This document lists the standard bug patterns reported byFindBugs version 1.3.9.

Summary

Description	Category
AM: Creates an empty jar file entry	Bad practice
AM: Creates an empty zip file entry	Bad practice
BC: Equals method should not assume anything about the type of its argument	Bad practice
BC: Random object created and used only once	Bad practice
BIT: Check for sign of bitwise operation	Bad practice
CN: Class implements Cloneable but does not define or use clone method	Bad practice
CN: clone method does not call super.clone()	Bad practice
CN: Class defines clone() but doesn't implement Cloneable	Bad practice
Co: Abstract class defines covariant compareTo() method	Bad practice
Co: Covariant compareTo() method defined	Bad practice
DE: Method might drop exception	Bad practice
DE: Method might ignore exception	Bad practice
DMI: Don't use removeAll to clear a collection	Bad practice
DP: Classloaders should only be created inside doPrivileged block	Bad practice
DP: Method invoked that should be only be invoked inside a doPrivileged block	Bad practice
Dm: Method invokes System.exit(...)	Bad practice
Dm: Method invokes dangerous method runFinalizersOnExit	Bad practice
ES: Comparison of String parameter using == or !=	Bad practice
ES: Comparison of String objects using == or !=	Bad practice
Eq: Abstract class defines covariant equals() method	Bad practice
Eq: Equals checks for noncompatible operand	Bad practice
Eq: Class defines compareTo(...) and uses Object.equals()	Bad practice
Eq: equals method fails for subtypes	Bad practice
Eq: Covariant equals() method defined	Bad practice
FI: Empty finalizer should be deleted	Bad practice
FI: Explicit invocation of finalizer	Bad practice
FI: Finalizer nulls fields	Bad practice
FI: Finalizer only nulls fields	Bad practice
FI: Finalizer does not call superclass finalizer	Bad practice
FI: Finalizer nullifies superclass finalizer	Bad practice
FI: Finalizer does nothing but call superclass finalizer	Bad practice
GC: Unchecked type in generic call	Bad practice
HE: Class defines equals() but not hashCode()	Bad practice
HE: Class defines equals() and uses Object.hashCode()	Bad practice
HE: Class defines hashCode() but not equals()	Bad practice
HE: Class defines hashCode() and uses Object.equals()	Bad practice
HE: Class inherits equals() and uses Object.hashCode()	Bad practice
IC: Superclass uses subclass during initialization	Bad practice
IMSE: Dubious catching of IllegalMonitorStateException	Bad practice
ISC: Needless instantiation of class that only supplies static methods	Bad practice
It: Iterator next() method can't throw NoSuchElementException	Bad practice
J2EE: Store of non serializable object into HttpSession	Bad practice
JCIP: Fields of immutable classes should be final	Bad practice
NP: Method with Boolean return type returns explicit null	Bad practice
NP: Clone method may return null	Bad practice
NP: equals() method does not check for null argument	Bad practice
NP: toString method may return null	Bad practice
Nm: Class names should start with an upper case letter	Bad practice
Nm: Class is not derived from an Exception, even though it is named as such	Bad practice
Nm: Confusing method names	Bad practice
Nm: Field names should start with a lower case letter	Bad practice
Nm: Use of identifier that is a keyword in later versions of Java	Bad practice
Nm: Use of identifier that is a keyword in later versions of Java	Bad practice
Nm: Method names should start with a lower case letter	Bad practice
Nm: Class names shouldn't shadow simple name of implemented interface	Bad practice
Nm: Class names shouldn't shadow simple name of superclass	Bad practice
Nm: Very confusing method names (but perhaps intentional)	Bad practice
Nm: Method doesn't override method in superclass due to wrong package for parameter	Bad practice
ODR: Method may fail to close database resource	Bad practice
ODR: Method may fail to close database resource on exception	Bad practice
OS: Method may fail to close stream	Bad practice
OS: Method may fail to close stream on exception	Bad practice
RC: Suspicious reference comparison to constant	Bad practice
RC: Suspicious reference comparison of Boolean values	Bad practice
RR: Method ignores results of InputStream.read()	Bad practice
RR: Method ignores results of InputStream.skip()	Bad practice
RV: Method ignores exceptional return value	Bad practice
SI: Static initializer creates instance before all static final fields assigned	Bad practice
SW: Certain swing methods needs to be invoked in Swing thread	Bad practice
Se: Non-transient non-serializable instance field in serializable class	Bad practice
Se: Non-serializable class has a serializable inner class	Bad practice
Se: Non-serializable value stored into instance field of a serializable class	Bad practice
