Rule | Description | KPI | URL |
---|---|---|---|
SW_SWING_METHODS_INVOKED_IN_SWING_THREAD | (From JDC Tech Tip): The Swing methods show(), setVisible(), and pack() will create the associated peer for the frame. With the creation of the peer, the system creates the event dispatch thread. This makes things problematic because the event dispatch thread could be notifying listeners while pack and validate are still processing. This situation could result in two threads going through the Swing component-based GUI — it’s a serious flaw that could result in deadlocks or other related threading issues. A pack call causes components to be realized. As they are being realized (that is, not necessarily visible), they could trigger listener notification on the event dispatch thread. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sw-certain-swing-methods-needs-to-be-invoked-in-swing-thread-sw-swing-methods-invoked-in-swing-thread |
FI_FINALIZER_ONLY_NULLS_FIELDS | This finalizer does nothing except null out fields. This is completely pointless, and requires that the object be garbage collected, finalized, and then garbage collected again. You should just remove the finalize method. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fi-finalizer-only-nulls-fields-fi-finalizer-only-nulls-fields |
UI_INHERITANCE_UNSAFE_GETRESOURCE | Calling this.getClass().getResource(…) could give results other than expected if this class is extended by a class in another package. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ui-usage-of-getresource-may-be-unsafe-if-class-is-extended-ui-inheritance-unsafe-getresource |
AM_CREATES_EMPTY_ZIP_FILE_ENTRY | The code calls putNextEntry(), immediately followed by a call to closeEntry(). This results in an empty ZipFile entry. The contents of the entry should be written to the ZipFile between the calls to putNextEntry() and closeEntry(). | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#am-creates-an-empty-zip-file-entry-am-creates-empty-zip-file-entry |
AM_CREATES_EMPTY_JAR_FILE_ENTRY | The code calls putNextEntry(), immediately followed by a call to closeEntry(). This results in an empty JarFile entry. The contents of the entry should be written to the JarFile between the calls to putNextEntry() and closeEntry(). | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#am-creates-an-empty-jar-file-entry-am-creates-empty-jar-file-entry |
IMSE_DONT_CATCH_IMSE | IllegalMonitorStateException is generally only thrown in case of a design flaw in your code (calling wait or notify on an object you do not hold a lock on). | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#imse-dubious-catching-of-illegalmonitorstateexception-imse-dont-catch-imse |
CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE | This class defines a clone() method but the class doesn’t implement Cloneable. There are some situations in which this is OK (e.g., you want to control how subclasses can clone themselves), but just make sure that this is what you intended. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#cn-class-defines-clone-but-doesn-t-implement-cloneable-cn-implements-clone-but-not-cloneable |
CN_IDIOM | Class implements Cloneable but does not define or use the clone method. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#cn-class-implements-cloneable-but-does-not-define-or-use-clone-method-cn-idiom |
NM_FUTURE_KEYWORD_USED_AS_IDENTIFIER | The identifier is a word that is reserved as a keyword in later versions of Java, and your code will need to be changed in order to compile it in later versions of Java. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-use-of-identifier-that-is-a-keyword-in-later-versions-of-java-nm-future-keyword-used-as-identifier |
NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER | This identifier is used as a keyword in later versions of Java. This code, and any code that references this API, will need to be changed in order to compile it in later versions of Java. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-use-of-identifier-that-is-a-keyword-in-later-versions-of-java-nm-future-keyword-used-as-member-identifier |
FI_EMPTY | Empty finalize() methods are useless, so they should be deleted. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fi-empty-finalizer-should-be-deleted-fi-empty |
EQ_SELF_NO_OBJECT | This class defines a covariant version of equals(). To correctly override the equals() method in java.lang.Object, the parameter of equals() must have type java.lang.Object. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-covariant-equals-method-defined-eq-self-no-object |
CO_SELF_NO_OBJECT | This class defines a covariant version of compareTo(). To correctly override the compareTo() method in the Comparable interface, the parameter of compareTo() must have type java.lang.Object. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#co-covariant-compareto-method-defined-co-self-no-object |
CO_COMPARETO_RESULTS_MIN_VALUE | In some situation, this compareTo or compare method returns the constant Integer.MIN_VALUE, which is an exceptionally bad practice. The only thing that matters about the return value of compareTo is the sign of the result. But people will sometimes negate the return value of compareTo, expecting that this will negate the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE. So just return -1 rather than Integer.MIN_VALUE. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#co-compareto-compare-returns-integer-min-value-co-compareto-results-min-value |
RV_NEGATING_RESULT_OF_COMPARETO | This code negatives the return value of a compareTo or compare method. This is a questionable or bad programming practice, since if the return value is Integer.MIN_VALUE, negating the return value won’t negate the sign of the result. You can achieve the same intended result by reversing the order of the operands rather than by negating the results. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-negating-the-result-of-compareto-compare-rv-negating-result-of-compareto |
EQ_COMPARETO_USE_OBJECT_EQUALS | This class defines a compareTo(…) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.
From the JavaDoc for the compareTo method in the Comparable interface: |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-class-defines-compareto-and-uses-object-equals-eq-compareto-use-object-equals |
HE_HASHCODE_USE_OBJECT_EQUALS | This class defines a hashCode() method but inherits its equals() method from java.lang.Object (which defines equality by comparing object references). Although this will probably satisfy the contract that equal objects must have equal hashcodes, it is probably not what was intended by overriding the hashCode() method. (Overriding hashCode() implies that the object’s identity is based on criteria more complicated than simple reference equality.) | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#he-class-defines-hashcode-and-uses-object-equals-he-hashcode-use-object-equals |
EQ_ABSTRACT_SELF | This class defines a covariant version of equals(). To correctly override the equals() method in java.lang.Object, the parameter of equals() must have type java.lang.Object. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-abstract-class-defines-covariant-equals-method-eq-abstract-self |
CO_ABSTRACT_SELF | This class defines a covariant version of compareTo(). To correctly override the compareTo() method in the Comparable interface, the parameter of compareTo() must have type java.lang.Object. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#co-abstract-class-defines-covariant-compareto-method-co-abstract-self |
IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION | During the initialization of a class, the class makes an active use of a subclass. That subclass will not yet be initialized at the time of this use. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ic-superclass-uses-subclass-during-initialization-ic-superclass-uses-subclass-during-initialization |
SI_INSTANCE_BEFORE_FINALS_ASSIGNED | The class’s static initializer creates an instance of the class before all of the static final fields are assigned. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#si-static-initializer-creates-instance-before-all-static-final-fields-assigned-si-instance-before-finals-assigned |
ME_MUTABLE_ENUM_FIELD | A mutable public field is defined inside a public enum, thus can be changed by malicious code or by accident from another package. Though mutable enum fields may be used for lazy initialization, it’s a bad practice to expose them to the outer world. Consider declaring this field final and/or package-private. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#me-enum-field-is-public-and-mutable-me-mutable-enum-field |
ME_ENUM_FIELD_SETTER | This public method declared in public enum unconditionally sets enum field, thus this field can be changed by malicious code or by accident from another package. Though mutable enum fields may be used for lazy initialization, it’s a bad practice to expose them to the outer world. Consider removing this method or declaring it package-private. | Security | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#me-public-enum-method-unconditionally-sets-its-field-me-enum-field-setter |
NM_SAME_SIMPLE_NAME_AS_INTERFACE | This class/interface has a simple name that is identical to that of an implemented/extended interface, except that the interface is in a different package (e.g., alpha.Foo extends beta.Foo). This can be exceptionally confusing, create lots of situations in which you have to look at import statements to resolve references and creates many opportunities to accidentally define methods that do not override methods in their superclasses. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-class-names-shouldn-t-shadow-simple-name-of-implemented-interface-nm-same-simple-name-as-interface |
NM_SAME_SIMPLE_NAME_AS_SUPERCLASS | This class has a simple name that is identical to that of its superclass, except that its superclass is in a different package (e.g., alpha.Foo extends beta.Foo). This can be exceptionally confusing, create lots of situations in which you have to look at import statements to resolve references and creates many opportunities to accidentally define methods that do not override methods in their superclasses. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-class-names-shouldn-t-shadow-simple-name-of-superclass-nm-same-simple-name-as-superclass |
NM_WRONG_PACKAGE_INTENTIONAL | The method in the subclass doesn’t override a similar method in a superclass because the type of a parameter doesn’t exactly match the type of the corresponding parameter in the superclass. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-method-doesn-t-override-method-in-superclass-due-to-wrong-package-for-parameter-nm-wrong-package-intentional |
RR_NOT_CHECKED | This method ignores the return value of one of the variants of java.io.InputStream.read() which can return multiple bytes. If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were read than the caller requested. This is a particularly insidious kind of bug, because in many programs, reads from input streams usually do read the full amount of data requested, causing the program to fail only sporadically. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rr-method-ignores-results-of-inputstream-read-rr-not-checked |
SR_NOT_CHECKED | This method ignores the return value of java.io.InputStream.skip() which can skip multiple bytes. If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were skipped than the caller requested. This is a particularly insidious kind of bug, because in many programs, skips from input streams usually do skip the full amount of data requested, causing the program to fail only sporadically. With Buffered streams, however, skip() will only skip data in the buffer, and will routinely fail to skip the requested number of bytes. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rr-method-ignores-results-of-inputstream-skip-sr-not-checked |
SE_NO_SUITABLE_CONSTRUCTOR | This class implements the Serializable interface and its superclass does not. When such an object is deserialized, the fields of the superclass need to be initialized by invoking the void constructor of the superclass. Since the superclass does not have one, serialization and deserialization will fail at runtime. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-class-is-serializable-but-its-superclass-doesn-t-define-a-void-constructor-se-no-suitable-constructor |
SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION | This class implements the Externalizable interface, but does not define a void constructor. When Externalizable objects are deserialized, they first need to be constructed by invoking the void constructor. Since this class does not have one, serialization and deserialization will fail at runtime. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-class-is-externalizable-but-doesn-t-define-a-void-constructor-se-no-suitable-constructor-for-externalization |
SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-comparator-doesn-t-implement-serializable-se-comparator-should-be-serializable |
SE_READ_RESOLVE_MUST_RETURN_OBJECT | In order for the readResolve method to be recognized by the serialization mechanism, it must be declared to have a return type of Object. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-the-readresolve-method-must-be-declared-with-a-return-type-of-object-se-read-resolve-must-return-object |
SE_NONFINAL_SERIALVERSIONID | This class defines a serialVersionUID field that is not final. The field should be made final if it is intended to specify the version UID for purposes of serialization. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-serialversionuid-isn-t-final-se-nonfinal-serialversionid |
SE_NONSTATIC_SERIALVERSIONID | This class defines a serialVersionUID field that is not static. The field should be made static if it is intended to specify the version UID for purposes of serialization. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-serialversionuid-isn-t-static-se-nonstatic-serialversionid |
SE_NONLONG_SERIALVERSIONID | This class defines a serialVersionUID field that is not long. The field should be made long if it is intended to specify the version UID for purposes of serialization. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-serialversionuid-isn-t-long-se-nonlong-serialversionid |
SE_BAD_FIELD | This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods. Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-non-transient-non-serializable-instance-field-in-serializable-class-se-bad-field |
SE_INNER_CLASS | This Serializable class is an inner class. Any attempt to serialize it will also serialize the associated outer instance. The outer instance is serializable, so this won’t fail, but it might serialize a lot more data than intended. If possible, making the inner class a static inner class (also known as a nested class) should solve the problem. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-serializable-inner-class-se-inner-class |
SE_BAD_FIELD_INNER_CLASS | This Serializable class is an inner class of a non-serializable class. Thus, attempts to serialize it will also attempt to associate instance of the outer class with which it is associated, leading to a runtime error.
If possible, making the inner class a static inner class should solve the problem. Making the outer class serializable might also work, but that would mean serializing an instance of the inner class would always also serialize the instance of the outer class, which it often not what you really want. |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-non-serializable-class-has-a-serializable-inner-class-se-bad-field-inner-class |
SE_BAD_FIELD_STORE | A non-serializable value is stored into a non-transient field of a serializable class. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-non-serializable-value-stored-into-instance-field-of-a-serializable-class-se-bad-field-store |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don’t check the result, you won’t notice if the method invocation signals unexpected behavior by returning an atypical return value. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-method-ignores-exceptional-return-value-rv-return-value-ignored-bad-practice |
NP_CLONE_COULD_RETURN_NULL | This clone method seems to return null in some circumstances, but clone is never allowed to return a null value. If you are convinced this path is unreachable, throw an AssertionError instead. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-clone-method-may-return-null-np-clone-could-return-null |
VA_FORMAT_STRING_USES_NEWLINE | This format string includes a newline character (n). In format strings, it is generally preferable to use %n, which will produce the platform-specific line separator. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-format-string-should-use-n-rather-than-n-va-format-string-uses-newline |
BIT_SIGNED_CHECK | This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use ‘!= 0’ instead of ‘> 0’. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-check-for-sign-of-bitwise-operation-bit-signed-check |
ISC_INSTANTIATE_STATIC_CLASS | This class allocates an object that is based on a class that only supplies static methods. This object does not need to be created, just access the static methods directly using the class name as a qualifier. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#isc-needless-instantiation-of-class-that-only-supplies-static-methods-isc-instantiate-static-class |
DMI_RANDOM_USED_ONLY_ONCE | This code creates a java.util.Random object, uses it to generate one random number, and then discards the Random object. This produces mediocre quality random numbers and is inefficient. If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number is required invoke a method on the existing Random object to obtain it.
If it is important that the generated Random numbers not be guessable, you must not create a new Random for each random number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead (and avoid allocating a new SecureRandom for each random number needed). |
Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-random-object-created-and-used-only-once-dmi-random-used-only-once |
BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | The equals(Object o) method shouldn’t make any assumptions about the type of o. It should simply return false if o is not the same type as this. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-equals-method-should-not-assume-anything-about-the-type-of-its-argument-bc-equals-method-should-work-for-all-objects |
GC_UNCHECKED_TYPE_IN_GENERIC_CALL | This call to a generic collection method passes an argument while compile type Object where a specific type from the generic type parameters is expected. Thus, neither the standard Java type system nor static analysis can provide useful information on whether the object being passed as a parameter is of an appropriate type. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#gc-unchecked-type-in-generic-call-gc-unchecked-type-in-generic-call |
PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS | The entrySet() method is allowed to return a view of the underlying Map in which an Iterator and Map.Entry. This clever idea was used in several Map implementations, but introduces the possibility of nasty coding mistakes. If a map m returns such an iterator for an entrySet, then c.addAll(m.entrySet()) will go badly wrong. All of the Map implementations in OpenJDK 1.7 have been rewritten to avoid this, you should to. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#pz-don-t-reuse-entry-objects-in-iterators-pz-dont-reuse-entry-objects-in-iterators |
DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS | The entrySet() method is allowed to return a view of the underlying Map in which a single Entry object is reused and returned during the iteration. As of Java 1.6, both IdentityHashMap and EnumMap did so. When iterating through such a Map, the Entry value is only valid until you advance to the next iteration. If, for example, you try to pass such an entrySet to an addAll method, things will go badly wrong. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-adding-elements-of-an-entry-set-may-fail-due-to-reuse-of-entry-objects-dmi-entry-sets-may-reuse-entry-objects |
IO_APPENDING_TO_OBJECT_OUTPUT_STREAM | This code opens a file in append mode and then wraps the result in an object output stream. This won’t allow you to append to an existing object output stream stored in a file. If you want to be able to append to an object output stream, you need to keep the object output stream open.
The only situation in which opening a file in append mode and the writing an object output stream could work is if on reading the file you plan to open it in random access mode and seek to the byte offset where the append started. |
Resource Utilization | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#io-doomed-attempt-to-append-to-an-object-output-stream-io-appending-to-object-output-stream |
IL_INFINITE_RECURSIVE_LOOP | This method unconditionally invokes itself. This would seem to indicate an infinite recursive loop that will result in a stack overflow. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#il-an-apparent-infinite-recursive-loop-il-infinite-recursive-loop |
IL_CONTAINER_ADDED_TO_ITSELF | A collection is added to itself. As a result, computing the hashCode of this set will throw a StackOverflowException. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#il-a-collection-is-added-to-itself-il-container-added-to-itself |
DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR | (Javadoc) While ScheduledThreadPoolExecutor inherits from ThreadPoolExecutor, a few of the inherited tuning methods are not useful for it. In particular, because it acts as a fixed-sized pool using corePoolSize threads and an unbounded queue, adjustments to maximumPoolSize have no useful effect. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-futile-attempt-to-change-max-pool-size-of-scheduledthreadpoolexecutor-dmi-futile-attempt-to-change-maxpool-size-of-scheduled-thread-pool-executor |
DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE | This code creates a BigDecimal from a double value that doesn’t translate well to a decimal number. For example, one might assume that writing new BigDecimal(0.1) in Java creates a BigDecimal which is exactly equal to 0.1 (an unscaled value of 1, with a scale of 1), but it is actually equal to 0.1000000000000000055511151231257827021181583404541015625. You probably want to use the BigDecimal.valueOf(double d) method, which uses the String representation of the double to create the BigDecimal (e.g., BigDecimal.valueOf(0.1) gives 0.1). | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-bigdecimal-constructed-from-double-that-isn-t-represented-precisely-dmi-bigdecimal-constructed-from-double |
DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS | (Javadoc) A ScheduledThreadPoolExecutor with zero core threads will never execute anything; changes to the max pool size are ignored. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-creation-of-scheduledthreadpoolexecutor-with-zero-core-threads-dmi-scheduled-thread-pool-executor-with-zero-core-threads |
DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION | Unless an annotation has itself been annotated with @Retention(RetentionPolicy.RUNTIME), the annotation can’t be observed using reflection (e.g., by using the isAnnotationPresent method). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-can-t-use-reflection-to-check-for-presence-of-annotation-without-runtime-retention-dmi-annotation-is-not-visible-to-reflection |
RV_ABSOLUTE_VALUE_OF_RANDOM_INT | This code generates a random signed integer and then computes the absolute value of that random integer. If the number returned by the random number generator is Integer.MIN_VALUE, then the result will be negative as well (since Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE). (Same problem arises for long values as well). | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-bad-attempt-to-compute-absolute-value-of-signed-random-integer-rv-absolute-value-of-random-int |
RV_ABSOLUTE_VALUE_OF_HASHCODE | This code generates a hashcode and then computes the absolute value of that hashcode. If the hashcode is Integer.MIN_VALUE, then the result will be negative as well (since Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE).
