Package list findbugs / 060cf58
Update to upstream version 2.0.3, and Remove external library yesx 7 years ago
415 changed file(s) with 33140 addition(s) and 3819 deletion(s). Raw diff Collapse all Expand all
00 <?xml version="1.0" encoding="UTF-8"?>
11 <classpath>
2 <classpathentry excluding="**/CVS/*" kind="src" path="src/java"/>
3 <classpathentry excluding="**/CVS/*" kind="src" path="src/antTask"/>
4 <classpathentry excluding="**/CVS/*|edu/umd/cs/findbugs/tools/patcomp/**/*" kind="src" path="src/tools"/>
2 <classpathentry kind="src" path="src/java"/>
3 <classpathentry kind="src" path="src/antTask"/>
4 <classpathentry kind="src" path="src/tools"/>
55 <classpathentry kind="src" path="etc"/>
66 <classpathentry kind="src" path="src/xsl"/>
7 <classpathentry excluding="**/CVS/*" kind="src" path="src/junit"/>
7 <classpathentry kind="src" path="src/junit"/>
88 <classpathentry kind="src" path="src/gui"/>
99 <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
1010 <accessrules>
1414 <accessrule kind="nonaccessible" pattern="com/apple/**"/>
1515 </accessrules>
1616 </classpathentry>
17 <classpathentry kind="lib" path="lib/AppleJavaExtensions.jar"/>
17 <classpathentry exported="true" kind="lib" path="lib/AppleJavaExtensions.jar"/>
1818 <classpathentry exported="true" kind="lib" path="lib/bcel.jar">
1919 <attributes>
2020 <attribute name="javadoc_location" value="http://jakarta.apache.org/bcel/apidocs/"/>
2525 <attribute name="javadoc_location" value="http://dom4j.org/apidocs/"/>
2626 </attributes>
2727 </classpathentry>
28 <classpathentry kind="lib" path="lib/junit.jar"/>
29 <classpathentry exported="true" kind="lib" path="lib/commons-lang-2.4.jar"/>
28 <classpathentry exported="true" kind="lib" path="lib/junit.jar"/>
29 <classpathentry exported="true" kind="lib" path="lib/commons-lang-2.6.jar"/>
3030 <classpathentry exported="true" kind="lib" path="lib/jcip-annotations.jar"/>
31 <classpathentry kind="lib" path="lib/yjp-controller-api-redist.jar"/>
31 <classpathentry exported="true" kind="lib" path="lib/yjp-controller-api-redist.jar"/>
3232 <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
3333 <classpathentry exported="true" kind="lib" path="lib/jsr305.jar" sourcepath="lib/jsr305.jar"/>
34 <classpathentry exported="true" kind="lib" path="lib/jaxen-1.1.1.jar"/>
35 <classpathentry exported="true" kind="lib" path="lib/jFormatString.jar"/>
34 <classpathentry exported="true" kind="lib" path="lib/jaxen-1.1.6.jar"/>
35 <classpathentry exported="true" kind="lib" path="lib/jFormatString.jar"/>
3636 <classpathentry exported="true" kind="lib" path="lib/jdepend-2.9.jar"/>
3737 <classpathentry exported="true" kind="lib" path="lib/asm-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
3838 <classpathentry exported="true" kind="lib" path="lib/asm-commons-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
3939 <classpathentry exported="true" kind="lib" path="lib/asm-tree-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
40 <classpathentry kind="lib" path="lib/ant.jar"/>
40 <classpathentry exported="true" kind="lib" path="lib/ant.jar"/>
41 <classpathentry exported="true" kind="lib" path="lib/asm-analysis-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
42 <classpathentry exported="true" kind="lib" path="lib/asm-util-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
43 <classpathentry exported="true" kind="lib" path="lib/asm-xml-3.3.jar" sourcepath="lib/asm-src-3.3.zip"/>
4144 <classpathentry kind="output" path="classesEclipse"/>
4245 </classpath>
55 </projects>
66 <buildSpec>
77 <buildCommand>
8 <name>com.cenqua.clover.core.prejavabuilder</name>
9 <arguments>
10 </arguments>
11 </buildCommand>
12 <buildCommand>
813 <name>org.eclipse.jdt.core.javabuilder</name>
14 <arguments>
15 </arguments>
16 </buildCommand>
17 <buildCommand>
18 <name>com.cenqua.clover.core.postjavabuilder</name>
919 <arguments>
1020 </arguments>
1121 </buildCommand>
2838 <natures>
2939 <nature>org.eclipse.jdt.core.javanature</nature>
3040 <nature>org.eclipse.pde.PluginNature</nature>
41 <nature>com.cenqua.clover.core.clovernature</nature>
3142 <nature>edu.umd.cs.findbugs.plugin.eclipse.findbugsNature</nature>
3243 </natures>
3344 </projectDescription>
00 #FindBugs User Preferences
1 #Thu Aug 25 18:56:29 EDT 2011
1 #Thu Nov 07 08:16:06 EST 2013
22 cloud_id=edu.umd.cs.findbugs.cloud.appengine.findbugs-cloud
33 detectorAbnormalFinallyBlockReturn=AbnormalFinallyBlockReturn|true
44 detectorAbstractClassEmptyMethods=AbstractClassEmptyMethods|true
2222 detectorCheckCalls=CheckCalls|false
2323 detectorCheckExpectedWarnings=CheckExpectedWarnings|false
2424 detectorCheckImmutableAnnotation=CheckImmutableAnnotation|true
25 detectorCheckRelaxingNullnessAnnotation=CheckRelaxingNullnessAnnotation|true
2526 detectorCheckTypeQualifiers=CheckTypeQualifiers|true
2627 detectorCloneIdiom=CloneIdiom|true
2728 detectorComparatorIdiom=ComparatorIdiom|true
122123 detectorInheritanceTypeChecking=InheritanceTypeChecking|true
123124 detectorInheritanceUnsafeGetResource=InheritanceUnsafeGetResource|true
124125 detectorInitializationChain=InitializationChain|true
126 detectorInitializeNonnullFieldsInConstructor=InitializeNonnullFieldsInConstructor|true
125127 detectorInstantiateStaticClass=InstantiateStaticClass|true
126128 detectorIntCast2LongAsInstant=IntCast2LongAsInstant|true
127129 detectorInvalidJUnitTest=InvalidJUnitTest|true
253255 detector_threshold=2
254256 effort=default
255257 excludefilter0=findbugsExclude.xml|true
256 filter_settings=Medium|BAD_PRACTICE,CORRECTNESS,I18N,MT_CORRECTNESS,PERFORMANCE,SECURITY,STYLE|false|15
257 filter_settings_neg=MALICIOUS_CODE,NOISE,EXPERIMENTAL|
258 filter_settings=Medium|BAD_PRACTICE,CORRECTNESS,EXPERIMENTAL,I18N,MT_CORRECTNESS,PERFORMANCE,SECURITY,STYLE|false|15
259 filter_settings_neg=MALICIOUS_CODE,NOISE|
258260 run_at_full_build=false
0 #Fri Jun 03 22:22:24 CEST 2011
10 eclipse.preferences.version=1
1 edu.umd.cs.findbugs.plugin.eclipse.findbugsMarkerOfConcern=Info
22 runAnalysisAsExtraJob=true
1818 org.eclipse.jdt.core.codeComplete.staticFieldSuffixes=
1919 org.eclipse.jdt.core.codeComplete.staticFinalFieldPrefixes=
2020 org.eclipse.jdt.core.codeComplete.staticFinalFieldSuffixes=
21 org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled
2122 org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore
2223 org.eclipse.jdt.core.compiler.annotation.nonnull=javax.annotation.Nonnull
2324 org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault
3132 org.eclipse.jdt.core.compiler.debug.lineNumber=generate
3233 org.eclipse.jdt.core.compiler.debug.localVariable=generate
3334 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
34 org.eclipse.jdt.core.compiler.doc.comment.support=disabled
35 org.eclipse.jdt.core.compiler.doc.comment.support=enabled
3536 org.eclipse.jdt.core.compiler.maxProblemPerUnit=100
3637 org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning
3738 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
5657 org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning
5758 org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=ignore
5859 org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore
59 org.eclipse.jdt.core.compiler.problem.invalidJavadoc=ignore
60 org.eclipse.jdt.core.compiler.problem.invalidJavadocTags=disabled
60 org.eclipse.jdt.core.compiler.problem.invalidJavadoc=warning
61 org.eclipse.jdt.core.compiler.problem.invalidJavadocTags=enabled
6162 org.eclipse.jdt.core.compiler.problem.invalidJavadocTagsDeprecatedRef=disabled
6263 org.eclipse.jdt.core.compiler.problem.invalidJavadocTagsNotVisibleRef=disabled
6364 org.eclipse.jdt.core.compiler.problem.invalidJavadocTagsVisibility=private
64 org.eclipse.jdt.core.compiler.problem.localVariableHiding=warning
65 org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore
6566 org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning
6667 org.eclipse.jdt.core.compiler.problem.missingDefaultCase=ignore
6768 org.eclipse.jdt.core.compiler.problem.missingDeprecatedAnnotation=warning
7071 org.eclipse.jdt.core.compiler.problem.missingJavadocComments=ignore
7172 org.eclipse.jdt.core.compiler.problem.missingJavadocCommentsOverriding=enabled
7273 org.eclipse.jdt.core.compiler.problem.missingJavadocCommentsVisibility=public
73 org.eclipse.jdt.core.compiler.problem.missingJavadocTagDescription=return_tag
74 org.eclipse.jdt.core.compiler.problem.missingJavadocTagDescription=no_tag
7475 org.eclipse.jdt.core.compiler.problem.missingJavadocTags=ignore
7576 org.eclipse.jdt.core.compiler.problem.missingJavadocTagsMethodTypeParameters=disabled
7677 org.eclipse.jdt.core.compiler.problem.missingJavadocTagsOverriding=enabled
8283 org.eclipse.jdt.core.compiler.problem.noEffectAssignment=warning
8384 org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning
8485 org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore
86 org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning
8587 org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error
8688 org.eclipse.jdt.core.compiler.problem.nullReference=warning
8789 org.eclipse.jdt.core.compiler.problem.nullSpecInsufficientInfo=warning
99101 org.eclipse.jdt.core.compiler.problem.redundantSpecificationOfTypeArguments=ignore
100102 org.eclipse.jdt.core.compiler.problem.redundantSuperinterface=warning
101103 org.eclipse.jdt.core.compiler.problem.reportMethodCanBePotentiallyStatic=ignore
102 org.eclipse.jdt.core.compiler.problem.reportMethodCanBeStatic=warning
104 org.eclipse.jdt.core.compiler.problem.reportMethodCanBeStatic=ignore
103105 org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled
104106 org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning
105107 org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled
106108 org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
109 org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled
107110 org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
108111 org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
109112 org.eclipse.jdt.core.compiler.problem.unavoidableGenericTypeProblems=disabled
128131 org.eclipse.jdt.core.compiler.problem.unusedParameterWhenImplementingAbstract=disabled
129132 org.eclipse.jdt.core.compiler.problem.unusedParameterWhenOverridingConcrete=disabled
130133 org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning
134 org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore
131135 org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
132136 org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
133137 org.eclipse.jdt.core.compiler.source=1.5
2828 sp_cleanup.make_parameters_final=false
2929 sp_cleanup.make_private_fields_final=true
3030 sp_cleanup.make_type_abstract_if_missing_method=false
31 sp_cleanup.make_variable_declarations_final=true
31 sp_cleanup.make_variable_declarations_final=false
3232 sp_cleanup.never_use_blocks=false
3333 sp_cleanup.never_use_parentheses_in_expressions=true
3434 sp_cleanup.on_save_use_additional_actions=true
4040 sp_cleanup.qualify_static_method_accesses_with_declaring_class=false
4141 sp_cleanup.remove_private_constructors=true
4242 sp_cleanup.remove_trailing_whitespaces=true
43 sp_cleanup.remove_trailing_whitespaces_all=true
44 sp_cleanup.remove_trailing_whitespaces_ignore_empty=false
43 sp_cleanup.remove_trailing_whitespaces_all=false
44 sp_cleanup.remove_trailing_whitespaces_ignore_empty=true
4545 sp_cleanup.remove_unnecessary_casts=true
4646 sp_cleanup.remove_unnecessary_nls_tags=false
4747 sp_cleanup.remove_unused_imports=true
1111 lib/asm-3.3.jar,
1212 lib/asm-tree-3.3.jar,
1313 lib/asm-commons-3.3.jar,
14 lib/jaxen-1.1.1.jar,
14 lib/jaxen-1.1.6.jar,
1515 lib/jFormatString.jar,
16 lib/commons-lang-2.4.jar,
17 lib/jsr305.jar
16 lib/commons-lang-2.6.jar,
17 lib/jsr305.jar,
18 lib/ant.jar,
19 lib/asm-analysis-3.3.jar,
20 lib/asm-util-3.3.jar,
21 lib/asm-xml-3.3.jar,
22 lib/jcip-annotations.jar,
23 lib/jdepend-2.9.jar,
24 lib/yjp-controller-api-redist.jar
1825 Bundle-Localization: plugin
1926 Export-Package: edu.umd.cs.findbugs,
2027 edu.umd.cs.findbugs.annotations,
3643 edu.umd.cs.findbugs.ba.type,
3744 edu.umd.cs.findbugs.ba.vna,
3845 edu.umd.cs.findbugs.bcel,
46 edu.umd.cs.findbugs.bcel.generic,
3947 edu.umd.cs.findbugs.bugReporter,
4048 edu.umd.cs.findbugs.charsets,
4149 edu.umd.cs.findbugs.classfile,
8896 org.objectweb.asm.commons,
8997 org.objectweb.asm.signature,
9098 org.objectweb.asm.tree
91 Require-Bundle: org.apache.ant
9299 Bundle-RequiredExecutionEnvironment: J2SE-1.5
0 This is a folder for jars required for BUILDING, not dependencies of FindBugs itself!
66 src/junit/,\
77 src/gui/,\
88 etc
9 local.software.home =/fs/pugh/pugh
10 #local.software.home =/user/daveho/local
119
1210 # Set this to the directory containing the DocBook Modular XSL Stylesheets
1311 # from http://docbook.sourceforge.net/projects/xsl/
3634 # Eclipse plugin.
