Project: <<unnamed project>>
FindBugs version: 0.9.4
Code analyzed:
| Warning Type | Number |
|---|---|
| Correctness Warnings | 5 |
| Internationalization Warnings | 0 |
| Multithreaded Correctness Warnings | 1 |
| Malicious Code Vulnerability Warnings | 6 |
| Performance Warnings | 16 |
| Style Warnings | 2 |
| Total | 30 |
Click on a warning row to see full context information.
| Code | Warning |
|---|---|
| DE | biz.xsoftware.test.mock.TestMockCreator.testThrowCheckedException() might ignore java.io.IOException |
| Dm | biz.xsoftware.manifest.ManifestUtilImpl.getFile(java.net.URL) invokes System.exit(...), which shuts down the entire virtual machine |
| EC | Call to equals() comparing unrelated class and interface in biz.xsoftware.test.mock.TestMockCreator.testEqualsAndToString() |
| RCN | Nullcheck of value previously dereferenced biz.xsoftware.impl.mock.MockSuperclass.getLeftOverMethods(java.util.Set) |
| Se | Class biz.xsoftware.mock.ExpectFailedException defines non-transient non-serializable instance field biz.xsoftware.mock.ExpectFailedException.methods |
| Code | Warning |
|---|
| Code | Warning |
|---|---|
| Ru | biz.xsoftware.impl.mock.test.TestOrderedCalls.testOrderBeforeFails() explicitly invokes run on a thread (did you mean to start it instead?) |
| Code | Warning |
|---|---|
| EI | biz.xsoftware.impl.mock.MockObjectImpl.getClasses() may expose internal representation by returning biz.xsoftware.impl.mock.MockObjectImpl.classes |
| EI | biz.xsoftware.mock.CalledMethod.getAllParams() may expose internal representation by returning biz.xsoftware.mock.CalledMethod.params |
| EI | biz.xsoftware.mock.ExpectFailedException.getCalledMethods() may expose internal representation by returning biz.xsoftware.mock.ExpectFailedException.methods |
| EI2 | biz.xsoftware.impl.mock.MockObjectImpl. |
| EI2 | biz.xsoftware.mock.CalledMethod. |
| EI2 | biz.xsoftware.mock.ExpectFailedException. |
| Code | Warning |
|---|---|
| Dm | biz.xsoftware.impl.mock.MockObjectImpl.callSuperMethod(Object,java.lang.reflect.Method,Object[]) invokes dubious Boolean constructor; use Boolean.valueOf(...) instead |
| SBSC | Method biz.xsoftware.impl.mock.MessageHelper.getMethodSignature(String,java.lang.reflect.Method,String) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MessageHelper.putTogetherReason(String[],java.util.Set,java.util.List,String) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MethodVerifier.getClassNamesString(Class[]) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MethodVerifier.getMethod(Class[],boolean,String,Class[]) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MethodVerifier.getMethodSigString(String,Class[]) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MockObjectImpl.getCleanMethodString(java.lang.reflect.Method) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MockSuperclass.expectImpl(String[]) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MockSuperclass.methodCalledImpl(String,Object[]) concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.impl.mock.MockSuperclass$LeftOverMethods.toString() concatenates strings using + in a loop |
| SBSC | Method biz.xsoftware.manifest.ManifestInfo.toString() concatenates strings using + in a loop |
| SIC | Should biz.xsoftware.examples.basic2.TestExample$BadCreditSimulator be a _static_ inner class? |
| SIC | Should biz.xsoftware.examples.behavior.TestExample$MyBehavior be a _static_ inner class? |
| SIC | Should biz.xsoftware.impl.mock.MockSuperclass$LeftOverMethods be a _static_ inner class? |
| SIC | Should biz.xsoftware.manifest.TestManifestInfo$FakeJarLocator be a _static_ inner class? |
| WMI | Method biz.xsoftware.manifest.ManifestInfo.toString() makes inefficient use of keySet iterator instead of entrySet iterator |
| Code | Warning |
|---|---|
| Nm | Class biz.xsoftware.impl.mock.ThrowException is not derived from an Exception, even though it is named as such |
| PS | Class biz.xsoftware.impl.mock.MockSuperclass exposes synchronization and semaphores in its public interface. |
This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.
Creating new instances of java.lang.Boolean wastes
memory, since Boolean objects are immutable and there are
only two useful values of this type. Use the Boolean.valueOf()
method to create Boolean objects instead.
Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.
This method calls equals(Object) on two references, one of which is a class and the other an interface, where neither the class nor any of its non-abstract subclasses implement the interface. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This class is not derived from another exception, but ends with 'Exception'. This will be confusing to users of this class.
This class uses synchronization along with wait(), notify() or notifyAll() on itself (the this reference). Client classes that use this class, may, in addition, use an instance of this class as a synchronizing object. Because two classes are using the same object for synchronization, Multithread correctness is suspect. You should not synchronize nor call semaphore methods on a public reference. Consider using a internal private member variable to control synchronization.
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferences and if it were null a null pointer exception would have occurred. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
This method explicitly invokes run() on an object.
In general, classes implement the Runnable interface because
they are going to have their run() method invoked in a new thread,
in which case Thread.start() is the right method to call.
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.
Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.
For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
}
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
buf.append(field[i]);
}
String s = buf.toString();
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the
readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be be made static.
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.