One out of 2^32 strings have a hashCode of Integer.MIN_VALUE, including “polygenelubricants” “GydZG_” and “”DESIGNING WORKHOUSES”. |
Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-bad-attempt-to-compute-absolute-value-of-signed-32-bit-hashcode-rv-absolute-value-of-hashcode |
RV_01_TO_INT | A random value from 0 to 1 is being coerced to the integer value 0. You probably want to multiply the random value by something else before coercing it to an integer, or use the Random.nextInt(n) method. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-random-value-from-0-to-1-is-coerced-to-the-integer-0-rv-01-to-int |
DM_INVALID_MIN_MAX | This code tries to limit the value bounds using the construct like Math.min(0, Math.max(100, value)). However the order of the constants is incorrect: it should be Math.min(100, Math.max(0, value)). As the result this code always produces the same result (or NaN if the value is NaN). | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-incorrect-combination-of-math-max-and-math-min-dm-invalid-min-max |
EQ_COMPARING_CLASS_NAMES | This method checks to see if two objects are the same class by checking to see if the names of their classes are equal. You can have different classes with the same name if they are loaded by different class loaders. Just check to see if the class objects are the same. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-equals-method-compares-class-names-rather-than-class-objects-eq-comparing-class-names |
EQ_ALWAYS_TRUE | This class defines an equals method that always returns true. This is imaginative, but not very smart. Plus, it means that the equals method is not symmetric. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-equals-method-always-returns-true-eq-always-true |
EQ_ALWAYS_FALSE | This class defines an equals method that always returns false. This means that an object is not equal to itself, and it is impossible to create useful Maps or Sets of this class. More fundamentally, it means that equals is not reflexive, one of the requirements of the equals method. The likely intended semantics are object identity: that an object is equal to itself. This is the behavior inherited from class Object. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-equals-method-always-returns-false-eq-always-false |
EQ_SELF_USE_OBJECT | This class defines a covariant version of the equals() method, but inherits the normal equals(Object) method defined in the base java.lang.Object class. The class should probably define a boolean equals(Object) method. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-covariant-equals-method-defined-object-equals-object-inherited-eq-self-use-object |
EQ_OTHER_USE_OBJECT | This class defines an equals() method, that doesn’t override the normal equals(Object) method defined in the base java.lang.Object class. The class should probably define a boolean equals(Object) method. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-equals-method-defined-that-doesn-t-override-object-equals-object-eq-other-use-object |
EQ_OTHER_NO_OBJECT | This class defines an equals() method, that doesn’t override the normal equals(Object) method defined in the base java.lang.Object class. Instead, it inherits an equals(Object) method from a superclass. The class should probably define a boolean equals(Object) method. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-equals-method-defined-that-doesn-t-override-equals-object-eq-other-no-object |
HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS | A method, field or class declares a generic signature where a non-hashable class is used in context where a hashable class is required. A class that declares an equals method but inherits a hashCode() method from Object is unhashable, since it doesn’t fulfill the requirement that equal objects have equal hashCodes. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#he-signature-declares-use-of-unhashable-class-in-hashed-construct-he-signature-declares-hashing-of-unhashable-class |
HE_USE_OF_UNHASHABLE_CLASS | A class defines an equals(Object) method but not a hashCode() method, and thus doesn’t fulfill the requirement that equal objects have equal hashCodes. An instance of this class is used in a hash data structure, making the need to fix this problem of highest importance. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#he-use-of-class-without-a-hashcode-method-in-a-hashed-data-structure-he-use-of-unhashable-class |
UR_UNINIT_READ | This constructor reads a field which has not yet been assigned a value. This is often caused when the programmer mistakenly uses the field instead of one of the constructor’s parameters. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ur-uninitialized-read-of-field-in-constructor-ur-uninit-read |
UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR | This method is invoked in the constructor of the superclass. At this point, the fields of the class have not yet initialized. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ur-uninitialized-read-of-field-method-called-from-constructor-of-superclass-ur-uninit-read-called-from-super-constructor |
NM_WRONG_PACKAGE | The method in the subclass doesn’t override a similar method in a superclass because the type of a parameter doesn’t exactly match the type of the corresponding parameter in the superclass. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#nm-method-doesn-t-override-method-in-superclass-due-to-wrong-package-for-parameter-nm-wrong-package |
SE_READ_RESOLVE_IS_STATIC | In order for the readResolve method to be recognized by the serialization mechanism, it must not be declared as a static method. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#se-the-readresolve-method-must-not-be-declared-as-a-static-method-se-read-resolve-is-static |
NP_UNWRITTEN_FIELD | The program is dereferencing a field that does not seem to ever have a non-null value written to it. Unless the field is initialized via some mechanism not seen by the analysis, dereferencing this value will generate a null pointer exception. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-read-of-unwritten-field-np-unwritten-field |
UWF_UNWRITTEN_FIELD | This field is never written. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#uwf-unwritten-field-uwf-unwritten-field |
SIC_THREADLOCAL_DEADLY_EMBRACE | This class is an inner class, but should probably be a static inner class. As it is, there is a serious danger of a deadly embrace between the inner class and the thread local in the outer class. Because the inner class isn’t static, it retains a reference to the outer class. If the thread local contains a reference to an instance of the inner class, the inner and outer instance will both be reachable and not eligible for garbage collection. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-deadly-embrace-of-non-static-inner-class-and-thread-local-sic-threadlocal-deadly-embrace |
NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH | There is a statement or branch on an exception path that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-value-is-null-and-guaranteed-to-be-dereferenced-on-exception-path-np-guaranteed-deref-on-exception-path |
DMI_ARGUMENTS_WRONG_ORDER | The arguments to this method call seem to be in the wrong order. For example, a call Preconditions.checkNotNull(“message”, message) has reserved arguments: the value to be checked is the first argument. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-reversed-method-arguments-dmi-arguments-wrong-order |
RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | A value is checked here to see whether it is null, but this value can’t be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rcn-nullcheck-of-value-previously-dereferenced-rcn-redundant-nullcheck-would-have-been-a-npe |
VA_FORMAT_STRING_BAD_CONVERSION | One of the arguments is incompatible with the corresponding format string specifier. As a result, this will generate a runtime exception when executed. For example, String.format(“%d”, “1”) will generate an exception, since the String “1” is incompatible with the format specifier %d. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-the-type-of-a-supplied-argument-doesn-t-match-format-specifier-va-format-string-bad-conversion |
VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT | The format string specifies a relative index to request that the argument for the previous format specifier be reused. However, there is no previous argument | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-no-previous-argument-for-format-string-va-format-string-no-previous-argument |
VA_FORMAT_STRING_BAD_ARGUMENT | The format string placeholder is incompatible with the corresponding argument. For example, System.out.println(“%dn”, “hello”);
The %d placeholder requires a numeric argument, but a string value is passed instead. A runtime exception will occur when this statement is executed. |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-format-string-placeholder-incompatible-with-passed-argument-va-format-string-bad-argument |
VA_FORMAT_STRING_MISSING_ARGUMENT | Not enough arguments are passed to satisfy a placeholder in the format string. A runtime exception will occur when this statement is executed. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-format-string-references-missing-argument-va-format-string-missing-argument |
VA_FORMAT_STRING_ILLEGAL | The format string is syntactically invalid, and a runtime exception will occur when this statement is executed. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-illegal-format-string-va-format-string-illegal |
VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED | A format-string method with a variable number of arguments is called, but more arguments are passed than are actually used by the format string. This won’t cause a runtime exception, but the code may be silently omitting information that was intended to be included in the formatted string. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-more-arguments-are-passed-than-are-actually-used-in-the-format-string-va-format-string-extra-arguments-passed |
VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED | A method is called that expects a Java printf format string and a list of arguments. However, the format string doesn’t contain any format specifiers (e.g., %s) but does contain message format elements (e.g., {0}). It is likely that the code is supplying a MessageFormat string when a printf-style format string is required. At runtime, all of the arguments will be ignored and the format string will be returned exactly as provided without any formatting. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fs-messageformat-supplied-where-printf-style-format-expected-va-format-string-expected-message-format-supplied |
EC_UNRELATED_TYPES_USING_POINTER_EQUALITY | This method uses using pointer equality to compare two references that seem to be of different types. The result of this comparison will always be false at runtime. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-using-pointer-equality-to-compare-different-types-ec-unrelated-types-using-pointer-equality |
EC_UNRELATED_TYPES | This method calls equals(Object) on two references of different class types and analysis suggests they will be to objects of different classes at runtime. Further, examination of the equals methods that would be invoked suggest that either this call will always return false, or else the equals method is not be symmetric (which is a property required by the contract for equals in class Object). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-call-to-equals-comparing-different-types-ec-unrelated-types |
EC_ARRAY_AND_NONARRAY | This method invokes the .equals(Object o) to compare an array and a reference that doesn’t seem to be an array. If things being compared are of different types, they are guaranteed to be unequal and the comparison is almost certainly an error. Even if they are both arrays, the equals method on arrays only determines of the two arrays are the same object. To compare the contents of the arrays, use java.util.Arrays.equals(Object[], Object[]). | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-equals-used-to-compare-array-and-nonarray-ec-array-and-nonarray |
EC_NULL_ARG | This method calls equals(Object), passing a null value as the argument. According to the contract of the equals() method, this call should always return false. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-call-to-equals-null-ec-null-arg |
EC_UNRELATED_INTERFACES | This method calls equals(Object) on two references of unrelated interface types, where neither is a subtype of the other, and there are no known non-abstract classes which implement both interfaces. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-call-to-equals-comparing-different-interface-types-ec-unrelated-interfaces |
EC_UNRELATED_CLASS_AND_INTERFACE | This method calls equals(Object) on two references, one of which is a class and the other an interface, where neither the class nor any of its non-abstract subclasses implement the interface. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-call-to-equals-comparing-unrelated-class-and-interface-ec-unrelated-class-and-interface |
INT_BAD_COMPARISON_WITH_INT_VALUE | This code compares an int value with a long constant that is outside the range of values that can be represented as an int value. This comparison is vacuous and possibly to be incorrect. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#int-bad-comparison-of-int-value-with-long-constant-int-bad-comparison-with-int-value |
INT_BAD_COMPARISON_WITH_SIGNED_BYTE | Signed bytes can only have a value in the range -128 to 127. Comparing a signed byte with a value outside that range is vacuous and likely to be incorrect. To convert a signed byte b to an unsigned value in the range 0..255, use 0xff & b. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#int-bad-comparison-of-signed-byte-int-bad-comparison-with-signed-byte |
INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE | This code compares a value that is guaranteed to be non-negative with a negative constant or zero. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#int-bad-comparison-of-nonnegative-value-with-negative-constant-or-zero-int-bad-comparison-with-nonnegative-value |
BIT_ADD_OF_SIGNED_BYTE | Adds a byte value and a value which is known to have the 8 lower bits clear. Values loaded from a byte array are sign extended to 32 bits before any bitwise operations are performed on the value. Thus, if b[0] contains the value 0xff, and x is initially 0, then the code ((x << 8) + b[0]) will sign extend 0xff to get 0xffffffff, and thus give the value 0xffffffff as the result. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-bitwise-add-of-signed-byte-value-bit-add-of-signed-byte |
BIT_IOR_OF_SIGNED_BYTE | Loads a byte value (e.g., a value loaded from a byte array or returned by a method with return type byte) and performs a bitwise OR with that value. Byte values are sign extended to 32 bits before any bitwise operations are performed on the value. Thus, if b[0] contains the value 0xff, and x is initially 0, then the code ((x << 8) | b[0]) will sign extend 0xff to get 0xffffffff, and thus give the value 0xffffffff as the result. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-bitwise-or-of-signed-byte-value-bit-ior-of-signed-byte |
BIT_SIGNED_CHECK_HIGH_BIT | This method compares a bitwise expression such as ((val & CONSTANT) > 0) where CONSTANT is the negative number. Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results. This comparison is unlikely to work as expected. The good practice is to use ‘!= 0’ instead of ‘> 0’. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-check-for-sign-of-bitwise-operation-involving-negative-number-bit-signed-check-high-bit |
BIT_AND | This method compares an expression of the form (e & C) to D, which will always compare unequal due to the specific values of constants C and D. This may indicate a logic error or typo. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-incompatible-bit-masks-bit-and |
BIT_AND_ZZ | This method compares an expression of the form (e & 0) to 0, which will always compare equal. This may indicate a logic error or typo. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-check-to-see-if-0-0-bit-and-zz |
BIT_IOR | This method compares an expression of the form (e | C) to D. which will always compare unequal due to the specific values of constants C and D. This may indicate a logic error or typo.
Typically, this bug occurs because the code wants to perform a membership test in a bit set, but uses the bitwise OR operator (“|”) instead of bitwise AND (“&”). Also such bug may appear in expressions like (e & A | B) == C which is parsed like ((e & A) | B) == C while (e & (A | B)) == C was intended. |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bit-incompatible-bit-masks-bit-ior |
IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD | A JUnit assertion is performed in a run method. Failed JUnit assertions just result in exceptions being thrown. Thus, if this exception occurs in a thread other than the thread that invokes the test method, the exception will terminate the thread but not result in the test failing. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iju-junit-assertion-in-run-method-will-not-be-noticed-by-junit-iju-assert-method-invoked-from-run-method |
IJU_BAD_SUITE_METHOD | Class is a JUnit TestCase and defines a suite() method. However, the suite method needs to be declared as either. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iju-testcase-declares-a-bad-suite-method-iju-bad-suite-method |
IJU_SETUP_NO_SUPER | Class is a JUnit TestCase and implements the setUp method. The setUp method should call super.setUp(), but doesn’t. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iju-testcase-defines-setup-that-doesn-t-call-super-setup-iju-setup-no-super |
IJU_TEARDOWN_NO_SUPER | Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call super.tearDown(), but doesn’t. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iju-testcase-defines-teardown-that-doesn-t-call-super-teardown-iju-teardown-no-super |
IJU_SUITE_NOT_STATIC | Class is a JUnit TestCase and implements the suite() method. The suite method should be declared as being static, but isn’t. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iju-testcase-implements-a-non-static-suite-method-iju-suite-not-static |
BOA_BADLY_OVERRIDDEN_ADAPTER | This method overrides a method found in a parent class, where that class is an Adapter that implements a listener defined in the java.awt.event or javax.swing.event package. As a result, this method will not get called when the event occurs. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#boa-class-overrides-a-method-implemented-in-super-class-adapter-wrongly-boa-badly-overridden-adapter |
SQL_BAD_RESULTSET_ACCESS | A call to getXXX or updateXXX methods of a result set was made where the field index is 0. As ResultSet fields start at index 1, this is always a mistake. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sql-method-attempts-to-access-a-result-set-field-with-index-0-sql-bad-resultset-access |
SQL_BAD_PREPARED_STATEMENT_ACCESS | A call to a setXXX method of a prepared statement was made where the parameter index is 0. As parameter indexes start at index 1, this is always a mistake. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sql-method-attempts-to-access-a-prepared-statement-parameter-with-index-0-sql-bad-prepared-statement-access |
EC_INCOMPATIBLE_ARRAY_COMPARE | This method invokes the .equals(Object o) to compare two arrays, but the arrays of of incompatible types (e.g., String[] and StringBuffer[], or String[] and int[]). They will never be equal. In addition, when equals(…) is used to compare arrays it only checks to see if they are the same array, and ignores the contents of the arrays. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ec-equals-used-to-compare-incompatible-arrays-ec-incompatible-array-compare |
DLS_DEAD_LOCAL_INCREMENT_IN_RETURN | This statement has a return such as return x++;. A postfix increment/decrement does not impact the value of the expression, so this increment/decrement has no effect. Please verify that this statement does the right thing. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dls-useless-increment-in-return-statement-dls-dead-local-increment-in-return |
DLS_DEAD_STORE_OF_CLASS_LITERAL | This instruction assigns a class literal to a variable and then never uses it. The behavior of this differs in Java 1.4 and in Java 5. In Java 1.4 and earlier, a reference to Foo.class would force the static initializer for Foo to be executed, if it has not been executed already. In Java 5 and later, it does not.