3735 eclipse.home =${local.software.home}/java/eclipse-2.1.3
3836
39 java14.rt =/export/home/pugh/work/j2sdk1.4.0/jre/lib/rt.jar
40
4137 dblatex.img.fix=while(<>){s,([A-Za-z-]*\.png\}),manual/\1,g;print;}
4238
43 #/export/home/pugh/JSR305-ri/build/classes
4439
4540 pluginsSrc.dir=../plugins/
4641 serverSrc.dir=../server/
4949 <property name="test.jar" value="${test.dir}/dumb.jar"/>
5050 <property name="sampleoutput.dir" value="build/sampleoutput"/>
5151 <property name="junittests.jar" value="build/junittests.jar"/>
52 <property name="baseline-anttask.jar" value="${findbugs-baseline.home}/lib/findbugs-ant.jar"/>
5253 <property name="anttask.jar" value="${jar.dir}/findbugs-ant.jar"/>
5354 <property name="scripts.props" value="etc/script.properties"/>
5455 <property name="scripts.stamp" value="${build.dir}/scripts.stamp"/>
6566 <pathelement location="${jar.dir}/asm-3.3.jar"/>
6667 <pathelement location="${jar.dir}/asm-commons-3.3.jar"/>
6768 <pathelement location="${jar.dir}/asm-tree-3.3.jar"/>
68 <pathelement location="${jar.dir}/jaxen-1.1.1.jar"/>
69 <pathelement location="${jar.dir}/jaxen-1.1.6.jar"/>
6970 <pathelement location="${jar.dir}/jsr305.jar"/>
7071 <pathelement location="${jar.dir}/jFormatString.jar"/>
71 <pathelement location="${jar.dir}/commons-lang-2.4.jar"/>
72 <pathelement location="${jar.dir}/commons-lang-2.6.jar"/>
7273 <pathelement location="${jar.dir}/jcip-annotations.jar"/>
7374 </path>
7475
8081 </path>
8182
8283 <path id="svn.classpath">
83 <pathelement location="${svnant.home}/lib/svnant.jar"/>
84 <pathelement location="${svnant.home}/lib/svnClientAdapter.jar"/>
85 <pathelement location="${svnant.home}/lib/svnkit.jar"/>
86 <pathelement location="${svnant.home}/lib/ganymed.jar"/>
87 <pathelement location="${svnant.home}/lib/svnjavahl.jar"/>
88 <pathelement location="${svnant.home}/lib/jna.jar"/>
84
85 <fileset dir="${svnant.home}/lib">
86 <include name="*.jar"/>
87 </fileset>
8988 </path>
9089
9190
131130 <zipfileset src="${jar.dir}/asm-3.3.jar"/>
132131 <zipfileset src="${jar.dir}/asm-commons-3.3.jar"/>
133132 <zipfileset src="${jar.dir}/asm-tree-3.3.jar"/>
134 <zipfileset src="${jar.dir}/jaxen-1.1.1.jar"/>
133 <zipfileset src="${jar.dir}/jaxen-1.1.6.jar"/>
135134 <zipfileset src="${jar.dir}/jsr305.jar"/>
136135 <zipfileset src="${jar.dir}/jFormatString.jar"/>
137 <zipfileset src="${jar.dir}/commons-lang-2.4.jar"/>
136 <zipfileset src="${jar.dir}/commons-lang-2.6.jar"/>
138137 <zipfileset src="${jar.dir}/findbugs.jar"/>
139138 </jar>
140139 </target>
141140
142141 <!-- Compile Java source files, and copy other files (properties,
143142 images, html, XSL stylesheets) that need to be part of the codebase. -->
143 <target name="errorprone" depends="clean,init">
144 <javac
145 destdir="${classes.dir}"
146 source="1.5"
147 target="1.5"
148 includeantruntime="false"
149 encoding="ISO-8859-1"
150 deprecation="off"
151 debug="on"
152 compiler="com.google.errorprone.ErrorProneAntCompilerAdapter"
153 >
154 <compilerarg value="-Xlint:unchecked"/>
155 <src path="${src.dir}"/>
156 <src path="${src5.dir}"/>
157 <classpath refid="findbugs.classpath"/>
158 </javac>
159 </target>
144160 <target name="classes" depends="init">
145161
146162 <!-- Compile Java source files. -->
355371 <zipfileset src="${jar.dir}/asm-xml-3.3.jar" excludes="META-INF/**"/>
356372
357373 <zipfileset src="${jar.dir}/dom4j-1.6.1.jar" excludes="META-INF/**"/>
358 <zipfileset src="${jar.dir}/jaxen-1.1.1.jar" excludes="META-INF/**"/>
374 <zipfileset src="${jar.dir}/jaxen-1.1.6.jar" excludes="META-INF/**"/>
359375 <zipfileset src="${jar.dir}/jsr305.jar" excludes="META-INF/**"/>
360376 <zipfileset src="${jar.dir}/jFormatString.jar" excludes="META-INF/**"/>
361 <zipfileset src="${jar.dir}/commons-lang-2.4.jar" excludes="META-INF/**"/>
377 <zipfileset src="${jar.dir}/commons-lang-2.6.jar" excludes="META-INF/**"/>
362378 </jar>
363379 </target>
364380
542558 />
543559 </target>
544560
561 <target name="baseline-findbugscheck" depends="jars">
562 <taskdef resource="edu/umd/cs/findbugs/anttask/tasks.properties" classpath="${baseline-anttask.jar}"/>
563 <findbugs home="${findbugs-baseline.home}"
564 output="xml:withMessages"
565 jvmargs="-ea -Xmx1200m "
566 excludeFilter="findbugsExclude.xml"
567 projectName="FindBugs"
568 maxRank="20"
569 timeout="1800000"
570 outputFile="${build.dir}/findbugs-Baseline.xml" >
571 <class location="${classes.dir}" />
572 <sourcePath path="src/java:src/gui:src/junit:src/tools:src/antTask"/>
573 <auxClasspath refid="tools.classpath"/>
574 <auxClasspath path="lib/ant.jar"/>
575 </findbugs>
576 </target>
577
578
545579 <target name="findbugscheck" depends="anttask,junittests,jars">
546580 <property name="findbugs.home" value="." />
547581 <ant dir="${pluginsSrc.dir}/findbugsCommunalCloud" target="install" inheritAll="false" />
556590 timeout="1800000"
557591 outputFile="${build.dir}/findbugscheckAll.xml" >
558592 <class location="${classes.dir}" />
559 <sourcePath path="src/java:src/gui:src/junit:src/tools"/>
593 <sourcePath path="src/java:src/gui:src/junit:src/tools:src/antTask"/>
560594 <auxClasspath refid="tools.classpath"/>
561595 <auxClasspath path="lib/ant.jar"/>
562596 </findbugs>
583617 timeout="1800000"
584618 outputFile="${build.dir}/findbugscheck.xml" >
585619 <class location="${classes.dir}" />
586 <sourcePath path="src/java:src/gui:src/junit:src/tools"/>
620 <sourcePath path="src/java:src/gui:src/junit:src/tools:src/antTask"/>
587621 <auxClasspath refid="tools.classpath"/>
588622 </findbugs>
589623 </target>
650684 </target>
651685
652686 <!-- Run JUnit test cases -->
653 <target name="test" depends="runjunit,foundFindbugsTestCases"/>
687 <target name="test" depends="runjunit,foundFindbugsTestCases" description="Run tests"/>
654688
655689 <target name="runjunit" depends="junittests,jars,compileFindbugsTestCases">
656690 <echo>Running JUnit test cases for FindBugs...</echo>
680714 <taskdef resource="checkstyletask.properties"
681715 classpath="build-lib/checkstyle-all-5.1.jar"/>
682716 <checkstyle config="etc/checkstyle.xml" failonviolation="false">
717 <fileset dir="src/antTask"/>
683718 <fileset dir="src/java"/>
684719 <fileset dir="src/gui"/>
685720 <fileset dir="src/junit"/>
720755 <target name="-get-svn-revision" if="svnant.home">
721756 <taskdef resource="org/tigris/subversion/svnant/svnantlib.xml"
722757 classpathref="svn.classpath"/>
723 <svn svnkit="false" javahl="false">
758 <svn>
724759 <status path="." revisionProperty="svnrnum"/>
725760 </svn>
726761 <echo>${svnrnum}</echo>
727762 </target>
728763
729764
730 <target name="checkdocs">
765 <target name="checkdocs" depends="clean">
731766 <!-- FIXME: check whether docs are up to date -->
732767 </target>
733768
734769 <!-- Generate formatted documentation. -->
735 <target name="docs" depends="classes,version,bugdesc,checkdocs" unless="docs.uptodate">
770 <target name="docs" depends="classes,version,bugdesc,checkdocs" unless="docs.uptodate" description="Make documentation">
736771 <loadproperties srcFile="${doc.props.file}"/>
737772
738773 <!-- Generate HTML docs (the website). -->
826861 output="${bugdesc.output}">
827862 <jvmarg value="-ea"/>
828863 <jvmarg value="-Dfindbugs.home=."/>
829 <jvmarg value="-Dfindbugs.desc.unabridged=${bugdesc.unabridged}"/>
864 <jvmarg value="-Dfindbugs.bugdesc.unabridged=${bugdesc.unabridged}"/>
830865 <classpath refid="tools.classpath"/>
831866 <arg value="${bugdesc.title}"/>
832867 <arg value="${doc.html.gen.header}"/>
855890 <!-- Filter set used for generating text substitution values for
856891 documentation. -->
857892 <filterset id="doc.filters">
893 <filter token="VERSION_BASE" value="${release.base}" />
858894 <filter token="VERSION" value="${release.number}" />
859895 <filter token="RELEASE_DATE" value="${release.date}" />
896 <filter token="FINDBUGS_SVN_REVISION" value="${findbugs.svn.revision}" />
860897 <filter token="ECLIPSE_UI_VERSION" value="${eclipse.ui.version}" />
861898 <filter token="WEBSITE" value="${findbugs.website}"/>
862899 <filter token="DOWNLOADS_WEBSITE" value="${findbugs.downloads.website}"/>
9971034 <copy todir="${jnlp.dir}" file="${jar.dir}/asm-commons-3.3.jar"/>
9981035 <copy todir="${jnlp.dir}" file="${jar.dir}/asm-tree-3.3.jar"/>
9991036 <copy todir="${jnlp.dir}" file="${jar.dir}/dom4j-1.6.1.jar"/>
1000 <copy todir="${jnlp.dir}" file="${jar.dir}/jaxen-1.1.1.jar"/>
1037 <copy todir="${jnlp.dir}" file="${jar.dir}/jaxen-1.1.6.jar"/>
10011038 <copy todir="${jnlp.dir}" file="${jar.dir}/jFormatString.jar"/>
1002 <copy todir="${jnlp.dir}" file="${jar.dir}/commons-lang-2.4.jar"/>
1039 <copy todir="${jnlp.dir}" file="${jar.dir}/commons-lang-2.6.jar"/>
10031040 <copy todir="${jnlp.dir}" file="${jar.dir}/AppleJavaExtensions.jar"/>
10041041 <copy todir="${jnlp.dir}" file="${docsrc.dir}/buggy-sm.png"/>
10051042 <copy todir="${jnlp.dir}">
11821219 </target>
11831220
11841221 <!-- Build source distribution. -->
1185 <target name="srcdist" description="Source distribution" unless="doNotExportSrc">
1222 <target name="srcdist" description="Source distribution" unless="doNotExportSrc" depends="version">
11861223 <echo>
11871224 ${svnant.home}
11881225 </echo>
11901227 <delete dir="${build.dir}/src/findbugs-${release.number}"/>
11911228 <typedef resource="org/tigris/subversion/svnant/svnantlib.xml" classpathref="svn.classpath"/>
11921229
1193 <svn username="guest" password="" javahl="false">
1230 <svnSetting username="guest" password="" id="svn.settings" />
1231 <svn refid="svn.settings" >
11941232 <!-- Use 'export' rather than 'checkout' to exclude the .svn stuff -->
11951233 <export srcUrl="http://findbugs.googlecode.com/svn/trunk/findbugs"
11961234 revision="HEAD"
12641302 Windowtitle="FindBugs ${release.number} API"
12651303 bottom="&lt;font size='-1'&gt;&lt;a href='http://findbugs.sourceforge.net/' target='_parent'&gt;FindBugs&lt;/a&gt;&amp;trade; is licenced under the LGPL. Copyright &amp;copy; 2006 University of Maryland.&lt;/font&gt;"
12661304 nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar= "false" notree="false"
1267 sourcepath="src/java:src/gui" splitindex="true" use="true" version="true">
1305 sourcepath="src/java:src/gui:src/antTask" splitindex="true" use="true" version="true">
12681306 <classpath refid="findbugs.classpath"/>
12691307 </javadoc>
12701308 </target>
12761314 packagenames="edu.umd.cs.findbugs.annotations"
12771315 doctitle="FindBugs Annotation Documentation"
12781316 nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar= "false" notree="false"
1279 sourcepath="src/gui" splitindex="true" use="true" version="true"/>
1317 sourcepath="src/java:src/gui:src/antTask" splitindex="true" use="true" version="true"/>
12801318 </target>
12811319
12821320 <!-- Download, patch, and build a modified BCEL 5.2. Install resulting bcel.jar in lib. -->
0 Adding Detectors to FindBugs
1 May 12, 2003
2 Updated June 6, 2003 (detector meta-information, cleanups)
3
4 ===============
5 1. Introduction
6 ===============
7
8 FindBugs uses a plugin-based approach to adding detectors.
9 This makes it easy for users to add their own detectors alongside
10 the ones that come built in.
11
12 Basic idea: FindBugs has some Jar files in a "plugins" directory.
13 At startup, each of those jar files is checked for a "findbugs.xml"
14 file. That XML file registers instances of Detectors, as well
15 as particular "bug patterns" that the detector reports.
16
17 Additionally to the findbugs.xml, bugrank.txt and messages.xml files are
18 required for each FindBugs detector plugin.
19
20 At startup, FindBugs loads all plugin Jar files. At analysis time,
21 all detectors named in the findbugs.xml files from those plugins
22 are instantiated and applied to analyzed class files.
23
24 In order to format reported BugInstances as text for display,
25 a messages file is loaded from the plugin. In order to support multiple
26 language translations, a locale search is performed in a manner
27 similar to the handling of resource bundles. For example, if the
28 locale is "pt_BR", then the files
29
30 messages_pt_BR.xml
31 messages_pt.xml
32 messages.xml
33
34 are tried, in that order.
35
36 The "findbugs.xml" and "messages.xml" files used by the standard FindBugs
37 bug pattern detectors (coreplugin.jar) can be found in the "etc" directory
38 of the findbugs source distribution. Both files must be UTF-8 encoded.
39
40
41 ============================
42 2. Example findbugs.xml file
43 ============================
44
45 <DetectorPlugin>
46
47 <Detector class="org.foobar.findbugs.FindUnreleasedLocks" speed="slow" />
48 <Detector class="org.foobar.findbugs.ExperimentalDetector" speed="fast" disabled="true" />
49
50 <!-- More Detector elements would go here... -->
51
52 <BugPattern type="UBL_UNRELEASED_LOCK" abbrev="UL" category="MT_CORRECTNESS" />
53
54 <!-- More BugPattern elements would go here... -->
55
56 </DetectorPlugin>
57
58
59 ======================================
60 3. Meaning of elements in findbugs.xml
61 ======================================
62
63 <DetectorPlugin> a collection of <Detector> and <BugPattern> elements.
64 Each plugin Jar file can (and usually will) provide multiple detectors
65 and define multiple bug patterns.
66
67 <Detector> specifies a class which implements the edu.umd.cs.findbugs.Detector
68 interface and has a constructor that takes a single parameter of type
69 edu.umd.cs.findbugs.BugReporter. This element has three possible attributes:
70
71 1. The required "class" attribute specifies the Detector class.
72
73 2. The optional "disabled" attribute, if set to "true", means
74 that by default, the detector will be disabled at runtime.
75 This is useful for detectors that aren't quite ready for prime time.
76
77 3. The required "speed" attribute supplies a value to be shown in the
78 "Settings->Configure Detectors" dialog. It gives the user an idea of
79 how expensive the analysis will be to perform. The value of this
80 attribute should be one of "fast", "moderate", or "slow".
81
82 <BugPattern> specifies a kind of bug that will be reported.
83 It has three required attributes:
84
85 1. "type" is a unique code identifying the bug. Only one BugPattern
86 can have a a particular type.
87
88 2. "abbrev" is a short alphanumeric code for the bug.
89 Note that multiple BugPatterns can use the same abbreviation
90 if they are related. (See the BugCode element in messages.xml).
