Project: <<unnamed project>>
FindBugs version: 1.3.1
Code analyzed:
21028 lines of code analyzed, in 866 classes, in 12 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 6 | 0.29 |
Medium Priority Warnings | 60 | 2.85 |
Total Warnings | 66 | 3.14 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 27 |
Correctness Warnings | 12 |
Malicious code vulnerability Warnings | 3 |
Multithreaded correctness Warnings | 3 |
Performance Warnings | 7 |
Dodgy Warnings | 14 |
Total | 66 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
DE | edu.rice.cs.plt.io.IOUtil.attemptClose(Closeable) might ignore java.io.IOException |
DE | edu.rice.cs.plt.reflect.ClassLoaderTestCase.assertDoesNotLoadClass(ClassLoader, String) might ignore java.lang.ClassNotFoundException |
DE | edu.rice.cs.plt.reflect.PathClassLoaderTest.assertCannotGet(ClassLoader, String) might ignore java.lang.Exception |
Dm | edu.rice.cs.plt.debug.RMILogSink$ServerFactory$1.close() invokes System.exit(...), which shuts down the entire virtual machine |
Dm | edu.rice.cs.plt.debug.TreeLogSink$4.run() invokes System.exit(...), which shuts down the entire virtual machine |
DP | edu.rice.cs.plt.reflect.EmptyClassLoader.<static initializer>() creates a edu.rice.cs.plt.reflect.EmptyClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.PathClassLoader.getResourceInPath(String, Iterable) creates a edu.rice.cs.plt.reflect.PathClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.PathClassLoader.getResourceInPathAsStream(String, Iterable) creates a edu.rice.cs.plt.reflect.PathClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.<static initializer>() creates a edu.rice.cs.plt.reflect.ReflectUtil$1 classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.loadLibraryAdapter(ClassLoader, Iterable, String, Class[], Object[]) creates a edu.rice.cs.plt.reflect.PathClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.loadLibraryAdapter(ClassLoader, Iterable, String, Class[], Object[]) creates a edu.rice.cs.plt.reflect.PreemptingClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.mergeLoaders(ClassLoader, ClassLoader) creates a edu.rice.cs.plt.reflect.ComposedClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.mergeLoaders(ClassLoader, ClassLoader, boolean, String[]) creates a edu.rice.cs.plt.reflect.ComposedClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ReflectUtil.mergeLoaders(ClassLoader, ClassLoader, boolean, String[]) creates a edu.rice.cs.plt.reflect.ShadowingClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ShadowingClassLoader.blackList(ClassLoader, String[]) creates a edu.rice.cs.plt.reflect.ShadowingClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.reflect.ShadowingClassLoader.whiteList(ClassLoader, String[]) creates a edu.rice.cs.plt.reflect.ShadowingClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.plt.swing.SwingUtil.showApplet(String, URL, String, int, int, Map) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block |
HE | edu.rice.cs.plt.tuple.Octet defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Pair defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Quad defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Quint defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Septet defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Sextet defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Triple defines equals but not hashCode |
HE | edu.rice.cs.plt.tuple.Wrapper defines equals but not hashCode |
RV | edu.rice.cs.plt.reflect.JavaVersionTest.testParseFullVersionSort() ignores exceptional return value of java.io.File.delete() |
SnVI | edu.rice.cs.plt.reflect.ReflectUtil$FieldBox is Serializable; consider declaring a serialVersionUID |
Code | Warning |
---|---|
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(byte[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(char[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(double[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(float[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(int[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(long[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(Object[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(short[], RecurUtil$ArrayStringMode) |
DMI | Invocation of toString on array in edu.rice.cs.plt.recur.RecurUtil.arrayToString(boolean[], RecurUtil$ArrayStringMode) |
IL | There is an apparent infinite recursive loop in edu.rice.cs.plt.swing.SwingUtil.showApplet(String, Applet, int, int, URL) |
NP | Possible null pointer dereference of JavaVersion$FullVersion._location in edu.rice.cs.plt.reflect.JavaVersion$FullVersion.equals(Object) |
RCN | Nullcheck of parent at line 1765 of value previously dereferenced in edu.rice.cs.plt.io.IOUtil.isSafeThrowableClass(Class) |
Code | Warning |
---|---|
EI | edu.rice.cs.plt.debug.ThreadSnapshot.snapshotTime() may expose internal representation by returning ThreadSnapshot._time |
MS | edu.rice.cs.plt.reflect.ReflectUtilTest.MUTABLE_STATIC_FIELD isn't final but should be |
MS | edu.rice.cs.plt.reflect.ReflectUtilTest.mutableNonstaticField isn't final but should be |
Code | Warning |
---|---|
IS | Inconsistent synchronization of edu.rice.cs.plt.io.ExpandingByteBuffer._eof; locked 85% of time |
IS | Inconsistent synchronization of edu.rice.cs.plt.io.ExpandingCharBuffer._eof; locked 85% of time |
STCAL | Call to method of static java.text.DateFormat in edu.rice.cs.plt.debug.TextLogSink.formatTime(Date) |
Code | Warning |
---|---|
Dm | edu.rice.cs.plt.collect.WeakHashSetTest.runGCUntil(Condition) forces garbage collection; extremely dubious except in benchmarking code |
Dm | edu.rice.cs.plt.reflect.ClassLoaderTestCase.assertHasDifferentResource(ClassLoader, ClassLoader, String) invokes java.net.URL.equals(Object), which blocks to do domain name resolution |
Dm | edu.rice.cs.plt.tuple.TupleTest.testIdentityTriple() invokes inefficient new String(String) constructor |
Dm | edu.rice.cs.plt.tuple.TupleTest.testIdentityWrapper() invokes inefficient new String(String) constructor |
Dm | edu.rice.cs.plt.tuple.TupleTest.testTriple() invokes inefficient new String(String) constructor |
Dm | edu.rice.cs.plt.tuple.TupleTest.testWrapper() invokes inefficient new String(String) constructor |
SIC | Should edu.rice.cs.plt.collect.ConcreteRelationIndexTest$StubIndex be a _static_ inner class? |
Code | Warning |
---|---|
