rules-findbugs.xml

<rules><!-- This file is auto-generated. -->
  <rule key='CNT_ROUGH_CONSTANT_VALUE' priority='MAJOR'>
    <name>Bad practice - Rough value of known constant found</name>
    <configKey>CNT_ROUGH_CONSTANT_VALUE</configKey>
    <description>&lt;p&gt;It's recommended to use the predefined library constant for code clarity and better precision.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SKIPPED_CLASS_TOO_BIG' priority='INFO'>
    <name>Experimental - Class too big for analysis</name>
    <configKey>SKIPPED_CLASS_TOO_BIG</configKey>
    <description>&lt;p&gt;This class is bigger than can be effectively handled, and was not fully analyzed for errors.
&lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE' priority='MAJOR'>
    <name>Correctness - BigDecimal constructed from double that isn't represented precisely</name>
    <configKey>DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE</configKey>
    <description>&lt;p&gt;
This code creates a BigDecimal from a double value that doesn't translate well to a
decimal number.
For example, one might assume that writing new BigDecimal(0.1) in Java creates a BigDecimal which is exactly equal to 0.1 (an unscaled value of 1, with a scale of 1), but it is actually equal to 0.1000000000000000055511151231257827021181583404541015625.
You probably want to use the BigDecimal.valueOf(double d) method, which uses the String representation
of the double to create the BigDecimal (e.g., BigDecimal.valueOf(0.1) gives 0.1).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_DOH' priority='MAJOR'>
    <name>Correctness - D'oh! A nonsensical method invocation</name>
    <configKey>DMI_DOH</configKey>
    <description>&lt;p&gt;
This partical method invocation doesn't make sense, for reasons that should be apparent from inspection.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD' priority='MAJOR'>
    <name>Correctness - Useless/vacuous call to EasyMock method</name>
    <configKey>DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD</configKey>
    <description>&lt;p&gt;This call doesn't pass any objects to the EasyMock method, so the call doesn't do anything.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS' priority='MAJOR'>
    <name>Correctness - Creation of ScheduledThreadPoolExecutor with zero core threads</name>
    <configKey>DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS</configKey>
    <description>&lt;p&gt;(&lt;a href="http://docs.oracle.com/javase/6/docs/api/java/util/concurrent/ScheduledThreadPoolExecutor.html#ScheduledThreadPoolExecutor%28int%29"&gt;Javadoc&lt;/a&gt;)
A ScheduledThreadPoolExecutor with zero core threads will never execute anything; changes to the max pool size are ignored.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR' priority='MAJOR'>
    <name>Correctness - Futile attempt to change max pool size of ScheduledThreadPoolExecutor</name>
    <configKey>DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD_POOL_EXECUTOR</configKey>
    <description>&lt;p&gt;(&lt;a href="http://docs.oracle.com/javase/6/docs/api/java/util/concurrent/ScheduledThreadPoolExecutor.html"&gt;Javadoc&lt;/a&gt;)
While ScheduledThreadPoolExecutor inherits from ThreadPoolExecutor, a few of the inherited tuning methods are not useful for it. In particular, because it acts as a fixed-sized pool using corePoolSize threads and an unbounded queue, adjustments to maximumPoolSize have no useful effect.
    &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_UNSUPPORTED_METHOD' priority='INFO'>
    <name>Style - Call to unsupported method</name>
    <configKey>DMI_UNSUPPORTED_METHOD</configKey>
    <description>&lt;p&gt;All targets of this method invocation throw an UnsupportedOperationException.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DMI_EMPTY_DB_PASSWORD' priority='MAJOR'>
    <name>Security - Empty database password</name>
    <configKey>DMI_EMPTY_DB_PASSWORD</configKey>
    <description>&lt;p&gt;This code creates a database connect using a blank or empty password. This indicates that the database is not protected by a password.
&lt;/p&gt;</description>
    <tag>security</tag>
  </rule>
  <rule key='DMI_CONSTANT_DB_PASSWORD' priority='MAJOR'>
    <name>Security - Hardcoded constant database password</name>
    <configKey>DMI_CONSTANT_DB_PASSWORD</configKey>
    <description>&lt;p&gt;This code creates a database connect using a hardcoded, constant password. Anyone with access to either the source code or the compiled code can
    easily learn the password.
&lt;/p&gt;</description>
    <tag>security</tag>
  </rule>
  <rule key='HRS_REQUEST_PARAMETER_TO_COOKIE' priority='MAJOR'>
    <name>Security - HTTP cookie formed from untrusted input</name>
    <configKey>HRS_REQUEST_PARAMETER_TO_COOKIE</configKey>
    <description>&lt;p&gt;This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting
vulnerability. See &lt;a href="http://en.wikipedia.org/wiki/HTTP_response_splitting"&gt;http://en.wikipedia.org/wiki/HTTP_response_splitting&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of HTTP response splitting.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more
vulnerabilities that SpotBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>security</tag>
  </rule>
  <rule key='HRS_REQUEST_PARAMETER_TO_HTTP_HEADER' priority='MAJOR'>
    <name>Security - HTTP Response splitting vulnerability</name>
    <configKey>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER</configKey>
    <description>&lt;p&gt;This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting
vulnerability. See &lt;a href="http://en.wikipedia.org/wiki/HTTP_response_splitting"&gt;http://en.wikipedia.org/wiki/HTTP_response_splitting&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of HTTP response splitting.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more
vulnerabilities that SpotBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>security</tag>
  </rule>
  <rule key='PT_RELATIVE_PATH_TRAVERSAL' priority='MAJOR'>
    <name>Security - Relative path traversal in servlet</name>
    <configKey>PT_RELATIVE_PATH_TRAVERSAL</configKey>
    <description>&lt;p&gt;The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

See &lt;a href="http://cwe.mitre.org/data/definitions/23.html"&gt;http://cwe.mitre.org/data/definitions/23.html&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of relative path traversal.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more
vulnerabilities that SpotBugs doesn't report. If you are concerned about relative path traversal, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>cwe</tag>
    <tag>security</tag>
  </rule>
  <rule key='PT_ABSOLUTE_PATH_TRAVERSAL' priority='MAJOR'>
    <name>Security - Absolute path traversal in servlet</name>
    <configKey>PT_ABSOLUTE_PATH_TRAVERSAL</configKey>
    <description>&lt;p&gt;The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory,
but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

