Be sure you don’t have your operator precedence confused. Object , and does not appear to implement the Externalizable interface or the readObject and writeObject methods. A pack call causes components to be realized. This code invokes a method that requires a security permission check. One of the arguments being formatted with a format string is an array. If you call this.

A mutable static field could be changed by malicious code or by accident from another package. Instead, it inherits an equals Object method from a superclass. Only instance fields that are written outside of a monitor are reported. On a more granular level, you could exclude certain detectors from finding problems within a specified set of classes or even methods. Class is not derived from an Exception, even though it is named as such. This will lead to a NullPointerException when the code is executed.

This is unlikely to have useful semantics, since different threads may be synchronizing on different objects.

Store of non serializable object into HttpSession.

Adding elements of an entry set may fail due to reuse of Entry objects. For example, something like. This creates an array of length one to hold the primitive array and passes it to the function.

Either the use of the parameter or the annotation is wrong. This method contains an unsynchronized lazy initialization of a non-volatile static findbugs writing custom detectors.

As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. The format string specifies a relative index to request that the argument for the previous format specifier be reused.

However, such methods are exceptionally confusing. Since methods in other classes cannot directly findbugs writing custom detectors methods declared in an anonymous class, it seems that this method is uncallable. Therefore, it is unlikely that the collection contains any objects that are equal to the method argument findbugs writing custom detectors here.

In addition, it seem possible that, depending on the value of the left hand side, you might not want to evaluate the right hand side because it would have side effects, could cause an exception or could be expensive.

FindBugs, Part 1: Improve the quality of your code

Since the reference to the outer object is required during construction of the inner instance, the inner class will need to be refactored so as to pass a reference to the outer instance to the constructor for the inner class.

Objects of this class will not findbugs writing custom detectors deserialized correctly if a non-Serializable object is stored in this field. This code generates a random signed integer and then computes the absolute value of that random integer.

Equals checks for incompatible operand. If the hashcode is Integer. It may seem obvious, but I’ve worked with more teams than you might imagine who apparently add FindBugs-like tools to their builds for the pure joy of it.

findbugs writing custom detectors

A value specified as carrying a type qualifier annotation is compared with a value that doesn’t ever carry that qualifier. This method calls notify rather than notifyAll.

A Thread object is passed as a parameter to a method where a Runnable is expected. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

FindBugs Bug Descriptions

As of Java 1. The detector has findbugs writing custom detectors a call to an instance findbugs writing custom detectors Calendar that has been obtained via a static field. An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class. A boxed primitive is created from a String, just to extract the unboxed primitive value. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller.

The initial value of this parameter is ignored, and the parameter is overwritten here. So, any finalizer actions defined for the superclass will not be performed. This class extends a class that defines an equals method and adds fields, but doesn’t define an equals method itself.


The return value of this method should be checked. This class defines an equals method that always returns false. The code stores null into a local variable, and the stored value is not read. These two methods are very important because they’re called by nearly all of the Collections-based classes — List, Maps, Sets, and so on.

A findbugs writing custom detectors stored in the previous switch case is ignored here due to a switch fall through to a place where an exception is thrown. This error is often caused by mistakenly using a field’s name instead of a constructor argument — although not always, as Listing findbugs writing custom detectors shows:.

Check that your program logic ensures that this cast will not fail. This can be exceptionally confusing, create lots of situations in which you have to look at import statements to resolve references and creates many opportunities to accidentally define methods that do not override methods in their superclasses.

A String is being converted findbugs writing custom detectors upper or lowercase, using the platform’s default encoding. If you put enough developers together, then you’re going to have bugs in your code. Add a call to super. The suite method should findbugs writing custom detectors declared as being static, but isn’t. A boxed primitive is allocated just to call toString. The method creates a database resource such as a database connection or row setdoes not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all exception paths out of the method.