See Sun’s article on Java SE compatibility for more details and examples, and suggestions on how to force class initialization in Java 5. |
Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dls-dead-store-of-class-literal-dls-dead-store-of-class-literal |
IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN | The initial value of this parameter is ignored, and the parameter is overwritten here. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ip-a-parameter-is-dead-upon-entry-to-a-method-but-overwritten-ip-parameter-is-dead-but-overwritten |
MF_CLASS_MASKS_FIELD | This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mf-class-defines-field-that-masks-a-superclass-field-mf-class-masks-field |
FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER | This code checks to see if a floating point value is equal to the special Not A Number value (e.g., if (x == Double.NaN)). However, because of the special semantics of NaN, no value is equal to Nan, including NaN. Thus, x == Double.NaN always evaluates to false. To check to see if a value contained in x is the special Not A Number value, use Double.isNaN(x) (or Float.isNaN(x) if x is floating point precision). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fe-doomed-test-for-equality-to-nan-fe-test-if-equal-to-not-a-number |
ICAST_INT_2_LONG_AS_INSTANT | This code converts a 32-bit int value to a 64-bit long value, and then passes that value for a method parameter that requires an absolute time value. An absolute time value is the number of milliseconds since the standard base time known as “the epoch”, namely January 1, 1970, 00:00:00 GMT. For example, the following method, intended to convert seconds since the epoch into a Date, is badly broken:
Date getDate(int seconds) { return new Date(seconds * 1000); } The multiplication is done using 32-bit arithmetic, and then converted to a 64-bit value. When a 32-bit value is converted to 64-bits and used to express an absolute time value, only dates in December 1969 and January 1970 can be represented. |
Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#icast-int-value-converted-to-long-and-used-as-absolute-time-icast-int-2-long-as-instant |
ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL | This code converts an integral value (e.g., int or long) to a double precision floating point number and then passing the result to the Math.ceil() function, which rounds a double to the next higher integer value. This operation should always be a no-op, since the converting an integer to a double should give a number with no fractional part. It is likely that the operation that generated the value to be passed to Math.ceil was intended to be performed using double precision floating point arithmetic. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#icast-integral-value-cast-to-double-and-then-passed-to-math-ceil-icast-int-cast-to-double-passed-to-ceil |
ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND | This code converts an int value to a float precision floating point number and then passing the result to the Math.round() function, which returns the int/long closest to the argument. This operation should always be a no-op, since the converting an integer to a float should give a number with no fractional part. It is likely that the operation that generated the value to be passed to Math.round was intended to be performed using floating point arithmetic. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#icast-int-value-cast-to-float-and-then-passed-to-math-round-icast-int-cast-to-float-passed-to-round |
NP_NULL_INSTANCEOF | This instanceof test will always return false, since the value being checked is guaranteed to be null. Although this is safe, make sure it isn’t an indication of some misunderstanding or some other logic error. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-a-known-null-value-is-checked-to-see-if-it-is-an-instance-of-a-type-np-null-instanceof |
BC_IMPOSSIBLE_DOWNCAST | This cast will always throw a ClassCastException. The analysis believes it knows the precise type of the value being cast, and the attempt to downcast it to a subtype will always fail by throwing a ClassCastException. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-impossible-downcast-bc-impossible-downcast |
BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY | This code is casting the result of calling toArray() on a collection to a type more specific than Object[], as in:
String[] getAsArray(Collection c) { This will usually fail by throwing a ClassCastException. The toArray() of almost all collections return an Object[]. They can’t really do anything else, since the Collection object has no reference to the declared generic type of the collection. The correct way to do get an array of a specific type from a collection is to use c.toArray(new String[]); or c.toArray(new String[c.size()]); (the latter is slightly more efficient). There is one common/known exception to this. The toArray() method of lists returned by Arrays.asList(…) will return a covariantly typed array. For example, Arrays.asArray(new String[] { “a” }).toArray() will return a String []. SpotBugs attempts to detect and suppress such cases, but may miss some. |
Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-impossible-downcast-of-toarray-result-bc-impossible-downcast-of-toarray |
BC_IMPOSSIBLE_INSTANCEOF | This instanceof test will always return false. Although this is safe, make sure it isn’t an indication of some misunderstanding or some other logic error. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-instanceof-will-always-return-false-bc-impossible-instanceof |
RE_POSSIBLE_UNINTENDED_PATTERN | A String function is being invoked and “.” or “|” is being passed to a parameter that takes a regular expression as an argument. Is this what you intended? | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#re-or-used-for-regular-expression-re-possible-unintended-pattern |
RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION | The code here uses a regular expression that is invalid according to the syntax for regular expressions. This statement will throw a PatternSyntaxException when executed. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#re-invalid-syntax-for-regular-expression-re-bad-syntax-for-regular-expression |
ICAST_BAD_SHIFT_AMOUNT | The code performs shift of a 32 bit int by a constant amount outside the range -31..31. The effect of this is to use the lower 5 bits of the integer value to decide how much to shift by (e.g., shifting by 40 bits is the same as shifting by 8 bits, and shifting by 32 bits is the same as shifting by zero bits). This probably isn’t what was expected, and it is at least confusing. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bshift-32-bit-int-shifted-by-an-amount-not-in-the-range-31-31-icast-bad-shift-amount |
BSHIFT_WRONG_ADD_PRIORITY | The code performs an operation like (x << 8 + y). Although this might be correct, probably it was meant to perform (x << 8) + y, but shift operation has a lower precedence, so it’s actually parsed as x << (8 + y). | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bshift-possible-bad-parsing-of-shift-operation-bshift-wrong-add-priority |
IM_MULTIPLYING_RESULT_OF_IREM | The code multiplies the result of an integer remaining by an integer constant. Be sure you don’t have your operator precedence confused. For example i % 60 * 1000 is (i % 60) * 1000, not i % (60 * 1000). | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#im-integer-multiply-of-result-of-integer-remainder-im-multiplying-result-of-irem |
DMI_INVOKING_HASHCODE_ON_ARRAY | The code invokes hashCode on an array. Calling hashCode on an array returns the same value as System.identityHashCode, and ignores the contents and length of the array. If you need a hashCode that depends on the contents of an array a, use java.util.Arrays.hashCode(a). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-invocation-of-hashcode-on-an-array-dmi-invoking-hashcode-on-array |
DMI_BAD_MONTH | This code passes a constant month value outside the expected range of 0..11 to a method. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-bad-constant-value-for-month-dmi-bad-month |
DMI_CALLING_NEXT_FROM_HASNEXT | The hasNext() method invokes the next() method. This is almost certainly wrong, since the hasNext() method is not supposed to change the state of the iterator, and the next method is supposed to change the state of the iterator. | Accuracy | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-hasnext-method-invokes-next-dmi-calling-next-from-hasnext |
GC_UNRELATED_TYPES | This call to a generic collection method contains an argument with an incompatible class from that of the collection’s parameter (i.e., the type of the argument is neither a supertype nor a subtype of the corresponding generic type argument). Therefore, it is unlikely that the collection contains any objects that are equal to the method argument used here. Most likely, the wrong value is being passed to the method.
In general, instances of two unrelated classes are not equal. For example, if the Foo and Bar classes are not related by subtyping, then an instance of Foo should not be equal to an instance of Bar. Among other issues, doing so will likely result in an equals method that is not symmetrical. For example, if you define the Foo class so that a Foo can be equal to a String, your equals method isn’t symmetrical since a String can only be equal to a String. In rare cases, people do define nonsymmetrical equals methods and still manage to make their code work. Although none of the APIs document or guarantee it, it is typically the case that if you check if a Collection contains a Foo, the equals method of argument (e.g., the equals method of the Foo class) used to perform the equality checks. |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#gc-no-relationship-between-generic-parameter-and-method-argument-gc-unrelated-types |
DMI_VACUOUS_SELF_COLLECTION_CALL | This call doesn’t make sense. For any collection c, calling c.containsAll(c) should always be true, and c.retainAll(c) should have no effect. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-vacuous-call-to-collections-dmi-vacuous-self-collection-call |
DMI_DOH | This partical method invocation doesn’t make sense, for reasons that should be apparent from inspection. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-d-oh-a-nonsensical-method-invocation-dmi-doh |
DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES | This call to a generic collection’s method would only make sense if a collection contained itself (e.g., if s.contains(s) were true). This is unlikely to be true and would cause problems if it were true (such as the computation of the hash code resulting in infinite recursion). It is likely that the wrong value is being passed as a parameter. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-collections-should-not-contain-themselves-dmi-collections-should-not-contain-themselves |
TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED | A value is being used in a way that requires the value be annotation with a type qualifier. The type qualifier is strict, so the tool rejects any values that do not have the appropriate annotation.
To coerce a value to have a strict annotation, define an identity function where the return value is annotated with the strict annotation. This is the only way to turn a non-annotated value into a value with a strict type qualifier annotation. |
Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-without-a-type-qualifier-used-where-a-value-is-required-to-have-that-qualifier-tq-unknown-value-used-where-always-strictly-required |
TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS | A value specified as carrying a type qualifier annotation is compared with a value that doesn’t ever carry that qualifier.
More precisely, a value annotated with a type qualifier specifying when=ALWAYS is compared with a value that where the same type qualifier specifies when=NEVER. |
Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-comparing-values-with-incompatible-type-qualifiers-tq-comparing-values-with-incompatible-type-qualifiers |
TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED | A value specified as not carrying a type qualifier annotation is guaranteed to be consumed in a location or locations requiring that the value does carry that annotation.