Se: Comparator doesn't implement Serializable	Bad practice
Se: Serializable inner class	Bad practice
Se: serialVersionUID isn't final	Bad practice
Se: serialVersionUID isn't long	Bad practice
Se: serialVersionUID isn't static	Bad practice
Se: Class is Serializable but its superclass doesn't define a void constructor	Bad practice
Se: Class is Externalizable but doesn't define a void constructor	Bad practice
Se: The readResolve method must be declared with a return type of Object.	Bad practice
Se: Transient field that isn't set by deserialization.	Bad practice
SnVI: Class is Serializable, but doesn't define serialVersionUID	Bad practice
UI: Usage of GetResource may be unsafe if class is extended	Bad practice
BC: Impossible cast	Correctness
BC: Impossible downcast	Correctness
BC: Impossible downcast of toArray() result	Correctness
BC: instanceof will always return false	Correctness
BIT: Bitwise add of signed byte value	Correctness
BIT: Incompatible bit masks	Correctness
BIT: Check to see if ((...) & 0) == 0	Correctness
BIT: Incompatible bit masks	Correctness
BIT: Bitwise OR of signed byte value	Correctness
BIT: Check for sign of bitwise operation	Correctness
BOA: Class overrides a method implemented in super class Adapter wrongly	Correctness
BSHIFT: 32 bit int shifted by an amount not in the range 0..31	Correctness
Bx: Primitive value is unboxed and coerced for ternary operator	Correctness
DLS: Dead store of class literal	Correctness
DLS: Overwritten increment	Correctness
DMI: Bad constant value for month	Correctness
DMI: hasNext method invokes next	Correctness
DMI: Collections should not contain themselves	Correctness
DMI: Invocation of hashCode on an array	Correctness
DMI: Double.longBitsToDouble invoked on an int	Correctness
DMI: Vacuous call to collections	Correctness
Dm: Can't use reflection to check for presence of annotation without runtime retention	Correctness
Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor	Correctness
Dm: Creation of ScheduledThreadPoolExecutor with zero core threads	Correctness
Dm: Useless/vacuous call to EasyMock method	Correctness
EC: equals() used to compare array and nonarray	Correctness
EC: Invocation of equals() on an array, which is equivalent to ==	Correctness
EC: equals(...) used to compare incompatible arrays	Correctness
EC: Call to equals() with null argument	Correctness
EC: Call to equals() comparing unrelated class and interface	Correctness
EC: Call to equals() comparing different interface types	Correctness
EC: Call to equals() comparing different types	Correctness
EC: Using pointer equality to compare different types	Correctness
Eq: equals method always returns false	Correctness
Eq: equals method always returns true	Correctness
Eq: equals method compares class names rather than class objects	Correctness
Eq: Covariant equals() method defined for enum	Correctness
Eq: equals() method defined that doesn't override equals(Object)	Correctness
Eq: equals() method defined that doesn't override Object.equals(Object)	Correctness
Eq: equals method overrides equals in superclass and may not be symmetric	Correctness
Eq: Covariant equals() method defined, Object.equals(Object) inherited	Correctness
FE: Doomed test for equality to NaN	Correctness
FS: Format string placeholder incompatible with passed argument	Correctness
FS: The type of a supplied argument doesn't match format specifier	Correctness
FS: MessageFormat supplied where printf style format expected	Correctness
FS: More arguments are passed than are actually used in the format string	Correctness
FS: Illegal format string	Correctness
FS: Format string references missing argument	Correctness
FS: No previous argument for format string	Correctness
GC: No relationship between generic parameter and method argument	Correctness
HE: Signature declares use of unhashable class in hashed construct	Correctness
HE: Use of class without a hashCode() method in a hashed data structure	Correctness
ICAST: integral value cast to double and then passed to Math.ceil	Correctness
ICAST: int value cast to float and then passed to Math.round	Correctness
IJU: JUnit assertion in run method will not be noticed by JUnit	Correctness
IJU: TestCase declares a bad suite method	Correctness
IJU: TestCase has no tests	Correctness
IJU: TestCase defines setUp that doesn't call super.setUp()	Correctness
IJU: TestCase implements a non-static suite method	Correctness
IJU: TestCase defines tearDown that doesn't call super.tearDown()	Correctness
IL: A collection is added to itself	Correctness
IL: An apparent infinite loop	Correctness
IL: An apparent infinite recursive loop	Correctness
IM: Integer multiply of result of integer remainder	Correctness
INT: Bad comparison of nonnegative value with negative constant	Correctness