91
92 3. "category" can be one of categories defined in the core plugin's messages.xml:
93
94 CORRECTNESS - code that was probably not what the developer intended
95 BAD_PRACTICE - violations of recommended and essential coding practice
96 STYLE - code that is confusing, anomalous, or written in a way that that leads itself to errors
97 MT_CORRECTNESS - multithreaded correctness issues
98 MALICIOUS_CODE - a potential vulnerability if exposed to malicious code
99 PERFORMANCE - a performance issue
100 I18N - internationalization and locale
101
102 or you may create your own category, in which case you should define
103 it in a <BugCategory> element in _your_ messages.xml file.
104
105 ============================
106 4. Example messages.xml file
107 ============================
108
109 <MessageCollection>
110
111 <Detector class="org.foobar.findbugs.FindUnreleasedLocks" >
112 <Details>
113 <![CDATA[
114 <p> This detector looks for JSR-166 locks that are not released on all paths
115 out of a method. Because it performs dataflow analysis, it is fairly slow.
116 ]]>
117 </Details>
118 </Detector>
119
120 <!-- More Detector nodes would go here... -->
121
122 <BugPattern type="UBL_UNRELEASED_LOCK">
123 <ShortDescription>Lock not released on all paths out of method</ShortDescription>
124
125 <LongDescription>{1} does not release lock on all paths out of method</LongDescription>
126
127 <Details>
128 <![CDATA[
129 <p> A JSR-166 lock acquired in this method is not released on all paths
130 out of the method. This could result in a deadlock if another thread
131 tries to acquire the lock. Generally, you should use a finally
132 block to ensure that acquired locks are always released.
133 ]]>
134 </Details>
135 </BugPattern>
136
137 <!-- More BugPattern nodes would go here... -->
138
139 <BugCode abbrev="UL">Unreleased locks</BugCode>
140
141 <!-- More BugCode nodes would go here... -->
142
143 </MessageCollection>
144
145
146 ======================================
147 5. Meaning of elements in messages.xml
148 ======================================
149
150 <MessageCollection> is the top level element
151
152 <BugCategory> elements optionally describe any categories you
153 may have created for your bug patterns. You can skip these if
154 you are using only the categories defined by the core plugin.
155
156 The <Description> child element has a brief (a word or three)
157 description of the category. The <Abbreviation> child element
158 is typically a single capital latter. The optional <Details>
159 child element may describe it in more detail (but no markup).
160
161 <Detector> holds meta-information about a Detector in the plugin.
162 The required "class" attribute specifies the Detector class.
163 Detector elements much have the following child elements:
164
165 The <Details> child element has a brief HTML description of the Detector.
166 It should have HTML markup that would be valid in a BODY element.
167 It should be specified in a CDATA section so that the HTML
168 tags are not misinterpreted as XML.
169
170 <BugPattern> holds all of the human-readable messages for the bug pattern
171 identified by the "type" attribute. The type corresponds to the
172 type attribute of the BugPattern elements described in findbugs.xml.
173 BugPattern elements must have the following child elements:
174
175 <ShortDescription> this is used for when "View->Full Descriptions"
176 is turned off in the GUI, and it's also used as the title for
177 descriptions in the Details window.
178
179 <LongDescription> this is used for when "View->Full Descriptions"
180 is turned on in the GUI, and for output using the command line UI.
181 The placeholders in the long description ({0}, {1}, etc.)
182 refer to BugAnnotations attached to the BugInstances reported by
183 the detector for this bug pattern. You may also use constructs
184 like {1.name} or {1.returnType}.
185
186 <Details> this is the descriptive text to be used in the Details
187 window. It consists of HTML markup to appear in the BODY element of an HTML
188 document. It should be specified in a CDATA section so that the HTML
189 tags are not misinterpreted as XML.
190
191 <BugCode> is the text which describes the common characteristic of all
192 of the BugPatterns which share an abbreviation. In the example above,
193 the abbreviation "UL" is for bugs in which a lock is not released.
194 The text of a BugCode element is shown for tree nodes in the GUI
195 which group bug instances by "bug type".
196
197 ======================================
198 6. Meaning of elements in bugrank.txt
199 ======================================
200
201 For the detailed and up to date information, please read the javadoc of the
202 edu.umd.cs.findbugs.BugRanker class.
203
204 ============================================
205 7. Using 3rd party libraries in the detector
206 ============================================
207
208 FindBugs plugins may extend the default FindBugs classpath and use custom 3rd party
209 libraries during the analysis. This libraries must be part of standard jar class path
210 specified via "ClassPath" attribute in the META-INF/MANIFEST.MF file.
211
212 ======================================
213 8. Adding detectors to Eclipse plugin
214 ======================================
215
216 Since version 2.0.0 Eclipse plugin allows to configure or contribute custom detectors.
217
218 7.1. It is possible to contribute custom detectors via standard Eclipse extensions mechanism.
219 Please check the documentation of the "findBugsEclipsePlugin/schema/detectorPlugins.exsd"
220 extension point how to update the plugin.xml. Existing FindBugs detector plugins can
221 be easily "extended" to be full featured FindBugs & Eclipse detector plugins.
222 Usually you only need to add META-INF/MANIFEST.MF and plugin.xml to the jar and
223 update your build scripts to not to override the MANIFEST.MF during the build.
224
225 7.2 It is possible to configure custom detectors via Eclipse workspace preferences.
226 Go to "Window->Preferences->Java->FindBugs->Misc. Settings->Custom Detectors"
227 and specify there locations of any additional plugin libraries.
228
229 7.3 Plugins contributed via standard Eclipse extensions mechanism (see 7.1)
230 may extend the default FindBugs classpath and use custom libraries during the analysis.
231 This libraries must be part of standard Eclipse plugin dependencies specified via
232 either "Require-Bundle" or "Bundle-ClassPath" attributes in the MANIFEST.MF file.
233 In case custom detectors need access to this custom libraries at runtime, an
234 extra line must be added to the MANIFEST.MF (without quotation marks):
235 "Eclipse-RegisterBuddy: edu.umd.cs.findbugs.plugin.eclipse".
236
0 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
1 <html>
2 <head>
3 <title>FindBugs Change Log</title>
4 <link rel="stylesheet" type="text/css" href="findbugs.css">
5
6 </head>
7
8 <body>
9
10 <table width="100%">
11 <tr>
12
13
14 <td bgcolor="#b9b9fe" valign="top" align="left" width="20%">
15 <table width="100%" cellspacing="0" border="0">
16 <tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr>
17
18 <tr><td>&nbsp;</td></tr>
19
20 <tr><td><b>Docs and Info</b></td></tr>
21 <tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr>
22 <tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr>
23 <tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr>
24 <tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr>
25 <tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr>
26 <tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr>
27 <tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/&#26085;&#26412;&#35486;)</a></font></td></tr>
28 <tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr>
29 <tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr>
30 <tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr>
31 <tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr>
32 <tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr>
33
34 <tr><td>&nbsp;</td></tr>
35
36 <tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr>
37
38 <tr><td>&nbsp;</td></tr>
39
40 <tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>
41
42 <tr><td>&nbsp;</td></tr>
43
44 <tr><td><b>Development</b></td></tr>
45 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>
46 <tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>
47 <tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>
48 <tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr>
49 <tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>
50 <tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr>
51 <tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr>
52 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr>
53 <tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr>
54 </table>
55 </td>
56
57 <td align="left" valign="top">
58
59
60 <h1>FindBugs Change Log, Version 2.0.3</h1>
61 <ul>
62 <li>New Bug patterns: <a
63 href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FOR_PARSING</a>,
64 <a
65 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETURN_RELAXING_ANNOTATION</a>,
66 and
67 <a
68 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</a>
69 </li>
70 <li>Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output.
71 <li>When dataflow does't terminate, make sure we continue with
72 analysis.
73
74 <li>Fix some problems that resulting in dataflow analysis not
75 terminating
76
77 <li>Get parameter annotations from default parameters
78 annotations applied to the method.
79 <li>Add subversion change number to eclipse plugin qualifier.
80
81 <li>Disabled detector for <a
82 href="http://findbugs.sourceforge.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR_FILE_ENTRY</a>;
83 it complaints inappropriately about code that creates directory
84 entries.
85
86 <li>Add warnings about incompatible types passed to
87 org.testng.Assert.assertEquals</li>
88 <li>Add logic that understands more of the Google Guava APIs.
89 <li>Disable type qualifier validator execution within Eclipse plugin;
90 too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures)
91 <li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is
92 inconsistent about where synthetic elements are marked.
93
94 <li>Fixed false positives for the following bug patterns (17
95 occurrences in findbugsTestCases):
96 <ul>
97 <li><a
98 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC">BC</a>
99 <li><a
100 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIBLE_INSTANCEOF</a>
101 <li><a
102 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
103 <li><a
104 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
105 <li><a
106 href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a>
107 <li><a
108 href="http://findbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTENT_SYNC</a>
109 <li><a
110 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a>
111 <li><a
112 href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSATISFIED_OBLIGATION</a>
113 <li><a
114 href="http://findbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a>
115 <li><a
116 href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
117 <li><a
118 href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
119 </li>
120 </ul>
121 <li>Fixed false negatives for the following bug patterns (45
122 occurrences in findbugsTestCases):
123 <ul>
124 <li><a
125 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
126 <li><a
127 href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a>
128 <li><a
129 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_NONARRAY</a>
130 <li><a
131 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INCOMPATIBLE_ARRAY_COMPARE</a>
132 <li><a
133 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
134 <li><a
135 href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
136 <li><a
137 href="http://findbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GUARDED</a>
138 <li><a
139 href="http://findbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMENT</a>
140 <li><a
141 href="http://findbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a>
142 <li><a
143 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME_PATH</a>
144 <li><a
145 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNULL_PARAM_VIOLATION</a>
146 <li><a
147 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a>
148 <li><a
149 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>
150 <li><a
151 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE_INTO_NONNULL_FIELD</a>
152 <li><a
153 href="http://findbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_POSSIBLE_UNINTENDED_PATTERN</a>
154 <li><a
155 href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
156 </ul>
157 </ul>
158 <h1>FindBugs Change Log, Version 2.0.2</h1>
159
160 <ul>
161 <li>Fix false positions for <a
162 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a>
163 - fixing <a
164 href="https://sourceforge.net/tracker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>,
165 <a
166 href="https://sourceforge.net/tracker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>,
167 <a
168 href="https://sourceforge.net/tracker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a>
169 and <a
170 href="https://sourceforge.net/tracker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>.
171
172
173 </li>
174 <li>Fix false positives for <a
175 href="http://findbugs.sourceforge.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a>
176 <li>Inline access methods for private fields,
177 fixing false positive in <a
178 href="https://sourceforge.net/tracker/?func=detail&aid=3484713&group_id=96405&atid=614693">Bug3484713</a>.
179
180 <li>Type qualifier annotations, including nullness
181 annotations, are now ignored on vararg parameters (including
182 default and inherited annotations), awaiting JSR308.
183 <li>Defined new bug pattern to give better explanations of
184 issues involving strict type qualifiers <a
185 href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
186 <li>Adjusted analysis of type qualifiers, now giving warnings
187 where a computed value is used in a place where a value with a
188 strict type qualifier is required.
189 <li>Complain about missing classes only if they are
190 encountered while analyzing application classes; ignore missing
191 classes that are encounted while analyzing classes loaded from the
192 auxclasspath. Fix for <a
193 href="https://sourceforge.net/tracker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a>
194 <li>Fixed false positive null pointer warning coming from
195 synthetic bridge methods, fixing <a
196 href="https://sourceforge.net/tracker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a>
197 <li>In general, suppress warnings in synthetic methods.
198 <li>Fix some false positives involving <a
199 href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
200 on classes that extend generic collection classes.
201
202 </li>
203 <li>Combine multiple identical warnings about
204 <a
205 href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a>
206 that occur in the same method,
207 simplifying issue triage.
208
209 <li>Changes by Andrey Loskutov
210 <ul>
211 <li>fixed job scheduling errors in 3.8/4.2 Eclipse <a
212 href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=393748">bug
213 report</a>
214 <li>more realistic progress bar updates for jobs
215 <li>added nullness annotations for some common Eclipse API
216 methods known to usually return null values
217 <li>Added support for org.eclipse.jdt.annotation.Nullable,
218 NonNull and NonNullByDefault annotations (introduced with
219 Eclipse 3.8/4.2)</li>
220 </ul>
221 <li>Documentation improvements
222 <li><a href="http://code.google.com/p/findbugs/source/list">lots
223 of other small changes</a>
224 </ul>
225 <h1>FindBugs Change Log, Version 2.0.1</h1>
226
227 <ul>
228 <li>New bug patterns; in some cases, bugs previous reported as
229 other bug patterns are reported as instances of these new bug
230 patterns in order to make it easier for developers to understand
231 the bug reports
232 <ul>
233 <li><a
234 href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
235 <li><a
236 href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL</a></li>
237 <li><a
238 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li>
239 <li><a
240 href="http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li>
241 <li><a
242 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li>
243 <li><a
244 href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
245 <li><a
246 href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li>
247 </ul>
248 </li>
249
250 <li>Changes to fix false negatives for the following bug
251 patterns: <a
252 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>,
253 <a
254 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>,
255 <a
256 href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>,
257 <a
258 href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>,
259 and <a
260 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>.
261 </li>
262
263 <li>Changes to fix false positions for the following bug
264 patterns: <a
265 href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>,
266 <a
267 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>,
268 and <a
269 href="http://findbugs.sourceforge.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>.
270 </li>
271 </ul>
272
273 <h1>FindBugs Change Log, Version 2.0.0</h1>
274
275 <h2>Changes since version 1.3.8</h2>
276 <ul>
277 <li>New bug patterns; in some cases, bugs previous reported as
278 other bug patterns are reported as instances of these new bug
279 patterns in order to make it easier for developers to understand
280 the bug reports
281 <ul>
282 <li><a
283 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
284 </a></li>
285 <li><a
286 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
287 </a></li>
288 <li><a
289 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
290 </a></li>
291 <li><a
292 href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
293 </a></li>
294 <li><a
295 href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
296 </a></li>
297 <li><a
298 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
299 </a></li>
300 <li><a
301 href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
302 </a></li>
303 <li><a
304 href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
305 </a></li>
306 <li><a
307 href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
308 </a></li>
309 <li><a
310 href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
311 </a></li>
312 <li><a
313 href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
314 </a></li>
315 <li><a
316 href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
317 </a></li>
318 </ul>
319 </li>
320 <li>Providing a bug rank (1-20), and the ability to filter by
321 bug rank. Eventually, it will be possible to specify your own
322 rules for ranking bugs, but the procedure for doing so hasn't been
323 specified yet.</li>
324 <li>Fixed about <a
325 href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
326 bugs filed</a> through SourceForge
327 </li>
328 <li>Various reclassifications and priority tweaks</li>
329 <li>Added more bug annotations to a variety of bug reports.