See &lt;a href="http://cwe.mitre.org/data/definitions/36.html"&gt;http://cwe.mitre.org/data/definitions/36.html&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of absolute path traversal.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more
vulnerabilities that SpotBugs doesn't report. If you are concerned about absolute path traversal, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>cwe</tag>
    <tag>security</tag>
  </rule>
  <rule key='XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER' priority='MAJOR'>
    <name>Security - Servlet reflected cross site scripting vulnerability</name>
    <configKey>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER</configKey>
    <description>&lt;p&gt;This code directly writes an HTTP parameter to Servlet output, which allows for a reflected cross site scripting
vulnerability. See &lt;a href="http://en.wikipedia.org/wiki/Cross-site_scripting"&gt;http://en.wikipedia.org/wiki/Cross-site_scripting&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of cross site scripting.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more cross site scripting
vulnerabilities that SpotBugs doesn't report. If you are concerned about cross site scripting, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>owasp-a3</tag>
    <tag>security</tag>
  </rule>
  <rule key='XSS_REQUEST_PARAMETER_TO_SEND_ERROR' priority='MAJOR'>
    <name>Security - Servlet reflected cross site scripting vulnerability in error page</name>
    <configKey>XSS_REQUEST_PARAMETER_TO_SEND_ERROR</configKey>
    <description>&lt;p&gt;This code directly writes an HTTP parameter to a Server error page (using HttpServletResponse.sendError). Echoing this untrusted input allows
for a reflected cross site scripting
vulnerability. See &lt;a href="http://en.wikipedia.org/wiki/Cross-site_scripting"&gt;http://en.wikipedia.org/wiki/Cross-site_scripting&lt;/a&gt;
for more information.&lt;/p&gt;
&lt;p&gt;SpotBugs looks only for the most blatant, obvious cases of cross site scripting.
If SpotBugs found &lt;em&gt;any&lt;/em&gt;, you &lt;em&gt;almost certainly&lt;/em&gt; have more cross site scripting
vulnerabilities that SpotBugs doesn't report. If you are concerned about cross site scripting, you should seriously
consider using a commercial static analysis or pen-testing tool.
&lt;/p&gt;</description>
    <tag>owasp-a3</tag>
    <tag>security</tag>
  </rule>
  <rule key='SW_SWING_METHODS_INVOKED_IN_SWING_THREAD' priority='MAJOR'>
    <name>Bad practice - Certain swing methods needs to be invoked in Swing thread</name>
    <configKey>SW_SWING_METHODS_INVOKED_IN_SWING_THREAD</configKey>
    <description>&lt;p&gt;(&lt;a href="http://web.archive.org/web/20090526170426/http://java.sun.com/developer/JDCTechTips/2003/tt1208.html"&gt;From JDC Tech Tip&lt;/a&gt;): The Swing methods
show(), setVisible(), and pack() will create the associated peer for the frame.
With the creation of the peer, the system creates the event dispatch thread.
This makes things problematic because the event dispatch thread could be notifying
listeners while pack and validate are still processing. This situation could result in
two threads going through the Swing component-based GUI -- it's a serious flaw that
could result in deadlocks or other related threading issues. A pack call causes
components to be realized. As they are being realized (that is, not necessarily
visible), they could trigger listener notification on the event dispatch thread.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='IL_INFINITE_LOOP' priority='MAJOR'>
    <name>Correctness - An apparent infinite loop</name>
    <configKey>IL_INFINITE_LOOP</configKey>
    <description>&lt;p&gt;This loop doesn't seem to have a way to terminate (other than by perhaps
throwing an exception).&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IL_INFINITE_RECURSIVE_LOOP' priority='MAJOR'>
    <name>Correctness - An apparent infinite recursive loop</name>
    <configKey>IL_INFINITE_RECURSIVE_LOOP</configKey>
    <description>&lt;p&gt;This method unconditionally invokes itself. This would seem to indicate
an infinite recursive loop that will result in a stack overflow.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IL_CONTAINER_ADDED_TO_ITSELF' priority='MAJOR'>
    <name>Correctness - A collection is added to itself</name>
    <configKey>IL_CONTAINER_ADDED_TO_ITSELF</configKey>
    <description>&lt;p&gt;A collection is added to itself. As a result, computing the hashCode of this
set will throw a StackOverflowException.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='VO_VOLATILE_REFERENCE_TO_ARRAY' priority='MAJOR'>
    <name>Multi-threading - A volatile reference to an array doesn't treat the array elements as volatile</name>
    <configKey>VO_VOLATILE_REFERENCE_TO_ARRAY</configKey>
    <description>&lt;p&gt;This declares a volatile reference to an array, which might not be what
you want. With a volatile reference to an array, reads and writes of
the reference to the array are treated as volatile, but the array elements
are non-volatile. To get volatile array elements, you will need to use
one of the atomic array classes in java.util.concurrent (provided
in Java 5.0).&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='VO_VOLATILE_INCREMENT' priority='MAJOR'>
    <name>Multi-threading - An increment to a volatile field isn't atomic</name>
    <configKey>VO_VOLATILE_INCREMENT</configKey>
    <description>&lt;p&gt;This code increments a volatile field. Increments of volatile fields aren't
atomic. If more than one thread is incrementing the field at the same time,
increments could be lost.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UI_INHERITANCE_UNSAFE_GETRESOURCE' priority='MAJOR'>
    <name>Bad practice - Usage of GetResource may be unsafe if class is extended</name>
    <configKey>UI_INHERITANCE_UNSAFE_GETRESOURCE</configKey>
    <description>&lt;p&gt;Calling &lt;code&gt;this.getClass().getResource(...)&lt;/code&gt; could give
results other than expected if this class is extended by a class in
another package.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NP_BOOLEAN_RETURN_NULL' priority='MAJOR'>
    <name>Bad practice - Method with Boolean return type returns explicit null</name>
    <configKey>NP_BOOLEAN_RETURN_NULL</configKey>
    <description>&lt;p&gt;
    A method that returns either Boolean.TRUE, Boolean.FALSE or null is an accident waiting to happen.
    This method can be invoked as though it returned a value of type boolean, and
    the compiler will insert automatic unboxing of the Boolean value. If a null value is returned,
    this will result in a NullPointerException.
       &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NP_OPTIONAL_RETURN_NULL' priority='MAJOR'>
    <name>Correctness - Method with Optional return type returns explicit null</name>
    <configKey>NP_OPTIONAL_RETURN_NULL</configKey>
    <description>&lt;p&gt;
    The usage of Optional return type (java.util.Optional or com.google.common.base.Optional)
    always means that explicit null returns were not desired by design.
    Returning a null value in such case is a contract violation and will most likely break client code.
       &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR' priority='MAJOR'>
    <name>Correctness - Non-null field is not initialized</name>
    <configKey>NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</configKey>
    <description>&lt;p&gt; The field is marked as non-null, but isn't written to by the constructor.
    The field might be initialized elsewhere during constructor, or might always
    be initialized before use.
       &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_SYNC_AND_NULL_CHECK_FIELD' priority='MAJOR'>
    <name>Multi-threading - Synchronize and null check on the same field.</name>
    <configKey>NP_SYNC_AND_NULL_CHECK_FIELD</configKey>
    <description>&lt;p&gt;Since the field is synchronized on, it seems not likely to be null.
If it is null and then synchronized on a NullPointerException will be
thrown and the check would be pointless. Better to synchronize on
another field.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RpC_REPEATED_CONDITIONAL_TEST' priority='MAJOR'>
    <name>Correctness - Repeated conditional tests</name>
    <configKey>RpC_REPEATED_CONDITIONAL_TEST</configKey>
    <description>&lt;p&gt;The code contains a conditional test is performed twice, one right after the other
(e.g., &lt;code&gt;x == 0 || x == 0&lt;/code&gt;). Perhaps the second occurrence is intended to be something else
(e.g., &lt;code&gt;x == 0 || y == 0&lt;/code&gt;).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='AM_CREATES_EMPTY_ZIP_FILE_ENTRY' priority='MAJOR'>
    <name>Bad practice - Creates an empty zip file entry</name>
    <configKey>AM_CREATES_EMPTY_ZIP_FILE_ENTRY</configKey>
    <description>&lt;p&gt;The code calls &lt;code&gt;putNextEntry()&lt;/code&gt;, immediately
followed by a call to &lt;code&gt;closeEntry()&lt;/code&gt;. This results
in an empty ZipFile entry. The contents of the entry
should be written to the ZipFile between the calls to
&lt;code&gt;putNextEntry()&lt;/code&gt; and
&lt;code&gt;closeEntry()&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='AM_CREATES_EMPTY_JAR_FILE_ENTRY' priority='MAJOR'>
    <name>Bad practice - Creates an empty jar file entry</name>
    <configKey>AM_CREATES_EMPTY_JAR_FILE_ENTRY</configKey>
    <description>&lt;p&gt;The code calls &lt;code&gt;putNextEntry()&lt;/code&gt;, immediately
followed by a call to &lt;code&gt;closeEntry()&lt;/code&gt;. This results
in an empty JarFile entry. The contents of the entry
should be written to the JarFile between the calls to
&lt;code&gt;putNextEntry()&lt;/code&gt; and
&lt;code&gt;closeEntry()&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='IMSE_DONT_CATCH_IMSE' priority='MAJOR'>
    <name>Bad practice - Dubious catching of IllegalMonitorStateException</name>
    <configKey>IMSE_DONT_CATCH_IMSE</configKey>
    <description>&lt;p&gt;IllegalMonitorStateException is generally only
   thrown in case of a design flaw in your code (calling wait or
   notify on an object you do not hold a lock on).&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FL_MATH_USING_FLOAT_PRECISION' priority='MAJOR'>
    <name>Correctness - Method performs math using floating point precision</name>
    <configKey>FL_MATH_USING_FLOAT_PRECISION</configKey>
    <description>&lt;p&gt;
   The method performs math operations using floating point precision.
   Floating point precision is very imprecise. For example,
   16777216.0f + 1.0f = 16777216.0f. Consider using double math instead.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='CAA_COVARIANT_ARRAY_FIELD' priority='INFO'>
    <name>Style - Covariant array assignment to a field</name>
    <configKey>CAA_COVARIANT_ARRAY_FIELD</configKey>
    <description>&lt;p&gt;Array of covariant type is assigned to a field. This is confusing and may lead to ArrayStoreException at runtime
if the reference of some other type will be stored in this array later like in the following code:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;Number[] arr = new Integer[10];
arr[0] = 1.0;
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Consider changing the type of created array or the field type.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='CAA_COVARIANT_ARRAY_LOCAL' priority='INFO'>
    <name>Style - Covariant array assignment to a local variable</name>
    <configKey>CAA_COVARIANT_ARRAY_LOCAL</configKey>
    <description>&lt;p&gt;Array of covariant type is assigned to a local variable. This is confusing and may lead to ArrayStoreException at runtime
if the reference of some other type will be stored in this array later like in the following code:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;Number[] arr = new Integer[10];
arr[0] = 1.0;
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Consider changing the type of created array or the local variable type.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='CAA_COVARIANT_ARRAY_RETURN' priority='INFO'>
    <name>Style - Covariant array is returned from the method</name>
    <configKey>CAA_COVARIANT_ARRAY_RETURN</configKey>
    <description>&lt;p&gt;Array of covariant type is returned from the method. This is confusing and may lead to ArrayStoreException at runtime
if the calling code will try to store the reference of some other type in the returned array.
&lt;/p&gt;
&lt;p&gt;Consider changing the type of created array or the method return type.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='CAA_COVARIANT_ARRAY_ELEMENT_STORE' priority='MAJOR'>
    <name>Correctness - Possibly incompatible element is stored in covariant array</name>
    <configKey>CAA_COVARIANT_ARRAY_ELEMENT_STORE</configKey>
    <description>&lt;p&gt;Value is stored into the array and the value type doesn't match the array type.
It's known from the analysis that actual array type is narrower than the declared type of its variable or field
and this assignment doesn't satisfy the original array type. This assignment may cause ArrayStoreException
at runtime.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='CN_IDIOM' priority='MAJOR'>
    <name>Bad practice - Class implements Cloneable but does not define or use clone method</name>
    <configKey>CN_IDIOM</configKey>
    <description>&lt;p&gt;
   Class implements Cloneable but does not define or
   use the clone method.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE' priority='MAJOR'>
    <name>Bad practice - Class defines clone() but doesn't implement Cloneable</name>
    <configKey>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE</configKey>
    <description>&lt;p&gt; This class defines a clone() method but the class doesn't implement Cloneable.
There are some situations in which this is OK (e.g., you want to control how subclasses
can clone themselves), but just make sure that this is what you intended.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CN_IDIOM_NO_SUPER_CALL' priority='MAJOR'>
    <name>Bad practice - clone method does not call super.clone()</name>
    <configKey>CN_IDIOM_NO_SUPER_CALL</configKey>
    <description>&lt;p&gt; This non-final class defines a clone() method that does not call super.clone().
If this class ("&lt;i&gt;A&lt;/i&gt;") is extended by a subclass ("&lt;i&gt;B&lt;/i&gt;"),
and the subclass &lt;i&gt;B&lt;/i&gt; calls super.clone(), then it is likely that
&lt;i&gt;B&lt;/i&gt;'s clone() method will return an object of type &lt;i&gt;A&lt;/i&gt;,
which violates the standard contract for clone().&lt;/p&gt;

