FindBugs Report

Project Information

Project: $ant.project.name

FindBugs version: 3.0.0

Code analyzed:



Metrics

24770 lines of code analyzed, in 641 classes, in 40 packages.

Metric Total Density*
High Priority Warnings 9 0.36
Medium Priority Warnings 20 0.81
Low Priority Warnings 43 1.74
Total Warnings 72 2.91

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 9
Internationalization Warnings 10
Malicious code vulnerability Warnings 4
Multithreaded correctness Warnings 5
Performance Warnings 7
Dodgy code Warnings 37
Total 72

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
FS Format string should use %n rather than \n in org.crosswire.jsword.book.sword.RawFileBackend.updateDataFile(long, File)
HE org.crosswire.jsword.passage.TreeKey defines equals but not hashCode
Nm Confusing to have methods org.crosswire.common.util.WebResource.shutdown() and org.crosswire.jsword.book.sword.state.OpenFileStateManager.shutDown()
OS new org.crosswire.jsword.versification.FileVersificationMapping(Versification) may fail to close stream
RV Exceptional return value of java.util.concurrent.BlockingQueue.offer(Object) ignored in org.crosswire.jsword.book.filter.osis.OSISFilter.parse(String)
RV Exceptional return value of java.io.File.mkdirs() ignored in org.crosswire.jsword.book.MetaDataLocator.getFile(URI)
Se The field org.crosswire.jsword.book.basic.DefaultBookmark.books is transient but isn't set by deserialization
Se org.crosswire.jsword.book.BookData$BookVerseContent is serializable but also an inner class of a non-serializable class
SI Static initializer for org.crosswire.jsword.index.lucene.InstalledIndex creates instance before all static final fields assigned

Internationalization Warnings

Code Warning
Dm Use of non-localized String.toUpperCase() or String.toLowerCase() in org.crosswire.common.util.IOUtil.unpackZip(File, File, boolean, String[])
Dm Found reliance on default encoding in org.crosswire.common.util.NetUtil.listByIndexFile(URI, URIFilter): new java.io.InputStreamReader(InputStream)
Dm Found reliance on default encoding in org.crosswire.jsword.book.sword.AbstractBackend.decipher(byte[]): String.getBytes()
Dm Found reliance on default encoding in org.crosswire.jsword.book.sword.RawFileBackend.getTextFilename(RandomAccessFile, DataIndex): new String(byte[], int, int)
Dm Found reliance on default encoding in org.crosswire.jsword.book.sword.RawLDBackend.getRawText(DataEntry): String.getBytes()
Dm Found reliance on default encoding in org.crosswire.jsword.book.sword.SwordUtil.decode(String, byte[], int, int, String): new String(byte[], int, int)
Dm Found reliance on default encoding in org.crosswire.jsword.bridge.ConfParser.parse(): new java.io.PrintWriter(OutputStream)
Dm Found reliance on default encoding in org.crosswire.jsword.examples.GatherAllReferences.main(String[]): new java.io.FileWriter(String)
Dm Found reliance on default encoding in new org.crosswire.jsword.versification.FileVersificationMapping(Versification): new java.io.InputStreamReader(InputStream)
Dm Found reliance on default encoding in org.crosswire.jsword.versification.VersificationToKJVMapper.trace(): new java.io.PrintStream(OutputStream)

Malicious code vulnerability Warnings

Code Warning
EI org.crosswire.jsword.book.sword.state.ZLDBackendState.getLastUncompressed() may expose internal representation by returning ZLDBackendState.lastUncompressed
EI org.crosswire.jsword.book.sword.state.ZVerseBackendState.getLastUncompressed() may expose internal representation by returning ZVerseBackendState.lastUncompressed
EI2 org.crosswire.jsword.book.sword.state.ZLDBackendState.setLastUncompressed(byte[]) may expose internal representation by storing an externally mutable object into ZLDBackendState.lastUncompressed
EI2 org.crosswire.jsword.book.sword.state.ZVerseBackendState.setLastUncompressed(byte[]) may expose internal representation by storing an externally mutable object into ZVerseBackendState.lastUncompressed

Multithreaded correctness Warnings

Code Warning
IS Inconsistent synchronization of org.crosswire.common.progress.Job.totalUnits; locked 92% of time
IS Inconsistent synchronization of org.crosswire.common.progress.Job.currentSectionName; locked 85% of time
IS Inconsistent synchronization of org.crosswire.common.progress.Job.jobMode; locked 83% of time
IS Inconsistent synchronization of org.crosswire.common.progress.Job.percent; locked 91% of time
IS Inconsistent synchronization of org.crosswire.common.progress.Job.workUnits; locked 92% of time