330 This provides more context for understanding bug reports (e.g., if
331 the value in question was is the return value of a method, the
332 method is described as the source of the value in a bug
333 annotation). This also provide more accurate tracking of issues
334 across versions of the code being analyzed, but has the downside
335 that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
336 on the same version of code being analyzed, FindBugs may think
337 that mistakenly believe that the issue reported by 1.3.8 was fixed
338 and a new issue was introduced that was reported by FindBugs
339 1.3.9. While annoying, it would be unusual for more than a dozen
340 issues per million lines of codes to be mistracked.</li>
341 <li>Lots of internal changes moving towards FindBugs 2.0, but
342 these features are undocumented, not yet officially supported, and
343 subject to radical changes before FindBugs 2.0 is released.</li>
344 </ul>
345
346 <p>Changes since version 1.3.8</p>
347 <ul>
348 <li>New bug patterns; in some cases, bugs previous reported as
349 other bug patterns are reported as instances of these new bug
350 patterns in order to make it easier for developers to understand
351 the bug reports
352 <ul>
353 <li><a
354 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
355 </a>
356 <li><a
357 href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
358 </a>
359 <li><a
360 href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
361 </a>
362 <li><a
363 href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
364 </a>
365 <li><a
366 href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
367 </a>
368 <li><a
369 href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
370 </a>
371 <li><a
372 href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
373 </a>
374 <li><a
375 href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
376 </a>
377 <li><a
378 href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
379 </a>
380 <li><a
381 href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
382 </a>
383 <li><a
384 href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
385 </a>
386 <li><a
387 href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
388 </a>
389 </ul>
390 </li>
391 <li>Providing a bug rank (1-20), and the ability to filter by
392 bug rank. Eventually, it will be possible to specify your own
393 rules for ranking bugs, but the procedure for doing so hasn't been
394 specified yet.</li>
395 <li>Fixed about <a
396 href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
397 bugs filed</a> through SourceForge
398 </li>
399 <li>Various reclassifications and priority tweaks</li>
400 <li>Added more bug annotations to a variety of bug reports.
401 This provides more context for understanding bug reports (e.g., if
402 the value in question was is the return value of a method, the
403 method is described as the source of the value in a bug
404 annotation). This also provide more accurate tracking of issues
405 across versions of the code being analyzed, but has the downside
406 that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
407 on the same version of code being analyzed, FindBugs may think
408 that mistakenly believe that the issue reported by 1.3.8 was fixed
409 and a new issue was introduced that was reported by FindBugs
410 1.3.9. While annoying, it would be unusual for more than a dozen
411 issues per million lines of codes to be mistracked.</li>
412 <li>Lots of internal changes moving towards FindBugs 2.0, but
413 these features are undocumented, not yet officially supported, and
414 subject to radical changes before FindBugs 2.0 is released.</li>
415 </ul>
416
417 <p>Changes since version 1.3.7</p>
418 <ul>
419 <li>Primarily another small bugfix release.</li>
420 <li>FindBugs base:
421 <ul>
422 <li>New Reports:
423 <ul>
424 <li>SF_SWITCH_NO_DEFAULT: missing default case in switch
425 statement.</li>
426 <li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW:
427 value ignored when switch fallthrough leads to thrown
428 exception.</li>
429 <li>INT_VACUOUS_BIT_OPERATION: bit operations that don't
430 do any meaningful work.</li>
431 <li>FB_UNEXPECTED_WARNING: warning generated that
432 conflicts with @NoWarning FindBugs annotation.</li>
433 <li>FB_MISSING_EXPECTED_WARNING: warning not generated
434 despite presence of @ExpectedWarning FindBugs annotation.</li>
435 <li>NOISE category: intended for use in data mining
436 experiments.
437 <ul>
438 <li>NOISE_NULL_DEREFERENCE: fake null point dereference
439 warning.</li>
440 <li>NOISE_METHOD_CALL: fake method call warning.</li>
441 <li>NOISE_FIELD_REFERENCE: fake field dereference
442 warning.</li>
443 <li>NOISE_OPERATION: fake operation warning.</li>
444 </ul>
445 </li>
446 </ul>
447 </li>
448 <li>Other:
449 <ul>
450 <li>Garvin Leclaire has created a new Apache Maven
451 repository for FindBugs at <a
452 href="http://code.google.com/p/findbugs/">the Google Code
453 FindBugs SVN repository</a>. (Thanks Garvin!)
454 </li>
455 </ul>
456 </li>
457 <li>Fixes:
458 <ul>
459 <li>[ 2317842 ] Highlighting broken in Windows</li>
460 <li>[ 2515908 ] check for oddness should track sign of
461 argument</li>
462 <li>[ 2487936 ] &quot;L B GC&quot; false pos cast from
463 Map.Entry.getKey() to Map.get()</li>
464 <li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li>
465 <li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message
466 reported</li>
467 <li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is
468 incorrect</li>
469 <li>[ 2545098 ] Invalid character in analysis results file</li>
470 <li>[ 2492673 ] Plugin sites should specify &quot;requires
471 Eclipse 3.3 or newer&quot;</li>
472 <li>[ 2588044 ] a tiny typing error</li>
473 <li>[ 2589048 ] Documentation for convertXmlToText
474 insufficient</li>
475 <li>[ 2638739 ] NullPointerException when building</li>
476 </ul>
477 </li>
478 <li>Patches:
479 <ul>
480 <li>[ 2538184 ] Make BugCollection implement
481 Iterable&lt;BugInstance&gt; (thanks to Tomas Pollak)</li>
482 <li>[ 2249771 ] Add Maven2 Findbugs plugin link to the
483 Links page (thanks to Garvin Leclaire)</li>
484 <li>[ 2609526 ] Japanese manual update (thanks to K.
485 Hashimoto)</li>
486 <li>[ 2119482 ] CheckBcel checks for nonexistent classes
487 (thanks to Jerry James)</li>
488 </ul>
489 </li>
490 </ul>
491 </li>
492 <li>FindBugs Eclipse plugin:
493 <ul>
494 <li>Major feature enhancements (thanks to Andrey Loskutov).
495 See <a href="http://andrei.gmxhome.de/findbugs/index.html">this
496 overview</a> for more information.
497 </li>
498 <li>Major test improvements (thanks to Tomas Pollak).</li>
499 <li>Fixes:
500 <ul>
501 <li>[ 2532365 ] Compiler warning</li>
502 <li>[ 2522989 ] Fix filter files selection</li>
503 <li>[ 2504068 ] NullPointerException</li>
504 <li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse
505 3.5 M5</li>
506 </ul>
507 </li>
508 <li>Patches:
509 <ul>
510 <li>[ 2143140 ] Unchecked conversion fixes for Eclipse
511 plugin (thanks to Jerry James)
512 </ul>
513 </li>
514 </ul>
515 </li>
516 </ul>
517
518 <p>Changes since version 1.3.6</p>
519 <ul>
520 <li>Overall, a small bugfix release.
521 <li>New detection of accidental vacuous/useless calls to
522 EasyMock methods, and of generic signatures that proclaim the use
523 of unhashable classes in ways that require that they be hashed.
524 <li>Eliminate some false positives where we were warning about
525 a useless call (e.g., comparing two incompatible types for
526 equality), but the only thing the code was doing with the result
527 was passing it to assertFalse.
528 <li>Japanese localization and manual by K.Hashimoto. (Thanks!)
529
530 <li>Added -exclude and -outputDir command line options to
531 rejarForAnalysis
532 <li>Extended -adjustPriorities option to FindBugs analysis
533 textui so that you can modify the priorities of individual bug
534 patterns as well as visitors, and also completely suppress
535 individual bug patterns or visitors.
536 <ul>
537 <li>e.g., -adjustPriority
538 MS_SHOULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise
539
540 </ul>
541 </ul>
542
543
544 <p>Changes since version 1.3.5</p>
545 <ul>
546 <li>Added fairly exhaustive static analysis of uses of format
547 strings, checking for missing or extra arguements, invalid format
548 specifiers, or mismatched format specifiers and arguments (e.g,
549 passing a String value for a %d format specifier). The logic for
550 doing so is derived from Sun's java.util.Formatter class, and
551 available separately from FindBugs as part of the <a
552 href="https://jformatstring.dev.java.net/">jFormatString</a>
553 project.
554 <li>More tuning of the unsatisfied obligation detector. Since
555 this detector is still rather noisy and an unfinished research
556 project, I've moved the generated issues to a new category:
557 EXPERIMENTAL.
558 <li>Added check for <a
559 href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>;
560 similar to <a
561 href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>,
562 except that addition is being used to combine shifted signed
563 bytes.
564 <li>Changed detection of EI_EXPOSE_REP2, so we only report it
565 if the value stored is guaranteed to be the same value that was
566 passed in as a parameter.
567 <li>Added <a
568 href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>,
569 a warning when an equals method checks to see if an operand is an
570 instance of a class not compatible with itself. For example, if
571 the Foo class checks to see if the argument is an instance of
572 String. This is either a questionable design decision or a coding
573 mistake.
574 <li>Added <a
575 href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE_ON_ARRAY</a>,
576 which checks for invoking <code>hashCode()</code> on an array,
577 which returns a hash code that ignores the contents of the array.
578
579 <li>Added checks for using <code>x.removeAll(x)</code> to
580 rather than <code>x.clear()</code> to clear an array.
581 <li>Add checks for calls such as <code>x.contains(x)</code>, <code>x.remove(x)</code>
582 and <code>x.containsAll(x)</code>.
583 <li>Improvements to Eclipse plugin (thanks to Andrey
584 Loskutov):
585 <ul>
586 <li>Report separate markers for each occurrence of an issue
587 that appears multiple times in a method
588 <li>fine tuning for reported markers: add only one marker
589 for fields, add marker on right position
590 <li>link bugs selected in bug explorer view to the opened
591 editor and vice versa
592 <li>select bugs selected in editor ruler in the opened bug
593 explorer view
594 <li>consistent abbreviations used in both bug explorer and
595 bug details view
596 <li>added "Expand All" button to the bug explorer view
597 <li>added "Go Into/Go Up" buttons to the bug explorer view
598 <li>added "Copy to clipboard" menu/functionality to the
599 details view list widget
600 <li>fix for CNF exception if loading the backup solution for
601 broken browser widget
602 </ul>
603 </ul>
604
605
606
607 <p>Changes since version 1.3.4</p>
608 <ul>
609 <li>Analysis about 15% faster
610 <li><a
611 href="http://sourceforge.net/tracker/?atid=614693&group_id=96405&func=browse&status=closed">38
612 bugs closed</a></li>
613 <li>New defect warnings:
614 <ul>
615 <li>calls to methods that always throw
616 UnsupportedOperationException (DMI_UNSUPPORTED_METHOD)
617 <li>repeated conditional tests (e.g., <code>if (x
618 &lt; 0 || x &lt; 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST)
619 <li>Complete rewrite of detector for format string problems.
620 More accurate, finds more problems, generates more descriptive
621 reports, several different bug pattern
622 (VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED,
623 VA_FORMAT_STRING_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT,
624 VA_FORMAT_STRING_BAD_ARGUMENT,
625 VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT)
626 <li>Fairly complete implementation of JSR-305 custom type
627 qualifier analysis (no support for custom validators yet).
628 (TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK
629 TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK
630 TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK)
631 <li>New detector for unsatisfied obligations such forgetting
632 to close a file (OBL_UNSATISFIED_OBLIGATION).
633 <li>Warning when a parameter is marked as nullable, but is
634 always dereferenced.
635 (NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)
636 <lI>Separate warning for dereference the result of readLine
637 (NP_DEREFERENCE_OF_READLINE_VALUE)
638 </ul>
639 <li>When XML is generated with messages, the project stats now
640 include &lt;FileStat&gt; elements. For each source file, this
641 gives the path for the file, the total number of warnings for that
642 file, and a bugHash for the file. While the instanceHash for a bug
643 is intended to be version invariant (ignoring line numbers, etc),
644 the bugHash for a file is intended to reflect all the information
645 about the warnings in that file. The intended use case is that if
646 the bugHash for a file is the same in two analysis runs, then <em>nothing</em>
647 has changed about any of the warnings reported for that file
648 between the two analysis runs.
649 <li>More merging of similar issues within a method. For
650 example, if the result of readLine() is dereferences multiple
651 times within a method, it will be reported as a single warning
652 with occurrences at multiple source lines.
