Project: <<unnamed project>>
FindBugs version: 1.3.1
Code analyzed:
26501 lines of code analyzed, in 706 classes, in 13 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 2 | 0.08 |
Medium Priority Warnings | 39 | 1.47 |
Total Warnings | 41 | 1.55 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 19 |
Correctness Warnings | 1 |
Malicious code vulnerability Warnings | 5 |
Performance Warnings | 11 |
Dodgy Warnings | 5 |
Total | 41 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
DP | edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.visit(AnonymousAllocation) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block |
DP | edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.visit(AnonymousInnerAllocation) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block |
DP | new edu.rice.cs.dynamicjava.symbol.TreeLibrary(Iterable, ClassLoader, Options) creates a edu.rice.cs.dynamicjava.interpreter.TreeClassLoader classloader, which should be performed within a doPrivileged block |
HE | edu.rice.cs.dynamicjava.symbol.TopLevelAccessModule defines equals and uses Object.hashCode() |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1.defaultCase(Type) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forUnionType(UnionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$1.forVariableType(VariableType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$2.forUnionType(UnionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forUnionType(UnionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.ExtendedTypeSystem$NormSubtyper$1$3.forVariableType(VariableType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.JavaClass.equals(Object) does not check for null argument |
NP | edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1.defaultCase(Type) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1$1.forIntersectionType(IntersectionType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$Subtyper$1$1.forVariableType(VariableType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.StandardTypeSystem$1Visitor.forArrayType(ArrayType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.StandardTypeSystem$1Visitor.forClassType(ClassType) has Boolean return type and returns explicit null |
NP | edu.rice.cs.dynamicjava.symbol.TreeClass.equals(Object) does not check for null argument |
Code | Warning |
---|---|
NP | Possible null pointer dereference of name in koala.dynamicjava.parser.impl.Parser.importDeclaration() |
Code | Warning |
---|---|
EI2 | new koala.dynamicjava.parser.impl.ParseException(Token, int[][], String[]) may expose internal representation by storing an externally mutable object into ParseException.expectedTokenSequences |
EI2 | new koala.dynamicjava.parser.impl.ParseException(Token, int[][], String[]) may expose internal representation by storing an externally mutable object into ParseException.tokenImage |
MS | public static edu.rice.cs.dynamicjava.Version.getBuildTime() may expose internal representation by returning Version.BUILD_TIME |
MS | koala.dynamicjava.parser.impl.ParserTokenManager.jjnewLexState should be package protected |
MS | koala.dynamicjava.parser.impl.ParserTokenManager.jjstrLiteralImages should be package protected |
Code | Warning |
---|---|
Dm | koala.dynamicjava.interpreter.error.ExecutionError.printStackTrace(PrintWriter) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead |
SBSC | Method edu.rice.cs.dynamicjava.interpreter.ExpressionChecker$ExpressionVisitor.resolveAmbiguousName(AmbiguousName) concatenates strings using + in a loop |
SBSC | Method edu.rice.cs.dynamicjava.interpreter.StatementChecker.resolveClassName(String, Node) concatenates strings using + in a loop |
SBSC | Method edu.rice.cs.dynamicjava.interpreter.TypeNameChecker$TypeNameVisitor.visit(ReferenceTypeName) concatenates strings using + in a loop |
SBSC | Method koala.dynamicjava.parser.impl.ParseException.getMessage() concatenates strings using + in a loop |
SBSC | Method koala.dynamicjava.parser.wrapper.ParseError.parseExceptionMessage(ParseException) concatenates strings using + in a loop |
SBSC | Method koala.dynamicjava.tree.tiger.GenericReferenceTypeName.toStringHelper() concatenates strings using + in a loop |
SBSC | Method koala.dynamicjava.tree.TreeUtilities.listToName(List) concatenates strings using + in a loop |
SBSC | Method koala.dynamicjava.util.LocalizedMessageReader.getMessage(String, String[]) concatenates strings using + in a loop |
SIC | Should edu.rice.cs.dynamicjava.sourcechecker.SourceChecker$NodeDiffLog$Cast be a _static_ inner class? |
SIC | Should edu.rice.cs.dynamicjava.symbol.JLSTypeSystem$ConstraintSet be a _static_ inner class? |
Code | Warning |
---|---|
Eq | edu.rice.cs.dynamicjava.symbol.Java5Class doesn't override JavaClass.equals(Object) |
IA | Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaConstructor.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Constructor.toString() |
IA | Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaField.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Field.toString() |
IA | Ambiguous invocation of either an outer or inherited method edu.rice.cs.dynamicjava.symbol.JavaClass$JavaMethod.declaredName() in edu.rice.cs.dynamicjava.symbol.Java5Class$Java5Method.toString() |
UCF | Useless control flow in edu.rice.cs.dynamicjava.symbol.StandardTypeSystem.accessible(Access$Limited, Access$Module) |
Creating new instances of java.lang.Boolean
wastes
memory, since Boolean
objects are immutable and there are
only two useful values of this type. Use the Boolean.valueOf()
method (or Java 1.5 autoboxing) to create Boolean
objects instead.
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This class extends a class that defines an equals method and adds fields, but doesn't define an equals method itself. Thus, equality on instances of this class will ignore the identity of the subclass and the added fields. Be sure this is what is intended, and that you don't need to override the equals method. Even if you don't need to override the equals method, consider overriding it anyone to document the fact that the equals method for the subclass just return the result of invoking super.equals(o).
This class overrides equals(Object)
, but does not
override hashCode()
, and inherits the implementation of
hashCode()
from java.lang.Object
(which returns
the identity hash code, an arbitrary value assigned to the object
by the VM). Therefore, the class is very likely to violate the
invariant that equal objects must have equal hashcodes.
If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended hashCode
implementation to use is:
public int hashCode() { assert false : "hashCode not designed"; return 42; // any arbitrary constant will do }
An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. By the Java semantics, it will be resolved to invoke the inherited method, but this may not be want you intend. If you really intend to invoke the inherited method, invoke it by invoking the method on super (e.g., invoke super.foo(17)), and thus it will be clear to other readers of your code and to FindBugs that you want to invoke the inherited method, not the method in the outer class.
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.
This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.
A method that returns either Boolean.TRUE, Boolean.FALSE or null is an accident waiting to happen. This method can be invoked as though it returned a value of type boolean, and the compiler will insert automatic unboxing of the Boolean value. If a null value is returned, this will result in a NullPointerException.
A reference value dereferenced here might be null at runtime.
This may lead to a NullPointerException
when the code is executed.
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.
Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.
For example:
// This is bad String s = ""; for (int i = 0; i < field.length; ++i) { s = s + field[i]; } // This is better StringBuffer buf = new StringBuffer(); for (int i = 0; i < field.length; ++i) { buf.append(field[i]); } String s = buf.toString();
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
This method contains a useless control flow statement, where
control flow continues onto the same place regardless of whether or not
the branch is taken. For example,
this is caused by having an empty statement
block fot an if
statement:
if (argv.length == 0) { // TODO: handle this case }