&lt;p&gt; If all clone() methods call super.clone(), then they are guaranteed
to use Object.clone(), which always returns an object of the correct type.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_FUTURE_KEYWORD_USED_AS_IDENTIFIER' priority='MAJOR'>
    <name>Bad practice - Use of identifier that is a keyword in later versions of Java</name>
    <configKey>NM_FUTURE_KEYWORD_USED_AS_IDENTIFIER</configKey>
    <description>&lt;p&gt;The identifier is a word that is reserved as a keyword in later versions of Java, and your code will need to be changed
in order to compile it in later versions of Java.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER' priority='MAJOR'>
    <name>Bad practice - Use of identifier that is a keyword in later versions of Java</name>
    <configKey>NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER</configKey>
    <description>&lt;p&gt;This identifier is used as a keyword in later versions of Java. This code, and
any code that references this API,
will need to be changed in order to compile it in later versions of Java.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DE_MIGHT_DROP' priority='MAJOR'>
    <name>Bad practice - Method might drop exception</name>
    <configKey>DE_MIGHT_DROP</configKey>
    <description>&lt;p&gt; This method might drop an exception.&amp;nbsp; In general, exceptions
  should be handled or reported in some way, or they should be thrown
  out of the method.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DE_MIGHT_IGNORE' priority='MAJOR'>
    <name>Bad practice - Method might ignore exception</name>
    <configKey>DE_MIGHT_IGNORE</configKey>
    <description>&lt;p&gt; This method might ignore an exception.&amp;nbsp; In general, exceptions
  should be handled or reported in some way, or they should be thrown
  out of the method.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DP_DO_INSIDE_DO_PRIVILEGED' priority='INFO'>
    <name>Malicious code - Method invoked that should be only be invoked inside a doPrivileged block</name>
    <configKey>DP_DO_INSIDE_DO_PRIVILEGED</configKey>
    <description>&lt;p&gt; This code invokes a method that requires a security permission check.
  If this code will be granted security permissions, but might be invoked by code that does not
  have security permissions, then the invocation needs to occur inside a doPrivileged block.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='DP_DO_INSIDE_DO_PRIVILEDGED' priority='INFO'>
    <name>Experimental - Method invoked that should be only be invoked inside a doPrivileged block</name>
    <configKey>DP_DO_INSIDE_DO_PRIVILEDGED</configKey>
    <description>&lt;p&gt; This code invokes a method that requires a security permission check.
  If this code will be granted security permissions, but might be invoked by code that does not
  have security permissions, then the invocation needs to occur inside a doPrivileged block.&lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED' priority='INFO'>
    <name>Malicious code - Classloaders should only be created inside doPrivileged block</name>
    <configKey>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</configKey>
    <description>&lt;p&gt; This code creates a classloader,  which needs permission if a security manage is installed.
  If this code might be invoked by code that does not
  have security permissions, then the classloader creation needs to occur inside a doPrivileged block.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS' priority='MAJOR'>
    <name>Bad practice - Fields of immutable classes should be final</name>
    <configKey>JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</configKey>
    <description>&lt;p&gt; The class is annotated with net.jcip.annotations.Immutable or javax.annotation.concurrent.Immutable,
  and the rules for those annotations require that all fields are final.
   .&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED' priority='INFO'>
    <name>Style - Thread passed where Runnable expected</name>
    <configKey>DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED</configKey>
    <description>&lt;p&gt; A Thread object is passed as a parameter to a method where
a Runnable is expected. This is rather unusual, and may indicate a logic error
or cause unexpected behavior.
   &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DMI_COLLECTION_OF_URLS' priority='MAJOR'>
    <name>Performance - Maps and sets of URLs can be performance hogs</name>
    <configKey>DMI_COLLECTION_OF_URLS</configKey>
    <description>&lt;p&gt; This method or field is or uses a Map or Set of URLs. Since both the equals and hashCode
method of URL perform domain name resolution, this can result in a big performance hit.
See &lt;a href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html"&gt;http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html&lt;/a&gt; for more information.
Consider using &lt;code&gt;java.net.URI&lt;/code&gt; instead.
   &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_BLOCKING_METHODS_ON_URL' priority='MAJOR'>
    <name>Performance - The equals and hashCode methods of URL are blocking</name>
    <configKey>DMI_BLOCKING_METHODS_ON_URL</configKey>
    <description>&lt;p&gt; The equals and hashCode
method of URL perform domain name resolution, this can result in a big performance hit.
See &lt;a href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html"&gt;http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html&lt;/a&gt; for more information.
Consider using &lt;code&gt;java.net.URI&lt;/code&gt; instead.
   &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION' priority='MAJOR'>
    <name>Correctness - Can't use reflection to check for presence of annotation without runtime retention</name>
    <configKey>DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION</configKey>
    <description>&lt;p&gt; Unless an annotation has itself been annotated with  @Retention(RetentionPolicy.RUNTIME), the annotation can't be observed using reflection
(e.g., by using the isAnnotationPresent method).
   .&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_EXIT' priority='MAJOR'>
    <name>Bad practice - Method invokes System.exit(...)</name>
    <configKey>DM_EXIT</configKey>
    <description>&lt;p&gt; Invoking System.exit shuts down the entire Java virtual machine. This
   should only been done when it is appropriate. Such calls make it
   hard or impossible for your code to be invoked by other code.
   Consider throwing a RuntimeException instead.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DM_RUN_FINALIZERS_ON_EXIT' priority='MAJOR'>
    <name>Bad practice - Method invokes dangerous method runFinalizersOnExit</name>
    <configKey>DM_RUN_FINALIZERS_ON_EXIT</configKey>
    <description>&lt;p&gt; &lt;em&gt;Never call System.runFinalizersOnExit
or Runtime.runFinalizersOnExit for any reason: they are among the most
dangerous methods in the Java libraries.&lt;/em&gt; -- Joshua Bloch&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DM_STRING_CTOR' priority='MAJOR'>
    <name>Performance - Method invokes inefficient new String(String) constructor</name>
    <configKey>DM_STRING_CTOR</configKey>
    <description>&lt;p&gt; Using the &lt;code&gt;java.lang.String(String)&lt;/code&gt; constructor wastes memory
  because the object so constructed will be functionally indistinguishable
  from the &lt;code&gt;String&lt;/code&gt; passed as a parameter.&amp;nbsp; Just use the
  argument &lt;code&gt;String&lt;/code&gt; directly.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_STRING_VOID_CTOR' priority='MAJOR'>
    <name>Performance - Method invokes inefficient new String() constructor</name>
    <configKey>DM_STRING_VOID_CTOR</configKey>
    <description>&lt;p&gt; Creating a new &lt;code&gt;java.lang.String&lt;/code&gt; object using the
  no-argument constructor wastes memory because the object so created will
  be functionally indistinguishable from the empty string constant
  &lt;code&gt;""&lt;/code&gt;.&amp;nbsp; Java guarantees that identical string constants
  will be represented by the same &lt;code&gt;String&lt;/code&gt; object.&amp;nbsp; Therefore,
  you should just use the empty string constant directly.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_STRING_TOSTRING' priority='MAJOR'>
    <name>Performance - Method invokes toString() method on a String</name>
    <configKey>DM_STRING_TOSTRING</configKey>
    <description>&lt;p&gt; Calling &lt;code&gt;String.toString()&lt;/code&gt; is just a redundant operation.
  Just use the String.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_GC' priority='MAJOR'>
    <name>Performance - Explicit garbage collection; extremely dubious except in benchmarking code</name>
    <configKey>DM_GC</configKey>
    <description>&lt;p&gt; Code explicitly invokes garbage collection.
  Except for specific use in benchmarking, this is very dubious.&lt;/p&gt;
  &lt;p&gt;In the past, situations where people have explicitly invoked
  the garbage collector in routines such as close or finalize methods
  has led to huge performance black holes. Garbage collection
   can be expensive. Any situation that forces hundreds or thousands
   of garbage collections will bring the machine to a crawl.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_BOOLEAN_CTOR' priority='MAJOR'>
    <name>Performance - Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead</name>
    <configKey>DM_BOOLEAN_CTOR</configKey>
    <description>&lt;p&gt; Creating new instances of &lt;code&gt;java.lang.Boolean&lt;/code&gt; wastes
  memory, since &lt;code&gt;Boolean&lt;/code&gt; objects are immutable and there are
  only two useful values of this type.&amp;nbsp; Use the &lt;code&gt;Boolean.valueOf()&lt;/code&gt;
  method (or Java 1.5 autoboxing) to create &lt;code&gt;Boolean&lt;/code&gt; objects instead.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_NUMBER_CTOR' priority='MAJOR'>
    <name>Performance - Method invokes inefficient Number constructor; use static valueOf instead</name>
    <configKey>DM_NUMBER_CTOR</configKey>
    <description>&lt;p&gt;
      Using &lt;code&gt;new Integer(int)&lt;/code&gt; is guaranteed to always result in a new object whereas
      &lt;code&gt;Integer.valueOf(int)&lt;/code&gt; allows caching of values to be done by the compiler, class library, or JVM.
      Using of cached values avoids object allocation and the code will be faster.
      &lt;/p&gt;
      &lt;p&gt;
      Values between -128 and 127 are guaranteed to have corresponding cached instances
      and using &lt;code&gt;valueOf&lt;/code&gt; is approximately 3.5 times faster than using constructor.
      For values outside the constant range the performance of both styles is the same.
      &lt;/p&gt;
      &lt;p&gt;
      Unless the class must be compatible with JVMs predating Java 1.5,
      use either autoboxing or the &lt;code&gt;valueOf()&lt;/code&gt; method when creating instances of
      &lt;code&gt;Long&lt;/code&gt;, &lt;code&gt;Integer&lt;/code&gt;, &lt;code&gt;Short&lt;/code&gt;, &lt;code&gt;Character&lt;/code&gt;, and &lt;code&gt;Byte&lt;/code&gt;.
      &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_FP_NUMBER_CTOR' priority='MAJOR'>
    <name>Performance - Method invokes inefficient floating-point Number constructor; use static valueOf instead</name>
    <configKey>DM_FP_NUMBER_CTOR</configKey>
    <description>&lt;p&gt;
      Using &lt;code&gt;new Double(double)&lt;/code&gt; is guaranteed to always result in a new object whereas
      &lt;code&gt;Double.valueOf(double)&lt;/code&gt; allows caching of values to be done by the compiler, class library, or JVM.
      Using of cached values avoids object allocation and the code will be faster.
      &lt;/p&gt;
      &lt;p&gt;
      Unless the class must be compatible with JVMs predating Java 1.5,
      use either autoboxing or the &lt;code&gt;valueOf()&lt;/code&gt; method when creating instances of &lt;code&gt;Double&lt;/code&gt; and &lt;code&gt;Float&lt;/code&gt;.
      &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_CONVERT_CASE' priority='INFO'>
    <name>I18n - Consider using Locale parameterized version of invoked method</name>
    <configKey>DM_CONVERT_CASE</configKey>
    <description>&lt;p&gt; A String is being converted to upper or lowercase, using the platform's default encoding. This may
      result in improper conversions when used with international characters. Use the &lt;/p&gt;
      &lt;ul&gt;
    &lt;li&gt;String.toUpperCase( Locale l )&lt;/li&gt;
    &lt;li&gt;String.toLowerCase( Locale l )&lt;/li&gt;
    &lt;/ul&gt;
      &lt;p&gt;versions instead.&lt;/p&gt;</description>
    <tag>i18n</tag>
  </rule>
  <rule key='BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR' priority='MAJOR'>
    <name>Performance - Primitive value is unboxed and coerced for ternary operator</name>
    <configKey>BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR</configKey>
    <description>&lt;p&gt;A wrapped primitive value is unboxed and converted to another primitive type as part of the
evaluation of a conditional ternary operator (the &lt;code&gt; b ? e1 : e2&lt;/code&gt; operator). The
semantics of Java mandate that if &lt;code&gt;e1&lt;/code&gt; and &lt;code&gt;e2&lt;/code&gt; are wrapped
numeric values, the values are unboxed and converted/coerced to their common type (e.g,
if &lt;code&gt;e1&lt;/code&gt; is of type &lt;code&gt;Integer&lt;/code&gt;
and &lt;code&gt;e2&lt;/code&gt; is of type &lt;code&gt;Float&lt;/code&gt;, then &lt;code&gt;e1&lt;/code&gt; is unboxed,
converted to a floating point value, and boxed. See JLS Section 15.25.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BX_BOXING_IMMEDIATELY_UNBOXED' priority='MAJOR'>
    <name>Performance - Primitive value is boxed and then immediately unboxed</name>
    <configKey>BX_BOXING_IMMEDIATELY_UNBOXED</configKey>
    <description>&lt;p&gt;A primitive is boxed, and then immediately unboxed. This probably is due to a manual
    boxing in a place where an unboxed value is required, thus forcing the compiler
to immediately undo the work of the boxing.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BX_UNBOXING_IMMEDIATELY_REBOXED' priority='MAJOR'>
    <name>Performance - Boxed value is unboxed and then immediately reboxed</name>
    <configKey>BX_UNBOXING_IMMEDIATELY_REBOXED</configKey>
    <description>&lt;p&gt;A boxed value is unboxed and then immediately reboxed.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION' priority='MAJOR'>
    <name>Performance - Primitive value is boxed then unboxed to perform primitive coercion</name>
    <configKey>BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION</configKey>
    <description>&lt;p&gt;A primitive boxed value constructed and then immediately converted into a different primitive type
(e.g., &lt;code&gt;new Double(d).intValue()&lt;/code&gt;). Just perform direct primitive coercion (e.g., &lt;code&gt;(int) d&lt;/code&gt;).&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_BOXED_PRIMITIVE_TOSTRING' priority='MAJOR'>
    <name>Performance - Method allocates a boxed primitive just to call toString</name>
    <configKey>DM_BOXED_PRIMITIVE_TOSTRING</configKey>
    <description>&lt;p&gt;A boxed primitive is allocated just to call toString(). It is more effective to just use the static
  form of toString which takes the primitive value. So,&lt;/p&gt;
  &lt;table&gt;
     &lt;tr&gt;&lt;th&gt;Replace...&lt;/th&gt;&lt;th&gt;With this...&lt;/th&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Integer(1).toString()&lt;/td&gt;&lt;td&gt;Integer.toString(1)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Long(1).toString()&lt;/td&gt;&lt;td&gt;Long.toString(1)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Float(1.0).toString()&lt;/td&gt;&lt;td&gt;Float.toString(1.0)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Double(1.0).toString()&lt;/td&gt;&lt;td&gt;Double.toString(1.0)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Byte(1).toString()&lt;/td&gt;&lt;td&gt;Byte.toString(1)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Short(1).toString()&lt;/td&gt;&lt;td&gt;Short.toString(1)&lt;/td&gt;&lt;/tr&gt;
     &lt;tr&gt;&lt;td&gt;new Boolean(true).toString()&lt;/td&gt;&lt;td&gt;Boolean.toString(true)&lt;/td&gt;&lt;/tr&gt;
  &lt;/table&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_BOXED_PRIMITIVE_FOR_PARSING' priority='MAJOR'>
    <name>Performance - Boxing/unboxing to parse a primitive</name>
    <configKey>DM_BOXED_PRIMITIVE_FOR_PARSING</configKey>
    <description>&lt;p&gt;A boxed primitive is created from a String, just to extract the unboxed primitive value.
  It is more efficient to just call the static parseXXX method.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_BOXED_PRIMITIVE_FOR_COMPARE' priority='MAJOR'>
    <name>Performance - Boxing a primitive to compare</name>
    <configKey>DM_BOXED_PRIMITIVE_FOR_COMPARE</configKey>
    <description>&lt;p&gt;A boxed primitive is created just to call compareTo method. It's more efficient to use static compare method
  (for double and float since Java 1.4, for other primitive types since Java 1.7) which works on primitives directly.
  &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_NEW_FOR_GETCLASS' priority='MAJOR'>
    <name>Performance - Method allocates an object, only to get the class object</name>
    <configKey>DM_NEW_FOR_GETCLASS</configKey>
    <description>&lt;p&gt;This method allocates an object just to call getClass() on it, in order to
  retrieve the Class object for it. It is simpler to just access the .class property of the class.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_MONITOR_WAIT_ON_CONDITION' priority='MAJOR'>
    <name>Multi-threading - Monitor wait() called on Condition</name>
    <configKey>DM_MONITOR_WAIT_ON_CONDITION</configKey>
    <description>&lt;p&gt;
      This method calls &lt;code&gt;wait()&lt;/code&gt; on a
      &lt;code&gt;java.util.concurrent.locks.Condition&lt;/code&gt; object.&amp;nbsp;
      Waiting for a &lt;code&gt;Condition&lt;/code&gt; should be done using one of the &lt;code&gt;await()&lt;/code&gt;
      methods defined by the &lt;code&gt;Condition&lt;/code&gt; interface.
      &lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_01_TO_INT' priority='MAJOR'>
    <name>Correctness - Random value from 0 to 1 is coerced to the integer 0</name>
    <configKey>RV_01_TO_INT</configKey>
    <description>&lt;p&gt;A random value from 0 to 1 is being coerced to the integer value 0. You probably
want to multiply the random value by something else before coercing it to an integer, or use the &lt;code&gt;Random.nextInt(n)&lt;/code&gt; method.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_INVALID_MIN_MAX' priority='MAJOR'>
    <name>Correctness - Incorrect combination of Math.max and Math.min</name>
    <configKey>DM_INVALID_MIN_MAX</configKey>
    <description>&lt;p&gt;This code tries to limit the value bounds using the construct like Math.min(0, Math.max(100, value)). However the order of
  the constants is incorrect: it should be Math.min(100, Math.max(0, value)). As the result this code always produces the same result
  (or NaN if the value is NaN).&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_NEXTINT_VIA_NEXTDOUBLE' priority='MAJOR'>
    <name>Performance - Use the nextInt method of Random rather than nextDouble to generate a random integer</name>
    <configKey>DM_NEXTINT_VIA_NEXTDOUBLE</configKey>
    <description>&lt;p&gt;If &lt;code&gt;r&lt;/code&gt; is a &lt;code&gt;java.util.Random&lt;/code&gt;, you can generate a random number from &lt;code&gt;0&lt;/code&gt; to &lt;code&gt;n-1&lt;/code&gt;
using &lt;code&gt;r.nextInt(n)&lt;/code&gt;, rather than using &lt;code&gt;(int)(r.nextDouble() * n)&lt;/code&gt;.
&lt;/p&gt;
&lt;p&gt;The argument to nextInt must be positive. If, for example, you want to generate a random
value from -99 to 0, use &lt;code&gt;-r.nextInt(100)&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE' priority='MAJOR'>
    <name>Security - Nonconstant string passed to execute or addBatch method on an SQL statement</name>
    <configKey>SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE</configKey>
    <description>&lt;p&gt;The method invokes the execute or addBatch method on an SQL statement with a String that seems
to be dynamically generated. Consider using
a prepared statement instead. It is more efficient and less vulnerable to
SQL injection attacks.
&lt;/p&gt;</description>
    <tag>owasp-a1</tag>
    <tag>injection</tag>
    <tag>security</tag>
  </rule>
  <rule key='SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING' priority='MAJOR'>
    <name>Security - A prepared statement is generated from a nonconstant String</name>
    <configKey>SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING</configKey>
    <description>&lt;p&gt;The code creates an SQL prepared statement from a nonconstant String.
If unchecked, tainted data from a user is used in building this String, SQL injection could
be used to make the prepared statement do something unexpected and undesirable.
&lt;/p&gt;</description>
    <tag>owasp-a1</tag>
    <tag>injection</tag>
    <tag>security</tag>
  </rule>
  <rule key='DM_USELESS_THREAD' priority='MAJOR'>
    <name>Multi-threading - A thread was created using the default empty run method</name>
    <configKey>DM_USELESS_THREAD</configKey>
    <description>&lt;p&gt;This method creates a thread without specifying a run method either by deriving from the Thread class, or
  by passing a Runnable object. This thread, then, does nothing but waste time.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DC_DOUBLECHECK' priority='MAJOR'>
    <name>Multi-threading - Possible double check of field</name>
    <configKey>DC_DOUBLECHECK</configKey>
    <description>&lt;p&gt; This method may contain an instance of double-checked locking.&amp;nbsp;
  This idiom is not correct according to the semantics of the Java memory
  model.&amp;nbsp; For more information, see the web page
  &lt;a href="http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html"
  &gt;http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html&lt;/a&gt;.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DC_PARTIALLY_CONSTRUCTED' priority='MAJOR'>
    <name>Multi-threading - Possible exposure of partially initialized object</name>
    <configKey>DC_PARTIALLY_CONSTRUCTED</configKey>
    <description>&lt;p&gt;Looks like this method uses lazy field initialization with double-checked locking.
  While the field is correctly declared as volatile, it's possible that the internal structure of
  the object is changed after the field assignment, thus another thread may see the partially initialized object.&lt;/p&gt;
  &lt;p&gt;To fix this problem consider storing the object into the local variable first
  and save it to the volatile field only after it's fully constructed.
  &lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='FI_FINALIZER_NULLS_FIELDS' priority='MAJOR'>
    <name>Bad practice - Finalizer nulls fields</name>
    <configKey>FI_FINALIZER_NULLS_FIELDS</configKey>
    <description>&lt;p&gt; This finalizer nulls out fields.  This is usually an error, as it does not aid garbage collection,
  and the object is going to be garbage collected anyway.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_FINALIZER_ONLY_NULLS_FIELDS' priority='MAJOR'>
    <name>Bad practice - Finalizer only nulls fields</name>
    <configKey>FI_FINALIZER_ONLY_NULLS_FIELDS</configKey>
    <description>&lt;p&gt; This finalizer does nothing except null out fields. This is completely pointless, and requires that
the object be garbage collected, finalized, and then garbage collected again. You should just remove the finalize
method.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_PUBLIC_SHOULD_BE_PROTECTED' priority='INFO'>
    <name>Malicious code - Finalizer should be protected, not public</name>
    <configKey>FI_PUBLIC_SHOULD_BE_PROTECTED</configKey>
    <description>&lt;p&gt; A class's &lt;code&gt;finalize()&lt;/code&gt; method should have protected access,
   not public.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='FI_EMPTY' priority='MAJOR'>
    <name>Bad practice - Empty finalizer should be deleted</name>
    <configKey>FI_EMPTY</configKey>
    <description>&lt;p&gt; Empty &lt;code&gt;finalize()&lt;/code&gt; methods are useless, so they should
  be deleted.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_NULLIFY_SUPER' priority='MAJOR'>
    <name>Bad practice - Finalizer nullifies superclass finalizer</name>
    <configKey>FI_NULLIFY_SUPER</configKey>
    <description>&lt;p&gt; This empty &lt;code&gt;finalize()&lt;/code&gt; method explicitly negates the
  effect of any finalizer defined by its superclass.&amp;nbsp; Any finalizer
  actions defined for the superclass will not be performed.&amp;nbsp;
  Unless this is intended, delete this method.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_USELESS' priority='MAJOR'>
    <name>Bad practice - Finalizer does nothing but call superclass finalizer</name>
    <configKey>FI_USELESS</configKey>
    <description>&lt;p&gt; The only thing this &lt;code&gt;finalize()&lt;/code&gt; method does is call
  the superclass's &lt;code&gt;finalize()&lt;/code&gt; method, making it
  redundant.&amp;nbsp; Delete it.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_MISSING_SUPER_CALL' priority='MAJOR'>
    <name>Bad practice - Finalizer does not call superclass finalizer</name>
    <configKey>FI_MISSING_SUPER_CALL</configKey>
    <description>&lt;p&gt; This &lt;code&gt;finalize()&lt;/code&gt; method does not make a call to its
  superclass's &lt;code&gt;finalize()&lt;/code&gt; method.&amp;nbsp; So, any finalizer
  actions defined for the superclass will not be performed.&amp;nbsp;
  Add a call to &lt;code&gt;super.finalize()&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='FI_EXPLICIT_INVOCATION' priority='MAJOR'>
    <name>Bad practice - Explicit invocation of finalizer</name>
    <configKey>FI_EXPLICIT_INVOCATION</configKey>
    <description>&lt;p&gt; This method contains an explicit invocation of the &lt;code&gt;finalize()&lt;/code&gt;
  method on an object.&amp;nbsp; Because finalizer methods are supposed to be
  executed once, and only by the VM, this is a bad idea.&lt;/p&gt;
&lt;p&gt;If a connected set of objects beings finalizable, then the VM will invoke the
finalize method on all the finalizable object, possibly at the same time in different threads.
Thus, it is a particularly bad idea, in the finalize method for a class X, invoke finalize
on objects referenced by X, because they may already be getting finalized in a separate thread.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS' priority='MAJOR'>
    <name>Bad practice - Equals checks for incompatible operand</name>
    <configKey>EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</configKey>
    <description>&lt;p&gt; This equals method is checking to see if the argument is some incompatible type
(i.e., a class that is neither a supertype nor subtype of the class that defines
the equals method). For example, the Foo class might have an equals method
that looks like:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public boolean equals(Object o) {
    if (o instanceof Foo)
        return name.equals(((Foo)o).name);
    else if (o instanceof String)
        return name.equals(o);
    else return false;
}
&lt;/code&gt;&lt;/pre&gt;

