FindBugs错误修改中文说明大全

FindBug错误修改中文说明大全

复制你的Pattern id然后用Ctrl+F快速查找定位 Security 关于代码安全性防护 序号 1. Description Dm: Hardcoded constant database password (DMI_CONSTANT_DB_PASSWORD) 代码中创建DB的密码时采用了写死的密码。 2. 备注 Dm: Empty database password (DMI_EMPTY_DB_PASSWORD) 创建数据库连接时没有为数据库设置密码，这会使数据库没有必要的保护。 3. HRS: HTTP cookie formed from untrusted input (HRS_REQUEST_PARAMETER_TO_COOKIE) 此代码使用不受信任的HTTP参数构造一个HTTP Cookie。 4. HRS: HTTP Response splitting vulnerability (HRS_REQUEST_PARAMETER_TO_HTTP_HEADER) 在代码中直接把一个HTTP的参数写入一个HTTP头文件中，它为HTTP的响应暴露了漏洞。 5. SQL: Nonconstant string passed to execute method on an SQL statement (SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE) 该方法以字符串的形式来调用SQLstatement的execute方法，它似乎是动态生成SQL语句的方法。这会更容易受到SQL注入攻击。 6. XSS: JSP reflected cross site scripting vulnerability (XSS_REQUEST_PARAMETER_TO_JSP_WRITER) 在代码中在JSP输出中直接写入一个HTTP参数，这会造成一个跨站点的脚本漏洞。

Experimental 序号 Description 备注 1. LG: Potential lost logger changes due to weak reference in OpenJDK (LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE) OpenJDK的引入了一种潜在的不兼容问题，特别是，java.util.logging.Logger的行为改变时。它现在使用内部弱引用，而不是强引用。–logger配置改变，它就是丢失对logger的引用，这本是一个合理的变化，但不幸的是一些代码对旧的行为有依赖关系。这意味着，当进行垃圾收集时对logger配置将会丢失。例如： public static void initLogging() throws Exception { Logger logger = Logger.getLogger(\ logger.addHandler(new FileHandler()); // call to change logger configuration logger.setUseParentHandlers(false); // another call to change logger configuration } 该方法结束时logger的引用就丢失了，如果你刚刚结束调用initLogging方法后进行垃圾回收，logger的 配置将会丢失（因为只有保持记录器弱引用）。 public static void main(String[] args) throws Exception { initLogging(); // adds a file handler to the logger System.gc(); // logger configuration lost Logger.getLogger(\message\expected } 2. OBL: Method may fail to clean up stream or resource (OBL_UNSATISFIED_OBLIGATION) 这种方法可能无法清除（关闭，处置）一个流，数据库对象，或其他资源需要一个明确的清理行动。 一般来说，如果一个方法打开一个流或其他资源，该方法应该使用try / finally块来确保在方法返回之前流或资源已经被清除了。这种错误模式基本上和OS_OPEN_STREAM和ODR_OPEN_DATABASE_RESOURCE错误模式相同，但是是在不同在静态分析技术。我们正为这个错误模式的效用收集反馈意见。

Bad practice代码实现中的一些坏习惯 序号 1. AM: Creates an empty jar file entry (AM_CREATES_EMPTY_JAR_FILE_ENTRY) 调用putNextEntry()方法写入新的 jar 文件条目时立即调用closeEntry()方法。这样会造成JarFile条目为空。 2. AM: Creates an empty zip file entry (AM_CREATES_EMPTY_ZIP_FILE_ENTRY) 调用putNextEntry()方法写入新的 zip 文件条目时立即调用closeEntry()方法。这样会造成ZipFile条目为空。 3. BC: Equals method should not assume anything about the Description 备注

