18 High Priority problems found

160 Medium Priority problems found

47209 lines of code analyzed, in 1390 classes, in 66 packages.

Metric Total Density*
High Priority Warnings 18 0.38
Medium Priority Warnings 160 3.39
Total Warnings 178 3.77

* Defects per Thousand lines of non-commenting source statements


Warning Type Number
Bad practice Warnings 48
Correctness Warnings 8
Internationalization Warnings 3
Malicious code vulnerability Warnings 21
Multithreaded correctness Warnings 1
Performance Warnings 1
Dodgy code Warnings 96
Total 178

Bad practice Warnings

Code Warning
CN Class org.carrot2.core.test.ClusteringAlgorithmTestBase$2 implements Cloneable but does not define or use clone method
CN Class org.carrot2.core.test.ClusteringAlgorithmTestBase$3 implements Cloneable but does not define or use clone method
CN org.carrot2.mahout.math.AbstractMatrix$TransposeViewVector.clone() does not call super.clone()
CN org.carrot2.mahout.math.DenseVector.clone() does not call super.clone()
CN org.carrot2.mahout.math.list.DoubleArrayList.clone() does not call super.clone()
CN org.carrot2.mahout.math.list.IntArrayList.clone() does not call super.clone()
CN org.carrot2.mahout.math.RandomAccessSparseVector.clone() does not call super.clone()
CN org.carrot2.mahout.math.SequentialAccessSparseVector.clone() does not call super.clone()
Co org.carrot2.clustering.stc.STCClusteringAlgorithm$5.compare(ClusterCandidate, ClusterCandidate) incorrectly handles float value
Co org.carrot2.clustering.stc.STCClusteringAlgorithm$6.compare(STCClusteringAlgorithm$PhraseCandidate, STCClusteringAlgorithm$PhraseCandidate) incorrectly handles float value
ES Comparison of String objects using == or != in org.carrot2.source.idol.IdolDocumentSource.getURL()
HE org.carrot2.mahout.math.DenseVector defines equals but not hashCode
HE org.carrot2.mahout.math.list.AbstractDoubleList defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.list.AbstractIntList defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.list.DoubleArrayList defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.list.IntArrayList defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.map.AbstractIntDoubleMap defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.map.OpenIntDoubleHashMap inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.DoubleMatrix1D defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.DoubleMatrix2D defines equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.DelegateDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.DenseDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.DenseDoubleMatrix2D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SelectedDenseDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SelectedDenseDoubleMatrix2D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SelectedSparseDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SelectedSparseDoubleMatrix2D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SparseDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.SparseDoubleMatrix2D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix1D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix1D$1 inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D$1 inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D$2 inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D$3 inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D$4 inherits equals and uses Object.hashCode()
HE org.carrot2.mahout.math.matrix.impl.WrapperDoubleMatrix2D$5 inherits equals and uses Object.hashCode()
RV org.carrot2.clustering.stc.STCClusteringAlgorithm$4.compare(ClusterCandidate, ClusterCandidate) negates the return value of Float.compare(float, float)
RV Exceptional return value of java.io.File.mkdirs() ignored in org.carrot2.dcs.RestProcessorServlet.getLogAppender(ServletContext)
RV org.carrot2.matrix.MatrixUtils$DoubleComparators$ReversedOrderDoubleComparator.compare(double, double) negates the return value of Double.compare(double, double)
Se Class org.carrot2.dcs.MemoryFileItemFactory$MemoryFileItem defines non-transient non-serializable instance field baos
Se The field org.carrot2.dcs.RestProcessorServlet.commandActions is transient but isn't set by deserialization
Se org.carrot2.mahout.math.Sorting$ComparableAdaptor implements Comparator but not Serializable
Se Class org.carrot2.webapp.QueryProcessorServlet defines non-transient non-serializable instance field unknownToDefaultTransformer
Se Class org.carrot2.webapp.QueryProcessorServlet defines non-transient non-serializable instance field unknownToDefaultTransformerWithMaxResults
Se Class org.carrot2.webapp.QueryProcessorServlet defines non-transient non-serializable instance field webappConfig
SnVI org.carrot2.dcs.RestProcessorServlet is Serializable; consider declaring a serialVersionUID
SnVI org.carrot2.webapp.QueryProcessorServlet is Serializable; consider declaring a serialVersionUID