&lt;p&gt;This is considered bad practice, as it makes it very hard to implement an equals method that
is symmetric and transitive. Without those properties, very unexpected behaviors are possible.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_DONT_DEFINE_EQUALS_FOR_ENUM' priority='MAJOR'>
    <name>Correctness - Covariant equals() method defined for enum</name>
    <configKey>EQ_DONT_DEFINE_EQUALS_FOR_ENUM</configKey>
    <description>&lt;p&gt; This class defines an enumeration, and equality on enumerations are defined
using object identity. Defining a covariant equals method for an enumeration
value is exceptionally bad practice, since it would likely result
in having two different enumeration values that compare as equals using
the covariant enum method, and as not equal when compared normally.
Don't do it.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_SELF_USE_OBJECT' priority='MAJOR'>
    <name>Correctness - Covariant equals() method defined, Object.equals(Object) inherited</name>
    <configKey>EQ_SELF_USE_OBJECT</configKey>
    <description>&lt;p&gt; This class defines a covariant version of the &lt;code&gt;equals()&lt;/code&gt;
  method, but inherits the normal &lt;code&gt;equals(Object)&lt;/code&gt; method
  defined in the base &lt;code&gt;java.lang.Object&lt;/code&gt; class.&amp;nbsp;
  The class should probably define a &lt;code&gt;boolean equals(Object)&lt;/code&gt; method.
  &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_OTHER_USE_OBJECT' priority='MAJOR'>
    <name>Correctness - equals() method defined that doesn't override Object.equals(Object)</name>
    <configKey>EQ_OTHER_USE_OBJECT</configKey>
    <description>&lt;p&gt; This class defines an &lt;code&gt;equals()&lt;/code&gt;
  method, that doesn't override the normal &lt;code&gt;equals(Object)&lt;/code&gt; method
  defined in the base &lt;code&gt;java.lang.Object&lt;/code&gt; class.&amp;nbsp;
  The class should probably define a &lt;code&gt;boolean equals(Object)&lt;/code&gt; method.
  &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_OTHER_NO_OBJECT' priority='MAJOR'>
    <name>Correctness - equals() method defined that doesn't override equals(Object)</name>
    <configKey>EQ_OTHER_NO_OBJECT</configKey>
    <description>&lt;p&gt; This class defines an &lt;code&gt;equals()&lt;/code&gt;
  method, that doesn't override the normal &lt;code&gt;equals(Object)&lt;/code&gt; method
  defined in the base &lt;code&gt;java.lang.Object&lt;/code&gt; class.&amp;nbsp; Instead, it
  inherits an &lt;code&gt;equals(Object)&lt;/code&gt; method from a superclass.
  The class should probably define a &lt;code&gt;boolean equals(Object)&lt;/code&gt; method.
  &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_DOESNT_OVERRIDE_EQUALS' priority='INFO'>
    <name>Style - Class doesn't override equals in superclass</name>
    <configKey>EQ_DOESNT_OVERRIDE_EQUALS</configKey>
    <description>&lt;p&gt; This class extends a class that defines an equals method and adds fields, but doesn't
define an equals method itself. Thus, equality on instances of this class will
ignore the identity of the subclass and the added fields. Be sure this is what is intended,
and that you don't need to override the equals method. Even if you don't need to override
the equals method, consider overriding it anyway to document the fact
that the equals method for the subclass just return the result of
invoking super.equals(o).
  &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='EQ_SELF_NO_OBJECT' priority='MAJOR'>
    <name>Bad practice - Covariant equals() method defined</name>
    <configKey>EQ_SELF_NO_OBJECT</configKey>
    <description>&lt;p&gt; This class defines a covariant version of &lt;code&gt;equals()&lt;/code&gt;.&amp;nbsp;
  To correctly override the &lt;code&gt;equals()&lt;/code&gt; method in
  &lt;code&gt;java.lang.Object&lt;/code&gt;, the parameter of &lt;code&gt;equals()&lt;/code&gt;
  must have type &lt;code&gt;java.lang.Object&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC' priority='MAJOR'>
    <name>Correctness - equals method overrides equals in superclass and may not be symmetric</name>
    <configKey>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC</configKey>
    <description>&lt;p&gt; This class defines an equals method that overrides an equals method in a superclass. Both equals methods
methods use &lt;code&gt;instanceof&lt;/code&gt; in the determination of whether two objects are equal. This is fraught with peril,
since it is important that the equals method is symmetrical (in other words, &lt;code&gt;a.equals(b) == b.equals(a)&lt;/code&gt;).
If B is a subtype of A, and A's equals method checks that the argument is an instanceof A, and B's equals method
checks that the argument is an instanceof B, it is quite likely that the equivalence relation defined by these
methods is not symmetric.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_GETCLASS_AND_CLASS_CONSTANT' priority='MAJOR'>
    <name>Bad practice - equals method fails for subtypes</name>
    <configKey>EQ_GETCLASS_AND_CLASS_CONSTANT</configKey>
    <description>&lt;p&gt; This class has an equals method that will be broken if it is inherited by subclasses.
It compares a class literal with the class of the argument (e.g., in class &lt;code&gt;Foo&lt;/code&gt;
it might check if &lt;code&gt;Foo.class == o.getClass()&lt;/code&gt;).
It is better to check if &lt;code&gt;this.getClass() == o.getClass()&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_UNUSUAL' priority='INFO'>
    <name>Style - Unusual equals method </name>
    <configKey>EQ_UNUSUAL</configKey>
    <description>&lt;p&gt; This class doesn't do any of the patterns we recognize for checking that the type of the argument
is compatible with the type of the &lt;code&gt;this&lt;/code&gt; object. There might not be anything wrong with
this code, but it is worth reviewing.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='EQ_COMPARING_CLASS_NAMES' priority='MAJOR'>
    <name>Correctness - equals method compares class names rather than class objects</name>
    <configKey>EQ_COMPARING_CLASS_NAMES</configKey>
    <description>&lt;p&gt; This method checks to see if two objects are the same class by checking to see if the names
of their classes are equal. You can have different classes with the same name if they are loaded by
different class loaders. Just check to see if the class objects are the same.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_ALWAYS_TRUE' priority='MAJOR'>
    <name>Correctness - equals method always returns true</name>
    <configKey>EQ_ALWAYS_TRUE</configKey>
    <description>&lt;p&gt; This class defines an equals method that always returns true. This is imaginative, but not very smart.
Plus, it means that the equals method is not symmetric.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EQ_ALWAYS_FALSE' priority='MAJOR'>
    <name>Correctness - equals method always returns false</name>
    <configKey>EQ_ALWAYS_FALSE</configKey>
    <description>&lt;p&gt; This class defines an equals method that always returns false. This means that an object is not equal to itself, and it is impossible to create useful Maps or Sets of this class. More fundamentally, it means
that equals is not reflexive, one of the requirements of the equals method.&lt;/p&gt;
&lt;p&gt;The likely intended semantics are object identity: that an object is equal to itself. This is the behavior inherited from class &lt;code&gt;Object&lt;/code&gt;. If you need to override an equals inherited from a different
superclass, you can use:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public boolean equals(Object o) {
    return this == o;
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='HSC_HUGE_SHARED_STRING_CONSTANT' priority='MAJOR'>
    <name>Performance - Huge string constants is duplicated across multiple class files</name>
    <configKey>HSC_HUGE_SHARED_STRING_CONSTANT</configKey>
    <description>&lt;p&gt;
    A large String constant is duplicated across multiple class files.
    This is likely because a final field is initialized to a String constant, and the Java language
    mandates that all references to a final field from other classes be inlined into
that classfile. See &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6447475"&gt;JDK bug 6447475&lt;/a&gt;
    for a description of an occurrence of this bug in the JDK and how resolving it reduced
    the size of the JDK by 1 megabyte.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_ARGUMENT_MIGHT_BE_NULL' priority='MAJOR'>
    <name>Correctness - Method does not check for null argument</name>
    <configKey>NP_ARGUMENT_MIGHT_BE_NULL</configKey>
    <description>&lt;p&gt;
    A parameter to this method has been identified as a value that should
    always be checked to see whether or not it is null, but it is being dereferenced
    without a preceding null check.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT' priority='MAJOR'>
    <name>Bad practice - equals() method does not check for null argument</name>
    <configKey>NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT</configKey>
    <description>&lt;p&gt;
      This implementation of equals(Object) violates the contract defined
      by java.lang.Object.equals() because it does not check for null
      being passed as the argument.  All equals() methods should return
      false if passed a null value.
      &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='RV_NEGATING_RESULT_OF_COMPARETO' priority='MAJOR'>
    <name>Bad practice - Negating the result of compareTo()/compare()</name>
    <configKey>RV_NEGATING_RESULT_OF_COMPARETO</configKey>
    <description>&lt;p&gt; This code negatives the return value of a compareTo or compare method.
This is a questionable or bad programming practice, since if the return
value is Integer.MIN_VALUE, negating the return value won't
negate the sign of the result. You can achieve the same intended result
by reversing the order of the operands rather than by negating the results.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CO_COMPARETO_RESULTS_MIN_VALUE' priority='MAJOR'>
    <name>Bad practice - compareTo()/compare() returns Integer.MIN_VALUE</name>
    <configKey>CO_COMPARETO_RESULTS_MIN_VALUE</configKey>
    <description>&lt;p&gt; In some situation, this compareTo or compare method returns
the  constant Integer.MIN_VALUE, which is an exceptionally bad practice.
  The only thing that matters about the return value of compareTo is the sign of the result.
    But people will sometimes negate the return value of compareTo, expecting that this will negate
    the sign of the result. And it will, except in the case where the value returned is Integer.MIN_VALUE.
    So just return -1 rather than Integer.MIN_VALUE.</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CO_COMPARETO_INCORRECT_FLOATING' priority='MAJOR'>
    <name>Bad practice - compareTo()/compare() incorrectly handles float or double value</name>
    <configKey>CO_COMPARETO_INCORRECT_FLOATING</configKey>
    <description>&lt;p&gt;This method compares double or float values using pattern like this: val1 &amp;gt; val2 ? 1 : val1 &amp;lt; val2 ? -1 : 0.
This pattern works incorrectly for -0.0 and NaN values which may result in incorrect sorting result or broken collection
(if compared values are used as keys). Consider using Double.compare or Float.compare static methods which handle all
the special cases correctly.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CO_SELF_NO_OBJECT' priority='MAJOR'>
    <name>Bad practice - Covariant compareTo() method defined</name>
    <configKey>CO_SELF_NO_OBJECT</configKey>
    <description>&lt;p&gt; This class defines a covariant version of &lt;code&gt;compareTo()&lt;/code&gt;.&amp;nbsp;
  To correctly override the &lt;code&gt;compareTo()&lt;/code&gt; method in the
  &lt;code&gt;Comparable&lt;/code&gt; interface, the parameter of &lt;code&gt;compareTo()&lt;/code&gt;
  must have type &lt;code&gt;java.lang.Object&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS' priority='MAJOR'>
    <name>Correctness - Signature declares use of unhashable class in hashed construct</name>
    <configKey>HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS</configKey>
    <description>&lt;p&gt; A method, field or class declares a generic signature where a non-hashable class
is used in context where a hashable class is required.
A class that declares an equals method but inherits a hashCode() method
from Object is unhashable, since it doesn't fulfill the requirement that
equal objects have equal hashCodes.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='HE_USE_OF_UNHASHABLE_CLASS' priority='MAJOR'>
    <name>Correctness - Use of class without a hashCode() method in a hashed data structure</name>
    <configKey>HE_USE_OF_UNHASHABLE_CLASS</configKey>
    <description>&lt;p&gt; A class defines an equals(Object)  method but not a hashCode() method,
and thus doesn't fulfill the requirement that equal objects have equal hashCodes.
An instance of this class is used in a hash data structure, making the need to
fix this problem of highest importance.</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='HE_HASHCODE_USE_OBJECT_EQUALS' priority='MAJOR'>
    <name>Bad practice - Class defines hashCode() and uses Object.equals()</name>
    <configKey>HE_HASHCODE_USE_OBJECT_EQUALS</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;hashCode()&lt;/code&gt; method but inherits its
  &lt;code&gt;equals()&lt;/code&gt; method from &lt;code&gt;java.lang.Object&lt;/code&gt;
  (which defines equality by comparing object references).&amp;nbsp; Although
  this will probably satisfy the contract that equal objects must have
  equal hashcodes, it is probably not what was intended by overriding
  the &lt;code&gt;hashCode()&lt;/code&gt; method.&amp;nbsp; (Overriding &lt;code&gt;hashCode()&lt;/code&gt;
  implies that the object's identity is based on criteria more complicated
  than simple reference equality.)&lt;/p&gt;
&lt;p&gt;If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended &lt;code&gt;hashCode&lt;/code&gt; implementation to use is:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public int hashCode() {
    assert false : "hashCode not designed";
    return 42; // any arbitrary constant will do
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_COMPARETO_USE_OBJECT_EQUALS' priority='MAJOR'>
    <name>Bad practice - Class defines compareTo(...) and uses Object.equals()</name>
    <configKey>EQ_COMPARETO_USE_OBJECT_EQUALS</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;compareTo(...)&lt;/code&gt; method but inherits its
  &lt;code&gt;equals()&lt;/code&gt; method from &lt;code&gt;java.lang.Object&lt;/code&gt;.
    Generally, the value of compareTo should return zero if and only if
    equals returns true. If this is violated, weird and unpredictable
    failures will occur in classes such as PriorityQueue.
    In Java 5 the PriorityQueue.remove method uses the compareTo method,
    while in Java 6 it uses the equals method.&lt;/p&gt;