type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) equals(Object o)方法不能对参数o的类型做任何的假设。比较此对象与指定的对象。当且仅当该参数不为 null，并且是表示与此对象相同的类型的对象时，结果才为 true。 4. BC: Random object created and used only once (DMI_RANDOM_USED_ONLY_ONCE) 随机创建对象只使用过一次就抛弃 5. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) 检查位操作符运行是否合理 ((event.detail & SWT.SELECTED) > 0) If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. 6. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) 按照惯例，实现此接口的类应该使用公共方法重写 Object.clone（它 是受保护的），以获得有关重写此方法的详细信息。此接口不 包含 clone 方法。因此，因为某个对象实现了此接口就克隆它是不可能的,应该实现此接口的类应该使用公共方法重写 Object.clone 7. CN: clone method does not call super.clone() (CN_IDIOM_NO_SUPER_CALL) 一个非final类型的类定义了clone()方法而没有调用super.clone()方法。例如：B扩展自A，如果B中clone方法调用了spuer.clone（），而A中的clone没有调用spuer.clone()，就会造成结果类型不准确。要求A的clone方法中调用spuer.clone()方法。 8. CN: Class defines clone() but doesn't implement Cloneable (CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE) 类中定义了clone方法但是它没有实现Cloneable接口 9. Co: Abstract class defines covariant compareTo() method (CO_ABSTRACT_SELF) 抽象类中定义了多个compareTo()方法，正确的是覆写Comparable中的compareTo方法，方法的参数为Object类型，如下例： int compareTo(T o) 比较此对象与指定对象的顺序。 10. Co: Covariant compareTo() method defined LF_NO_OBJECT) 类中定义了多个compareTo()方法，正确的是覆写Comparable中的compareTo方法，方法的参数为Object类型 11. DE: Method might drop exception (DE_MIGHT_DROP) 方法可能抛出异常 12. DE: Method might ignore exception (DE_MIGHT_IGNORE) 方法可能忽略异常 13. DMI: Don't use removeAll to clear a collection (DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION) 不要用removeAll方法去clear一个集合 14. DP: Classloaders should only be created inside doPrivileged block (DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED) 类加载器只能建立在特殊的方法体内 15. Dm: Method invokes System.exit(...) (DM_EXIT) 在方法中调用System.exit(...)语句，考虑用RuntimeException来代 替 16. Dm: Method invokes dangerous method runFinalizersOnExit (DM_RUN_FINALIZERS_ON_EXIT) 在方法中调用了System.runFinalizersOnExit 或者Runtime.runFinalizersOnExit方法，因为这样做是很危险的。 17. ES: Comparison of String parameter using == or != (ES_COMPARING_PARAMETER_STRING_WITH_EQ) 用==或者!=方法去比较String类型的参数 18. ES: Comparison of String objects using == or != (ES_COMPARING_STRINGS_WITH_EQ) 用==或者！=去比较String类型的对象 19. Eq: Abstract class defines covariant equals() method (EQ_ABSTRACT_SELF) 20. Eq: Equals checks for noncompatible operand (EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS) equals方法检查不一致的操作。两个类根本就是父子关系而去调用 equals方法去判读对象是否相等。 public boolean equals(Object o) { if (o instanceof Foo) return name.equals(((Foo)o).name); else if (o instanceof String) return name.equals(o); else return false; 21. Eq: Class defines compareTo(...) and uses Object.equals() (EQ_COMPARETO_USE_OBJECT_EQUALS) 类中定义了compareTo方法但是继承了Object中的compareTo方法 22. Eq: equals method fails for subtypes (EQ_GETCLASS_AND_CLASS_CONSTANT) 类中的equals方法可能被子类中的方法所破坏，当使用类似于Foo.class == o.getClass()的判断时考虑用this.getClass() == o.getClass()来替换

23. Eq: Covariant equals() method defined (EQ_SELF_NO_OBJECT) 类中定义了多个equals方法。正确的做法是覆写Object中的equals方法，它的参数为Object类型的对象。 24. FI: Empty finalizer should be deleted (FI_EMPTY) 为空的finalizer方法应该删除。一下关于finalizer的内容省略 25. GC: Unchecked type in generic call (GC_UNCHECKED_TYPE_IN_GENERIC_CALL) This call to a generic collection method passes an argument while compile type Object where a specific type from the generic type parameters is expected. Thus, neither the standard Java type system nor static analysis can provide useful information on whether the object being passed as a parameter is of an appropriate type. 26. HE: Class defines equals() but not hashCode() (HE_EQUALS_NO_HASHCODE) 方法定义了equals方法却没有定义hashCode方法 27. HE: Class defines hashCode() but not equals() (HE_HASHCODE_NO_EQUALS) 类定义了hashCode方法去没有定义equal方法 28. HE: Class defines equals() and uses Object.hashCode() (HE_EQUALS_USE_HASHCODE) 一个类覆写了equals方法，没有覆写hashCode方法，使用了Object对象的hashCode方法 29. HE: Class inherits equals() and uses Object.hashCode() (HE_INHERITS_EQUALS_USE_HASHCODE) 子类继承了父类的equals方法却使用了Object的hashCode方法 30. IC: Superclass uses subclass during initialization (IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION) 子类在父类未初始化之前使用父类对象实例 public class CircularClassInitialization { static class InnerClassSingleton extends CircularClassInitialization { static InnerClassSingleton singleton = new InnerClassSingleton(); } static CircularClassInitialization foo = InnerClassSingleton.singleton; } 31. IMSE: Dubious catching of IllegalMonitorStateException (IMSE_DONT_CATCH_IMSE) 捕捉违法的监控状态异常，例如当没有获取到对象锁时使用其wait和notify方法 32. ISC: Needless instantiation of class that only supplies static methods (ISC_INSTANTIATE_STATIC_CLASS) 为使用静态方法而创建一个实例对象。调用静态方法时只需要使用类名+静态方法名就可以了。 33. It: Iterator next() method can't throw NoSuchElementException (IT_NO_SUCH_ELEMENT) 迭代器的next方法不能够抛出NoSuchElementException 34. J2EE: Store of non serializable object into HttpSession (J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION) 在HttpSession对象中保存非连续的对象 35. JCIP: Fields of immutable classes should be final (JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS) The class is annotated with net.jcip.annotations.Immutable, and the rules for that annotation require that all fields are final. . 36. NP: Method with Boolean return type returns explicit null (NP_BOOLEAN_RETURN_NULL) 返回值为boolean类型的方法直接返回null，这样会导致空指针异常 37. NP: equals() method does not check for null argument (NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT) 变量调用equals方法时没有进行是否为null的判断 38. NP: toString method may return null (NP_TOSTRING_COULD_RETURN_NULL) toString方法可能返回null 39. Nm: Class names should start with an upper case letter (NM_CLASS_NAMING_CONVENTION) 类的名称以大写字母名称开头 40. Nm: Class is not derived from an Exception, even though it is named as such (NM_CLASS_NOT_EXCEPTION) 类的名称中含有Exception但是却不是一个异常类的子类，这种名称会造成混淆 41. Nm: Confusing method names (NM_CONFUSING) 令人迷惑的方面命名 42. Nm: Field names should start with a lower case letter