Correctness Warnings

Code Warning
NP Possible null pointer dereference of controller1 in org.carrot2.core.ControllerTest$ComponentManagerIndependentTests.checkManagerWithMultipleControllers(IProcessingComponentManager) on exception path
NP Possible null pointer dereference of controller2 in org.carrot2.core.ControllerTest$ComponentManagerIndependentTests.checkManagerWithMultipleControllers(IProcessingComponentManager) on exception path
NP Possible null pointer dereference of controller in org.carrot2.core.ControllerTest$ComponentManagerIndependentTests.processAndDispose(Object) on exception path
NP Possible null pointer dereference of controller in org.carrot2.core.ControllerTest$ComponentManagerIndependentTests.testAutomaticInitialization() on exception path
NP Possible null pointer dereference of controller in org.carrot2.core.ControllerTest$ComponentManagerIndependentTests.testMultipleInitialization() on exception path
NP Possible null pointer dereference of component in org.carrot2.core.SimpleProcessingComponentManager.prepare(Class, String, Map, Map) on exception path
NP Possible null pointer dereference of ChineseTokenizerAdapter.sentenceTokenizer in org.carrot2.text.linguistic.lucene.ChineseTokenizerAdapter.reset(Reader)
SF Value of org.carrot2.text.linguistic.snowball.SnowballProgram.cursor from previous case is overwritten here due to switch statement fall through

Internationalization Warnings

Code Warning
Dm Found reliance on default encoding in new org.carrot2.text.util.TabularOutput(): new java.io.PrintWriter(OutputStream)
Dm Found reliance on default encoding in org.carrot2.util.tests.SuiteResultInfoWriter.testRunStarted(Description): new java.io.PrintWriter(String)
Dm Found reliance on default encoding in org.carrot2.util.xsltfilter.XSLTFilterServletResponse.getWriter(): new java.io.PrintWriter(OutputStream)

Malicious code vulnerability Warnings

Code Warning
EI org.carrot2.mahout.math.list.DoubleArrayList.elements() may expose internal representation by returning DoubleArrayList.elements
EI org.carrot2.mahout.math.list.IntArrayList.elements() may expose internal representation by returning IntArrayList.elements
EI org.carrot2.mahout.math.SingularValueDecomposition.getSingularValues() may expose internal representation by returning SingularValueDecomposition.s
EI org.carrot2.matrix.factorization.PartialSingularValueDecomposition.getSingularValues() may expose internal representation by returning PartialSingularValueDecomposition.S
EI org.carrot2.text.linguistic.snowball.SnowballProgram.getCurrentBuffer() may expose internal representation by returning SnowballProgram.current
EI org.carrot2.text.util.MutableCharArray.getBuffer() may expose internal representation by returning MutableCharArray.buffer
EI2 org.carrot2.mahout.math.list.DoubleArrayList.elements(double[]) may expose internal representation by storing an externally mutable object into DoubleArrayList.elements
EI2 org.carrot2.mahout.math.list.IntArrayList.elements(int[]) may expose internal representation by storing an externally mutable object into IntArrayList.elements
EI2 new org.carrot2.mahout.math.matrix.linalg.EigenvalueDecomposition(double[][]) may expose internal representation by storing an externally mutable object into EigenvalueDecomposition.V
EI2 new org.carrot2.mahout.math.MatrixView(Matrix, int[], int[]) may expose internal representation by storing an externally mutable object into MatrixView.offset
EI2 org.carrot2.text.linguistic.snowball.SnowballProgram.setCurrent(char[], int) may expose internal representation by storing an externally mutable object into SnowballProgram.current
EI2 new org.carrot2.text.suffixtree.IntegerSequence(int[], int, int) may expose internal representation by storing an externally mutable object into IntegerSequence.seq
EI2 org.carrot2.text.util.MutableCharArray.reset(char[], int, int) may expose internal representation by storing an externally mutable object into MutableCharArray.buffer
EI2 new org.carrot2.util.IntArrayPredicateIterator(short[], int, int, ShortPredicate) may expose internal representation by storing an externally mutable object into IntArrayPredicateIterator.array
EI2 new org.carrot2.util.LinearApproximation(double[], double, double) may expose internal representation by storing an externally mutable object into LinearApproximation.points
MS org.carrot2.core.benchmarks.memtime.MemTimeBenchmark.MAX should be package protected
MS org.carrot2.core.benchmarks.memtime.MemTimeBenchmark.MIN should be package protected
MS org.carrot2.core.benchmarks.memtime.MemTimeBenchmark.STEP should be package protected
MS org.carrot2.core.benchmarks.memtime.MemTimeBenchmark.documents should be package protected
MS org.carrot2.core.test.TestDocumentFactory.DEFAULT_FIELDS is a mutable collection
MS org.carrot2.core.test.TestDocumentFactory.DEFAULT_GENERATORS is a mutable collection