&lt;p&gt;From the JavaDoc for the compareTo method in the Comparable interface:
&lt;blockquote&gt;
It is strongly recommended, but not strictly required that &lt;code&gt;(x.compareTo(y)==0) == (x.equals(y))&lt;/code&gt;.
Generally speaking, any class that implements the Comparable interface and violates this condition
should clearly indicate this fact. The recommended language
is "Note: this class has a natural ordering that is inconsistent with equals."
&lt;/blockquote&gt;&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='HE_HASHCODE_NO_EQUALS' priority='MAJOR'>
    <name>Bad practice - Class defines hashCode() but not equals()</name>
    <configKey>HE_HASHCODE_NO_EQUALS</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;hashCode()&lt;/code&gt; method but not an
  &lt;code&gt;equals()&lt;/code&gt; method.&amp;nbsp; Therefore, the class may
  violate the invariant that equal objects must have equal hashcodes.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='HE_EQUALS_USE_HASHCODE' priority='MAJOR'>
    <name>Bad practice - Class defines equals() and uses Object.hashCode()</name>
    <configKey>HE_EQUALS_USE_HASHCODE</configKey>
    <description>&lt;p&gt; This class overrides &lt;code&gt;equals(Object)&lt;/code&gt;, but does not
  override &lt;code&gt;hashCode()&lt;/code&gt;, and inherits the implementation of
  &lt;code&gt;hashCode()&lt;/code&gt; from &lt;code&gt;java.lang.Object&lt;/code&gt; (which returns
  the identity hash code, an arbitrary value assigned to the object
  by the VM).&amp;nbsp; Therefore, the class is very likely to violate the
  invariant that equal objects must have equal hashcodes.&lt;/p&gt;