653 </ul>
654 <p>Changes since version 1.3.3</p>
655
656 <ul>
657 <li>FindBugs base
658 <ul>
659 <li>New Reports:
660 <ul>
661 <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method
662 overrides equals in superclass and may not be symmetric</li>
663 <li>EQ_ALWAYS_TRUE: equals method always returns true</li>
664 <li>EQ_ALWAYS_FALSE: equals method always returns false</li>
665 <li>EQ_COMPARING_CLASS_NAMES: equals method compares class
666 names rather than class objects</li>
667 <li>EQ_UNUSUAL: Unusual equals method</li>
668 <li>EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails
669 for subtypes</li>
670 <li>SE_READ_RESOLVE_IS_STATIC: The readResolve method must
671 not be declared as a static method.</li>
672 <li>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private
673 readResolve method not inherited by subclasses</li>
674 <li>MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field</li>
675 <li>XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected
676 cross site scripting vulnerability</li>
677 <li>SKIPPED_CLASS_TOO_BIG: Class too big for analysis</li>
678 </ul>
679 </li>
680 <li>Other:
681 <ul>
682 <li>Value-number analysis now more space-efficient</li>
683 <li>Enhancements to reduce memory overhead when analyzing
684 very large classes</li>
685 <li>Now skips very large classes that would otherwise take
686 too much time and memory to analyze</li>
687 <li>Infrastructure for tracking effectively-constant/
688 effectively-final fields</li>
689 <li>Added more cweids</li>
690 <li>Enhanced taint tracking for taint-based detectors</li>
691 <li>Ignore doomed calls to equals if result is used as an
692 argument to assertFalse</li>
693 <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li>
694 <li>Priority tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG
695 (only low priority if multiplying by 1000)</li>
696 <li>Improved tracking of fields across method calls</li>
697 </ul>
698 </li>
699 <li>Fixes:
700 <ul>
701 <li>[ 1941450 ] DLS_DEAD_LOCAL_STORE not reported</li>
702 <li>[ 1953323 ] Omitted break statement in
703 SynchronizeAndNullCheckField</li>
704 <li>[ 1942620 ] Source Directories selection dialog
705 interface confusion (partial)</li>
706 <li>[ 1948275 ] Unhelpful "Load of known null"</li>
707 <li>[ 1933922 ] MWM error in findbugs</li>
708 <li>[ 1934772 ] 1.3.3 appears to rely on JDK 1.6, JNLP
709 still specifies 1.5</li>
710 <li>[ 1933945 ] -loadbugs doesn't work</li>
711 <li>Fixed problems for class names starting with '$'</li>
712 <li>Fixed bugs and incomplete handling of annotations in
713 VersionInsensitiveBugComparator</li>
714 </ul>
715 </li>
716 <li>Patches:
717 <ul>
718 <li>[ 1955106 ] Javadoc fixes</li>
719 <li>[ 1951930 ] Superfluous import statements (thanks to
720 Jerry James)</li>
721 <li>[ 1951907 ] Missing @Deprecated annotations (thanks to
722 Jerry James)</li>
723 <li>[ 1951876 ] Infonode Docking Windows compile fix
724 (thanks to Jerry James)</li>
725 <li>[ 1936055 ] bugfix for findbugs.de.comment not working
726 (thanks to Peter Fokkinga)
727 </ul>
728 </li>
729 </ul>
730 <li>FindBugs BlueJ plugin
731 <ul>
732 <li>Updated to use FindBugs 1.3.4 (first new release since
733 1.1.3)</li>
734 </ul>
735 </li>
736 </ul>
737
738 <p>Changes since version 1.3.2</p>
739
740 <ul>
741 <li>FindBugs base
742 <ul>
743 <li>New Detectors:
744 <ul>
745 <li>FieldItemSummary: Produces summary information for
746 what is stored into fields</li>
747 <li>SynchronizeOnClassLiteralNotGetClass: Look for code
748 that synchronizes on the results of getClass rather than on
749 class literals</li>
750 <li>SynchronizingOnContentsOfFieldToProtectField: This
751 detector looks for code that seems to be synchronizing on a
752 field in order to guard updates of that field</li>
753 </ul>
754 </li>
755 <li>New BugCode:
756 <ul>
757 <li>HRS: HTTP Response splitting vulnerability</li>
758 <li>WL: Possible locking on wrong object</li>
759 </ul>
760 </li>
761 <li>New Reports:
762 <ul>
763 <li>DMI_CONSTANT_DB_PASSWORD: This code creates a database
764 connect using a hard coded, constant password</li>
765 <li>HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed
766 from untrusted input</li>
767 <li>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter
768 directly written to HTTP header output</li>
769 <li>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines
770 clone() but doesn't implement Cloneable</li>
771 <li>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization
772 on boxed primitive could lead to deadlock</li>
773 <li>DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on
774 Boolean could lead to deadlock</li>
775 <li>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD:
776 Synchronization on field in futile attempt to guard that field
777 </li>
778 <li>DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in
779 return statement</li>
780 <li>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL:
781 Synchronization on getClass rather than class literal</li>
782 </ul>
783 </li>
784 <li>Other:
785 <ul>
786 <li>Many enhancements to cross-site scripting detector and
787 its documentation</li>
788 <li>Enhanced switch fall through handling</li>
789 <li>Enhanced unread field handling (look for IF_ACMPEQ and
790 IF_ACMPNE)</li>
791 <li>Clarified documentation for @Nullable in manual</li>
792 <li>Fewer DeadLocalStore false positives</li>
793 <li>Fewer UnreadField false positives</li>
794 <li>Fewer StaticCalendarDetector false positives</li>
795 <li>Performance fix for slow file system IO e.g. Clearcase
796 repositories (thanks, Andrei!)</li>
797 <li>Other, general performance enhancements (thanks,
798 Andrei!)</li>
799 <li>Enhancements for using FindBugs scripts with MKS on
800 Windows (thanks, Kelly O'Hair!)</li>
801 <li>Noted in the manual that jsr305.jar must be present
802 for annotations to compile</li>
803 <li>Added and fine-tuned default-nullness annotations</li>
804 <li>More CWE IDs added</li>
805 <li>Check and warning for unexpected BCEL version in
806 classpath</li>
807 </ul>
808 </li>
809 <li>Fixes:
810 <ul>
811 <li>Bug fix to handling of local variable tables in BCEL</li>
812 <li>Refined documentation for
813 MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li>
814 <li>[ 1927295 ] NPE when called on project root</li>
815 <li>[ 1926405 ] Incorrect dead store warning</li>
816 <li>[ 1926409 ] Incorrect redundant nullcheck warning</li>
817 <li>[ 1926389 ] Wrong line number printed/highlighted in
818 bug</li>
819 <li>[ 1927040 ] typo in bug description</li>
820 <li>[ 1926263 ] Minor glitch in HTML output</li>
821 <li>[ 1926240 ] Minor error in standard options in manual</li>
822 <li>[ 1926236 ] Minor bug in installation section of
823 manual</li>
824 <li>[ 1925539 ] ZIP is default file system code base</li>
825 <li>[ 1894701 ] Livelock / memory leak in
826 ObjectTypeFactory (thanks, Andrei!)</li>
827 <li>[ 1867491 ] Doesn't reload annotations after code
828 changes in IDE (thanks, Andrei!)</li>
829 <li>[ 1921399 ] -project option not supported</li>
830 <li>[ 1913834 ] "Dead" store to variable with method call</li>
831 <li>[ 1917352 ] H B se:...field in serializable class</li>
832 <li>[ 1911617 ] CloneIdiom relies on
833 getNameConstantOperand for INSTANCEOF</li>
834 <li>[ 1911620 ] False +: DLS predecrement before return</li>
835 <li>[ 1871376 ] False negative: non-serializable Map field</li>
836 <li>[ 1871051 ] non standard clone() method</li>
837 <li>[ 1908854 ] Error in TestASM</li>
838 <li>[ 1907539 ] 22 minor errors in bug checker
839 documentation</li>
840 <li>[ 1897323 ] EJB implementation class false positives</li>
841 <li>[ 1899648 ] Crash on startup on Vista with Java
842 1.6.0_04</li>
843 </ul>
844 </li>
845 </ul>
846 </li>
847 <li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
848 <ul>
849 <li>new feature: export basic FindBugs numbers for projects
850 via File-&gt;Export-&gt;Java-&gt;BugCounts (Andrey Loskutov)</li>
851 <li>new feature: jobs for different projects will be run in
852 parallel per default if running on a multi-core PC
853 ("fb.allowParallelBuild" system property not used anymore)
854 (Andrey Loskutov)</li>
855 <li>fixed performance slowdown in the multi-threaded build,
856 caused by workspace operation locks during assigning marker
857 attributes (Andrey Loskutov)</li>
858 </ul>
859 </li>
860 </ul>
861
862 <p>Changes since version 1.3.1</p>
863
864 <ul>
865 <li>FindBugs base
866 <ul>
867 <li>New Bug Category:
868 <ul>
869 <li>SECURITY (Abbrev: S), A use of untrusted input in a
870 way that could create a remotely exploitable security
871 vulnerability</li>
872 </ul>
873 </li>
874 <li>New Detectors:
875 <ul>
876 <li>CrossSiteScripting: This detector looks for
877 obvious/blatant cases of cross site scripting vulnerabilities</li>
878 </ul>
879 </li>
880 <li>New BugCode:
881 <ul>
882 <li>XSS: Cross site scripting</li>
883 </ul>
884 </li>
885 <li>New Reports:
886 <ul>
887 <li>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP
888 parameter directly written to Servlet output, giving XSS
889 vulnerability</li>
890 <li>XSS_REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter
891 directly written to JSP output, giving XSS vulnerability</li>
892 <li>EQ_OTHER_USE_OBJECT: equals() method defined that
893 doesn't override Object.equals(Object)</li>
894 <li>EQ_OTHER_NO_OBJECT: equals() method inherits rather
895 than overrides equals(Object)</li>
896 <li>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible
897 null pointer dereference on path that might be infeasible</li>
898 </ul>
899 </li>
900 <li>Other:
901 <ul>
902 <li>Added -noClassOk command-line parameter to
903 command-line and ant interfaces; when -noClassOk is specified
904 and no classfiles are given, FindBugs will print a warning
905 message and output a well- formed file with no warnings</li>
906 <li>Fewer false positives for null pointer bugs</li>
907 <li>Suppress dead-local-store false positives in .jsp code</li>
908 <li>Type fixes in warning messages</li>
909 <li>Better warning message for NP_NULL_ON_SOME_PATH</li>
910 <li>"WMI" bug code description renamed from "Wrong Map
911 Iterator" to "Inefficient Map Iterator"</li>
912 </ul>
913 </li>
914 <li>Fixes:
915 <ul>
916 <li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li>
917 <li>[ 1878528 ] XSL xforms don't support history features</li>
918 <li>[ 1876584 ] two default.xsl flaws</li>
919 <li>[ 1874856 ] Format string bug detector doesn't handle
920 special operators</li>
921 <li>[ 1872645 ] computeBugHistory -
922 java.lang.IllegalArgumentException</li>
923 <li>[ 1872237 ] Ant task fails when no .class files</li>
924 <li>[ 1868670 ] Filters: include AND exclude don't allowed</li>
925 <li>[ 1868666 ] check-for-oddness reported, but array
926 length can never be negative</li>
927 <li>[ 1866108 ] SetBugDatabaseInfoTask strips dir from
928 output filename</li>
929 <li>[ 1866021 ] MineBugHistoryTask strips dir of output
930 filename</li>
931 <li>[ 1865265 ] code doesn't handle
932 StringBuffer.append([CII) right</li>
933 <li>[ 1864793 ] Warning when casting a null reference
934 compared to a String</li>
935 <li>[ 1863376 ] Typo in manual chap 8: Filter Files</li>
936 <li>[ 1862705 ] Transient fields that default to null</li>
937 <li>[ 1842545 ] DLS on catch variable (with priority
938 tweaking)</li>
939 <li>[ 1816258 ] false positive BC_IMPOSSIBLE_CAST</li>
940 <li>[ 1551732 ] Get erroneous DLS with while loop</li>
941 </ul>
942 </li>
943 </ul>
944 </li>
945 <li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
946 <ul>
947 <li>new feature: added Bug explorer view (replacing Bug tree
948 view), based on Common Navigator framework (Andrey Loskutov)</li>
949 <li>bug 1873860 fixed: empty projects are no longer shown in
950 Bug tree view (Andrey Loskutov)</li>
951 <li>new feature: bug counts decorators for projects, folders
952 and files (has to be activated via Preferences -&gt; general
953 -&gt; appearance -&gt; label decorations)(Andrey Loskutov)</li>
954 <li>patch 1746499: better icons (Alessandro Nistico)</li>
955 <li>patch 1893685: Find bug actions on change sets bug
956 (Alessandro Nistico)</li>
957 <li>fixed bug 1855384: Bug configuration is broken in
958 Eclipse (Andrey Loskutov)</li>
959 <li>refactored FindBugs properties page (Andrey Loskutov)</li>
960 <li>refactored FindBugs worker/builder/run action (Andrey
961 Loskutov)</li>
962 <li>FB detects now only bugs from classes on project's
963 classpath (no double work on duplicated class files) (Andrey
964 Loskutov)</li>
965 <li>fixed bug introduced by the bad patch for 1867951: FB
966 cannot be executed incrementally on a folder of file (Andrey
967 Loskutov)</li>
968 <li>fixed job rule: now jobs for different projects may run
969 in parallel if running on a multi-core PC and
970 "fb.allowParallelBuild" system property is set to true (Andrey
971 Loskutov)</li>
972 <li>fixed FB auto-build not started if .fbprefs or
973 .classpath was changed (Andrey Loskutov)</li>
974 <li>fixed not reporting bugs on secondary types (classes
975 defined in java files with different name) (Andrey Loskutov)</li>
976 </ul>
977 </li>
978 </ul>
979
980 <p>Changes since version 1.3.0</p>
981 <ul>
982 <li>New Reports
983 <ul>
984 <li>VA_FORMAT_STRING_ARG_MISMATCH: A format-string method
985 with a variable number of arguments is called, but the number of
986 arguments passed does not match with the number of %
987 placeholders in the format string. This is probably not what the
988 author intended.
989 <li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: This code opens a
990 file in append mode and that wraps the result in an object
991 output stream. This won't allow you to append to an existing
992 object output stream stored in a file. If you want to be able to
993 append to an object output stream, you need to keep the object
994 output stream open. The only situation in which opening a file
995 in append mode and the writing an object output stream could
996 work is if on reading the file you plan to open it in random
997 access mode and seek to the byte offset where the append
998 started.
999 <li>NP_BOOLEAN_RETURN_NULL: A method that returns either
1000 Boolean.TRUE, Boolean.FALSE or null is an accident waiting to
1001 happen. This method can be invoked as though it returned a value
1002 of type boolean, and the compiler will insert automatic unboxing
1003 of the Boolean value. If a null value is returned, this will
1004 result in a NullPointerException.
1005 </ul>
1006 </li>
1007 <li>Changes to Existing Reports
1008 <ul>
1009 <li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -&gt;
1010 STYLE</li>
1011 <li>DMI_INVOKING_TOSTRING_ON_ARRAY: Long description
1012 mentions array name whenever possible</li>
1013 </ul>
1014 </li>
1015 <li>Fixes:
1016 <ul>
1017 <li>Updated manual to mention that Java 1.5 is now a
1018 requirement for running FindBugs
1019 <li>Applied patch 1840206 fixing issue "Ant task does not
1020 work when presetdef is used" - thanks to phejl
1021 <li>Applied patch 1778690 fixing issue "Ant task: tolerate
1022 but complain about invalid auxClasspath" - thanks to David
1023 Schmidt
1024 <li>Applied patch 1852125 adding a Chinese-language GUI
1025 bundle props file - thanks to fifi
1026 <li>Applied patch 1845903 adding ability to load XML results
1027 with the Eclipse plugin - thanks to Alex Mont
1028 <li>Fixed issue 1844671 - "FP for "reversed" null check in
1029 catch for stream close"
1030 <li>Fixed issue 1836050 - "-onlyAnalyze broken"
1031 <li>Fixed issue 1853011 - "Typo: Field names should start
1032 with aN lower case letter"
1033 <li>Fixed issue 1844181 - "JNLP file does not contain all
1034 necessary JARs"
1035 <li>Fixed issue 1840245 - "xxxException class does not
1036 derive from Exception"
1037 <li>Fixed issue 1840277 - "[M D EC] Typo in bug
1038 documentation"
1039 <li>Fixed issue 1782447 - "OutOfMemoryError if i activate
1040 Findbugs on my project"
1041 <li>Fixed issue 1830576 - "[regression] keySet/entrySet
1042 false positive"
1043 </ul>
1044 </li>
1045 <li>Other:
1046 <ul>
1047 <li>New bug code: "IO" (for
1048 IO_APPENDING_TO_OBJECT_OUTPUT_STREAM)</li>
1049 <li>Added "-onlyMostRecent" option for computeBugHistory
1050 script/ant task
1051 <li>More explicit language in
1052 RV_RETURN_VALUE_IGNORED_BAD_PRACTICE messages
1053 <li>Modified ResourceValueAnalysis to correctly identify
1054 null == X or null != X as a null check (for issue 1844671)
1055 <li>Modified DMI_HARDCODED_ABSOLUTE_FILENAME logic in
1056 DumbMethodInvocations to ignore files from /etc or /dev and
1057 increase priority of files from /home
1058 <li>Better bug details for infinite loop warnings
1059 <li>Modified unread-fields detector to reduce false
1060 positives from reflective fields
1061 <li>build.xml "classes" target now builds all sources in one
1062 step
1063 </ul>
1064 </li>
1065 </ul>
1066
1067 <p>Changes since version 1.2.1</p>
1068 <ul>
1069 <li>New Detectors and Reports
1070 <ul>
1071 <li>SynchronizationOnSharedBuiltinConstant
1072 <ul>
1073 <li>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT: The code
1074 synchronizes on a shared primitive constant, such as an
1075 interned String. Such constants are interned and shared across
1076 all other classes loaded by the JVM. Thus, this could be
1077 locking on something that other code might also be locking.
1078 This could result in very strange and hard to diagnose
1079 blocking and deadlock behavior. See <a
1080 href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a>
1081 and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>.
1082
1083 </ul>
1084 </li>
1085 <li>OverridingEqualsNotSymmetrical
1086 <ul>
1087 <li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals
1088 methods that override equals methods in a superclass where the
1089 equivalence relationship might not be symmetrical.
1090 </ul>
1091 </li>
1092 <li>CheckTypeQualifiers
1093 <ul>
1094 <li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value
1095 specified as carrying a type qualifier annotation is consumed
1096 in a location or locations requiring that the value not carry
1097 that annotation. More precisely, a value annotated with a type
1098 qualifier specifying when=ALWAYS is guaranteed to reach a use
1099 or uses where the same type qualifier specifies when=NEVER.</li>
1100 <li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value
1101 specified as not carrying a type qualifier annotation is
1102 guaranteed to be consumed in a location or locations requiring
1103 that the value does carry that annotation. More precisely, a
1104 value annotated with a type qualifier specifying when=NEVER is
1105 guaranteed to reach a use or uses where the same type
1106 qualifier specifies when=ALWAYS.</li>
1107 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value
1108 that might not carry a type qualifier annotation reaches a use
1109 which requires that annotation.</li>
1110 <li>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value
1111 which might carry a type qualifier annotation reaches a use
1112 which forbids values carrying that annotation.</li>
1113 </ul>
1114 </li>
1115 </ul>
1116 </li>
1117 <li>New Reports (existing detectors)
1118 <ul>
1119 <li>FindHEmismatch
1120 <ul>
1121 <li>EQ_DOESNT_OVERRIDE_EQUALS: This class extends a class
1122 that defines an equals method and adds fields, but doesn't
1123 define an equals method itself. Thus, equality on instances of
1124 this class will ignore the identity of the subclass and the
1125 added fields. Be sure this is what is intended, and that you
1126 don't need to override the equals method. Even if you don't
1127 need to override the equals method, consider overriding it
1128 anyway to document the fact that the equals method for the
1129 subclass just return the result of invoking super.equals(o).</li>
1130 </ul>
1131 </li>
1132 <li>Naming
1133 <ul>
1134 <li>NM_WRONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The
1135 method in the subclass doesn't override a similar method in a
1136 superclass because the type of a parameter doesn't exactly
1137 match the type of the corresponding parameter in the
1138 superclass.</li>
1139 <li>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS: This class has a
1140 simple name that is identical to that of its superclass,
1141 except that its superclass is in a different package (e.g., <code>alpha.Foo</code>
1142 extends <code>beta.Foo</code>). This can be exceptionally
1143 confusing, create lots of situations in which you have to look
1144 at import statements to resolve references and creates many
1145 opportunities to accidently define methods that do not
1146 override methods in their superclasses.