Multithreaded correctness Warnings

Code Warning
IS Inconsistent synchronization of org.carrot2.core.ProcessingResult.otherAttributesForSerialization; locked 66% of time

Performance Warnings

Code Warning
SIC Should org.carrot2.mahout.math.AbstractMatrix$TransposeViewVector be a _static_ inner class?

Dodgy code Warnings

Code Warning
DLS Dead store to config rather than field with same name in org.carrot2.dcs.RestProcessorServlet.init(ServletConfig)
Eq org.carrot2.text.linguistic.DefaultLexicalDataFactory$1.equals(Object) is unusual
FE Test for floating point equality in org.carrot2.mahout.math.matrix.impl.SparseDoubleMatrix2D$2.apply(int, double)
FE Test for floating point equality in org.carrot2.mahout.math.matrix.impl.SparseDoubleMatrix2D$3.apply(int, double)
NP Possible null pointer dereference in org.carrot2.cli.batch.BatchApp.process(Path, Path, Controller) due to return value of called method
NP p must be non-null but is marked as nullable
NP descriptor must be non-null but is marked as nullable
NP cluster must be non-null but is marked as nullable
NP cluster must be non-null but is marked as nullable
NP cluster must be non-null but is marked as nullable
NP cluster must be non-null but is marked as nullable
NP cluster must be non-null but is marked as nullable
NP doc must be non-null but is marked as nullable
NP document must be non-null but is marked as nullable
NP descriptor must be non-null but is marked as nullable
NP Load of known null value in org.carrot2.output.metrics.NormalizedMutualInformationMetricTest.assertEquals(Double, Double, double, String)
NP Load of known null value in org.carrot2.output.metrics.PrecisionRecallMetricTest.assertEquals(Double, Double, double, String)
NP document must be non-null but is marked as nullable
NP document must be non-null but is marked as nullable
NP stemmer must be non-null but is marked as nullable
NP tokenizer must be non-null but is marked as nullable
NP d must be non-null but is marked as nullable
RV Return value of java.util.List.isEmpty() ignored, but method has no side effect
SA Double assignment of field DanishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.DanishStemmer.stem()
SA Double assignment of field DutchStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.DutchStemmer.stem()
SA Double assignment of field FinnishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.FinnishStemmer.stem()
SA Double assignment of field FrenchStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.FrenchStemmer.stem()
SA Double assignment of field GermanStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.GermanStemmer.stem()
SA Double assignment of field HungarianStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.stem()
SA Double assignment of field ItalianStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.ItalianStemmer.stem()
SA Double assignment of field NorwegianStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.NorwegianStemmer.stem()
SA Double assignment of field PortugueseStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.PortugueseStemmer.stem()
SA Double assignment of field RomanianStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.stem()
SA Double assignment of field SpanishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.stem()
SA Double assignment of field SwedishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.SwedishStemmer.stem()
SA Double assignment of field TurkishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.TurkishStemmer.r_postlude()
SA Double assignment of field TurkishStemmer.cursor in org.carrot2.text.linguistic.snowball.stemmers.TurkishStemmer.stem()
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.DanishStemmer.r_main_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.DanishStemmer.r_other_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.DutchStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_1a() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_1b() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_2() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_3() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_4() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_Step_5() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.EnglishStemmer.r_exception1() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FinnishStemmer.r_other_endings() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FinnishStemmer.r_possessive() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FinnishStemmer.r_t_plural() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FrenchStemmer.r_i_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FrenchStemmer.r_residual_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.FrenchStemmer.r_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.GermanStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_case_other() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_case_special() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_owned() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_plur_owner() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_plural() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_sing_owner() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.HungarianStemmer.r_v_ending() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.ItalianStemmer.r_attached_pronoun() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.ItalianStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.ItalianStemmer.r_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.NorwegianStemmer.r_main_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.NorwegianStemmer.r_other_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.PortugueseStemmer.r_residual_form() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.PortugueseStemmer.r_residual_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.PortugueseStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.PortugueseStemmer.r_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.r_combo_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.r_step_0() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.r_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RomanianStemmer.r_vowel_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_adjectival() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_adjective() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_derivational() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_noun() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_perfective_gerund() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_reflexive() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_tidy_up() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.RussianStemmer.r_verb() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.r_attached_pronoun() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.r_residual_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.r_standard_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.r_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SpanishStemmer.r_y_verb_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SwedishStemmer.r_main_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.SwedishStemmer.r_other_suffix() where default case is missing
SF Switch statement found in org.carrot2.text.linguistic.snowball.stemmers.TurkishStemmer.r_post_process_last_consonants() where default case is missing
ST Write to static field org.carrot2.core.ControllerTestsCaching$ConcurrentComponent1.latch1 from instance method org.carrot2.core.ControllerTestsCaching.testConcurrentDocumentModifications()
ST Write to static field org.carrot2.core.ControllerTestsCaching$ConcurrentComponent1.latch2 from instance method org.carrot2.core.ControllerTestsCaching.testConcurrentDocumentModifications()
ST Write to static field org.carrot2.util.simplexml.SimpleXmlWrappers.strict from instance method org.carrot2.util.simplexml.SimpleXmlWrappersTest.restoreWrappers()
ST Write to static field org.carrot2.util.simplexml.SimpleXmlWrappers.wrappers from instance method org.carrot2.util.simplexml.SimpleXmlWrappersTest.restoreWrappers()
UC Useless object stored in variable map2 of method org.carrot2.core.ControllerTestsCommon.testMapWithKeysAttribute()