&lt;p&gt;If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended &lt;code&gt;hashCode&lt;/code&gt; implementation to use is:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public int hashCode() {
    assert false : "hashCode not designed";
    return 42; // any arbitrary constant will do
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='HE_INHERITS_EQUALS_USE_HASHCODE' priority='MAJOR'>
    <name>Bad practice - Class inherits equals() and uses Object.hashCode()</name>
    <configKey>HE_INHERITS_EQUALS_USE_HASHCODE</configKey>
    <description>&lt;p&gt; This class inherits &lt;code&gt;equals(Object)&lt;/code&gt; from an abstract
  superclass, and &lt;code&gt;hashCode()&lt;/code&gt; from
&lt;code&gt;java.lang.Object&lt;/code&gt; (which returns
  the identity hash code, an arbitrary value assigned to the object
  by the VM).&amp;nbsp; Therefore, the class is very likely to violate the
  invariant that equal objects must have equal hashcodes.&lt;/p&gt;

  &lt;p&gt;If you don't want to define a hashCode method, and/or don't
   believe the object will ever be put into a HashMap/Hashtable,
   define the &lt;code&gt;hashCode()&lt;/code&gt; method
   to throw &lt;code&gt;UnsupportedOperationException&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='HE_EQUALS_NO_HASHCODE' priority='MAJOR'>
    <name>Bad practice - Class defines equals() but not hashCode()</name>
    <configKey>HE_EQUALS_NO_HASHCODE</configKey>
    <description>&lt;p&gt; This class overrides &lt;code&gt;equals(Object)&lt;/code&gt;, but does not
  override &lt;code&gt;hashCode()&lt;/code&gt;.&amp;nbsp; Therefore, the class may violate the
  invariant that equal objects must have equal hashcodes.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EQ_ABSTRACT_SELF' priority='MAJOR'>
    <name>Bad practice - Abstract class defines covariant equals() method</name>
    <configKey>EQ_ABSTRACT_SELF</configKey>
    <description>&lt;p&gt; This class defines a covariant version of &lt;code&gt;equals()&lt;/code&gt;.&amp;nbsp;
  To correctly override the &lt;code&gt;equals()&lt;/code&gt; method in
  &lt;code&gt;java.lang.Object&lt;/code&gt;, the parameter of &lt;code&gt;equals()&lt;/code&gt;
  must have type &lt;code&gt;java.lang.Object&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='ES_COMPARING_STRINGS_WITH_EQ' priority='MAJOR'>
    <name>Bad practice - Comparison of String objects using == or !=</name>
    <configKey>ES_COMPARING_STRINGS_WITH_EQ</configKey>
    <description>&lt;p&gt;This code compares &lt;code&gt;java.lang.String&lt;/code&gt; objects for reference
equality using the == or != operators.
Unless both strings are either constants in a source file, or have been
interned using the &lt;code&gt;String.intern()&lt;/code&gt; method, the same string
value may be represented by two different String objects. Consider
using the &lt;code&gt;equals(Object)&lt;/code&gt; method instead.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='ES_COMPARING_PARAMETER_STRING_WITH_EQ' priority='MAJOR'>
    <name>Bad practice - Comparison of String parameter using == or !=</name>
    <configKey>ES_COMPARING_PARAMETER_STRING_WITH_EQ</configKey>
    <description>&lt;p&gt;This code compares a &lt;code&gt;java.lang.String&lt;/code&gt; parameter for reference
equality using the == or != operators. Requiring callers to
pass only String constants or interned strings to a method is unnecessarily
fragile, and rarely leads to measurable performance gains. Consider
using the &lt;code&gt;equals(Object)&lt;/code&gt; method instead.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='CO_ABSTRACT_SELF' priority='MAJOR'>
    <name>Bad practice - Abstract class defines covariant compareTo() method</name>
    <configKey>CO_ABSTRACT_SELF</configKey>
    <description>&lt;p&gt; This class defines a covariant version of &lt;code&gt;compareTo()&lt;/code&gt;.&amp;nbsp;
  To correctly override the &lt;code&gt;compareTo()&lt;/code&gt; method in the
  &lt;code&gt;Comparable&lt;/code&gt; interface, the parameter of &lt;code&gt;compareTo()&lt;/code&gt;
  must have type &lt;code&gt;java.lang.Object&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='IS_FIELD_NOT_GUARDED' priority='MAJOR'>
    <name>Multi-threading - Field not guarded against concurrent access</name>
    <configKey>IS_FIELD_NOT_GUARDED</configKey>
    <description>&lt;p&gt; This field is annotated with net.jcip.annotations.GuardedBy or javax.annotation.concurrent.GuardedBy,
but can be accessed in a way that seems to violate those annotations.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MSF_MUTABLE_SERVLET_FIELD' priority='MAJOR'>
    <name>Multi-threading - Mutable servlet field</name>
    <configKey>MSF_MUTABLE_SERVLET_FIELD</configKey>
    <description>&lt;p&gt;A web server generally only creates one instance of servlet or JSP class (i.e., treats
the class as a Singleton),
and will
have multiple threads invoke methods on that instance to service multiple
simultaneous requests.
Thus, having a mutable instance field generally creates race conditions.</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IS2_INCONSISTENT_SYNC' priority='MAJOR'>
    <name>Multi-threading - Inconsistent synchronization</name>
    <configKey>IS2_INCONSISTENT_SYNC</configKey>
    <description>&lt;p&gt; The fields of this class appear to be accessed inconsistently with respect
  to synchronization.&amp;nbsp; This bug report indicates that the bug pattern detector
  judged that
  &lt;/p&gt;
  &lt;ul&gt;
  &lt;li&gt; The class contains a mix of locked and unlocked accesses,&lt;/li&gt;
  &lt;li&gt; The class is &lt;b&gt;not&lt;/b&gt; annotated as javax.annotation.concurrent.NotThreadSafe,&lt;/li&gt;
  &lt;li&gt; At least one locked access was performed by one of the class's own methods, and&lt;/li&gt;
  &lt;li&gt; The number of unsynchronized field accesses (reads and writes) was no more than
       one third of all accesses, with writes being weighed twice as high as reads&lt;/li&gt;
  &lt;/ul&gt;

  &lt;p&gt; A typical bug matching this bug pattern is forgetting to synchronize
  one of the methods in a class that is intended to be thread-safe.&lt;/p&gt;

  &lt;p&gt; You can select the nodes labeled "Unsynchronized access" to show the
  code locations where the detector believed that a field was accessed
  without synchronization.&lt;/p&gt;

  &lt;p&gt; Note that there are various sources of inaccuracy in this detector;
  for example, the detector cannot statically detect all situations in which
  a lock is held.&amp;nbsp; Also, even when the detector is accurate in
  distinguishing locked vs. unlocked accesses, the code in question may still
  be correct.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NN_NAKED_NOTIFY' priority='MAJOR'>
    <name>Multi-threading - Naked notify</name>
    <configKey>NN_NAKED_NOTIFY</configKey>
    <description>&lt;p&gt; A call to &lt;code&gt;notify()&lt;/code&gt; or &lt;code&gt;notifyAll()&lt;/code&gt;
  was made without any (apparent) accompanying
  modification to mutable object state.&amp;nbsp; In general, calling a notify
  method on a monitor is done because some condition another thread is
  waiting for has become true.&amp;nbsp; However, for the condition to be meaningful,
  it must involve a heap object that is visible to both threads.&lt;/p&gt;

