FindBugs Changelog

What's new in FindBugs 3.0.1

Mar 10, 2015
  • New Bug patterns:
  • BSHIFT_WRONG_ADD_PRIORITY,
  • CO_COMPARETO_INCORRECT_FLOATING,
  • DC_PARTIALLY_CONSTRUCTED,
  • DM_BOXED_PRIMITIVE_FOR_COMPARE,
  • DM_INVALID_MIN_MAX,
  • ME_MUTABLE_ENUM_FIELD,
  • ME_ENUM_FIELD_SETTER,
  • MS_MUTABLE_COLLECTION,
  • MS_MUTABLE_COLLECTION_PKGPROTECT,
  • RANGE_ARRAY_INDEX,
  • RANGE_ARRAY_OFFSET,
  • RANGE_ARRAY_LENGTH,
  • RANGE_STRING_INDEX,
  • RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT,
  • UC_USELESS_CONDITION,
  • UC_USELESS_CONDITION_TYPE,
  • UC_USELESS_OBJECT,
  • UC_USELESS_OBJECT_STACK,
  • UC_USELESS_VOID_METHOD
  • Improved Bug patterns:
  • INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE,
  • RpC_REPEATED_CONDITIONAL_TEST,
  • WMI_WRONG_MAP_ITERATOR,
  • DMI_HARDCODED_ABSOLUTE_FILENAME,
  • DMI_EMPTY_DB_PASSWORD,
  • DMI_CONSTANT_DB_PASSWORD,
  • PT_ABSOLUTE_PATH_TRAVERSAL,
  • PT_RELATIVE_PATH_TRAVERSAL,
  • IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD,
  • SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE,
  • SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
  • Bug patterns under evaluation:
  • CAA_COVARIANT_ARRAY_FIELD,
  • CAA_COVARIANT_ARRAY_RETURN,
  • CAA_COVARIANT_ARRAY_LOCAL,
  • CAA_COVARIANT_ARRAY_ELEMENT_STORE,
  • IIL_PREPARE_STATEMENT_IN_LOOP,
  • IIL_PATTERN_COMPILE_IN_LOOP,
  • IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT,
  • IIL_ELEMENTS_GET_LENGTH_IN_LOOP,
  • Various bug fixes, also many patches from community. Thanks for your contributions!

New in FindBugs 3.0.0 (Jul 7, 2014)

  • FindBugs supports Java 8 now (both as runtime and target platform).
  • FindBugs requires minimum Java 7 as runtime environment!
  • FindBugs uses ASM 5 now which means that some 3rd party detectors based on FindBugs 2.x/ASM 3 has to be upgraded. See details in ASM documentation.
  • New Bug patterns: NP_OPTIONAL_RETURN_NULL, IIO_INEFFICIENT_INDEX_OF, IIO_INEFFICIENT_LAST_INDEX_OF CNT_ROUGH_CONSTANT_VALUE
  • New "Source" filter which can be used to filter out classes generated from other languages.
  • New "-auxclasspathFromFile" and "-analyzeFromFile" command line options.
  • New "nested" ant task attribute.
  • Various bug fixes, also many patches from community.

New in FindBugs 3.0.0 RC 1 (Jun 26, 2014)

  • FindBugs supports Java 8 now (both as runtime and target platform).
  • FindBugs requires minimum Java 7 as runtime environment!
  • FindBugs uses ASM 5 now which means that some 3rd party detectors based on FindBugs 2.x/ASM 3 has to be upgraded. See details in ASM documentation.
  • New Bug patterns: NP_OPTIONAL_RETURN_NULL, IIO_INEFFICIENT_INDEX_OF, IIO_INEFFICIENT_LAST_INDEX_OF CNT_ROUGH_CONSTANT_VALUE
  • New "Source" filter which can be used to filter out classes generated from other languages
  • New "-auxclasspathFromFile" and "-analyzeFromFile" command line options.
  • New "nested" ant task attribute.
  • Various bug fixes, also many patches from community.

New in FindBugs 2.0.3 (Jun 26, 2014)

  • FindBugs Communal cloud
  • checks for updated versions of FindBugs
  • Powerful plugin capabilities
  • new bug patterns, including new/improved support for Guava and JSR-305
  • improved performance

New in FindBugs 2.0.3 RC 1 (Nov 7, 2013)

  • New Bug patterns: DM_BOXED_PRIMITIVE_FOR_PARSING, NP_METHOD_RETURN_RELAXING_ANNOTATION, and NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION
  • Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output.
  • When dataflow does't terminate, make sure we continue with analysis.
  • Fix some problems that resulting in dataflow analysis not terminating
  • Get parameter annotations from default parameters annotations applied to the method.
  • Add subversion change number to eclipse plugin qualifier.
  • Disabled detector for AM_CREATES_EMPTY_JAR_FILE_ENTRY; it complaints inappropriately about code that creates directory entries.
  • Add warnings about incompatible types passed to org.testng.Assert.assertEquals
  • Add logic that understands more of the Google Guava APIs.
  • Disable type qualifier validator execution within Eclipse plugin; too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures)
  • Consistently check both access flags and attributes to see if something is synthetic. Compiler is inconsistent about where synthetic elements are marked.
  • Fixed false positives for the following bug patterns (17 occurrences in findbugsTestCases):
  • BC_IMPOSSIBLE_INSTANCEOF
  • BC_UNCONFIRMED_CAST
  • EC_UNRELATED_TYPES
  • INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE
  • IS2_INCONSISTENT_SYNC
  • NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS
  • OBL_UNSATISFIED_OBLIGATION
  • RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
  • SA_FIELD_SELF_COMPARISON
  • TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED
  • Fixed false negatives for the following bug patterns (45 occurrences in findbugsTestCases):
  • BC_UNCONFIRMED_CAST
  • DM_NUMBER_CTOR
  • EC_ARRAY_AND_NONARRAY
  • EC_INCOMPATIBLE_ARRAY_COMPARE
  • EC_UNRELATED_TYPES
  • GC_UNRELATED_TYPES
  • IS_FIELD_NOT_GUARDED
  • IT_NO_SUCH_ELEMENT
  • JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS
  • NP_NULL_ON_SOME_PATH
  • NP_NONNULL_PARAM_VIOLATION
  • NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
  • NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE
  • NP_STORE_INTO_NONNULL_FIELD
  • RE_POSSIBLE_UNINTENDED_PATTERN
  • SA_FIELD_SELF_COMPARISON