Bug Explanations

CN_IDIOM: Class implements Cloneable but does not define or use clone method

Class implements Cloneable but does not define or use the clone method.

CN_IDIOM_NO_SUPER_CALL: clone method does not call super.clone()

This non-final class defines a clone() method that does not call super.clone(). If this class ("A") is extended by a subclass ("B"), and the subclass B calls super.clone(), then it is likely that B's clone() method will return an object of type A, which violates the standard contract for clone().

If all clone() methods call super.clone(), then they are guaranteed to use Object.clone(), which always returns an object of the correct type.

CO_COMPARETO_INCORRECT_FLOATING: compareTo()/compare() incorrectly handles float or double value

This method compares double or float values using pattern like this: val1 > val2 ? 1 : val1 < val2 ? -1 : 0. This pattern works incorrectly for -0.0 and NaN values which may result in incorrect sorting result or broken collection (if compared values are used as keys). Consider using Double.compare or Float.compare static methods which handle all the special cases correctly.

DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD: Dead store to local variable that shadows field

This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used. There is a field with the same name as the local variable. Did you mean to assign to that variable instead?

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

EQ_UNUSUAL: Unusual equals method

This class doesn't do any of the patterns we recognize for checking that the type of the argument is compatible with the type of the this object. There might not be anything wrong with this code, but it is worth reviewing.

ES_COMPARING_STRINGS_WITH_EQ: Comparison of String objects using == or !=

This code compares java.lang.String objects for reference equality using the == or != operators. Unless both strings are either constants in a source file, or have been interned using the String.intern() method, the same string value may be represented by two different String objects. Consider using the equals(Object) method instead.