  &lt;p&gt; This bug does not necessarily indicate an error, since the change to
  mutable object state may have taken place in a method which then called
  the method containing the notification.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MS_EXPOSE_REP' priority='INFO'>
    <name>Malicious code - Public static method may expose internal representation by returning array</name>
    <configKey>MS_EXPOSE_REP</configKey>
    <description>&lt;p&gt; A public static method returns a reference to
   an array that is part of the static state of the class.
   Any code that calls this method can freely modify
   the underlying array.
   One fix is to return a copy of the array.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='EI_EXPOSE_REP' priority='INFO'>
    <name>Malicious code - May expose internal representation by returning reference to mutable object</name>
    <configKey>EI_EXPOSE_REP</configKey>
    <description>&lt;p&gt; Returning a reference to a mutable object value stored in one of the object's fields
  exposes the internal representation of the object.&amp;nbsp;
   If instances
   are accessed by untrusted code, and unchecked changes to
   the mutable object would compromise security or other
   important properties, you will need to do something different.
  Returning a new copy of the object is better approach in many situations.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='EI_EXPOSE_REP2' priority='INFO'>
    <name>Malicious code - May expose internal representation by incorporating reference to mutable object</name>
    <configKey>EI_EXPOSE_REP2</configKey>
    <description>&lt;p&gt; This code stores a reference to an externally mutable object into the
  internal representation of the object.&amp;nbsp;
   If instances
   are accessed by untrusted code, and unchecked changes to
   the mutable object would compromise security or other
   important properties, you will need to do something different.
  Storing a copy of the object is better approach in many situations.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='EI_EXPOSE_STATIC_REP2' priority='INFO'>
    <name>Malicious code - May expose internal static state by storing a mutable object into a static field</name>
    <configKey>EI_EXPOSE_STATIC_REP2</configKey>
    <description>&lt;p&gt; This code stores a reference to an externally mutable object into a static
   field.
   If unchecked changes to
   the mutable object would compromise security or other
   important properties, you will need to do something different.
  Storing a copy of the object is better approach in many situations.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='RU_INVOKE_RUN' priority='MAJOR'>
    <name>Multi-threading - Invokes run on a thread (did you mean to start it instead?)</name>
    <configKey>RU_INVOKE_RUN</configKey>
    <description>&lt;p&gt; This method explicitly invokes &lt;code&gt;run()&lt;/code&gt; on an object.&amp;nbsp;
  In general, classes implement the &lt;code&gt;Runnable&lt;/code&gt; interface because
  they are going to have their &lt;code&gt;run()&lt;/code&gt; method invoked in a new thread,
  in which case &lt;code&gt;Thread.start()&lt;/code&gt; is the right method to call.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SP_SPIN_ON_FIELD' priority='MAJOR'>
    <name>Multi-threading - Method spins on field</name>
    <configKey>SP_SPIN_ON_FIELD</configKey>
    <description>&lt;p&gt; This method spins in a loop which reads a field.&amp;nbsp; The compiler
  may legally hoist the read out of the loop, turning the code into an
  infinite loop.&amp;nbsp; The class should be changed so it uses proper
  synchronization (including wait and notify calls).&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NS_DANGEROUS_NON_SHORT_CIRCUIT' priority='INFO'>
    <name>Style - Potentially dangerous use of non-short-circuit logic</name>
    <configKey>NS_DANGEROUS_NON_SHORT_CIRCUIT</configKey>
    <description>&lt;p&gt; This code seems to be using non-short-circuit logic (e.g., &amp;amp;
or |)
rather than short-circuit logic (&amp;amp;&amp;amp; or ||). In addition,
it seem possible that, depending on the value of the left hand side, you might not
want to evaluate the right hand side (because it would have side effects, could cause an exception
or could be expensive.&lt;/p&gt;
&lt;p&gt;
Non-short-circuit logic causes both sides of the expression
to be evaluated even when the result can be inferred from
knowing the left-hand side. This can be less efficient and
can result in errors if the left-hand side guards cases
when evaluating the right-hand side can generate an error.
&lt;/p&gt;

&lt;p&gt;See &lt;a href="https://docs.oracle.com/javase/specs/jls/se7/html/jls-15.html#jls-15.22.2"&gt;the Java
Language Specification&lt;/a&gt; for details.

&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NS_NON_SHORT_CIRCUIT' priority='INFO'>
    <name>Style - Questionable use of non-short-circuit logic</name>
    <configKey>NS_NON_SHORT_CIRCUIT</configKey>
    <description>&lt;p&gt; This code seems to be using non-short-circuit logic (e.g., &amp;amp;
or |)
rather than short-circuit logic (&amp;amp;&amp;amp; or ||).
Non-short-circuit logic causes both sides of the expression
to be evaluated even when the result can be inferred from
knowing the left-hand side. This can be less efficient and
can result in errors if the left-hand side guards cases
when evaluating the right-hand side can generate an error.

&lt;p&gt;See &lt;a href="https://docs.oracle.com/javase/specs/jls/se7/html/jls-15.html#jls-15.22.2"&gt;the Java
Language Specification&lt;/a&gt; for details.

&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='TLW_TWO_LOCK_WAIT' priority='MAJOR'>
    <name>Multi-threading - Wait with two locks held</name>
    <configKey>TLW_TWO_LOCK_WAIT</configKey>
    <description>&lt;p&gt; Waiting on a monitor while two locks are held may cause
  deadlock.
   &amp;nbsp;
   Performing a wait only releases the lock on the object
   being waited on, not any other locks.
   &amp;nbsp;
This not necessarily a bug, but is worth examining
  closely.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TLW_TWO_LOCK_NOTIFY' priority='MAJOR'>
    <name>Multi-threading - Notify with two locks held</name>
    <configKey>TLW_TWO_LOCK_NOTIFY</configKey>
    <description>&lt;p&gt; The code calls notify() or notifyAll() while two locks
  are held. If this notification is intended to wake up a wait()
  that is holding the same locks, it may deadlock, since the wait
  will only give up one lock and the notify will be unable to get both locks,
  and thus the notify will not succeed.
   &amp;nbsp; If there is also a warning about a two lock wait, the
   probably of a bug is quite high.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UW_UNCOND_WAIT' priority='MAJOR'>
    <name>Multi-threading - Unconditional wait</name>
    <configKey>UW_UNCOND_WAIT</configKey>
    <description>&lt;p&gt; This method contains a call to &lt;code&gt;java.lang.Object.wait()&lt;/code&gt; which
  is not guarded by conditional control flow.&amp;nbsp; The code should
    verify that condition it intends to wait for is not already satisfied
    before calling wait; any previous notifications will be ignored.
  &lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UR_UNINIT_READ' priority='MAJOR'>
    <name>Correctness - Uninitialized read of field in constructor</name>
    <configKey>UR_UNINIT_READ</configKey>
    <description>&lt;p&gt; This constructor reads a field which has not yet been assigned a value.&amp;nbsp;
  This is often caused when the programmer mistakenly uses the field instead
  of one of the constructor's parameters.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR' priority='MAJOR'>
    <name>Correctness - Uninitialized read of field method called from constructor of superclass</name>
    <configKey>UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR</configKey>
    <description>&lt;p&gt; This method is invoked in the constructor of the superclass. At this point,
    the fields of the class have not yet initialized.&lt;/p&gt;
&lt;p&gt;To make this more concrete, consider the following classes:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;abstract class A {
    int hashCode;
    abstract Object getValue();

    A() {
        hashCode = getValue().hashCode();
    }
}

class B extends A {
    Object value;

    B(Object v) {
        this.value = v;
    }

    Object getValue() {
        return value;
    }
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;When a &lt;code&gt;B&lt;/code&gt; is constructed,
the constructor for the &lt;code&gt;A&lt;/code&gt; class is invoked
&lt;em&gt;before&lt;/em&gt; the constructor for &lt;code&gt;B&lt;/code&gt; sets &lt;code&gt;value&lt;/code&gt;.
Thus, when the constructor for &lt;code&gt;A&lt;/code&gt; invokes &lt;code&gt;getValue&lt;/code&gt;,
an uninitialized value is read for &lt;code&gt;value&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UG_SYNC_SET_UNSYNC_GET' priority='MAJOR'>
    <name>Multi-threading - Unsynchronized get method, synchronized set method</name>
    <configKey>UG_SYNC_SET_UNSYNC_GET</configKey>
    <description>&lt;p&gt; This class contains similarly-named get and set
  methods where the set method is synchronized and the get method is not.&amp;nbsp;
  This may result in incorrect behavior at runtime, as callers of the get
  method will not necessarily see a consistent state for the object.&amp;nbsp;
  The get method should be made synchronized.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IC_INIT_CIRCULARITY' priority='INFO'>
    <name>Style - Initialization circularity</name>
    <configKey>IC_INIT_CIRCULARITY</configKey>
    <description>&lt;p&gt; A circularity was detected in the static initializers of the two
  classes referenced by the bug instance.&amp;nbsp; Many kinds of unexpected
  behavior may arise from such circularity.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION' priority='MAJOR'>
    <name>Bad practice - Superclass uses subclass during initialization</name>
    <configKey>IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION</configKey>
    <description>&lt;p&gt; During the initialization of a class, the class makes an active use of a subclass.
That subclass will not yet be initialized at the time of this use.
For example, in the following code, &lt;code&gt;foo&lt;/code&gt; will be null.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public class CircularClassInitialization {
    static class InnerClassSingleton extends CircularClassInitialization {
        static InnerClassSingleton singleton = new InnerClassSingleton();
    }

    static CircularClassInitialization foo = InnerClassSingleton.singleton;
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='IT_NO_SUCH_ELEMENT' priority='MAJOR'>
    <name>Bad practice - Iterator next() method can't throw NoSuchElementException</name>
    <configKey>IT_NO_SUCH_ELEMENT</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;java.util.Iterator&lt;/code&gt; interface.&amp;nbsp;
  However, its &lt;code&gt;next()&lt;/code&gt; method is not capable of throwing
  &lt;code&gt;java.util.NoSuchElementException&lt;/code&gt;.&amp;nbsp; The &lt;code&gt;next()&lt;/code&gt;
  method should be changed so it throws &lt;code&gt;NoSuchElementException&lt;/code&gt;
  if is called when there are no more elements to return.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DL_SYNCHRONIZATION_ON_SHARED_CONSTANT' priority='MAJOR'>
    <name>Multi-threading - Synchronization on interned String </name>
    <configKey>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT</configKey>
    <description>&lt;p&gt; The code synchronizes on interned String.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static String LOCK = "LOCK";
...
synchronized(LOCK) {
    ...
}
...
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Constant Strings are interned and shared across all other classes loaded by the JVM. Thus, this code
is locking on something that other code might also be locking. This could result in very strange and hard to diagnose
blocking and deadlock behavior. See &lt;a href="http://www.javalobby.org/java/forums/t96352.html"&gt;http://www.javalobby.org/java/forums/t96352.html&lt;/a&gt; and &lt;a href="http://jira.codehaus.org/browse/JETTY-352"&gt;http://jira.codehaus.org/browse/JETTY-352&lt;/a&gt;.
&lt;/p&gt;
&lt;p&gt;See CERT &lt;a href="https://www.securecoding.cert.org/confluence/display/java/CON08-J.+Do+not+synchronize+on+objects+that+may+be+reused"&gt;CON08-J. Do not synchronize on objects that may be reused&lt;/a&gt; for more information.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DL_SYNCHRONIZATION_ON_BOOLEAN' priority='MAJOR'>
    <name>Multi-threading - Synchronization on Boolean</name>
    <configKey>DL_SYNCHRONIZATION_ON_BOOLEAN</configKey>
    <description>&lt;p&gt; The code synchronizes on a boxed primitive constant, such as a Boolean.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static Boolean inited = Boolean.FALSE;
...
synchronized(inited) {
    if (!inited) {
        init();
        inited = Boolean.TRUE;
    }
}
...
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Since there normally exist only two Boolean objects, this code could be synchronizing on the same object as other, unrelated code, leading to unresponsiveness
and possible deadlock.&lt;/p&gt;
&lt;p&gt;See CERT &lt;a href="https://www.securecoding.cert.org/confluence/display/java/CON08-J.+Do+not+synchronize+on+objects+that+may+be+reused"&gt;CON08-J. Do not synchronize on objects that may be reused&lt;/a&gt; for more information.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DL_SYNCHRONIZATION_ON_UNSHARED_BOXED_PRIMITIVE' priority='MAJOR'>
    <name>Multi-threading - Synchronization on boxed primitive values</name>
    <configKey>DL_SYNCHRONIZATION_ON_UNSHARED_BOXED_PRIMITIVE</configKey>
    <description>&lt;p&gt; The code synchronizes on an apparently unshared boxed primitive,
such as an Integer.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static final Integer fileLock = new Integer(1);
...
synchronized(fileLock) {
    .. do something ..
}
...
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;It would be much better, in this code, to redeclare fileLock as&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static final Object fileLock = new Object();
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;
The existing code might be OK, but it is confusing and a
future refactoring, such as the "Remove Boxing" refactoring in IntelliJ,
might replace this with the use of an interned Integer object shared
throughout the JVM, leading to very confusing behavior and potential deadlock.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE' priority='MAJOR'>
    <name>Multi-threading - Synchronization on boxed primitive</name>
    <configKey>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE</configKey>
    <description>&lt;p&gt; The code synchronizes on a boxed primitive constant, such as an Integer.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static Integer count = 0;
...
synchronized(count) {
    count++;
}
...
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Since Integer objects can be cached and shared,
this code could be synchronizing on the same object as other, unrelated code, leading to unresponsiveness
and possible deadlock.&lt;/p&gt;
&lt;p&gt;See CERT &lt;a href="https://www.securecoding.cert.org/confluence/display/java/CON08-J.+Do+not+synchronize+on+objects+that+may+be+reused"&gt;CON08-J. Do not synchronize on objects that may be reused&lt;/a&gt; for more information.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ESync_EMPTY_SYNC' priority='MAJOR'>
    <name>Multi-threading - Empty synchronized block</name>
    <configKey>ESync_EMPTY_SYNC</configKey>
    <description>&lt;p&gt; The code contains an empty synchronized block:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;synchronized() {
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Empty synchronized blocks are far more subtle and hard to use correctly
than most people recognize, and empty synchronized blocks
are almost never a better solution
than less contrived solutions.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IS_INCONSISTENT_SYNC' priority='MAJOR'>
    <name>Multi-threading - Inconsistent synchronization</name>
    <configKey>IS_INCONSISTENT_SYNC</configKey>
    <description>&lt;p&gt; The fields of this class appear to be accessed inconsistently with respect
  to synchronization.&amp;nbsp; This bug report indicates that the bug pattern detector
  judged that
  &lt;/p&gt;
  &lt;ul&gt;
  &lt;li&gt; The class contains a mix of locked and unlocked accesses,&lt;/li&gt;
  &lt;li&gt; At least one locked access was performed by one of the class's own methods, and&lt;/li&gt;
  &lt;li&gt; The number of unsynchronized field accesses (reads and writes) was no more than
       one third of all accesses, with writes being weighed twice as high as reads&lt;/li&gt;
  &lt;/ul&gt;