More precisely, a value annotated with a type qualifier specifying when=NEVER is guaranteed to reach a use or uses where the same type qualifier specifies when=ALWAYS. |
Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-annotated-as-never-carrying-a-type-qualifier-used-where-value-carrying-that-qualifier-is-required-tq-never-value-used-where-always-required |
TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK | A value that is annotated as possibility not being an instance of the values denoted by the type qualifier, and the value is guaranteed to be used in a way that requires values denoted by that type qualifier. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-that-might-not-carry-a-type-qualifier-is-always-used-in-a-way-requires-that-type-qualifier-tq-maybe-source-value-reaches-always-sink |
TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK | A value that is annotated as possibility being an instance of the values denoted by the type qualifier, and the value is guaranteed to be used in a way that prohibits values denoted by that type qualifier. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-that-might-carry-a-type-qualifier-is-always-used-in-a-way-prohibits-it-from-having-that-type-qualifier-tq-maybe-source-value-reaches-never-sink |
DM_DEFAULT_ENCODING | Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly. | Portability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-reliance-on-default-encoding-dm-default-encoding |
FI_PUBLIC_SHOULD_BE_PROTECTED | A class’s finalize() method should have protected access, not public. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#fi-finalizer-should-be-protected-not-public-fi-public-should-be-protected |
MS_OOI_PKGPROTECT | A final static field that is defined in an interface references a mutable object such as an array or hashtable. This mutable object could be changed by malicious code or by accident from another package. To solve this, the field needs to be moved to a class and made package protected to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-should-be-moved-out-of-an-interface-and-made-package-protected-ms-ooi-pkgprotect |
MS_FINAL_PKGPROTECT | A mutable static field could be changed by malicious code or by accident from another package. The field could be made package protected and/or made final to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-should-be-both-final-and-package-protected-ms-final-pkgprotect |
MS_SHOULD_BE_FINAL | This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-isn-t-final-but-should-be-ms-should-be-final |
MS_SHOULD_BE_REFACTORED_TO_BE_FINAL | This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability. However, the static initializer contains more than one write to the field, so doing so will require some refactoring. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-isn-t-final-but-should-be-refactored-to-be-so-ms-should-be-refactored-to-be-final |
MS_PKGPROTECT | A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-should-be-package-protected-ms-pkgprotect |
MS_MUTABLE_HASHTABLE | A final static field references a Hashtable and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the Hashtable. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-is-a-mutable-hashtable-ms-mutable-hashtable |
MS_MUTABLE_ARRAY | A final static field references an array and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the array. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-is-a-mutable-array-ms-mutable-array |
MS_MUTABLE_COLLECTION | A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-is-a-mutable-collection-ms-mutable-collection |
MS_MUTABLE_COLLECTION_PKGPROTECT | A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-is-a-mutable-collection-which-should-be-package-protected-ms-mutable-collection-pkgprotect |
MS_CANNOT_BE_FINAL | A mutable static field could be changed by malicious code or by accident from another package. Unfortunately, the way the field is used doesn’t allow any easy fix to this problem. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ms-field-isn-t-final-and-can-t-be-protected-from-malicious-code-ms-cannot-be-final |
STCAL_STATIC_CALENDAR_INSTANCE | Even though the JavaDoc does not contain a hint about it, Calendars are inherently unsafe for multithreaded use. Sharing a single instance across thread boundaries without proper synchronization will result in erratic behavior of the application. Under 1.4 problems seem to surface less often than under Java 5 where you will probably see random ArrayIndexOutOfBoundsExceptions or IndexOutOfBoundsExceptions in sun.util.calendar.BaseCalendar.getCalendarDateFromFixedDate(). You may also experience serialization problems. Using an instance field is recommended. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#stcal-static-calendar-field-stcal-static-calendar-instance |
STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE | As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. Sharing a single instance across thread boundaries without proper synchronization will result in erratic behavior of the application. You may also experience serialization problems. Using an instance field is recommended. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#stcal-static-dateformat-stcal-static-simple-date-format-instance |
STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE | Even though the JavaDoc does not contain a hint about it, Calendars are inherently unsafe for multithreaded use. The detector has found a call to an instance of Calendar that has been obtained via a static field. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#stcal-call-to-static-calendar-stcal-invoke-on-static-calendar-instance |
STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. The detector has found a call to an instance of DateFormat that has been obtained via a static field. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#stcal-call-to-static-dateformat-stcal-invoke-on-static-date-format-instance |
VO_VOLATILE_REFERENCE_TO_ARRAY | This declares a volatile reference to an array, which might not be what you want. With a volatile reference to an array, reads and writes of the reference to the array are treated as volatile, but the array elements are non-volatile. To get volatile array elements, you will need to use one of the atomic array classes in java.util.concurrent (provided in Java 5.0). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#vo-a-volatile-reference-to-an-array-doesn-t-treat-the-array-elements-as-volatile-vo-volatile-reference-to-array |
VO_VOLATILE_INCREMENT | This code increments a volatile field. Increments of volatile fields aren’t atomic. If more than one thread is incrementing the field at the same time, increments could be lost. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#vo-an-increment-to-a-volatile-field-isn-t-atomic-vo-volatile-increment |
DM_USELESS_THREAD | This method creates a thread without specifying a run method either by deriving from the Thread class, or by passing a Runnable object. This thread, then, does nothing but waste time. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-a-thread-was-created-using-the-default-empty-run-method-dm-useless-thread |
DC_DOUBLECHECK | This method may contain an instance of double-checked locking. This idiom is not correct according to the semantics of the Java memory model. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dc-possible-double-check-of-field-dc-doublecheck |
WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL | This instance method synchronizes on this.getClass(). If this class is subclassed, subclasses will synchronize on the class object for the subclass, which isn’t likely what was intended. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#wl-synchronization-on-getclass-rather-than-class-literal-wl-using-getclass-rather-than-class-literal |
ESync_EMPTY_SYNC | The code contains an empty synchronized block. Empty synchronized blocks are far more subtle and hard to use correctly than most people recognize, and empty synchronized blocks are almost never a better solution than less contrived solutions. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#esync-empty-synchronized-block-esync-empty-sync |
MSF_MUTABLE_SERVLET_FIELD | A web server generally only creates one instance of servlet or JSP class (i.e., treats the class as a Singleton), and will have multiple threads invoke methods on that instance to service multiple simultaneous requests. Thus, having a mutable instance field generally creates race conditions. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#msf-mutable-servlet-field-msf-mutable-servlet-field |
IS2_INCONSISTENT_SYNC | The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that – The class contains a mix of locked and unlocked accesses, – The class is not annotated as javax.annotation.concurrent.NotThreadSafe, – At least one locked access was performed by one of the class’s own methods, and – The number of unsynchronized field accesses (reads and writes) was no more than one third of all accesses, with writes being weighed twice as high as reads – A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.
You can select the nodes labeled “Unsynchronized access” to show the code locations where the detector believed that a field was accessed without synchronization. Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct. |
Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#is-inconsistent-synchronization-is2-inconsistent-sync |
RU_INVOKE_RUN | This method explicitly invokes run() on an object. In general, classes implement the Runnable interface because they are going to have their run() method invoked in a new thread, in which case Thread.start() is the right method to call. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ru-invokes-run-on-a-thread-did-you-mean-to-start-it-instead-ru-invoke-run |
SP_SPIN_ON_FIELD | This method spins in a loop which reads a field. The compiler may legally hoist the read out of the loop, turning the code into an infinite loop. The class should be changed so it uses proper synchronization (including wait and notify calls). | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sp-method-spins-on-field-sp-spin-on-field |
UW_UNCOND_WAIT | This method contains a call to java.lang.Object.wait() which is not guarded by conditional control flow. The code should verify that condition it intends to wait for is not already satisfied before calling wait; any previous notifications will be ignored. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#uw-unconditional-wait-uw-uncond-wait |
UG_SYNC_SET_UNSYNC_GET | This class contains similarly-named get and set methods where the set method is synchronized and the get method is not. This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object. The get method should be made synchronized. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ug-unsynchronized-get-method-synchronized-set-method-ug-sync-set-unsync-get |
IS_FIELD_NOT_GUARDED | This field is annotated with net.jcip.annotations.GuardedBy or javax.annotation.concurrent.GuardedBy, but can be accessed in a way that seems to violate those annotations. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#is-field-not-guarded-against-concurrent-access-is-field-not-guarded |
WS_WRITEOBJECT_SYNC | This class has a writeObject() method which is synchronized; however, no other method of the class is synchronized. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ws-class-s-writeobject-method-is-synchronized-but-nothing-else-is-ws-writeobject-sync |
RS_READOBJECT_SYNC | This serializable class defines a readObject() which is synchronized. By definition, an object created by deserialization is only reachable by one thread, and thus there is no need for readObject() to be synchronized. If the readObject() method itself is causing the object to become visible to another thread, that is an example of very dubious coding style. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rs-class-s-readobject-method-is-synchronized-rs-readobject-sync |
WA_NOT_IN_LOOP | This method contains a call to java.lang.Object.wait() which is not in a loop. If the monitor is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#wa-wait-not-in-loop-wa-not-in-loop |
WA_AWAIT_NOT_IN_LOOP | This method contains a call to java.util.concurrent.await() (or variants) which is not in a loop. If the object is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#wa-condition-await-not-in-loop-wa-await-not-in-loop |
NO_NOTIFY_NOT_NOTIFYALL | This method calls notify() rather than notifyAll(). Java monitors are often used for multiple conditions. Calling notify() only wakes up one thread, meaning that the thread woken up might not be the one waiting for the condition that the caller just satisfied. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#no-using-notify-rather-than-notifyall-no-notify-not-notifyall |
MWN_MISMATCHED_WAIT | This method calls Object.wait() without obviously holding a lock on the object. Calling wait() without a lock held will result in an IllegalMonitorStateException being thrown. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mwn-mismatched-wait-mwn-mismatched-wait |
MWN_MISMATCHED_NOTIFY | This method calls Object.notify() or Object.notifyAll() without obviously holding a lock on the object. Calling notify() or notifyAll() without a lock held will result in an IllegalMonitorStateException being thrown. | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mwn-mismatched-notify-mwn-mismatched-notify |
JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT | This method calls wait(), notify() or notifyAll()() on an object that also provides an await(), signal(), signalAll() method (such as util.concurrent Condition objects). This probably isn’t what you want, and even if you do want it, you should consider changing your design, as other developers will find it exceptionally confusing. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#jlm-using-monitor-style-wait-methods-on-util-concurrent-abstraction-jml-jsr166-calling-wait-rather-than-await |
JLM_JSR166_LOCK_MONITORENTER | This method performs synchronization on an object that implements java.util.concurrent.locks.Lock. Such an object is locked/unlocked using acquire()/release() rather than using the synchronized (…) construct. | Maintainability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#jlm-synchronization-performed-on-lock-jlm-jsr166-lock-monitorenter |
RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED | putIfAbsent | Robustness | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-return-value-of-putifabsent-ignored-value-passed-to-putifabsent-reused-rv-return-value-of-putifabsent-ignored |
DM_STRING_CTOR | Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter. Just use the argument String directly. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-method-invokes-inefficient-new-string-string-constructor-dm-string-ctor |
DM_STRING_VOID_CTOR | Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant “”. Java guarantees that identical string constants will be represented by the same String object. Therefore, you should just use the empty string constant directly. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dm-method-invokes-inefficient-new-string-constructor-dm-string-void-ctor |
DM_NUMBER_CTOR | Using new Integer(int) is guaranteed to always result in a new object whereas Integer.valueOf(int) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.