(NM_FIELD_NAMING_CONVENTION) 非final类型的字段需要遵循驼峰命名原则 43. Nm: Use of identifier that is a keyword in later versions of Java (NM_FUTURE_KEYWORD_USED_AS_IDENTIFIER) 验证是否是java预留关键字 44. Nm: Use of identifier that is a keyword in later versions of Java (NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER) 验证是否时java中的关键字 45. Nm: Method names should start with a lower case letter (NM_METHOD_NAMING_CONVENTION) 方法名称以小写字母开头 46. Nm: Class names shouldn't shadow simple name of implemented interface (NM_SAME_SIMPLE_NAME_AS_INTERFACE) 实现同一接口实现类不能使用相同的名称，即使它们位于不同的包中 47. Nm: Class names shouldn't shadow simple name of superclass (NM_SAME_SIMPLE_NAME_AS_SUPERCLASS) 继承同一父类的子类不能使用相同的名称，即使它们位于不同的包中 48. Nm: Very confusing method names (but perhaps intentional) (NM_VERY_CONFUSING_INTENTIONAL) 很容易混淆的方法命名，例如方法的名称名称使用使用大小写来区别两个不同的方法。 49. Nm: Method doesn't override method in superclass due to wrong package for parameter (NM_WRONG_PACKAGE_INTENTIONAL) 由于错误引用了不同包中相同类名的对象而不能够正确的覆写父类中的方法 import alpha.Foo; public class A { public int f(Foo x) { return 17; } } import beta.Foo; public class B extends A { public int f(Foo x) { return 42; } public int f(alpha.Foo x) { return 27; } } 50. ODR: Method may fail to close database resource (ODR_OPEN_DATABASE_RESOURCE) 方法中可能存在关闭数据连接失败的情况 51. OS: Method may fail to close stream (OS_OPEN_STREAM) 方法中可能存在关闭流失败的情况 52. OS: Method may fail to close stream on exception (OS_OPEN_STREAM_EXCEPTION_PATH) 方法中可能存在关闭流时出现异常情况 53. RC: Suspicious reference comparison to constant (RC_REF_COMPARISON_BAD_PRACTICE) 当两者为不同类型的对象时使用equals方法来比较它们的值是否相等，而不是使用==方法。例如比较的两者为java.lang.Integer, java.lang.Float 54. RC: Suspicious reference comparison of Boolean values (RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN) 使用== 或者 !=操作符来比较两个 Boolean类型的对象，建议使用equals方法。 55. RR: Method ignores results of InputStream.read() (RR_NOT_CHECKED) InputStream.read方法忽略返回的多个字符，如果对结果没有检查就没法正确处理用户读取少量字符请求的情况。 56. RR: Method ignores results of InputStream.skip() (SR_NOT_CHECKED) InputStream.skip()方法忽略返回的多个字符，如果对结果没有检查就没法正确处理用户跳过少量字符请求的情况 57. RV: Method ignores exceptional return value (RV_RETURN_VALUE_IGNORED_BAD_PRACTICE) 方法忽略返回值的异常信息 58. SI: Static initializer creates instance before all static final fields assigned (SI_INSTANCE_BEFORE_FINALS_ASSIGNED) 在所有的static final字段赋值之前去使用静态初始化的方法创建一个类的实例。 59. Se: Non-serializable value stored into instance field of a serializable class (SE_BAD_FIELD_STORE) 非序列化的值保存在声明为序列化的的非序列化字段中 60. Se: Comparator doesn't implement Serializable (SE_COMPARATOR_SHOULD_BE_SERIALIZABLE) Comparator接口没有实现Serializable接口 61. Se: Serializable inner class (SE_INNER_CLASS) 序列化内部类 62. Se: serialVersionUID isn't final (SE_NONFINAL_SERIALVERSIONID) 关于UID类的检查内容省略