1147 </li>
1148 <li>NM_SAME_SIMPLE_NAME_AS_INTERFACE: This class/interface
1149 has a simple name that is identical to that of an
1150 implemented/extended interface, except that the interface is
1151 in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).
1152 This can be exceptionally confusing, create lots of situations
1153 in which you have to look at import statements to resolve
1154 references and creates many opportunities to accidently define
1155 methods that do not override methods in their superclasses.
1156 </li>
1157 </ul>
1158 <li>FindRefComparison
1159 <ul>
1160 <li>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY: This method
1161 uses using pointer equality to compare two references that
1162 seem to be of different types. The result of this comparison
1163 will always be false at runtime.</li>
1164 </ul>
1165 </li>
1166 <li>IncompatMask
1167 <ul>
1168 <li>BIT_SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This
1169 method compares an expression such as <tt>((event.detail
1170 &amp; SWT.SELECTED) &gt; 0)</tt>. Using bit arithmetic and then
1171 comparing with the greater than operator can lead to
1172 unexpected results (of course depending on the value of
1173 SWT.SELECTED). If SWT.SELECTED is a negative number, this is a
1174 candidate for a bug. Even when SWT.SELECTED is not negative,
1175 it seems good practice to use '!= 0' instead of '&gt; 0'.
1176 </li>
1177 </ul>
1178 </li>
1179 <li>LazyInit
1180 <ul>
1181 <li>LI_LAZY_INIT_UPDATE_STATIC: This method contains an
1182 unsynchronized lazy initialization of a static field. After
1183 the field is set, the object stored into that location is
1184 further accessed. The setting of the field is visible to other
1185 threads as soon as it is set. If the further accesses in the
1186 method that set the field serve to initialize the object, then
1187 you have a <em>very serious</em> multithreading bug, unless
1188 something else prevents any other thread from accessing the
1189 stored object until it is fully initialized.
1190 </li>
1191 </ul>
1192 </li>
1193 <li>FindDeadLocalStores
1194 <ul>
1195 <li>DLS_DEAD_STORE_OF_CLASS_LITERAL: This instruction
1196 assigns a class literal to a variable and then never uses it.
1197 <a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The
1198 behavior of this differs in Java 1.4 and in Java 5.</a> In Java
1199 1.4 and earlier, a reference to <code>Foo.class</code> would
1200 force the static initializer for <code>Foo</code> to be
1201 executed, if it has not been executed already. In Java 5 and
1202 later, it does not. See Sun's <a
1203 href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article
1204 on Java SE compatibility</a> for more details and examples, and
1205 suggestions on how to force class initialization in Java 5.
1206 </li>
1207 </ul>
1208 </li>
1209 <li>MethodReturnCheck
1210 <ul>
1211 <li>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: This method
1212 returns a value that is not checked. The return value should
1213 be checked since it can indication an unusual or unexpected
1214 function execution. For example, the <code>File.delete()</code>
1215 method returns false if the file could not be successfully
1216 deleted (rather than throwing an Exception). If you don't
1217 check the result, you won't notice if the method invocation
1218 signals unexpected behavior by returning an atypical return
1219 value.
1220 </li>
1221 <li>RV_EXCEPTION_NOT_THROWN: This code creates an
1222 exception (or error) object, but doesn't do anything with it.
1223 </li>
1224 </ul>
1225 </li>
1226 </ul>
1227 </li>
1228 <li>Changes to Existing Reports
1229 <ul>
1230 <li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -&gt; STYLE</li>
1231 <li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CORRECTNESS -&gt; STYLE</li>
1232 <li>RC_REF_COMPARISON: CORRECTNESS -&gt; BAD_PRACTICE</li>
1233 </ul>
1234 </li>
1235 <li>GUI Changes
1236 <ul>
1237 <li>Added importing and exporting of bug filters</li>
1238 <li>Better handling of failed analysis runs</li>
1239 <li>Added "-look" parameter for selecting look-and-feel</li>
1240 <li>Fixed incorrect package filtering</li>
1241 <li>Fixed issue where "synchronized" was not
1242 syntax-highlighted</li>
1243 </ul>
1244 </li>
1245 <li>Ant-task Changes
1246 <ul>
1247 <li>Refactored common ant-task code to AbstractFindBugsTask</li>
1248 <li>Added tasks for computeBugHistory, convertXmlToText,
1249 filterBugs, mineBugHistory, setBugDatabaseInfo</li>
1250 </ul>
1251 </li>
1252 <li>Manual
1253 <ul>
1254 <li>Updates to GUI section, including new screenshots</li>
1255 <li>Added description of rejarForAnalysis</li>
1256 <li>Revamp of data-mining section</li>
1257 </ul>
1258 </li>
1259 <li>Other Major
1260 <ul>
1261 <li>Internal restructuring for lower memory overhead</li>
1262 </ul>
1263 </li>
1264 <li>Other Minor
1265 <ul>
1266 <li>Fixed typo: was STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE
1267 now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li>
1268 <li>-outputFile parameter became -output</li>
1269 <li>More sensitivity and specificity inLazyInit detector</li>
1270 <li>More sensitivity and specificity in Naming detector</li>
1271 <li>More sensitivity and specificity in UnreadFields
1272 detector</li>
1273 <li>More sensitivity in FindNullDeref detector</li>
1274 <li>More sensitivity in FindBadCast2 detector</li>
1275 <li>More specificity in FindReturnRef detector</li>
1276 <li>Many other tweaks and bug fixes</li>
1277 </ul>
1278 </li>
1279 </ul>
1280
1281 <p>Changes since version 1.2.0</p>
1282 <ul>
1283 <li>Bug fixes:
1284 <ul>
1285 <li><a
1286 href="http://fisheye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a>
1287 <a
1288 href="http://sourceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a>
1289 with detectors that were requested to be disabled but were
1290 enabled due to requirements of other detectors.</li>
1291 <li>Fix bugs in incremental analysis within Eclipse plugin</li>
1292 <li>Fix some analysis errors</li>
1293 <li>Fix some threading bugs in GUI2</li>
1294 <li>Report version as version when it was compiled, not when
1295 it was run</li>
1296 <li>Copy analysis time stamp when filtering or transforming
1297 analysis files.</li>
1298 </ul>
1299 <li>Enabled StaticCalendarDetector</li>
1300 <li>Reworked GUI2 to use standard FindBugs filters
1301 <ul>
1302 <li>Allow a suppression filter to be stored in a project and
1303 persisted to the XML representation of a project.</li>
1304 </ul>
1305 </li>
1306
1307 <li>Move away from old GUI2 save format (a directory
1308 containing an xml file and another file containing serialized
1309 filters).</li>
1310 <li>Support/recommend use of two new file extensions/formats:
1311 <dl>
1312 <dt>.fba - FindBugs Analysis File</dt>
1313 <dd>Exactly the same as an existing bug collection file
1314 stored in XML format, but using a distinct file extension to
1315 make it easier to figure out which xml files contain FindBugs
1316 results.</dd>
1317 <dt>.fbp - FindBugs Project File</dt>
1318 <dd>Contains just the information needed to run FindBugs and
1319 display the results (e.g., the files to be analyzed, the
1320 auxiliary class path and the location of source files)
1321 </dl>
1322 </li>
1323 </ul>
1324 <p>Changes since version 1.1.3</p>
1325 <ul>
1326 <li>Added -xml:withAbridgedMessages option to generate xml
1327 containing shorter messages. The messages will be shorted by doing
1328 things like eliding package names, and leaving off the source line
1329 from the LongMessage. These messages are appropriate if being used
1330 in a context where the non-message components of the bug
1331 annotations will be used to provide more information (e.g.,
1332 clicking on the message for a MethodAnnotation will display the
1333 source for the method).
1334 <ul>
1335 <li>FindBugsDisplayFeatures.setAbridgedMessages(true) can be
1336 used to generate abridged messages when FindBugs is being
1337 accessed directly (not via generated XML) from a GUI or IDE.</li>
1338 </ul>
1339 <li>In null pointer analysis, try to be better about always
1340 showing two locations: where it is known null and where it is
1341 dereferenced.
1342 <li>Interprocedural analysis of which methods return nonnull
1343 values
1344 <li>Use method calls to select order in which classes are
1345 analyzed, and order in which methods are analyzed, to improve
1346 interprocedural analysis results.
1347 <li>Significant improvements in memory footprint, memory
1348 allocation and CPU utilization (20-30% reduction in all three)
1349 <li>Added a project name, to provide better descriptions in
1350 the HTML output.
1351 <li>Added new bug pattern: Casting to char, or bit masking
1352 with nonnegative value, and then checking to see if the result is
1353 negative.
1354 <li>Stopped reporting transient fields of classes not marked
1355 as serializable. Transient is used by other persistence
1356 frameworks.
1357 <li>Improvements to detector for SQL injection (Thanks to <a
1358 href="http://www.clock.org/~matt">Matt Hargett</a> for his
1359 contributions
1360 <li>Changed open/save options in GUI2 to not distinguish
1361 between FindBugs projects and saved FindBugs analysis results.
1362 <li>Improvements to detection of serious non-short-circuit
1363 evaluation.
1364 <li>Updated Japanese localization (thanks to Ruimo Uno)
1365 <li>Eclipse plugin changes:
1366 <ul>
1367 <li>Created Bug User Annotations and Bug Tree Views
1368 <li>Use different icons for different bug priorities
1369 <li>Provide more information in Bug Details view
1370 </ul>
1371 </ul>
1372
1373 <p>Changes since version 1.1.2:</p>
1374 <ul>
1375 <li>Fixed broken Ant task
1376 <li>Added running ant task to smoke test
1377 <li>Added validating xml and html output to smoke test
1378 <li>Fixed some (but not all) issues with html output
1379 validation
1380 <li>Added check for x.equals(x) and x.compareTo(x)
1381 <li>Various bug fixes
1382 </ul>
1383 <p>Changes since version 1.1.1:</p>
1384 <ul>
1385 <li>Added check for infinite iterative loops</li>
1386 <li>Added check for use of incompatible types in a collection
1387 (e.g., checking to see if a Set&lt;String&gt; contains a
1388 StringBuffer).</li>
1389 <li>Added check for invocations of equals or hashCode on a
1390 URL, which, <a
1391 href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising
1392 many people</a>, requires DNS resolution.
1393 </li>
1394 <li>Added check for classes that define compareTo but not
1395 equals; such classes can exhibit some anomalous behavior (e.g.,
1396 they are treated differently by PriorityQueues in Java 5 and Java
1397 6).</li>
1398 <li>Added a check for useless self operations (e.g., x &lt; x
1399 or x ^ x).</li>
1400 <li>Fixed a data race that could cause the GUI to fail on
1401 startup</li>
1402 <li>Partial internationalization of the new GUI</li>
1403 <li>Fix bug in "Redo analysis" option of new GUI</li>
1404 <li>Tuning to reduce false positives</li>
1405 <li>Fixed a bug in null pointer analysis that was generating
1406 false positive null pointer warnings on exception paths. Fixing
1407 this bug eliminates about 1/4 of the warnings on null pointer
1408 exceptions on exception paths.</li>
1409 <li>Fixed a bug in the processing of phi nodes for fields in
1410 the null pointer analysis</li>
1411 <li>Applied contributed patch that provides more quick fixes
1412 in Eclipse plugin.</li>
1413 <li>Fixed a number of bugs in the Eclipse auto update sites,
1414 and in the way date qualifiers were being used in the Eclipse
1415 plugin. You may need to manually disable your existing version of
1416 the plugin and download the 1.1.2 from the update site to get the
1417 automatic update function working correctly. The Eclipse update
1418 sites are described at <a
1419 href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>.
1420
1421 </li>
1422 <li>Fixed progress bar in Eclipse plugin</li>
1423 <li>A number of other bug fixes.</li>
1424 </ul>
1425
1426 <p>Changes since version 1.1.0:</p>
1427 <ul>
1428 <li>less scanning of classes not on the analysis path (This
1429 was causing some performance problems.)</li>
1430 <li>no unread field warnings for fields annotated with
1431 javax.persistent or javax.ejb3</li>
1432 <li>Eclipse plugin
1433 <ul>
1434 <li>bug annotation info displayed in Bug Details tab</li>
1435 <li>.fbwarnings data file now stored in .metadata (not in
1436 the project itself)</li>
1437 </ul>
1438 </li>
1439 <li>new SE_BAD_FIELD_INNER_CLASS pattern</li>
1440 <li>updates to Japanese translation (ruimo)</li>
1441 <li>fix some internal slashed/dotted path confusion</li>
1442 <li>other minor improvements</li>
1443 </ul>
1444
1445 <p>Changes since version 1.0.0:</p>
1446
1447 <ul>
1448 <li>Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0
1449 has been a big change. We've done a lot of work in a lot of areas,
1450 and aren't even going to try to enumerate all the changes.</li>
1451 <li>We spent a lot of time reviewing the results generated by
1452 FindBugs for open source and commercial code bases, and made a
1453 number of changes, small and large, to minimize the number of
1454 false positives. Our primary focus for this was warnings reported
1455 as high and medium priority correctness warnings. Our internal
1456 evaluation is that we produce very few high/medium priority
1457 correctness warnings where the analysis is actually wrong, and
1458 that more than 75% of the high/medium priority correctness
1459 warnings correspond to real coding defects that need addressing in
1460 the source code. The remaining 25% are largely cases such as a
1461 branch or statement that if taken would lead to an error, but in
1462 fact is a dead branch or statement that can never be taken. Such
1463 coding is confusing and hard to maintain, so it should arguably be
1464 fixed, but it is unlikely to actually result in an error during
1465 execution. Thus, some might classify those warnings as false
1466 positives.</li>
1467 <li>We've substantially improved the analysis for errors that
1468 could result in null pointer dereferences. Overall, our experience
1469 has been that these changes have roughly doubled the number of
1470 null pointer errors we detect, without increasing the number of
1471 false positives (in fact, our false positive rate has gone down).