INT: Bad comparison of signed byte	Correctness
IO: Doomed attempt to append to an object output stream	Correctness
IP: A parameter is dead upon entry to a method but overwritten	Correctness
MF: Class defines field that masks a superclass field	Correctness
MF: Method defines a variable that obscures a field	Correctness
NP: Null pointer dereference	Correctness
NP: Null pointer dereference in method on exception path	Correctness
NP: Method does not check for null argument	Correctness
NP: close() invoked on a value that is always null	Correctness
NP: Null value is guaranteed to be dereferenced	Correctness
NP: Value is null and guaranteed to be dereferenced on exception path	Correctness
NP: Method call passes null to a nonnull parameter	Correctness
NP: Method may return null, but is declared @NonNull	Correctness
NP: A known null value is checked to see if it is an instance of a type	Correctness
NP: Possible null pointer dereference	Correctness
NP: Possible null pointer dereference in method on exception path	Correctness
NP: Method call passes null for nonnull parameter	Correctness
NP: Method call passes null for nonnull parameter	Correctness
NP: Non-virtual method call passes null for nonnull parameter	Correctness
NP: Store of null value into field annotated NonNull	Correctness
NP: Read of unwritten field	Correctness
Nm: Class defines equal(Object); should it be equals(Object)?	Correctness
Nm: Class defines hashcode(); should it be hashCode()?	Correctness
Nm: Class defines tostring(); should it be toString()?	Correctness
Nm: Apparent method/constructor confusion	Correctness
Nm: Very confusing method names	Correctness
Nm: Method doesn't override method in superclass due to wrong package for parameter	Correctness
QBA: Method assigns boolean literal in boolean expression	Correctness
RC: Suspicious reference comparison	Correctness
RCN: Nullcheck of value previously dereferenced	Correctness
RE: Invalid syntax for regular expression	Correctness
RE: File.separator used for regular expression	Correctness
RE: "." used for regular expression	Correctness
RV: Random value from 0 to 1 is coerced to the integer 0	Correctness
RV: Bad attempt to compute absolute value of signed 32-bit hashcode	Correctness
RV: Bad attempt to compute absolute value of signed 32-bit random integer	Correctness
RV: Exception created and dropped rather than thrown	Correctness
RV: Method ignores return value	Correctness
RpC: Repeated conditional tests	Correctness
SA: Double assignment of field	Correctness
SA: Self assignment of field	Correctness
SA: Self comparison of field with itself	Correctness
SA: Nonsensical self computation involving a field (e.g., x & x)	Correctness
SA: Self comparison of value with itself	Correctness
SA: Nonsensical self computation involving a variable (e.g., x & x)	Correctness
SF: Dead store due to switch statement fall through	Correctness
SF: Dead store due to switch statement fall through to throw	Correctness
SIC: Deadly embrace of non-static inner class and thread local	Correctness
SIO: Unnecessary type check done using instanceof operator	Correctness
SQL: Method attempts to access a prepared statement parameter with index 0	Correctness
SQL: Method attempts to access a result set field with index 0	Correctness
STI: Unneeded use of currentThread() call, to call interrupted()	Correctness
STI: Static Thread.interrupted() method invoked on thread instance	Correctness
Se: Method must be private in order for serialization to work	Correctness
Se: The readResolve method must not be declared as a static method.	Correctness
TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required	Correctness
TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifier	Correctness
TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier	Correctness
TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is required	Correctness
UMAC: Uncallable method defined in anonymous class	Correctness
UR: Uninitialized read of field in constructor	Correctness
UR: Uninitialized read of field method called from constructor of superclass	Correctness
USELESS_STRING: Invocation of toString on an array	Correctness
USELESS_STRING: Invocation of toString on an array	Correctness
USELESS_STRING: Array formatted in useless way using format string	Correctness
UwF: Field only ever set to null	Correctness
UwF: Unwritten field	Correctness
VA: Primitive array passed to function expecting a variable number of object arguments	Correctness
LG: Potential lost logger changes due to weak reference in OpenJDK	Experimental
OBL: Method may fail to clean up stream or resource	Experimental
Dm: Consider using Locale parameterized version of invoked method	Internationalization
EI: May expose internal representation by returning reference to mutable object	Malicious code vulnerability