63. Se: Class is Serializable but its superclass doesn't define a void constructor (SE_NO_SUITABLE_CONSTRUCTOR) 子类序列化时父类没有提供一个void的构造函数 64. Se: Class is Externalizable but doesn't define a void constructor (SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION) Externalizable 实例类没有定义一个void类型的构造函数 65. Se: The readResolve method must be declared with a return type of Object. (SE_READ_RESOLVE_MUST_RETURN_OBJECT) readResolve从流中读取类的一个实例，此方法必须声明返回一个Object类型的对象 66. Se: Transient field that isn't set by deserialization. (SE_TRANSIENT_FIELD_NOT_RESTORED) This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class. 67. SnVI: Class is Serializable, but doesn't define serialVersionUID (SE_NO_SERIALVERSIONID) 一个类实现了Serializable接口但是没有定义serialVersionUID类型的变量。序列化运行时使用一个称为 serialVersionUID 的版本号与每个可序列化类相关联，该序列号在反序列化过程中用于验证序列化对象的发送者和接收者是否为该对象加载了与序列化兼容的类。如果接收者加载的该对象的类的 serialVersionUID 与对应的发送者的类的版本号不同，则反序列化将会导致 InvalidClassException。可序列化类可以通过声明名为 \的字段（该字段必须是静态 (static)、最终 (final) 的 long 型字段）显式声明其自己的 serialVersionUID： ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L; 68. UI: Usage of GetResource may be unsafe if class is extended (UI_INHERITANCE_UNSAFE_GETRESOURCE) 当一个类被子类继承后不要使用this.getClass().getResource(...)来获取资源

Correctness关于代码正确性相关方面的 序号 1. BC: Impossible cast (BC_IMPOSSIBLE_CAST) 不可能的类转换，执行时会抛出ClassCastException 2. BC: Impossible downcast (BC_IMPOSSIBLE_DOWNCAST) 父类在向下进行类型转换时抛出ClassCastException 3. BC: Impossible downcast of toArray() result (BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY) 集合转换为数组元素时发生的类转换错误。 This code is casting the result of calling toArray() on a collection to a type more specific than Object[], as in: String[] getAsArray(Collection c) { return (String[]) c.toArray(); Description 备注 } This will usually fail by throwing a ClassCastException. The toArray() of almost all collections return an Object[]. They can't really do anything else, since the Collection object has no reference to the declared generic type of the collection. The correct way to do get an array of a specific type from a collection is to use c.toArray(new String[]); or c.toArray(new String[c.size()]); (the latter is slightly more efficient). 4. BC: instanceof will always return false (BC_IMPOSSIBLE_INSTANCEOF) 采用instaneof方法进行比较时总是返回false。前提是保证它不是由于某些逻辑错误造成的。 5. BIT: Incompatible bit masks (BIT_AND) 错误的使用&位操作符，例如(e & C) 6. BIT: Check to see if ((...) & 0) == 0 (BIT_AND_ZZ) 检查恒等的逻辑错误 7. BIT: Incompatible bit masks (BIT_IOR) 错误的使用|位操作符，例如(e | C) 8. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK_HIGH_BIT) 检查逻辑运算符操作返回的标识。例如((event.detail & SWT.SELECTED) > 0)，建议采用!=0代替>0 9. BOA: Class overrides a method implemented in super class Adapter wrongly (BOA_BADLY_OVERRIDDEN_ADAPTER) 子类错误的覆写父类中用于适配监听其他事件的方法，从而导致当触发条件发生时不能被监听者调用 10. Bx: Primitive value is unboxed and coerced for ternary operator (BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR) 在三元运算符操作时如果没有对值进行封装或者类型转换。例如：b ? e1 : e2 11. DLS: Dead store of class literal (DLS_DEAD_STORE_OF_CLASS_LITERAL)