1472 The improvements are due to four factors:
1473 <ul>
1474 <li>By default, we now do some interprocedural analysis to
1475 determine methods that unconditionally dereference their
1476 parameters.</li>
1477 <li>FindBugs also comes with a model of which JDK methods
1478 unconditionally dereference their parameters.</li>
1479 <li>We do limited tracking of fields, so that we can detect
1480 null values stored in fields that lead to exceptions.</li>
1481 <li>We implemented a new analysis technique to find
1482 guaranteed dereferences. Consider the following example: <pre>public int f(Object x, boolean b) {
1483 int result = 0;
1484 if (x == null) result++;
1485 else result--;
1486 // at this point, we know x is null on a simple path
1487 if (b) {
1488 // at this point, x is only null on a complex path
1489 // we don't know if the path in which x is null and b is true is feasible
1490 return result + x.hashCode();
1491 }
1492 else {
1493 // at this point, x is only null on a complex path
1494 // we don't know if the path in which x is null and b is false is feasible
1495 return result - x.hashCode();
1496 }
1497 </pre>
1498
1499 <p>
1500 FindBugs 1.0 used forward dataflow analysis to determine
1501 whether each value is definitely null, null on a simple path,
1502 possible null on a complex path, or definitely nonnull. Thus,
1503 at the statement where
1504 <code> result </code>
1505 is decremented, we know that
1506 <code> x </code>
1507 is definitely null, and at the point before
1508 <code> if (b) </code>
1509 , we know that
1510 <code> x </code>
1511 is null on a simple path. If
1512 <code> x </code>
1513 were to be dereferenced here, we would generate a warning,
1514 because if the else branch of the
1515 <code> if (x == null) </code>
1516 were ever taken, a null pointer exception would result.
1517 </p>
1518
1519 <p>
1520 However, in both the then and else branches of the
1521 <code> if (b) </code>
1522 statement,
1523 <code> x </code>
1524 is only null on a complex path that may be infeasible. It might
1525 be that the program logic is such that if
1526 <code> x </code>
1527 is null, then
1528 <code> b </code>
1529 is never true, so generating a warning about the dereference in
1530 the then clause might be a false positive. We could try to
1531 analyze the program to determine whether it is possible for
1532 <code> x </code>
1533 to be null and
1534 <code> b </code>
1535 to be true, but that can be a hard analysis problem.
1536 </p>
1537
1538 <p>
1539 However,
1540 <code> x </code>
1541 is dereferenced in both the then <em>and</em> else branches of
1542 the
1543 <code> if (b) </code>
1544 statement. So at the point immediately before
1545 <code> if (b) </code>
1546 , we know that
1547 <code> x </code>
1548 is null on a simple path <em>and</em> that
1549 <code> x </code>
1550 is guaranteed to be dereferenced on all paths from this point
1551 forward. FindBugs 1.1 performs a backwards data flow analysis
1552 to determine the values that are guaranteed to be dereferenced,
1553 and will generate a warning in this case.
1554 </p>
1555 </li>
1556 </ul>
1557 <p>
1558 The following screen shot of our new GUI shows an example of this
1559 analysis, as well as showing off our new GUI and points out a
1560 limitation of our current plugins for Eclipse and NetBeans. The
1561 screen shot shows a null pointer bug in HelpDisplay.java. The
1562 test for
1563 <code> href!=null </code>
1564 on line 78 suggests that
1565 <code> href </code>
1566 could be null. If it is, then
1567 <code> href </code>
1568 will be dereferenced on either line 87 or on line 90, generating
1569 a NPE. Note that our analysis here also understands that passing
1570 <code> href </code>
1571 to
1572 <code> URLEncoder.encode </code>
1573 will deference it, and thus treats line 87 as a dereference, even
1574 though
1575 <code> href </code>
1576 is not actually dereferenced at that line. Within our new GUI,
1577 all of these locations are highlighted and listed in the summary
1578 panel. In the original GUI (and in HTML output) we list all of
1579 the locations, but only the primary location is highlighted by
1580 the original GUI. In the Eclipse and NetBeans plugins, only the
1581 primary location is displayed; fixing this is on our todo list
1582 (contributions welcome).
1583 </p>
1584 <p>
1585 <img src="guaranteedDereference.png" alt="">
1586
1587
1588 </p>
1589
1590 </li>
1591 <li>Preliminary support for detectors using the frameworks
1592 other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a>
1593 bytecode framework. You may experiment with writing ASM-based
1594 detectors, but beware the API may still change (which could
1595 possibly also affect BCEL-based detectors). In general, we've
1596 started trying to move away from a deep dependence on BCEL, but
1597 that change is only partially complete. Probably best to just
1598 avoid this until we complete more work on this. This change is
1599 only visible to FindBugs plugin developers, and shouldn't be
1600 visible to FindBugs users.
1601 </li>
1602 <li>
1603 <p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no
1604 longer hard-coded, but rather defined in xml files associated
1605 with plugins, including the core plugin which defines the
1606 standard categories. Third-party plugins can define their own
1607 categories.</p>
1608 </li>
1609 <li>
1610 <p>Several bug patterns have been moved from CORRECTNESS and
1611 STYLE into a new category, BAD_PRACTICE. The English localization
1612 of STYLE has changed from "Style" to "Dodgy."</p>
1613 <p>In general, we've worked very hard to limit CORRECTNESS
1614 bugs to be real programming errors and sins of commission. We
1615 have reclassified as BAD_PRACTICE a number of bad design
1616 practices that result in overly fragile code, such as defining an
1617 equals method that doesn't accept null or defining class with a
1618 equals method that inherits hashCode from class Object.</p>
1619 <p>In general, our guidelines for deciding whether a bug
1620 should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p>
1621 <dl>
1622 <dt>CORRECTNESS</dt>
1623 <dd>A problem that we can recognize with high confidence and
1624 is an issue that we believe almost all developers would want to
1625 examine and address. We recommend that software teams review all
1626 high and medium priority warnings in their entire code base.</dd>
1627 <dt>BAD_PRACTICE</dt>
1628 <dd>A problem that we can recognize with high confidence and
1629 represents a clear violation of recommended and standard coding
1630 practice. We believe each software team should decide which bad
1631 practices identified by FindBugs it wants to prohibit in the
1632 team's coding standard, and take action to remedy violations of
1633 those coding standards.</dd>
1634 <dt>STYLE</dt>
1635 <dd>These are places where something strange or dodgy is
1636 going on, such as a dead store to a local variable. Typically,
1637 less than half of these represent actionable programming
1638 defects. Reviewing these warnings in any code under active
1639 development is probably a good idea, but reviewing all such
1640 warnings in your entire code base might be appropriate only in
1641 some situations. Individual or team programming styles can
1642 substantially influence the effectiveness of each of these
1643 warnings (e.g., you might have a coding practice or style in
1644 your group that confuses one of the detectors into generating a
1645 lot of STYLE warnings); you will likely want to selectively
1646 suppress or report the STYLE warnings that are effective for
1647 your group.</dd>
1648 </dl>
1649 </li>
1650 <li>Released a preliminary version of a new GUI (known
1651 internally as GUI2 -- not very creative, huh?)</li>
1652 <li>Provided standard ways to mark user designations of bug
1653 warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic
1654 now records this, it is represented in the XML file, and GUI2
1655 allows the designations to be applied (along with free-form user
1656 annotations about each warning). The user designations and
1657 annotations are not yet supported by the Eclipse plugin, but we
1658 clearly want to support it in Eclipse shortly.</li>
1659 <li>Added a check for a bad comparison with a signed byte with
1660 a value not in the range -128..127. For example: <pre>boolean find200(byte b[]) {
1661 for(int i = 0; i &lt; b.length; i++) if (b[i] == 200) return i;
1662 return -1;
1663 }
1664 </pre>
1665 </li>
1666 <li>Added a checking for testing if a value is equal to
1667 Double.NaN (no value is equal to NaN, not even NaN).</li>
1668 <li>Added a check for using a class with an equals method but
1669 no hashCode method in a hashed data structure.</li>
1670 <li>Added check for uncallable method of an anonymous inner
1671 class. For example, in the following code, it is impossible to
1672 invoke the initalValue method (because the name is misspelled and
1673 as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new ThreadLocal() {
1674 protected synchronized Object initalValue() {
1675 return new Integer(nextSerialNum++);
1676 }
1677 };
1678 </pre>
1679 </li>
1680 <li>Added check for a dead local store caused by a switch
1681 statement fall through</li>
1682 <li>Added check for computing the absolute value of a random
1683 32 bit integer or of a hashcode. This is broken because <code>
1684 Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE </code> , and thus
1685 result of calling Math.abs, which is expected to be nonnegative,
1686 will in fact be negative one time out of 2 <sup> 32 </sup> , which
1687 will invariably be the time your boss is demoing the software to
1688 your customers.
1689
1690 </li>
1691 <li>More careful resolution of inherited methods and fields.
1692 Some of the shortcuts we were taking in FindBugs 1.0.0 were
1693 leading to inaccurate results, and it was fairly easy to address
1694 this by making the analysis more accurate.</li>
1695 <li>Overall, analysis times are about 1.6 times longer in
1696 FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have
1697 enabled substantial additional analysis at the default effort
1698 level (the actual analysis engine is significantly faster than in
1699 FindBugs 1.0). On a recent AMD Athlon processor, analyzing
1700 JDK1.6.0 (about 1 million lines of code) requires about 15 minutes
1701 of wall clock time.</li>
1702 <li>Provided class and script (printClass) to print classfile
1703 in the human readable format produced by BCEL</li>
1704 <li>Provided -findSource option to setBugDatabaseInfo</li>
1705 </ul>
1706
1707
1708 <p>Changes since version 0.9.7:</p>
1709
1710 <ul>
1711 <li>fix ObjectTypeFactory bug that was suppressing some bugs</li>
1712 <li>opcode stack may determine definite zeros on some paths</li>
1713 <li>opcode stack can track some constant string concatenations
1714 (dbrosius)</li>
1715 <li>default effort performs iterative opcode analysis (but min
1716 effort does not)</li>
1717 <li>default heap size upped to 384m</li>
1718 <li>schema for XML output available: bugcollection.xsd</li>
1719 <li>fixed some internal confusion between dotted and slashed
1720 class names</li>
1721 <li>New detectors
1722 <ul>
1723 <li>CheckImmutableAnnotation.java: checks JCIP annotations</li>
1724 </ul>
1725 </li>
1726 <li>Updated detectors
1727 <ul>
1728 <li>BadRegEx.java: understands Pattern.LITERAL, warns about
1729 "."</li>
1730 <li>FindUnreleasedLock.java: fewer false positives</li>
1731 <li>DumbMethods.java: check for vacuous comparisons to
1732 MAX_INTEGER or MIN_INTEGER, fix bugs detecting
1733 DM_NEXTINT_VIA_NEXTDOUBLE</li>
1734 <li>FindPuzzlers.java: detect <tt>n%2==1</tt>, detect
1735 toString() on array types
1736 </li>
1737 <li>FindInconsistentSync2.java: detects IS_FIELD_NOT_GUARDED
1738 </li>
1739 <li>MethodReturnCheck.java: add check for discarded newly
1740 constructed values, increase priority of some ignored
1741 constructed exceptions, better handling of bytecode compiled by
1742 Eclipse</li>
1743 <li>FindEmptySynchronizedBlock.java: better handling of
1744 bytecode compiled by Eclipse</li>
1745 <li>DoInsideDoPrivileged.java: warn if call to setAccessible
1746 isn't in doPriviledged, don't report private methods</li>
1747 <li>LoadOfKnownNullValue.java: fix bug that was reporting
1748 false positives on <code> finally </code> blocks
1749 </li>
1750 <li>CheckReturnAnnotationDatabase.java: better checks for
1751 unstarted threads</li>
1752 <li>ConfusionBetweenInheritedAndOuterMethod.java: fewer
1753 false positives, fixed a package-handling bug</li>
1754 <li>BadResultSetAccess.java: separate bug pattern for
1755 PreparedStatements, <code> BRZA </code> category folded into <code>
1756 SQL </code> category
1757 </li>
1758 <li>FindDeadLocalStores.java, FindBadCast2.java,
1759 DumbMethods.java, RuntimeExceptionCapture.java: coalesce similar
1760 bugs within a method into a single bug instance with multiple
1761 source lines</li>
1762 </ul>
1763 </li>
1764 <li>Eclipse plugin
1765 <ul>
1766 <li>plugin ID changed from <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt>
1767 </li>
1768 <li>support for findbugs eclipse auto-update site</li>
1769 </ul>
1770 </li>
1771 <li>Updated test case files
1772 <ul>
1773 <li>BadRegEx.java</li>
1774 <li>JSR166.java</li>
1775 <li>ConcurrentModificationBug.java</li>
1776 <li>DeadStore.java</li>
1777 <li>InstanceOf.java</li>
1778 <li>LoadKnownNull.java</li>
1779 <li>NeedsToCheckReturnValue.java</li>
1780 <li>BadResultSetAccessTest.java</li>
1781 <li>DeadStore.java</li>
1782 <li>TestNonNull2.java</li>
1783 <li>TestImmutable.java</li>
1784 <li>TestGuardedBy.java</li>
1785 <li>BadRandomInt.java</li>
1786 <li>six test cases added to new <code> TigerTraps </code>
1787 directory
1788 </li>
1789 </ul>
1790 </li>
1791 <li>fix bug that was generating duplicate uids</li>
1792 <li>fix bug with <code> -onlyAnalyze some.package.* </code> on
1793 jdk1.4
1794 </li>
1795 <li>fix regression bug in
1796 DismantleByteCode.getRefConstantOperand()</li>
1797 <li>fix some minor bugs with the Swing GUI</li>
1798 <li>reordered some bugInstances so that source line
1799 annotations come last</li>
1800 <li>removed references to unused java system properties</li>
1801 <li>French translation updates (David Cotton)</li>
1802 <li>Japanese translation updates (Hanai Shisei)</li>
1803 <li>content cleanup for findbugs.xml and messages.xml</li>
1804 <li>references to cvs hostname updated to
1805 findbugs.cvs.sourceforge.net</li>
1806 <li>documented xdoc output options, new
1807 mineBugHistory/computeBugHistory options</li>
1808 </ul>
1809
1810 <p>Changes since version 0.9.6:</p>
1811
1812 <ul>
1813 <li>performance improvements</li>
1814 <li>ObjectType instances are cached to reduce memory footprint
1815 </li>
1816 <li>for performance and memory reasons stateless detectors are
1817 no longer cloned, must clear their own state between .class files
1818 </li>
1819 <li>fixed bug in bytecode-set lookup for methods (was causing
1820 bad results for IS2, perhaps others)</li>
1821 <li>fix some OpcodeStack bugs with integer and long
1822 operations, perform iterative analysis when effort is <tt>max</tt>
1823 </li>