Values between -128 and 127 are guaranteed to have corresponding cached instances and using valueOf is approximately 3.5 times faster than using constructor. For values outside the constant range the performance of both styles is the same. Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Long, Integer, Short, Character, and Byte. |
Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-method-invokes-inefficient-number-constructor-use-static-valueof-instead-dm-number-ctor |
DM_FP_NUMBER_CTOR | Using new Double(double) is guaranteed to always result in a new object whereas Double.valueOf(double) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.
Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Double and Float. |
Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-method-invokes-inefficient-floating-point-number-constructor-use-static-valueof-instead-dm-fp-number-ctor |
DM_BOXED_PRIMITIVE_TOSTRING | A boxed primitive is allocated just to call toString(). It is more effective to just use the static form of toString which takes the primitive value. So,
Replace…With this… new Integer(1).toString()Integer.toString(1) new Long(1).toString()Long.toString(1) new Float(1.0).toString()Float.toString(1.0) new Double(1.0).toString()Double.toString(1.0) new Byte(1).toString()Byte.toString(1) new Short(1).toString()Short.toString(1) new Boolean(true).toString()Boolean.toString(true) |
Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-method-allocates-a-boxed-primitive-just-to-call-tostring-dm-boxed-primitive-tostring |
DM_BOXED_PRIMITIVE_FOR_PARSING | A boxed primitive is created from a String, just to extract the unboxed primitive value. It is more efficient to just call the static parseXXX method. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-boxing-unboxing-to-parse-a-primitive-dm-boxed-primitive-for-parsing |
DM_BOXED_PRIMITIVE_FOR_COMPARE | A boxed primitive is created just to call compareTo method. It’s more efficient to use static compare method (for double and float since Java 1.4, for other primitive types since Java 1.7) which works on primitives directly. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-boxing-a-primitive-to-compare-dm-boxed-primitive-for-compare |
BX_UNBOXING_IMMEDIATELY_REBOXED | A boxed value is unboxed and then immediately reboxed. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bx-boxed-value-is-unboxed-and-then-immediately-reboxed-bx-unboxing-immediately-reboxed |
SIC_INNER_SHOULD_BE_STATIC | This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-should-be-a-static-inner-class-sic-inner-should-be-static |
SIC_INNER_SHOULD_BE_STATIC_NEEDS_THIS | This class is an inner class, but does not use its embedded reference to the object which created it except during construction of the inner object. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made into a static inner class. Since the reference to the outer object is required during construction of the inner instance, the inner class will need to be refactored so as to pass a reference to the outer instance to the constructor for the inner class. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-could-be-refactored-into-a-static-inner-class-sic-inner-should-be-static-needs-this |
SIC_INNER_SHOULD_BE_STATIC_ANON | This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made into a static inner class. Since anonymous inner classes cannot be marked as static, doing this will require refactoring the inner class so that it is a named inner class. | Understandability | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sic-could-be-refactored-into-a-named-static-inner-class-sic-inner-should-be-static-anon |
SBSC_USE_STRINGBUFFER_CONCATENATION | The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.
Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly. |
Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sbsc-method-concatenates-strings-using-in-a-loop-sbsc-use-stringbuffer-concatenation |
IIL_ELEMENTS_GET_LENGTH_IN_LOOP | The method calls NodeList.getLength() inside the loop and NodeList was produced by getElementsByTagName call. This NodeList doesn’t store its length, but computes it every time in not very optimal way. Consider storing the length to the variable before the loop. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iil-nodelist-getlength-called-in-a-loop-iil-elements-get-length-in-loop |
IIL_PREPARE_STATEMENT_IN_LOOP | The method calls Connection.prepareStatement inside the loop passing the constant arguments. If the PreparedStatement should be executed several times there’s no reason to recreate it for each loop iteration. Move this call outside of the loop. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iil-method-calls-preparestatement-in-a-loop-iil-prepare-statement-in-loop |
IIL_PATTERN_COMPILE_IN_LOOP | The method calls Pattern.compile inside the loop passing the constant arguments. If the Pattern should be used several times there’s no reason to compile it for each loop iteration. Move this call outside of the loop or even into static final field. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iil-method-calls-pattern-compile-in-a-loop-iil-pattern-compile-in-loop |
IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT | The method creates the same regular expression inside the loop, so it will be compiled every iteration. It would be more optimal to precompile this regular expression using Pattern.compile outside of the loop. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iil-method-compiles-the-regular-expression-in-a-loop-iil-pattern-compile-in-loop-indirect |
IIO_INEFFICIENT_INDEX_OF | This code passes a constant string of length 1 to String.indexOf(). It is more efficient to use the integer implementations of String.indexOf(). f. e. call myString.indexOf(‘.’) instead of myString.indexOf(“.”) | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iio-inefficient-use-of-string-indexof-string-iio-inefficient-index-of |
IIO_INEFFICIENT_LAST_INDEX_OF | This code passes a constant string of length 1 to String.lastIndexOf(). It is more efficient to use the integer implementations of String.lastIndexOf(). f. e. call myString.lastIndexOf(‘.’) instead of myString.lastIndexOf(“.”) | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#iio-inefficient-use-of-string-lastindexof-string-iio-inefficient-last-index-of |
ITA_INEFFICIENT_TO_ARRAY | This method uses the toArray() method of a collection derived class, and passes in a zero-length prototype array argument. It is more efficient to use myCollection.toArray(new Foo[myCollection.size()]) If the array passed in is big enough to store all of the elements of the collection, then it is populated and returned directly. This avoids the need to create a second array (by reflection) to return as the result. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ita-method-uses-toarray-with-zero-length-array-argument-ita-inefficient-to-array |
IMA_INEFFICIENT_MEMBER_ACCESS | This method of an inner class reads from or writes to a private member variable of the owning class, or calls a private method of the owning class. The compiler must generate a special method to access this private member, causing this to be less efficient. Relaxing the protection of the member variable or method will allow the compiler to treat this as a normal access. | Efficiency | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ima-method-accesses-a-private-member-variable-of-owning-class-ima-inefficient-member-access |
NP_DEREFERENCE_OF_READLINE_VALUE | The result of invoking readLine() is dereferenced without checking to see if the result is null. If there are no more lines of text to read, readLine() will return null and dereferencing that will generate a null pointer exception. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-dereference-of-the-result-of-readline-without-nullcheck-np-dereference-of-readline-value | |
NP_IMMEDIATE_DEREFERENCE_OF_READLINE | The result of invoking readLine() is immediately dereferenced. If there are no more lines of text to read, readLine() will return null and dereferencing that will generate a null pointer exception. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-immediate-dereference-of-the-result-of-readline-np-immediate-dereference-of-readline | |
RV_REM_OF_RANDOM_INT | This code generates a random signed integer and then computes the remainder of that value modulo another value. Since the random number can be negative, the result of the remainder operation can also be negative. Be sure this is intended, and strongly consider using the Random.nextInt(int) method instead. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-remainder-of-32-bit-signed-random-integer-rv-rem-of-random-int | |
RV_REM_OF_HASHCODE | This code computes a hashCode, and then computes the remainder of that value modulo another value. Since the hashCode can be negative, the result of the remainder operation can also be negative.