以类的字面名称方式为一个字段赋值后再也没有去使用它，在1.4jdk中它会自动调用静态的初始化方法，而在jdk1.5中却不会去执行。 12. DLS: Overwritten increment (DLS_OVERWRITTEN_INCREMENT) 覆写增量增加错误i = i++ 13. DMI: Bad constant value for month (DMI_BAD_MONTH) hashNext方法调用next方法。 14. DMI: Collections should not contain themselves (DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES) 集合没有包含他们自己本身。 15. DMI: Invocation of hashCode on an array (DMI_INVOKING_HASHCODE_ON_ARRAY) 数组直接使用hashCode方法来返回哈希码。 int [] a1 = new int[]{1,2,3,4}; System.out.println(a1.hashCode()); System.out.println(java.util.Arrays.hashCode(a1)); 16. DMI: Double.longBitsToDouble invoked on an int (DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT) 17. DMI: Vacuous call to collections (DMI_VACUOUS_SELF_COLLECTION_CALL) 集合的调用不能被感知。例如c.containsAll(c)总是返回true，而c.retainAll(c)的返回值不能被感知。 18. Dm: Can't use reflection to check for presence of annotation without runtime retention (DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION) Unless an annotation has itself been annotated with @Retention(RetentionPolicy.RUNTIME), the annotation can't be observed using reflection (e.g., by using the isAnnotationPresent method). . 19. Dm: Useless/vacuous call to EasyMock method (DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD) While ScheduledThreadPoolExecutor inherits from ThreadPoolExecutor, a few of the inherited tuning methods are not useful for it. In particular, because it acts as a fixed-sized pool using corePoolSize threads and an unbounded queue, adjustments to maximumPoolSize have no useful effect. 20. EC: equals() used to compare array and nonarray (EC_ARRAY_AND_NONARRAY) 数组对象使用equals方法和非数组对象进行比较。即使比较的双方都是数组对象也不应该使用equals方法，而应该比较它们的内容是否相等使用java.util.Arrays.equals(Object[], Object[]); 21. EC: equals(...) used to compare incompatible arrays (EC_INCOMPATIBLE_ARRAY_COMPARE) 使用equls方法去比较类型不相同的数组。例如：String[] and StringBuffer[], or String[] and int[] 22. EC: Call to equals() with null argument (EC_NULL_ARG) 调用equals的对象为null 23. EC: Call to equals() comparing unrelated class and interface (EC_UNRELATED_CLASS_AND_INTERFACE) 使用equals方法比较不相关的类和接口 24. EC: Call to equals() comparing different interface types (EC_UNRELATED_INTERFACES) 调用equals方法比较不同类型的接口 25. EC: Call to equals() comparing different types (EC_UNRELATED_TYPES) 调用equals方法比较不同类型的类 26. EC: Using pointer equality to compare different types (EC_UNRELATED_TYPES_USING_POINTER_EQUALITY) This method uses using pointer equality to compare two references that seem to be of different types. The result of this comparison will always be false at runtime. 27. Eq: equals method always returns false (EQ_ALWAYS_FALSE) 使用equals方法返回值总是false 28. Eq: equals method always returns true (EQ_ALWAYS_TRUE) equals方法返回值总是true 29. Eq: equals method compares class names rather than class objects (EQ_COMPARING_CLASS_NAMES) 使用equals方法去比较一个类的实例和类的类型 30. Eq: Covariant equals() method defined for enum (EQ_DONT_DEFINE_EQUALS_FOR_ENUM) This class defines an enumeration, and equality on enumerations are defined using object identity. Defining a covariant equals method for an enumeration value is exceptionally bad practice, since it would likely result in having two different enumeration values that compare as equals using the covariant enum method, and as not equal when compared normally. Don't do it. 31. Eq: equals() method defined that doesn't override equals(Object) (EQ_OTHER_NO_OBJECT) 类中定义的equals方法时不要覆写equals（Object）方法 32. Eq: equals() method defined that doesn't override Object.equals(Object) (EQ_OTHER_USE_OBJECT) 类中定义的equals方法时不要覆写Object中的equals（Object）方法 33. Eq: equals method overrides equals in superclass and may not be