EI2: May expose internal representation by incorporating reference to mutable object	Malicious code vulnerability
FI: Finalizer should be protected, not public	Malicious code vulnerability
MS: May expose internal static state by storing a mutable object into a static field	Malicious code vulnerability
MS: Field isn't final and can't be protected from malicious code	Malicious code vulnerability
MS: Public static method may expose internal representation by returning array	Malicious code vulnerability
MS: Field should be both final and package protected	Malicious code vulnerability
MS: Field is a mutable array	Malicious code vulnerability
MS: Field is a mutable Hashtable	Malicious code vulnerability
MS: Field should be moved out of an interface and made package protected	Malicious code vulnerability
MS: Field should be package protected	Malicious code vulnerability
MS: Field isn't final but should be	Malicious code vulnerability
DC: Possible double check of field	Multithreaded correctness
DL: Synchronization on Boolean could lead to deadlock	Multithreaded correctness
DL: Synchronization on boxed primitive could lead to deadlock	Multithreaded correctness
DL: Synchronization on interned String could lead to deadlock	Multithreaded correctness
DL: Synchronization on boxed primitive values	Multithreaded correctness
Dm: Monitor wait() called on Condition	Multithreaded correctness
Dm: A thread was created using the default empty run method	Multithreaded correctness
ESync: Empty synchronized block	Multithreaded correctness
IS: Inconsistent synchronization	Multithreaded correctness
IS: Field not guarded against concurrent access	Multithreaded correctness
JLM: Synchronization performed on Lock	Multithreaded correctness
LI: Incorrect lazy initialization of static field	Multithreaded correctness
LI: Incorrect lazy initialization and update of static field	Multithreaded correctness
ML: Synchronization on field in futile attempt to guard that field	Multithreaded correctness
ML: Method synchronizes on an updated field	Multithreaded correctness
MSF: Mutable servlet field	Multithreaded correctness
MWN: Mismatched notify()	Multithreaded correctness
MWN: Mismatched wait()	Multithreaded correctness
NN: Naked notify	Multithreaded correctness
NP: Synchronize and null check on the same field.	Multithreaded correctness
No: Using notify() rather than notifyAll()	Multithreaded correctness
RS: Class's readObject() method is synchronized	Multithreaded correctness
RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reused	Multithreaded correctness
Ru: Invokes run on a thread (did you mean to start it instead?)	Multithreaded correctness
SC: Constructor invokes Thread.start()	Multithreaded correctness
SP: Method spins on field	Multithreaded correctness
STCAL: Call to static Calendar	Multithreaded correctness
STCAL: Call to static DateFormat	Multithreaded correctness
STCAL: Static Calendar	Multithreaded correctness
STCAL: Static DateFormat	Multithreaded correctness
SWL: Method calls Thread.sleep() with a lock held	Multithreaded correctness
TLW: Wait with two locks held	Multithreaded correctness
UG: Unsynchronized get method, synchronized set method	Multithreaded correctness
UL: Method does not release lock on all paths	Multithreaded correctness
UL: Method does not release lock on all exception paths	Multithreaded correctness
UW: Unconditional wait	Multithreaded correctness
VO: A volatile reference to an array doesn't treat the array elements as volatile	Multithreaded correctness
WL: Sychronization on getClass rather than class literal	Multithreaded correctness
WS: Class's writeObject() method is synchronized but nothing else is	Multithreaded correctness
Wa: Condition.await() not in loop	Multithreaded correctness
Wa: Wait not in loop	Multithreaded correctness
Bx: Primitive value is boxed and then immediately unboxed	Performance
Bx: Primitive value is boxed then unboxed to perform primitive coercion	Performance
Bx: Method allocates a boxed primitive just to call toString	Performance
Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead	Performance
Bx: Method invokes inefficient Number constructor; use static valueOf instead	Performance
Dm: The equals and hashCode methods of URL are blocking	Performance
Dm: Maps and sets of URLs can be performance hogs	Performance
Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead	Performance
Dm: Explicit garbage collection; extremely dubious except in benchmarking code	Performance
Dm: Method allocates an object, only to get the class object	Performance
Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer	Performance
Dm: Method invokes inefficient new String(String) constructor	Performance
Dm: Method invokes toString() method on a String	Performance
Dm: Method invokes inefficient new String() constructor	Performance