Performance Warnings

Code Warning
Dm org.crosswire.jsword.index.lucene.LuceneIndex.find(String) invokes toString() method on a String
Dm org.crosswire.jsword.index.lucene.LuceneIndex.generateSearchIndexImpl(Progress, List, IndexWriter, Key, int, IndexPolicy) invokes toString() method on a String
SBSC org.crosswire.common.xml.XMLUtil.recloseTags(String) concatenates strings using + in a loop
SIC Should org.crosswire.jsword.book.BookData$BookVerseContent be a _static_ inner class?
SIC The class org.crosswire.jsword.book.sword.state.OpenFileStateManager$2 could be refactored into a named _static_ inner class
SIC Should org.crosswire.jsword.versification.BibleNames$NameList be a _static_ inner class?
UPM Private method org.crosswire.common.util.CWProject.reset() is never called

Dodgy code Warnings

Code Warning
BC Unchecked/unconfirmed cast from org.crosswire.jsword.passage.VerseKey to org.crosswire.jsword.passage.VerseRange in org.crosswire.jsword.versification.QualifiedKey.create(VerseKey)
CI Class org.crosswire.common.util.Languages is final but declares protected field org.crosswire.common.util.Languages.log
DLS Dead store of null to buf in org.crosswire.common.util.IniSection.more(BufferedReader, String)
DLS Dead store to buffer in org.crosswire.common.util.IOUtil.getZipEntry(String)
DLS Dead store to x in org.crosswire.common.util.StringUtil.split(String)
DLS Dead store to x in org.crosswire.common.util.StringUtil.split(String, char)
DLS Dead store to x in org.crosswire.common.util.StringUtil.split(String, char, int)
DLS Dead store to x in org.crosswire.common.util.StringUtil.split(String, int)
DLS Dead store to x in org.crosswire.common.util.StringUtil.split(String, String, int)
DLS Dead store to cell in org.crosswire.jsword.book.BookData.getOsisContent(boolean)
DLS Dead store to end in org.crosswire.jsword.book.sword.RawLDBackend.dumpIdxRaf()
DLS Dead store to end in org.crosswire.jsword.book.sword.RawLDBackend.toIMP()
DLS Dead store to end in org.crosswire.jsword.book.sword.ZLDBackend.dumpIdxRaf()
DLS Dead store of null to ref in org.crosswire.jsword.examples.Speed.run()
DLS Dead store of null to results in org.crosswire.jsword.examples.Speed.run()
ICAST Result of integer multiplication cast to long in org.crosswire.jsword.book.sword.state.OpenFileStateManager$1.run()
NP Load of known null value in org.crosswire.jsword.book.sword.RawBackend.getRawTextLength(Key)
NP Load of known null value in org.crosswire.jsword.book.sword.RawBackend.isWritable()
NP Load of known null value in org.crosswire.jsword.book.sword.RawBackend.readRawContent(RawBackendState, Key)
NP Load of known null value in org.crosswire.jsword.book.sword.RawLDBackend.getCardinality()
NP Load of known null value in org.crosswire.jsword.book.sword.RawLDBackend.indexOf(Key)
NP Load of known null value in org.crosswire.jsword.book.sword.ZVerseBackend.getRawTextLength(Key)
NP Load of known null value in org.crosswire.jsword.examples.ReadEverything.main(String[])
RCN Redundant nullcheck of org.crosswire.common.util.IniSection.charset, which is known to be non-null in org.crosswire.common.util.IniSection.save()
RCN Redundant nullcheck of org.crosswire.common.util.IniSection.configFile, which is known to be non-null in org.crosswire.common.util.IniSection.save()
RCN Redundant nullcheck of org.crosswire.common.util.MsgBase.getLocalisedResources(), which is known to be non-null in org.crosswire.common.util.MsgBase.obtainString(String)
RCN Redundant nullcheck of t, which is known to be non-null in org.crosswire.jsword.book.filter.thml.CustomHandler.endElement(String, String, String)
RCN Redundant nullcheck of t, which is known to be non-null in org.crosswire.jsword.book.filter.thml.CustomHandler.startElement(String, String, String, Attributes)
RCN Redundant nullcheck of temp, which is known to be non-null in org.crosswire.jsword.book.SentenceUtil.tokenize(String)
RCN Redundant nullcheck of buffer, which is known to be non-null in org.crosswire.jsword.book.sword.RawBackend.getIndex(RandomAccessFile, long)
RCN Redundant nullcheck of org.crosswire.jsword.book.sword.SwordBookMetaData.bookType, which is known to be non-null in org.crosswire.jsword.book.sword.SwordBookMetaData.adjustBookType()
RCN Redundant nullcheck of temp, which is known to be non-null in org.crosswire.jsword.book.sword.ZLDBackend.getEntry(RawLDBackendState, DataEntry)
RCN Redundant nullcheck of temp, which is known to be non-null in org.crosswire.jsword.book.sword.ZVerseBackend.getRawTextLength(Key)
RCN Redundant nullcheck of temp, which is known to be non-null in org.crosswire.jsword.book.sword.ZVerseBackend.readRawContent(ZVerseBackendState, Key)
RCN Redundant nullcheck of org.crosswire.jsword.book.BookData.getOsisFragment(), which is known to be non-null in org.crosswire.jsword.examples.ReadEverything.testReadSingle(Book, Key, int)
RCN Redundant nullcheck of tempDownload, which is known to be non-null in org.crosswire.jsword.util.IndexDownloader.downloadIndex(Book, Installer)
ST Write to static field org.crosswire.jsword.versification.BibleNames.englishBibleNames from instance method new org.crosswire.jsword.versification.BibleNames()