symmetric (EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC) 34. Eq: Covariant equals() method defined, Object.equals(Object) inherited (EQ_SELF_USE_OBJECT) 类中定义了一组equals方法，但是都是继承的java.lang.Object class中的equals(Object)方法 35. FE: Doomed test for equality to NaN (FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER) This code checks to see if a floating point value is equal to the special Not A Number value (e.g., if (x == Double.NaN)). However, because of the special semantics of NaN, no value is equal to Nan, including NaN. Thus, x == Double.NaN always evaluates to false. To check to see if a value contained in x is the special Not A Number value, use Double.isNaN(x) (or Float.isNaN(x) if x is floating point precision). 36. FS: Format string placeholder incompatible with passed argument (VA_FORMAT_STRING_BAD_ARGUMENT) 错误使用参数类型来格式化字符串 37. FS: The type of a supplied argument doesn't match format specifier (VA_FORMAT_STRING_BAD_CONVERSION) 指定的格式字符串和参数类型不匹配，例如：String.format(\38. FS: MessageFormat supplied where printf style format expected (VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED) 但用String的format方法时实际调用了ＭｅｓｓａｇｅＦｏｒｍａｔ中干的格式化方法而引起格式化结果出错。 39. FS: More arguments are passed than are actually used in the format string (VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED) 使用String的format方法时有非法的参数也经过了格式化操作。 40. FS: Illegal format string (VA_FORMAT_STRING_ILLEGAL) 格式化String对象语句错误 41. FS: Format string references missing argument (VA_FORMAT_STRING_MISSING_ARGUMENT) String的format操作缺少必要的参数。 42. FS: No previous argument for format string (VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT) 格式字符串定义错误，例如：formatter.format(\抛出MissingFormatArgumentException异常 43. GC: No relationship between generic parameter and method argument (GC_UNRELATED_TYPES) This call to a generic collection method contains an argument with an incompatible class from that of the collection's parameter (i.e., the type of the argument is neither a supertype nor a subtype of the corresponding generic type argument). Therefore, it is unlikely that the collection contains any objects that are equal to the method argument used here. Most likely, the wrong value is being passed to the method. In general, instances of two unrelated classes are not equal. For example, if the Foo and Bar classes are not related by subtyping, then an instance of Foo should not be equal to an instance of Bar. Among other issues, doing so will likely result in an equals method that is not symmetrical. For example, if you define the Foo class so that a Foo can be equal to a String, your equals method isn't symmetrical since a String can only be equal to a String. In rare cases, people do define nonsymmetrical equals methods and still manage to make their code work. Although none of the APIs document or guarantee it, it is typically the case that if you check if a Collection contains a Foo, the equals method of argument (e.g., the equals method of the Foo class) used to perform the equality checks. 44. HE: Signature declares use of unhashable class in hashed construct (HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS) A method, field or class declares a generic signature where a non-hashable class is used in context where a hashable class is required. A class that declares an equals method but inherits a hashCode() method from Object is unhashable, since it doesn't fulfill the requirement that equal objects have equal hashCodes. 45. HE: Use of class without a hashCode() method in a hashed data structure (HE_USE_OF_UNHASHABLE_CLASS) A class defines an equals(Object) method but not a hashCode() method, and thus doesn't fulfill the requirement that equal objects have equal hashCodes. An instance of this class is used in a hash data structure, making the need to fix this problem of highest importance. 46. ICAST: integral value cast to double and then passed to Math.ceil (ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL) integral的值转换为double后使用了Math.ceil方法 47. ICAST: int value cast to float and then passed to Math.round (ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND) int 类型的值转换为float类型之后调用了Math.round方法 48. IJU: JUnit assertion in run method will not be noticed by JUnit (IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD) 在JUnit中的断言在run方法中不会被告知 49. IJU: TestCase declares a bad suite method