HSC: Huge string constants is duplicated across multiple class files	Performance
ITA: Method uses toArray() with zero-length array argument	Performance
SBSC: Method concatenates strings using + in a loop	Performance
SIC: Should be a static inner class	Performance
SIC: Could be refactored into a named static inner class	Performance
SIC: Could be refactored into a static inner class	Performance
SS: Unread field: should this field be static?	Performance
UM: Method calls static Math class method on a constant value	Performance
UPM: Private method is never called	Performance
UrF: Unread field	Performance
UuF: Unused field	Performance
WMI: Inefficient use of keySet iterator instead of entrySet iterator	Performance
Dm: Hardcoded constant database password	Security
Dm: Empty database password	Security
HRS: HTTP cookie formed from untrusted input	Security
HRS: HTTP Response splitting vulnerability	Security
SQL: Nonconstant string passed to execute method on an SQL statement	Security
SQL: A prepared statement is generated from a nonconstant String	Security
XSS: JSP reflected cross site scripting vulnerability	Security
XSS: Servlet reflected cross site scripting vulnerability	Security
XSS: Servlet reflected cross site scripting vulnerability	Security
BC: Questionable cast to abstract collection	Dodgy
BC: Questionable cast to concrete collection	Dodgy
BC: Unchecked/unconfirmed cast	Dodgy
BC: instanceof will always return true	Dodgy
BSHIFT: Unsigned right shift cast to short/byte	Dodgy
CI: Class is final but declares protected field	Dodgy
DB: Method uses the same code for two branches	Dodgy
DB: Method uses the same code for two switch clauses	Dodgy
DLS: Dead store to local variable	Dodgy
DLS: Useless assignment in return statement	Dodgy
DLS: Dead store of null to local variable	Dodgy
DMI: Code contains a hard coded reference to an absolute pathname	Dodgy
DMI: Non serializable object written to ObjectOutput	Dodgy
DMI: Invocation of substring(0), which returns the original value	Dodgy
Dm: Thread passed where Runnable expected	Dodgy
Eq: Class doesn't override equals in superclass	Dodgy
Eq: Unusual equals method	Dodgy
FE: Test for floating point equality	Dodgy
FS: Non-Boolean argument formatted using %b format specifier	Dodgy
IA: Ambiguous invocation of either an inherited or outer method	Dodgy
IC: Initialization circularity	Dodgy
ICAST: integral division result cast to double or float	Dodgy
ICAST: Result of integer multiplication cast to long	Dodgy
IM: Computation of average could overflow	Dodgy
IM: Check for oddness that won't work for negative numbers	Dodgy
INT: Integer remainder modulo 1	Dodgy
INT: Vacuous comparison of integer value	Dodgy
MTIA: Class extends Servlet class and uses instance variables	Dodgy
MTIA: Class extends Struts Action class and uses instance variables	Dodgy
NP: Dereference of the result of readLine() without nullcheck	Dodgy
NP: Immediate dereference of the result of readLine()	Dodgy
NP: Load of known null value	Dodgy
NP: Possible null pointer dereference due to return value of called method	Dodgy
NP: Possible null pointer dereference on path that might be infeasible	Dodgy
NP: Parameter must be nonnull but is marked as nullable	Dodgy
NS: Potentially dangerous use of non-short-circuit logic	Dodgy
NS: Questionable use of non-short-circuit logic	Dodgy
PZLA: Consider returning a zero length array rather than null	Dodgy
QF: Complicated, subtle or wrong increment in for-loop	Dodgy
RCN: Redundant comparison of non-null value to null	Dodgy
RCN: Redundant comparison of two null values	Dodgy
RCN: Redundant nullcheck of value known to be non-null	Dodgy
RCN: Redundant nullcheck of value known to be null	Dodgy
REC: Exception is caught when Exception is not thrown	Dodgy
RI: Class implements same interface as superclass	Dodgy
RV: Method checks to see if result of String.indexOf is positive	Dodgy
RV: Method discards result of readLine after checking if it is nonnull	Dodgy
RV: Remainder of hashCode could be negative	Dodgy
RV: Remainder of 32-bit signed random integer	Dodgy
SA: Double assignment of local variable	Dodgy
SA: Self assignment of local variable	Dodgy
SF: Switch statement found where one case falls through to the next case	Dodgy
SF: Switch statement found where default case is missing	Dodgy
ST: Write to static field from instance method	Dodgy
Se: private readResolve method not inherited by subclasses	Dodgy
Se: Transient field of class that isn't Serializable.	Dodgy
TQ: Explicit annotation inconsistent with use	Dodgy
TQ: Explicit annotation inconsistent with use	Dodgy
UCF: Useless control flow	Dodgy
UCF: Useless control flow to next line	Dodgy
UwF: Field not initialized in constructor	Dodgy
XFB: Method directly allocates a specific implementation of xml interfaces	Dodgy