FE_FLOATING_POINT_EQUALITY: Test for floating point equality

This operation compares two floating point values for equality. Because floating point calculations may involve rounding, calculated float and double values may not be accurate. For values that must be precise, such as monetary values, consider using a fixed-precision type such as BigDecimal. For values that need not be precise, consider comparing for equality within some range, for example: if ( Math.abs(x - y) < .0000001 ). See the Java Language Specification, section 4.2.4.

HE_EQUALS_USE_HASHCODE: Class defines equals() and uses Object.hashCode()

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do
  }

HE_EQUALS_NO_HASHCODE: Class defines equals() but not hashCode()

This class overrides equals(Object), but does not override hashCode().  Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

HE_INHERITS_EQUALS_USE_HASHCODE: Class inherits equals() and uses Object.hashCode()

This class inherits equals(Object) from an abstract superclass, and hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't want to define a hashCode method, and/or don't believe the object will ever be put into a HashMap/Hashtable, define the hashCode() method to throw UnsupportedOperationException.

IS2_INCONSISTENT_SYNC: Inconsistent synchronization

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

MS_MUTABLE_COLLECTION: Field is a mutable collection

A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.

MS_PKGPROTECT: Field should be package protected

A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

NP_LOAD_OF_KNOWN_NULL_VALUE: Load of known null value

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was non-null).

NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE: Parameter must be non-null but is marked as nullable

This parameter is always used in a way that requires it to be non-null, but the parameter is explicitly annotated as being Nullable. Either the use of the parameter or the annotation is wrong.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.

NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE: Possible null pointer dereference due to return value of called method

The return value from a method is dereferenced without a null check, and the return value of that method is one that should generally be checked for null. This may lead to a NullPointerException when the code is executed.

NP_NULL_ON_SOME_PATH_EXCEPTION: Possible null pointer dereference in method on exception path

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: Method ignores exceptional return value

This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don't check the result, you won't notice if the method invocation signals unexpected behavior by returning an atypical return value.

RV_NEGATING_RESULT_OF_COMPARETO: Negating the result of compareTo()/compare()

This code negatives the return value of a compareTo or compare method. This is a questionable or bad programming practice, since if the return value is Integer.MIN_VALUE, negating the return value won't negate the sign of the result. You can achieve the same intended result by reversing the order of the operands rather than by negating the results.

RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT: Return value of method without side effect is ignored

This code calls a method and ignores the return value. However our analysis shows that the method (including its implementations in subclasses if any) does not produce any effect other than return value. Thus this call can be removed.

We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong. Common false-positive cases include:

- The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis.

- The method is called to trigger the class loading which may have a side effect.

- The method is called just to get some exception.

If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation to instruct FindBugs that ignoring the return value of this method is acceptable.

SA_FIELD_DOUBLE_ASSIGNMENT: Double assignment of field

This method contains a double assignment of a field; e.g.

  int x,y;
  public void foo() {
    x = x = 17;
  }

Assigning to a field twice is useless, and may indicate a logic error or typo.

SE_COMPARATOR_SHOULD_BE_SERIALIZABLE: Comparator doesn't implement Serializable

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

SE_TRANSIENT_FIELD_NOT_RESTORED: Transient field that isn't set by deserialization.

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH: Dead store due to switch statement fall through

A value stored in the previous switch case is overwritten here due to a switch fall through. It is likely that you forgot to put a break or return at the end of the previous case.

SF_SWITCH_NO_DEFAULT: Switch statement found where default case is missing

This method contains a switch statement where default case is missing. Usually you need to provide a default case.

Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other cases.

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

SE_NO_SERIALVERSIONID: Class is Serializable, but doesn't define serialVersionUID

This class implements the Serializable interface, but does not define a serialVersionUID field.  A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

UC_USELESS_OBJECT: Useless object created

Our analysis shows that this object is useless. It's created and modified, but its value never go outside of the method or produce any side-effect. Either there is a mistake and object was intended to be used or it can be removed.

This analysis rarely produces false-positives. Common false-positive cases include:

- This object used to implicitly throw some obscure exception.

- This object used as a stub to generalize the code.

- This object used to hold strong references to weak/soft-referenced objects.