(IJU_BAD_SUITE_METHOD) 在一个JUnit类中声明的一个suite()方法必须声明为 public static junit.framework.Test suite() 或者 public static junit.framework.TestSuite suite()的形式。 50. IL: A collection is added to itself (IL_CONTAINER_ADDED_TO_ITSELF) 集合本身作为add方法的参数，这样会引起内容溢出。 51. IL: An apparent infinite loop (IL_INFINITE_LOOP) 方法的自调用引起的死循环 52. IM: Integer multiply of result of integer remainder (IM_MULTIPLYING_RESULT_OF_IREM) 和整数余数进行乘法运算。例如：i % 60 * 1000 是进行(i % 60) * 1000运算而不是 i % (60 * 1000) 53. INT: Bad comparison of nonnegative value with negative constant (INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE) 保证非负数和负数进行比较 54. INT: Bad comparison of signed byte (INT_BAD_COMPARISON_WITH_SIGNED_BYTE) 比较有符合数，要先把有符号数转换为无符合数再进行比较 55. IO: Doomed attempt to append to an object output stream (IO_APPENDING_TO_OBJECT_OUTPUT_STREAM) 宣布试图在对象的输出流处添加元素，如果你希望能够添加进一个对象的输出流中必须保证对象的输出流处于打开状态。 56. IP: A parameter is dead upon entry to a method but overwritten (IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN) The initial value of this parameter is ignored, and the parameter is overwritten here. This often indicates a mistaken belief that the write to the parameter will be conveyed back to the caller. 传入参数的值被忽略，但是对传入值进行了修改，并返回给了调用者 57. MF: Class defines field that masks a superclass field (MF_CLASS_MASKS_FIELD) 子类中定义了和父类中同名的字段。在调用时会出错 58. MF: Method defines a variable that obscures a field (MF_METHOD_MASKS_FIELD) 在方法中定义的局部变量和类变量或者父类变量同名，从而引起字段混淆。 59. NP: Null pointer dereference (NP_ALWAYS_NULL) 对象赋为null值后 没有被重新赋值 60. NP: Null pointer dereference in method on exception path (NP_ALWAYS_NULL_EXCEPTION) A pointer which is null on an exception path is dereferenced here. This will lead to a NullPointerException when the code is executed. Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning. Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible. 空指针引用上调用去除引用方法，将发生空指针异常 61. NP: Method does not check for null argument (NP_ARGUMENT_MIGHT_BE_NULL) 方法没有判断参数是否为空 62. NP: close() invoked on a value that is always null (NP_CLOSING_NULL) 一个为空的对象调用close方法 63. NP: Null value is guaranteed to be dereferenced (NP_GUARANTEED_DEREF) There is a statement or branch that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions). 在正常的null判断分支上，对象去除引用操作是受保护的不允许的 64. NP: Value is null and guaranteed to be dereferenced on exception path (NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH) There is a statement or branch on an exception path that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions). 65. NP: Method call passes null to a nonnull parameter (NP_NONNULL_PARAM_VIOLATION) 方法中为null的参数没有被重新赋值 void test(){ } String ss = null; sya(ss); public void sya(String ad){ } ad.getBytes(); 66. NP: Method may return null, but is declared @NonNull (NP_NONNULL_RETURN_VIOLATION) 方法声明了返回值不能为空，但是方法中有可能返回null 67. NP: A known null value is checked to see if it is an instance of a

type (NP_NULL_INSTANCEOF) 检查一个为null的值是否是想要的类型对象，而不是由于粗心或者逻辑错误引起的 68. NP: Possible null pointer dereference (NP_NULL_ON_SOME_PATH) 对象可能没有重新赋值 69. NP: Possible null pointer dereference in method on exception path (NP_NULL_ON_SOME_PATH_EXCEPTION) A reference value which is null on some exception control path is dereferenced here. This may lead to a NullPointerException when the code is executed. Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning. Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible. 在异常null值处理分支调用的方法上，可能存在对象去除引用操作 70. NP: Method call passes null for nonnull parameter (NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS) 方法参数中声明为nonnull类型的参数为null void test(){ } String ss = null; sya(ss); public void sya(@nonnull String ad){ } ad.getBytes(); 71. NP: Store of null value into field annotated NonNull (NP_STORE_INTO_NONNULL_FIELD) 为一个已经声明为不能为null值的属性赋值为null。 72. Nm: Class defines equal(Object); should it be equals(Object)? (NM_BAD_EQUAL) 类中定义了一个equal方法但是却不是覆写的Object对象的equals方法 73. Nm: Class defines hashcode(); should it be hashCode()? (NM_LCASE_HASHCODE) 类中定义了一个hashCode方法但是却不是覆写的Object中的hashCode方法 74. Nm: Class defines tostring(); should it be toString()? (NM_LCASE_TOSTRING) 类中定义了一个toString方法但是却不是覆写的Object中的toString方法 75. Nm: Apparent method/constructor confusion (NM_METHOD_CONSTRUCTOR_CONFUSION) 构造方法定义混乱，保证一个标准的构造函数。 SA(){ } void SA(){ } 例如： 76. Nm: Very confusing method names (NM_VERY_CONFUSING) 混乱的方法命名，如getName和getname方法同时出现的时候 77. Nm: Method doesn't override method in superclass due to wrong package for parameter (NM_WRONG_PACKAGE) 方法因为取了不同包中的同名的对象而没有正确覆写父类中的同名方法 import alpha.Foo; public class A { public int f(Foo x) { return 17; } } ---- import beta.Foo; public class B extends A { public int f(Foo x) { return 42; } } 78. QBA: Method assigns boolean literal in boolean expression (QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT) 再if或者while表达式中使用boolean类型的值时应该使用==去判断， 而不是采用=操作 79. RC: Suspicious reference comparison (RC_REF_COMPARISON) 比较两个对象值是否相等时应该采用equals方法，而不是==方法 80. RE: Invalid syntax for regular expression (RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION) 对正则表达式使用了错误的语法，会抛出未经检查的异常，表明正则表达式模式中的语法错误。 81. RE: File.separator used for regular expression (RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION) 使用正则表达式使用了错误的文件分隔符，在windows系统中正则表达式不会匹配’\\’而应该使用'\\\\' 82. RV: Random value from 0 to 1 is coerced to the integer 0 (RV_01_TO_INT) 从0到1随机值被强制为整数值0。在强制得到一个整数之前，你可能想得到多个随机值。或使用Random.nextInt（n）的方法。 83. RV: Bad attempt to compute absolute value of signed 32-bit

