FindBugs Report

Project Information

Project: <<unnamed project>>

FindBugs version: 1.3.1

Code analyzed:



Metrics

26501 lines of code analyzed, in 706 classes, in 13 packages.

Metric Total Density*
High Priority Warnings 2 0.08
Medium Priority Warnings 39 1.47
Total Warnings 41 1.55

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 19
Correctness Warnings 1
Malicious code vulnerability Warnings 5
Performance Warnings 11
Dodgy Warnings 5
Total 41

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code&nbsp; Warning
DP edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.visit(AnonymousAllocation) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block
DP edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.visit(AnonymousInnerAllocation) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block
DP new edu.rice.cs.dynamicjava.symbol.TreeLibrary(Iterable, ClassLoader, Options) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block
HE edu.rice.cs.dynamicjava.symbol.TopLevelAccessModule defines equals and uses Object.hashCode()
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1.defaultCase(Type) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forUnionType(UnionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forVariableType(VariableType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$2.forUnionType(UnionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forUnionType(UnionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forVariableType(VariableType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.JavaClass.equals(Object) does not check for null argument
NP edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1.defaultCase(Type) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1$1.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1$1.forVariableType(VariableType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.StandardTypeSystem$1Visitor.forArrayType(ArrayType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.StandardTypeSystem$1Visitor.forClassType(ClassType) has Boolean return type and returns explicit null
NP edu.rice.cs.dynamicjava.symbol.TreeClass.equals(Object) does not check for null argument

Correctness Warnings

Code&nbsp; Warning
NP Possible null pointer dereference of name in koala.dynamicjava.parser.impl.Parser.importDeclaration()

Malicious code vulnerability Warnings

Code&nbsp; Warning
EI2 new koala.dynamicjava.parser.impl.ParseException(Token, int[][], String[]) may expose internal representation by storing an externally mutable object into ParseException.expectedTokenSequences
EI2 new koala.dynamicjava.parser.impl.ParseException(Token, int[][], String[]) may expose internal representation by storing an externally mutable object into ParseException.tokenImage
MS public static edu.rice.cs.dynamicjava.Version.getBuildTime() may expose internal representation by returning Version.BUILD_TIME
MS koala.dynamicjava.parser.impl.ParserTokenManager.jjnewLexState should be package protected
MS koala.dynamicjava.parser.impl.ParserTokenManager.jjstrLiteralImages should be package protected

Performance Warnings

Code&nbsp; Warning
Dm koala.dynamicjava.interpreter.error.ExecutionError.printStackTrace(PrintWriter) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
SBSC Method edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.resolveAmbiguousName(AmbiguousName) concatenates strings using + in a loop
SBSC Method edu.rice.cs.dynamicjava.interpreter.StatementChecker.resolveClassName(String, Node) concatenates strings using + in a loop
SBSC Method edu.rice.cs.dynamicjava.interpreter.TypeNameChecker$TypeNameVisitor.visit(ReferenceTypeName) concatenates strings using + in a loop
SBSC Method koala.dynamicjava.parser.impl.ParseException.getMessage() concatenates strings using + in a loop
SBSC Method koala.dynamicjava.parser.wrapper.ParseError.parseExceptionMessage(ParseException) concatenates strings using + in a loop
SBSC Method koala.dynamicjava.tree.tiger.GenericReferenceTypeName.toStringHelper() concatenates strings using + in a loop
SBSC Method koala.dynamicjava.tree.TreeUtilities.listToName(List) concatenates strings using + in a loop
SBSC Method koala.dynamicjava.util.LocalizedMessageReader.getMessage(String, String[]) concatenates strings using + in a loop
SIC Should edu.rice.cs.dynamicjava.sourcechecker.SourceChecker$NodeDiffLog$Cast be a _static_ inner class?
SIC Should edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$ConstraintSet be a _static_ inner class?

Dodgy Warnings

Code&nbsp; Warning
Eq edu.rice.cs.dynamicjava.symbol.Java5Class doesn't override JavaClass.equals(Object)
IA Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaConstructor.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Constructor.toString()
IA Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaField.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Field.toString()
IA Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaMethod.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Method.toString()
UCF Useless control flow in edu.rice.cs.dynamicjava.symbol.StandardTypeSystem.accessible(Access$Limited, Access$Module)

Details

DM_BOOLEAN_CTOR: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type.  Use the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean objects instead.

DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED: Classloaders should only be created inside doPrivileged block

This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

EQ_DOESNT_OVERRIDE_EQUALS: Class doesn't override equals in superclass

This class extends a class that defines an equals method and adds fields, but doesn't define an equals method itself. Thus, equality on instances of this class will ignore the identity of the subclass and the added fields. Be sure this is what is intended, and that you don't need to override the equals method. Even if you don't need to override the equals method, consider overriding it anyone to document the fact that the equals method for the subclass just return the result of invoking super.equals(o).

HE_EQUALS_USE_HASHCODE: Class defines equals() and uses Object.hashCode()

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }

IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD: Ambiguous invocation of either an inherited or outer method

An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. By the Java semantics, it will be resolved to invoke the inherited method, but this may not be want you intend. If you really intend to invoke the inherited method, invoke it by invoking the method on super (e.g., invoke super.foo(17)), and thus it will be clear to other readers of your code and to FindBugs that you want to invoke the inherited method, not the method in the outer class.

MS_PKGPROTECT: Field should be package protected

A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

MS_EXPOSE_REP: Public static method may expose internal representation by returning array

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.

NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT: equals() method does not check for null argument

This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.

NP_BOOLEAN_RETURN_NULL: Method with Boolean return type returns explicit null

A method that returns either Boolean.TRUE, Boolean.FALSE or null is an accident waiting to happen. This method can be invoked as though it returned a value of type boolean, and the compiler will insert automatic unboxing of the Boolean value. If a null value is returned, this will result in a NullPointerException.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

A reference value dereferenced here might be null at runtime.  This may lead to a NullPointerException when the code is executed.

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

UCF_USELESS_CONTROL_FLOW: Useless control flow

This method contains a useless control flow statement, where control flow continues onto the same place regardless of whether or not the branch is taken. For example, this is caused by having an empty statement block fot an if statement:

    if (argv.length == 0) {
	// TODO: handle this case
	}