Details

BC_UNCONFIRMED_CAST: Unchecked/unconfirmed cast

This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.

CI_CONFUSED_INHERITANCE: Class is final but declares protected field

This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

DLS_DEAD_LOCAL_STORE_OF_NULL: Dead store of null to local variable

The code stores null into a local variable, and the stored value is not read. This store may have been introduced to assist the garbage collector, but as of Java SE 6.0, this is no longer needed or useful.

DLS_DEAD_LOCAL_STORE: Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

DM_CONVERT_CASE: Consider using Locale parameterized version of invoked method

A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

versions instead.

DM_STRING_TOSTRING: Method invokes toString() method on a String

Calling String.toString() is just a redundant operation. Just use the String.

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

VA_FORMAT_STRING_USES_NEWLINE: Format string should use %n rather than \n

This format string include a newline character (\n). In format strings, it is generally preferable better to use %n, which will produce the platform-specific line separator.

HE_EQUALS_NO_HASHCODE: Class defines equals() but not hashCode()

This class overrides equals(Object), but does not override hashCode().  Therefore, the class may violate the invariant that equal objects must have equal hashcodes.

ICAST_INTEGER_MULTIPLY_CAST_TO_LONG: Result of integer multiplication cast to long

This code performs integer multiply and then converts the result to a long, as in:

    long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; }

If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to:

    long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; }
or 
    static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
    long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; }

IS2_INCONSISTENT_SYNC: Inconsistent synchronization

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

NM_CONFUSING: Confusing method names

The referenced methods have names that differ only by capitalization.

NP_LOAD_OF_KNOWN_NULL_VALUE: Load of known null value

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull).

OS_OPEN_STREAM: Method may fail to close stream

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null

This method contains a redundant check of a known non-null value against the constant null.

RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: Method ignores exceptional return value

This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don't check the result, you won't notice if the method invocation signals unexpected behavior by returning an atypical return value.

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();

SE_BAD_FIELD_INNER_CLASS: Non-serializable class has a serializable inner class

This Serializable class is an inner class of a non-serializable class. Thus, attempts to serialize it will also attempt to associate instance of the outer class with which it is associated, leading to a runtime error.

If possible, making the inner class a static inner class should solve the problem. Making the outer class serializable might also work, but that would mean serializing an instance of the inner class would always also serialize the instance of the outer class, which it often not what you really want.

SE_TRANSIENT_FIELD_NOT_RESTORED: Transient field that isn't set by deserialization.

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

SI_INSTANCE_BEFORE_FINALS_ASSIGNED: Static initializer creates instance before all static final fields assigned

The class's static initializer creates an instance of the class before all of the static final fields are assigned.

SIC_INNER_SHOULD_BE_STATIC_ANON: Could be refactored into a named static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made into a static inner class. Since anonymous inner classes cannot be marked as static, doing this will require refactoring the inner class so that it is a named inner class.

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

UPM_UNCALLED_PRIVATE_METHOD: Private method is never called

This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.