New in FindBugs 2.0.2 (Dec 10, 2012)

  • Fix false positions for NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR - fixing Bug3547559, Bug3555408, Bug3580266 and Bug3587164.
  • Fix false positives for SF_SWITCH_NO_DEFAULT
  • Inline access methods for private fields, fixing false positive in Bug3484713.
  • Type qualifier annotations, including nullness annotations, are now ignored on vararg parameters (including default and inherited annotations), awaiting JSR308.
  • Defined new bug pattern to give better explanations of issues involving strict type qualifiers TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED
  • Adjusted analysis of type qualifiers, now giving warnings where a computed value is used in a place where a value with a strict type qualifier is required.
  • Complain about missing classes only if they are encountered while analyzing application classes; ignore missing classes that are encounted while analyzing classes loaded from the auxclasspath. Fix for Bug3588379
  • Fixed false positive null pointer warning coming from synthetic bridge methods, fixing Bug3589328
  • In general, suppress warnings in synthetic methods.
  • Fix some false positives involving GC_UNRELATED_TYPES on classes that extend generic collection classes.
  • Combine multiple identical warnings about DM_DEFAULT_ENCODING that occur in the same method, simplifying issue triage.
  • Changes by Andrey Loskutov
  • fixed job scheduling errors in 3.8/4.2 Eclipse bug report
  • more realistic progress bar updates for jobs
  • added nullness annotations for some common Eclipse API methods known to usually return null values
  • Added support for org.eclipse.jdt.annotation.Nullable, NonNull and NonNullByDefault annotations (introduced with Eclipse 3.8/4.2)
  • Documentation improvements

New in FindBugs 2.0.2 RC 2 (Dec 5, 2012)

  • Fix false positions for NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR - fixing Bug3547559, Bug3555408, Bug3580266 and Bug3587164.
  • Fix false positives for SF_SWITCH_NO_DEFAULT
  • Type qualifier annotations, including nullness annotations, are now ignored on vararg parameters (including default and inherited annotations), awaiting JSR308.
  • Defined new bug pattern to give better explanations of issues involving strict type qualifiers TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED
  • Adjusted analysis of type qualifiers, now giving warnings where a computed value is used in a place where a value with a strict type qualifier is required.
  • Complain about missing classes only if they are encountered while analyzing application classes; ignore missing classes that are encounted while analyzing classes loaded from the auxclasspath. Fix for Bug3588379
  • Fixed false positive null pointer warning coming from synthetic bridge methods, fixing Bug3589328
  • In general, suppress warnings in synthetic methods.
  • Fix some false positives involving GC_UNRELATED_TYPES on classes that extend generic collection classes.
  • fixed job scheduling errors in 3.8/4.2 Eclipse bug report
  • more realistic progress bar updates for jobs
  • added nullness annotations for some common Eclipse API methods known to usually return null values
  • Added support for org.eclipse.jdt.annotation.Nullable, NonNull and NonNullByDefault annotations (introduced with Eclipse 3.8/4.2)
  • Documentation improvements
  • lots of other small changes

New in FindBugs 2.0.2 RC 1 (Nov 20, 2012)

  • New bug patterns; in some cases, bugs previous reported as other bug patterns are reported as instances of these new bug patterns in order to make it easier for developers to understand the bug reports
  • PT_ABSOLUTE_PATH_TRAVERSAL
  • PT_RELATIVE_PATH_TRAVERSAL
  • NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
  • MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
  • BC_UNCONFIRMED_CAST_OF_RETURN_VALUE
  • PT_ABSOLUTE_PATH_TRAVERSAL
  • TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS
  • Changes to fix false negatives for the following bug patterns: BC_UNCONFIRMED_CAST, EC_BAD_ARRAY_COMPARE, EQ_UNUSUAL, GC_UNRELATED_TYPES, and NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE.
  • Changes to fix false positions for the following bug patterns: DMI_DOH, EC_UNRELATED_TYPES, and SE_BAD_FIELD.

New in FindBugs 1.3.7 (Jan 5, 2009)

  • New detection of accidental vacuous/useless calls to EasyMock methods, and of generic signatures that proclaim the use of unhashable classes in ways that require that they be hashed.
  • Eliminate some false positives where we were warning about a useless call (e.g., comparing two incompatible types for equality), but the only thing the code was doing with the result was passing it to assertFalse.
  • Japanese localization and manual by K.Hashimoto. (Thanks!)
  • Added -exclude and -outputDir command line options to rejarForAnalysis
  • Extended -adjustPriorities option to FindBugs analysis textui so that you can modify the priorities of individual bug patterns as well as visitors, and also completely suppress individual bug patterns or visitors. e.g., -adjustPriority