hashcode (RV_ABSOLUTE_VALUE_OF_HASHCODE) 此代码生成一个哈希码，然后计算该哈希码的绝对值。如果哈希码是Integer.MIN_VALUE的，那么结果将是负数（因为Math.abs（Integer.MIN_VALUE的）== Integer.MIN_VALUE的）。 在2^ 32值之外字符串有一个Integer.MIN_VALUE的hashCode包括“polygenelubricants”，“GydZG_”和“，”DESIGNING WORKHOUSES “。 84. RV: Bad attempt to compute absolute value of signed 32-bit random integer (RV_ABSOLUTE_VALUE_OF_RANDOM_INT) 此代码生成一个随机的符号整数，然后计算该随机整数的绝对值。如果随机数生成数绝对值为Integer.MIN_VALUE的，那么结果将是负数（因为Math.abs（Integer.MIN_VALUE的）== Integer.MIN_VALUE的）。 85. RV: Exception created and dropped rather than thrown (RV_EXCEPTION_NOT_THROWN) 此代码创建一个异常（或错误）的对象，但不会用它做任何事情。例如：if (x < 0) new IllegalArgumentException(\ 这可能是程序员的意图抛出创建的异常： if (x < 0) throw new IllegalArgumentException(\nonnegative\ 86. RV: Method ignores return value (RV_RETURN_VALUE_IGNORED) 该方法的返回值应该进行检查。这种警告通常出现在调用一个不可变对象的方法，认为它更新了对象的值。例如：String dateString = getHeaderField(name); dateString.trim(); 程序员似乎以为trim（）方法将更新dateString引用的字符串。但由于字符串是不可改变的，trim（）函数返回一个新字符串值，在这里它是被忽略了。该代码应更正： String dateString = getHeaderField(name); dateString = dateString.trim(); 87. RpC: Repeated conditional tests (RpC_REPEATED_CONDITIONAL_TEST) 该代码包含对同一个条件试验了两次，两边完全一样例如：（如X == 0 | | x == 0）。可能第二次出现是打算判断别的不同条件（如X == 0 | | y== 0）。 88. SA: Double assignment of field (SA_FIELD_DOUBLE_ASSIGNMENT) 方法中的字段包含了双重任务，例如： int x; public void foo() { x = x = 17; } 这种为变量赋值是无用的，并可能表明一个逻辑错误或拼写错误。 89. SA: Self assignment of field (SA_FIELD_SELF_ASSIGNMENT) 方法中包含自己对自己赋值的字段。例如： int x; public void foo() { x = x; } 90. SA: Self comparison of field with itself (SA_FIELD_SELF_COMPARISON) 字段自己进行自比较可能表明错误或逻辑错误。 91. SA: Self comparison of value with itself (SA_LOCAL_SELF_COMPARISON) 方法中对一个局部变量自身进行比较运算，并可说明错误或逻辑错误。请确保您是比较正确的事情。 92. SA: Nonsensical self computation involving a variable (e.g., x & x) (SA_LOCAL_SELF_COMPUTATION) 此方法对同一变量执行了荒谬的计算（如x&x或x-x）操作。由于计算的性质，这一行动似乎没有意义，并可能表明错误或逻辑错误。 93. SF: Dead store due to switch statement fall through (SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH) 在swtich中先前的case值因为swtich执行失败而被覆写，这就像是忘记使用break推出或者没有使用return语句放回先前的值一样。 94. SF: Dead store due to switch statement fall through to throw (SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW) 在swtich中因为出现异常而忽略了对case值的保存。 95. SIC: Deadly embrace of non-static inner class and thread local (SIC_THREADLOCAL_DEADLY_EMBRACE) 如果是一个静态内部类。实际上，在内部类和当前线程有死锁的可能。由于内部类不是静态的，它保留了对外部类的引用。如果线程包含对一个内部类实例的引用，那么内外实例的实例都可以被获取，这样就不具备垃圾会回收的资格。 96. SIO: Unnecessary type check done using instanceof operator (SIO_SUPERFLUOUS_INSTANCEOF) 在进行instanceof操作时进行没有必要的类型检查 97. STI: Unneeded use of currentThread() call, to call interrupted() (STI_INTERRUPTED_ON_CURRENTTHREAD) 此方法调用Thread.currentThread（）调用，只需调用interrupted

本文来源：https://www.bwwdw.com/article/qfuo.html