Eq | edu.rice.cs.plt.collect.ConcreteRelationIndex$ValueSet doesn't override DelegatingSet.equals(Object) |
Eq | edu.rice.cs.plt.collect.DelegatingRelation doesn't override DelegatingSet.equals(Object) |
Eq | edu.rice.cs.plt.collect.ImmutableRelation doesn't override DelegatingSet.equals(Object) |
Eq | edu.rice.cs.plt.collect.ListenerSet doesn't override DelegatingSet.equals(Object) |
Eq | edu.rice.cs.plt.collect.SnapshotSynchronizedList doesn't override DelegatingList.equals(Object) |
Eq | edu.rice.cs.plt.collect.SnapshotSynchronizedSet doesn't override DelegatingSet.equals(Object) |
IA | Ambiguous invocation of either an outer or inherited method edu.rice.cs.plt.concurrent.TaskController$State.start() in edu.rice.cs.plt.concurrent.TaskController$WaitingState.get() |
IA | Ambiguous invocation of either an outer or inherited method edu.rice.cs.plt.concurrent.TaskController$State.start() in edu.rice.cs.plt.concurrent.TaskController$WaitingState.get(long, TimeUnit) |
NP | Possible null pointer dereference in edu.rice.cs.plt.concurrent.JVMBuilderTest.checkProcessOutput(Process, String, String, Iterable) due to return value of called method |
REC | Exception is caught when Exception is not thrown in edu.rice.cs.plt.reflect.PathClassLoaderTest.assertCannotGet(ClassLoader, String) |
ST | Write to static field edu.rice.cs.plt.concurrent.ConcurrentUtilTest._obj from instance method edu.rice.cs.plt.concurrent.ConcurrentUtilTest.testComputeInProcess() |
ST | Write to static field edu.rice.cs.plt.concurrent.ConcurrentUtilTest._obj from instance method edu.rice.cs.plt.concurrent.ConcurrentUtilTest.testComputeInThread() |
ST | Write to static field edu.rice.cs.plt.concurrent.ConcurrentUtilTest._obj from instance method edu.rice.cs.plt.concurrent.ConcurrentUtilTest.testComputeIncrementalInProcess() |
ST | Write to static field edu.rice.cs.plt.concurrent.ConcurrentUtilTest._obj from instance method edu.rice.cs.plt.concurrent.ConcurrentUtilTest.testRunInThread() |
This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.
Code explicitly invokes garbage collection. Except for specific use in benchmarking, this is very dubious.
In the past, situations where people have explicitly invoked the garbage collector in routines such as close or finalize methods has led to huge performance black holes. Garbage collection can be expensive. Any situation that forces hundreds or thousands of garbage collections will bring the machine to a crawl.
Using the java.lang.String(String)
constructor wastes memory
because the object so constructed will be functionally indistinguishable
from the String
passed as a parameter. Just use the
argument String
directly.
Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.
The equals and hashCode
method of URL perform domain name resolution, this can result in a big performance hit.
See http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html for more information.
Consider using java.net.URI
instead.
The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This class extends a class that defines an equals method and adds fields, but doesn't define an equals method itself. Thus, equality on instances of this class will ignore the identity of the subclass and the added fields. Be sure this is what is intended, and that you don't need to override the equals method. Even if you don't need to override the equals method, consider overriding it anyone to document the fact that the equals method for the subclass just return the result of invoking super.equals(o).
This class overrides equals(Object)
, but does not
override hashCode()
. Therefore, the class may violate the
invariant that equal objects must have equal hashcodes.
An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. By the Java semantics, it will be resolved to invoke the inherited method, but this may not be want you intend. If you really intend to invoke the inherited method, invoke it by invoking the method on super (e.g., invoke super.foo(17)), and thus it will be clear to other readers of your code and to FindBugs that you want to invoke the inherited method, not the method in the outer class.
This method unconditionally invokes itself. This would seem to indicate an infinite recursive loop that will result in a stack overflow.
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.
You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.
Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.
This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.
A mutable static field could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
A reference value dereferenced here might be null at runtime.
This may lead to a NullPointerException
when the code is executed.
A reference value which is null on some exception control path is
dereferenced here. This may lead to a NullPointerException
when the code is executed. The value may be null because it
was return from a method which is known to return possibly-null values.
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
This method returns a value that is not checked. The return value should be checked
since it can indication an unusual or unexpected function execution. For
example, the File.delete()
method returns false
if the file could not be successfully deleted (rather than
throwing an Exception).
If you don't check the result, you won't notice if the method invocation
signals unexpected behavior by returning an atypical return value.
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
This class implements the Serializable
interface, but does
not define a serialVersionUID
field.
A change as simple as adding a reference to a .class object
will add synthetic fields to the class,
which will unfortunately change the implicit
serialVersionUID (e.g., adding a reference to String.class
will generate a static field class$java$lang$String
).
Also, different source code to bytecode compilers may use different
naming conventions for synthetic variables generated for
references to class objects or inner classes.
To ensure interoperability of Serializable across versions,
consider adding an explicit serialVersionUID.
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. The detector has found a call to an instance of DateFormat that has been obtained via a static field. This looks suspicous.
For more information on this see Sun Bug #6231579 and Sun Bug #6178997.