1824 <li>HTML output includes LongMessage text again (regression in
1825 0.95 - 0.96)</li>
1826 <li>New detectors
1827 <ul>
1828 <li>CalledMethods.java: builds a list of invoked methods for
1829 other detectors to consult (non-reporting)</li>
1830 <li>UncallableMethodOfAnonymousClass.java: detect anonymous
1831 inner classes that define methods that are probably intended to
1832 but do not override methods in a superclass.</li>
1833 </ul>
1834 </li>
1835 <li>Updated detectors
1836 <ul>
1837 <li>FindFieldSelfAssignment.java: recognize separate fields
1838 with the same name (one from superclass)</li>
1839 <li>FindLocalSelfAssignment2.java: handles backward branches
1840 better (Dave Brosius)</li>
1841 <li>FindBadCast2.java: BC_NULL_INSTANCEOF changed to
1842 NP_NULL_INSTANCEOF</li>
1843 <li>FindPuzzlers.java: eliminate false positive on setDate()
1844 (Dave Brosius)</li>
1845 </ul>
1846 </li>
1847 <li>Eclipse plugin
1848 <ul>
1849 <li>fix serious threading bug</li>
1850 <li>preferences for Filters and effort (Peter Hendriks)</li>
1851 <li>French localization (David Cotton)</li>
1852 <li>fix bug when reporting inner classes (Peter Friese)</li>
1853 </ul>
1854 </li>
1855 <li>Updated test case files
1856 <ul>
1857 <li>Mwn.java (Carl Burke/Dave Brosius)</li>
1858 <li>DumbMethodInvocations.java (Anto paul/Dave Brosius)</li>
1859 <!--sic-->
1860 </ul>
1861 </li>
1862 <li>XML output includes garbage collection duration</li>
1863 <li>French messages updated (David Cotton)</li>
1864 <li>Swing GUI shows file name after Load Bugs command</li>
1865 <li>Ant task to launch the findbugs frame (Mark McKay)</li>
1866 <li>miscellaneous code cleanup</li>
1867 </ul>
1868
1869 <p>Changes since version 0.9.5:</p>
1870
1871 <ul>
1872 <li>Updated detectors
1873 <ul>
1874 <li>FindNullDeref.java: respect NonNull and CheckForNull
1875 field annotations</li>
1876 <li>SerializableIdiom.java: detect non-private readObject
1877 and writeObject methods</li>
1878 <li>FindRefComparison.java: smarter array comparison
1879 detection</li>
1880 <li>IsNullValueAnalysis.java: detect <tt>null
1881 instanceof</tt>
1882 </li>
1883 <li>FindLocalSelfAssignment2.java: suppress some false
1884 positives (Dave Brosius)</li>
1885 <li>FindUnreleasedLock.java: don't waste time processing
1886 classes that don't refer to java.util.concurrent.locks</li>
1887 <li>MutableStaticFields.java: report the source line (Dave
1888 Brosius)</li>
1889 <li>SwitchFallthrough.java: better handling of System.exit()
1890 (Dave Brosius)</li>
1891 <li>MultithreadedInstanceAccess.java: better handling of
1892 Servlet.init() (Dave Brosius)</li>
1893 <li>ConfusionBetweenInheritedAndOuterMethod.java: now
1894 enabled</li>
1895 </ul>
1896 </li>
1897 <li>Eclipse plugin
1898 <ul>
1899 <li>background processing (Peter Friese)</li>
1900 <li>internationalization, Japanese localization (Takashi
1901 Okamoto)</li>
1902 </ul>
1903 </li>
1904 <li>findbugs <tt>-onlyAnalyze</tt> option now works on windows
1905 platforms
1906 </li>
1907 <li>mineBugHistory <tt>-noTabs</tt> option for better
1908 alignment of output columns
1909 </li>
1910 <li>filterBugs <tt>-fixed</tt> option (also: will now
1911 recognize the most recent version string)
1912 </li>
1913 <li>XML output includes running time and memory usage data</li>
1914 <li>miscellaneous minor corrections to the manual</li>
1915 <li>better bytecode analysis of the <tt>iinc</tt> instruction
1916 </li>
1917 <li>fix bug in null pointer analysis</li>
1918 <li>improved catch block heuristics</li>
1919 <li>some type analysis tweaks</li>
1920 <li>Bug priority changes
1921 <ul>
1922 <li>DumbMethodInvocations.java: decrease priority of
1923 hard-coded <tt>/tmp</tt> filenames
1924 </li>
1925 <li>ComparatorIdiom.java: decrease priority of
1926 non-serializable anonymous comparators</li>
1927 <li>FindSqlInjection.java: decrease priority of appending a
1928 constant or a static</li>
1929 </ul>
1930 </li>
1931 <li>Updated bug explanations
1932 <ul>
1933 <li>NM_VERY_CONFUSING (Dave Brosius)</li>
1934 </ul>
1935 </li>
1936 <li>Updated test case files
1937 <ul>
1938 <li>BadStoreOfNonSerializableObject.java</li>
1939 <li>BadRandomInt.java</li>
1940 <li>TestFieldAnnotations.java</li>
1941 <li>UseInitCause.java</li>
1942 <li>SqlInjection.java</li>
1943 <li>ArrayEquality.java</li>
1944 <li>BadIntegerOperations.java</li>
1945 <li>Pilhuhn.java</li>
1946 <li>InstanceOf.java</li>
1947 <li>SwitchFallthrough.java (Dave Brosius)</li>
1948 </ul>
1949 </li>
1950 <li>fix URL decoding bug when running under Java Web Start
1951 (Dave Brosius)</li>
1952 <li>distribution includes <tt>project.xml</tt> file for
1953 NetBeans
1954 </li>
1955 </ul>
1956
1957 <p>Changes since version 0.9.4:</p>
1958 <ul>
1959 <li>New detectors
1960 <ul>
1961 <li>VarArgsProblems.java</li>
1962 <li>FindSqlInjection.java: now enabled</li>
1963 <li>ComparatorIdiom.java: comparators usually implement
1964 serializable</li>
1965 <li>Naming.java: detect methods not overridden due to
1966 eponymously typed args from different packages</li>
1967 </ul>
1968 </li>
1969 <li>Updated detectors
1970 <ul>
1971 <li>SwitchFallthrough.java: surpress some false positives</li>
1972 <li>DuplicateBranches.java: surpress some false positives</li>
1973 <li>IteratorIdioms.java: surpress some false positives</li>
1974 <li>FindHEmismatch.java: surpress some false positives</li>
1975 <li>QuestionableBooleanAssignment.java: finds more cases of
1976 <tt>if (b=true)</tt> ilk
1977 </li>
1978 <li>DumbMethods.java: detect int remainder by 1, delayed gc
1979 errors</li>
1980 <li>SerializableIdiom.java: detect store of nonserializable
1981 object into field of serializable class</li>
1982 <li>FindNullDeref.java: fix potential exception</li>
1983 <li>IsNullValue.java: fix potential exception</li>
1984 <li>MultithreadedInstanceAccess.java: fix potential
1985 exception</li>
1986 <li>PreferZeroLengthArrays.java: flag the method, not the
1987 line</li>
1988 </ul>
1989 </li>
1990 <li>Remove some inadvertent dependencies on JDK 1.5</li>
1991 <li>Sort order should be more consistent</li>
1992 <li>XML output changes
1993 <ul>
1994 <li>Option to sort XML bug output</li>
1995 <li>Now contains instance IDs</li>
1996 <li>uid no longer missing (was causing problems with fancy
1997 HTML output)</li>
1998 <li>Typo fixed</li>
1999 </ul>
2000 </li>
2001 <li>Internal changes to track source files, <tt>-sourceInfo</tt>
2002 option
2003 </li>
2004 <li>Bug matching: first try exact bug pattern matching, option
2005 to compare priorities, option to disable package moves</li>
2006 <li>Architecture documentation in <tt>design/architecture</tt>
2007 </li>
2008 <li>Test cases move into their own CVS project</li>
2009 <li>Don't report warnings that occur outside the analyzed
2010 classes</li>
2011 <li>Fixes to the build.xml files</li>
2012 <li>Better handling of @CheckReturnValue and @CheckForNull
2013 annotations (also, some additional methods searched for check
2014 return value and check for null)</li>
2015 <li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave
2016 Brosius)
2017 </li>
2018 <li>Bug priority changes
2019 <ul>
2020 <li>increase priority of ignoring return value of
2021 java.sql.Connection methods</li>
2022 <li>increase priority of comparing classes like Integer
2023 using <tt>==</tt>
2024 </li>
2025 <li>decrease priority of IT_NO_SUCH_ELEMENT if we see any
2026 call to <tt>next()</tt>
2027 </li>
2028 <li>tweak priority of NM_METHOD_CONSTRUCTOR_CONFUSION</li>
2029 <li>decrease priority of RV_RETURN_VALUE_IGNORED for an
2030 inherited annotation that doesn't return same type as class</li>
2031 </ul>
2032 </li>
2033 <li>Updated bug explanations
2034 <ul>
2035 <li>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</li>
2036 <li>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</li>
2037 <li>IMA_INEFFICIENT_MEMBER_ACCESS (Dave Brosius)</li>
2038 <li>some Japanese improvements to messages_ja.xml ( <tt>ruimo</tt>)
2039 </li>
2040 <li>some German improvements to findbugs_de.properties (Dave
2041 Brosius, <tt>dvholten</tt>)
2042 </li>
2043 </ul>
2044 </li>
2045 <li>Updated test case files
2046 <ul>
2047 <li>BadIntegerOperations.java</li>
2048 <li>SecondKaboom.java</li>
2049 <li>OpenDatabase.java (Dave Brosius)</li>
2050 <li>FindOpenStream.java (Dave Brosius)</li>
2051 <li>BadRandomInt.java</li>
2052 </ul>
2053 </li>
2054 <li>Source-lines info maintained for methods (handy for
2055 abstract and native methods)</li>
2056 <li>Remove surrounding opcodes from source line annotations</li>
2057 <li>Better error when can't read file</li>
2058 <li>Swing GUI: removed console pane from FindBugsFrame, fix
2059 missing classes bug</li>
2060 <li>Fixes to OpcodeStack.java</li>
2061 <li>Detectors may attach a custom value to an OpcodeStack.Item
2062 (Dave Brosius)</li>
2063 <li>Filter.java: ability to add text messages to XML output,
2064 fix bug with <tt>-withMessages</tt>
2065 </li>
2066 <li>SourceInfoMap supports ranges of source lines</li>
2067 <li>Ant task supports the <tt>timestampNow</tt> attribute
2068 </li>
2069 </ul>
2070
2071 <p>Changes since version 0.9.3:</p>
2072 <ul>
2073 <li>Substantial rework of datamining code</li>
2074 <li>Removed bogus warnings about await on things other than
2075 Condition not being in a loop</li>
2076 <li>Fixed bug in OpcodeStack handling of dup2 of long/double
2077 values</li>
2078 <li>Don't report array types as missing classes</li>
2079 <li>Adjustment of some warnings on ignored return values</li>
2080 <li>Added thread safety annotations from Java Concurrency in
2081 Practice (no detectors written for these yet)</li>
2082 <li>Added annotation for methods that, if overridden, should
2083 be invoked by overriding methods via a call to super</li>
2084 <li>Updated -html:fancy.xsl (Etienne Giraudy)</li>
2085 </ul>
2086
2087 <p>Note: there was no version 0.9.2</p>
2088
2089 <p>Changes since version 0.9.1:</p>
2090 <ul>
2091 <!-- New detectors -->
2092 <li>Embellish USM to find abstract methods that implement an
2093 interface method (Dave Brosius)</li>
2094 <li>New detector to find stores of literal booleans inside if
2095 or while expressions (Dave Brosius)</li>
2096 <li>New style detector to find final classes that declare
2097 protected fields (Dave Brosius)</li>
2098 <li>New detector to find subclass methods that simply forward,
2099 verbatim, to the super class (Dave Brosius)</li>
2100 <li>Detector to find instances where code is attempting to
2101 write an object out via an implementation of DataOutput, but the
2102 object is not guaranteed to be Serializable (Jon Christiansen,
2103 Bill Pugh)</li>
2104
2105 <!-- Feature enhancements -->
2106 <li>Large (35%) analysis speedup (Bill Pugh)</li>
2107 <li>Add line numbers to Swing GUI code panel (Dave Brosius)</li>
2108 <li>Added effort options to Swing GUI (Dave Brosius)</li>
2109 <li>Add ability to specify bugs file to open from command line
2110 for GUI version, through -loadbugs (Phillip Martin)</li>
2111 <li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt>
2112 (Chris Nappin)
2113 </li>
2114 <li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt>
2115 (Etienne Giraudy)
2116 </li>
2117 <li>Updated Japanese bug message translations (Shisei Hanai)</li>
2118
2119 <!-- Bug fixes -->
2120 <li>XHTML compliance fixes for bug details (Etienne Giraudy)</li>
2121 <li>Various detector fixes (Shisei Hanai)</li>
2122 <li>Fixed bugs in the project preferences dialog int the
2123 Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li>
2124 <li>Lowered priority of analysis thread in Swing GUI (David
2125 Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)</li>
2126 <li>Fixed EclipsePlugin to correctly pick up auxclasspath
2127 entries (Jon Christiansen)</li>
2128 </ul>
2129
2130 <p>Changes since version 0.9.0:</p>
2131 <ul>
2132 <li>Fixed dependence on JRE 1.5: all features should work on
2133 JRE 1.4 again</li>
2134 <li>Fixed -effort command line option handling for Swing GUI</li>
2135 <li>Fixed conserveSpace and workHard attributes int Ant task</li>
2136 <li>Added support for effort attribute in Ant task</li>
2137 </ul>
2138
2139 <p>Changes since version 0.8.8:</p>
2140 <ul>
2141 <!-- New detectors and bug patterns -->
2142 <li>XMLFactoryBypass detector to find direct allocation of xml
2143 class implementations (Dave Brosius)</li>
2144 <li>InefficientMemberAccess detector to find accesses to
2145 owning class private members (Dave Brosius)</li>
2146 <li>DuplicateBranches detector checks switch statements too
2147 (Dave Brosius)</li>
2148
2149 <!-- Feature enhancements -->
2150 <li>FindBugs available from findbugs.sourceforge.net as Java
2151 Web Start application (Dave Brosius)</li>
2152 <li>Updated Japanese bug message translations (Shisei Hanai)</li>
2153 <li>Improved bug detail message for covariant equals() (Shisei
2154 Hanai)</li>
2155 <li>Modeling of instanceof checks is now enabled by default,
2156 making the bad cast detector much more useful (Bill Pugh, David
2157 Hovemeyer)</li>
2158 <li>Support for detector ordering constraints in plugin
2159 descriptor (David Hovemeyer)</li>
2160 <li>Simpler option to control analysis effort: -effort: <i>value</i>,
2161 where <i>value</i> is one of <code> min </code> , <code>
2162 default </code> , or <code> max </code> (David Hovemeyer)
2163 </li>
2164 <li>Using -effort:max, FindNullDeref checks for null arguments
2165 passed to methods which dereference them unconditionally (David
2166 Hovemeyer)</li>
2167 <li>FindNullDeref checks @Null and @NonNull annotations for
2168 parameters and return values (David Hovemeyer)</li>
2169
2170 <!-- Bug fixes -->
2171 </ul>
2172
2173 <p>Changes since version 0.8.7:</p>
2174
2175 <ul>
2176 <!-- New detectors and bug patterns -->
2177 <li>New detector to find duplicate code in if/else statements
2178 (Dave Brosius)</li>
2179 <li>Look for calls to wait() on Condition objects (David
2180 Hovemeyer)</li>
2181 <li>Look for java.util.concurrent.Lock objects not released on
2182 every path out of method (David Hovemeyer)</li>
2183 <li>Look for calls to Thread.sleep() with a lock held (David
2184 Hovemeyer)</li>
2185 <li>More accurate detection of impossible casts (Bill Pugh,
2186 David Hovemeyer)</li>
2187
2188 <!-- Feature enhancements -->
2189 <li>Saved XML now contains project statistics (Jay Dunning)</li>
2190 <li>Filter files can select by bug pattern type and warning
2191 priority (David Hovemeyer)</li>
2192
2193 <!-- Bug fixes -->
2194 <li>Restored some files inadvertently omitted from previous
2195 release (Rohan Lloyd, David Hovemeyer)</li>
2196 <li>Make sure detectors requiring JDK 1.5 runtime classes are
2197 only executed if those classes are available (David Hovemeyer)</li>
2198 <li>Don't display analysis error dialog unless there is really
2199 an error (David Hovemeyer)</li>
2200 <li>Updated and expanded French translations of bug patterns
2201 and Swing GUI (Olivier Parent)</li>
2202 <li>Fixed invalid character encoding in German Swing GUI
2203 translation (Olivier Parent)</li>
2204 <li>Fix locale used for date format in project stats (K.
2205 Hashimoto)</li>
2206 <li>Fixed LongDescription elements in xml:withMessages output
2207 format (K. Hashimoto)</li>
2208 </ul>
2209
2210 <p>Changes since version 0.8.6:</p>
2211