Assuming you want to ensure that the result of your computation is nonnegative, you may need to change your code. If you know the divisor is a power of 2, you can use a bitwise and operator instead (i.e., instead of using x.hashCode()%n, use x.hashCode()&(n-1)). This is probably faster than computing the remainder as well. If you don’t know that the divisor is a power of 2, take the absolute value of the result of the remainder operation (i.e., use Math.abs(x.hashCode()%n)). |
https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-remainder-of-hashcode-could-be-negative-rv-rem-of-hashcode | |
EQ_DOESNT_OVERRIDE_EQUALS | This class extends a class that defines an equals method and adds fields, but doesn’t define an equals method itself. Thus, equality on instances of this class will ignore the identity of the subclass and the added fields. Be sure this is what is intended, and that you don’t need to override the equals method. Even if you don’t need to override the equals method, consider overriding it anyway to document the fact that the equals method for the subclass just return the result of invoking super.equals(o). | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#eq-class-doesn-t-override-equals-in-superclass-eq-doesnt-override-equals | |
NS_NON_SHORT_CIRCUIT | This code seems to be using non-short-circuit logic (e.g., & or |) rather than short-circuit logic (&& or ||). Non-short-circuit logic causes both sides of the expression to be evaluated even when the result can be inferred from knowing the left-hand side. This can be less efficient and can result in errors if the left-hand side guards cases when evaluating the right-hand side can generate an error. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ns-questionable-use-of-non-short-circuit-logic-ns-non-short-circuit | |
IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD | An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. For example, you invoke foo(17), which is defined in both a superclass and in an outer method. By the Java semantics, it will be resolved to invoke the inherited method, but this may not be what you intend.
If you really intend to invoke the inherited method, invoke it by invoking the method on super (e.g., invoke super.foo(17)), and thus it will be clear to other readers of your code and to SpotBugs that you want to invoke the inherited method, not the method in the outer class. If you call this.foo(17), then the inherited method will be invoked. However, since SpotBugs only looks at classfiles, it can’t tell the difference between an invocation of this.foo(17) and foo(17), it will still complain about a potential ambiguous invocation. |
https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ia-potentially-ambiguous-invocation-of-either-an-inherited-or-outer-method-ia-ambiguous-invocation-of-inherited-or-outer-method | |
SF_SWITCH_FALLTHROUGH | This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#sf-switch-statement-found-where-one-case-falls-through-to-the-next-case-sf-switch-fallthrough | |
UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD | No writes were seen to this public/protected field. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#uwf-unwritten-public-or-protected-field-uwf-unwritten-public-or-protected-field | |
RV_RETURN_VALUE_IGNORED_INFERRED | This code calls a method and ignores the return value. The return value is the same type as the type the method is invoked on, and from our analysis it looks like the return value might be important (e.g., like ignoring the return value of String.toLowerCase()).
We are guessing that ignoring the return value might be a bad idea just from a simple analysis of the body of the method. You can use a @CheckReturnValue annotation to instruct SpotBugs as to whether ignoring the return value of this method is important or acceptable. Please investigate this closely to decide whether it is OK to ignore the return value. |
https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-method-ignores-return-value-is-this-ok-rv-return-value-ignored-inferred | |
RV_CHECK_FOR_POSITIVE_INDEXOF | The method invokes String.indexOf and checks to see if the result is positive or non-positive. It is much more typical to check to see if the result is negative or non-negative. It is positive only if the substring checked for occurs at some place other than at the beginning of the String. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-method-checks-to-see-if-result-of-string-indexof-is-positive-rv-check-for-positive-indexof | |
RV_DONT_JUST_NULL_CHECK_READLINE | The value returned by readLine is discarded after checking to see if the return value is non-null. In almost all situations, if the result is non-null, you will want to use that non-null value. Calling readLine again will give you a different line. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#rv-method-discards-result-of-readline-after-checking-if-it-is-non-null-rv-dont-just-null-check-readline | |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | The return value from a method is dereferenced without a null check, and the return value of that method is one that should generally be checked for null. This may lead to a NullPointerException when the code is executed. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-possible-null-pointer-dereference-due-to-return-value-of-called-method-np-null-on-some-path-from-return-value | |
NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE | There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can’t ever be executed; deciding that is beyond the ability of SpotBugs. Due to the fact that this value had been previously tested for nullness, this is a definite possibility. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#np-possible-null-pointer-dereference-on-branch-that-might-be-infeasible-np-null-on-some-path-might-be-infeasible | |
DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD | This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used. There is a field with the same name as the local variable. Did you mean to assign to that variable instead? | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dls-dead-store-to-local-variable-that-shadows-field-dls-dead-local-store-shadows-field | |
RI_REDUNDANT_INTERFACES | This class declares that it implements an interface that is also implemented by a superclass. This is redundant because once a superclass implements an interface, all subclasses by default also implement this interface. It may point out that the inheritance hierarchy has changed since this class was created, and consideration should be given to the ownership of the interface’s implementation. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ri-class-implements-same-interface-as-superclass-ri-redundant-interfaces | |
MTIA_SUSPECT_STRUTS_INSTANCE_FIELD | This class extends from a Struts Action class, and uses an instance member variable. Since only one instance of a struts Action class is created by the Struts framework, and used in a multithreaded way, this paradigm is highly discouraged and most likely problematic. Consider only using method local variables. Only instance fields that are written outside of a monitor are reported. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mtia-class-extends-struts-action-class-and-uses-instance-variables-mtia-suspect-struts-instance-field | |
MTIA_SUSPECT_SERVLET_INSTANCE_FIELD | This class extends from a Servlet class, and uses an instance member variable. Since only one instance of a Servlet class is created by the J2EE framework, and used in a multithreaded way, this paradigm is highly discouraged and most likely problematic. Consider only using method local variables. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#mtia-class-extends-servlet-class-and-uses-instance-variables-mtia-suspect-servlet-instance-field | |
ICAST_INTEGER_MULTIPLY_CAST_TO_LONG | This code performs integer multiply and then converts the result to a long. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#icast-result-of-integer-multiplication-cast-to-long-icast-integer-multiply-cast-to-long | |
ICAST_IDIV_CAST_TO_DOUBLE | This code casts the result of an integral division (e.g., int or long division) operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#icast-integral-division-result-cast-to-double-or-float-icast-idiv-cast-to-double | |
BC_BAD_CAST_TO_CONCRETE_COLLECTION | This code casts an abstract collection (such as a Collection, List, or Set) to a specific concrete implementation (such as an ArrayList or HashSet). This might not be correct, and it may make your code fragile, since it makes it harder to switch to other concrete implementations at a future point. Unless you have a particular reason to do so, just use the abstract collection class. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-questionable-cast-to-concrete-collection-bc-bad-cast-to-concrete-collection | |
BC_BAD_CAST_TO_ABSTRACT_COLLECTION | This code casts a Collection to an abstract collection (such as List, Set, or Map). Ensure that you are guaranteed that the object is of the type you are casting to. If all you need is to be able to iterate through a collection, you don’t need to cast it to a Set or List. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#bc-questionable-cast-to-abstract-collection-bc-bad-cast-to-abstract-collection | |
IM_BAD_CHECK_FOR_ODD | The code uses x % 2 == 1 to check to see if a value is odd, but this won’t work for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check for oddness, consider using x & 1 == 1, or x % 2 != 0. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#im-check-for-oddness-that-won-t-work-for-negative-numbers-im-bad-check-for-odd | |
DMI_HARDCODED_ABSOLUTE_FILENAME | This code constructs a File object using a hard coded to an absolute pathname (e.g., new File(“/home/dannyc/workspace/j2ee/src/share/com/sun/enterprise/deployment”); | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-code-contains-a-hard-coded-reference-to-an-absolute-pathname-dmi-hardcoded-absolute-filename | |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#st-write-to-static-field-from-instance-method-st-write-to-static-from-instance-method | |
DMI_NONSERIALIZABLE_OBJECT_WRITTEN | This code seems to be passing a non-serializable object to the ObjectOutput.writeObject method. If the object is, indeed, non-serializable, an error will result. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#dmi-non-serializable-object-written-to-objectoutput-dmi-nonserializable-object-written | |
XFB_XML_FACTORY_BYPASS | This method allocates a specific implementation of an xml interface. It is preferable to use the supplied factory classes to create these objects so that the implementation can be changed at runtime. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#xfb-method-directly-allocates-a-specific-implementation-of-xml-interfaces-xfb-xml-factory-bypass | |
TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK | A value is used in a way that requires it to be never be a value denoted by a type qualifier, but there is an explicit annotation stating that it is not known where the value is prohibited from having that type qualifier. Either the usage or the annotation is incorrect. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-required-to-not-have-type-qualifier-but-marked-as-unknown-tq-explicit-unknown-source-value-reaches-never-sink | |
TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK | A value is used in a way that requires it to be always be a value denoted by a type qualifier, but there is an explicit annotation stating that it is not known where the value is required to have that type qualifier. Either the usage or the annotation is incorrect. | https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#tq-value-required-to-have-type-qualifier-but-marked-as-unknown-tq-explicit-unknown-source-value-reaches-always-sink |