  &lt;p&gt; A typical bug matching this bug pattern is forgetting to synchronize
  one of the methods in a class that is intended to be thread-safe.&lt;/p&gt;

  &lt;p&gt; Note that there are various sources of inaccuracy in this detector;
  for example, the detector cannot statically detect all situations in which
  a lock is held.&amp;nbsp; Also, even when the detector is accurate in
  distinguishing locked vs. unlocked accesses, the code in question may still
  be correct.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD' priority='MAJOR'>
    <name>Multi-threading - Synchronization on field in futile attempt to guard that field</name>
    <configKey>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD</configKey>
    <description>&lt;p&gt; This method synchronizes on a field in what appears to be an attempt
to guard against simultaneous updates to that field. But guarding a field
gets a lock on the referenced object, not on the field. This may not
provide the mutual exclusion you need, and other threads might
be obtaining locks on the referenced objects (for other purposes). An example
of this pattern would be:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private Long myNtfSeqNbrCounter = new Long(0);
private Long getNotificationSequenceNumber() {
     Long result = null;
     synchronized(myNtfSeqNbrCounter) {
         result = new Long(myNtfSeqNbrCounter.longValue() + 1);
         myNtfSeqNbrCounter = new Long(result.longValue());
     }
     return result;
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ML_SYNC_ON_UPDATED_FIELD' priority='MAJOR'>
    <name>Multi-threading - Method synchronizes on an updated field</name>
    <configKey>ML_SYNC_ON_UPDATED_FIELD</configKey>
    <description>&lt;p&gt; This method synchronizes on an object
   referenced from a mutable field.
   This is unlikely to have useful semantics, since different
threads may be synchronizing on different objects.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MS_OOI_PKGPROTECT' priority='INFO'>
    <name>Malicious code - Field should be moved out of an interface and made package protected</name>
    <configKey>MS_OOI_PKGPROTECT</configKey>
    <description>&lt;p&gt;
 A final static field that is
defined in an interface references a mutable
   object such as an array or hashtable.
   This mutable object could
   be changed by malicious code or
        by accident from another package.
   To solve this, the field needs to be moved to a class
   and made package protected
   to avoid
        this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_FINAL_PKGPROTECT' priority='INFO'>
    <name>Malicious code - Field should be both final and package protected</name>
    <configKey>MS_FINAL_PKGPROTECT</configKey>
    <description>&lt;p&gt;
   A mutable static field could be changed by malicious code or
        by accident from another package.
        The field could be made package protected and/or made final
   to avoid
        this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_SHOULD_BE_REFACTORED_TO_BE_FINAL' priority='INFO'>
    <name>Malicious code - Field isn't final but should be refactored to be so</name>
    <configKey>MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</configKey>
    <description>&lt;p&gt;
This static field public but not final, and
could be changed by malicious code or
by accident from another package.
The field could be made final to avoid
this vulnerability. However, the static initializer contains more than one write
to the field, so doing so will require some refactoring.
&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_SHOULD_BE_FINAL' priority='INFO'>
    <name>Malicious code - Field isn't final but should be</name>
    <configKey>MS_SHOULD_BE_FINAL</configKey>
    <description>&lt;p&gt;
This static field public but not final, and
could be changed by malicious code or
        by accident from another package.
        The field could be made final to avoid
        this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_PKGPROTECT' priority='INFO'>
    <name>Malicious code - Field should be package protected</name>
    <configKey>MS_PKGPROTECT</configKey>
    <description>&lt;p&gt; A mutable static field could be changed by malicious code or
   by accident.
   The field could be made package protected to avoid
   this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_MUTABLE_HASHTABLE' priority='INFO'>
    <name>Malicious code - Field is a mutable Hashtable</name>
    <configKey>MS_MUTABLE_HASHTABLE</configKey>
    <description>&lt;p&gt;A final static field references a Hashtable
   and can be accessed by malicious code or
        by accident from another package.
   This code can freely modify the contents of the Hashtable.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_MUTABLE_COLLECTION' priority='INFO'>
    <name>Malicious code - Field is a mutable collection</name>
    <configKey>MS_MUTABLE_COLLECTION</configKey>
    <description>&lt;p&gt;A mutable collection instance is assigned to a final static field,
   thus can be changed by malicious code or by accident from another package.
   Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc.
   to avoid this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_MUTABLE_COLLECTION_PKGPROTECT' priority='INFO'>
    <name>Malicious code - Field is a mutable collection which should be package protected</name>
    <configKey>MS_MUTABLE_COLLECTION_PKGPROTECT</configKey>
    <description>&lt;p&gt;A mutable collection instance is assigned to a final static field,
   thus can be changed by malicious code or by accident from another package.
   The field could be made package protected to avoid this vulnerability.
   Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc.
   to avoid this vulnerability.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_MUTABLE_ARRAY' priority='INFO'>
    <name>Malicious code - Field is a mutable array</name>
    <configKey>MS_MUTABLE_ARRAY</configKey>
    <description>&lt;p&gt; A final static field references an array
   and can be accessed by malicious code or
        by accident from another package.
   This code can freely modify the contents of the array.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='MS_CANNOT_BE_FINAL' priority='INFO'>
    <name>Malicious code - Field isn't final and can't be protected from malicious code</name>
    <configKey>MS_CANNOT_BE_FINAL</configKey>
    <description>&lt;p&gt;
 A mutable static field could be changed by malicious code or
        by accident from another package.
   Unfortunately, the way the field is used doesn't allow
   any easy fix to this problem.&lt;/p&gt;</description>
    <tag>malicious-code</tag>
  </rule>
  <rule key='ME_MUTABLE_ENUM_FIELD' priority='MAJOR'>
    <name>Bad practice - Enum field is public and mutable</name>
    <configKey>ME_MUTABLE_ENUM_FIELD</configKey>
    <description>&lt;p&gt;A mutable public field is defined inside a public enum, thus can be changed by malicious code or by accident from another package.
  Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.
  Consider declaring this field final and/or package-private.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='ME_ENUM_FIELD_SETTER' priority='MAJOR'>
    <name>Bad practice - Public enum method unconditionally sets its field</name>
    <configKey>ME_ENUM_FIELD_SETTER</configKey>
    <description>&lt;p&gt;This public method declared in public enum unconditionally sets enum field, thus this field can be changed by malicious code
  or by accident from another package. Though mutable enum fields may be used for lazy initialization, it's a bad practice to expose them to the outer world.
  Consider removing this method or declaring it package-private.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD' priority='INFO'>
    <name>Style - Potentially ambiguous invocation of either an inherited or outer method</name>
    <configKey>IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD</configKey>
    <description>&lt;p&gt;
An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class.
For example, you invoke &lt;code&gt;foo(17)&lt;/code&gt;, which is defined in both a superclass and in an outer method.
By the Java semantics,
it will be resolved to invoke the inherited method, but this may not be what
you intend.
&lt;/p&gt;
&lt;p&gt;If you really intend to invoke the inherited method,
invoke it by invoking the method on super (e.g., invoke super.foo(17)), and
thus it will be clear to other readers of your code and to SpotBugs
that you want to invoke the inherited method, not the method in the outer class.
&lt;/p&gt;
&lt;p&gt;If you call &lt;code&gt;this.foo(17)&lt;/code&gt;, then the inherited method will be invoked. However, since SpotBugs only looks at
classfiles, it
can't tell the difference between an invocation of &lt;code&gt;this.foo(17)&lt;/code&gt; and &lt;code&gt;foo(17)&lt;/code&gt;, it will still
complain about a potential ambiguous invocation.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NM_SAME_SIMPLE_NAME_AS_SUPERCLASS' priority='MAJOR'>
    <name>Bad practice - Class names shouldn't shadow simple name of superclass</name>
    <configKey>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS</configKey>
    <description>&lt;p&gt; This class has a simple name that is identical to that of its superclass, except
that its superclass is in a different package (e.g., &lt;code&gt;alpha.Foo&lt;/code&gt; extends &lt;code&gt;beta.Foo&lt;/code&gt;).
This can be exceptionally confusing, create lots of situations in which you have to look at import statements
to resolve references and creates many
opportunities to accidentally define methods that do not override methods in their superclasses.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_SAME_SIMPLE_NAME_AS_INTERFACE' priority='MAJOR'>
    <name>Bad practice - Class names shouldn't shadow simple name of implemented interface</name>
    <configKey>NM_SAME_SIMPLE_NAME_AS_INTERFACE</configKey>
    <description>&lt;p&gt; This class/interface has a simple name that is identical to that of an implemented/extended interface, except
that the interface is in a different package (e.g., &lt;code&gt;alpha.Foo&lt;/code&gt; extends &lt;code&gt;beta.Foo&lt;/code&gt;).
This can be exceptionally confusing, create lots of situations in which you have to look at import statements
to resolve references and creates many
opportunities to accidentally define methods that do not override methods in their superclasses.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_CLASS_NAMING_CONVENTION' priority='MAJOR'>
    <name>Bad practice - Class names should start with an upper case letter</name>
    <configKey>NM_CLASS_NAMING_CONVENTION</configKey>
    <description>&lt;p&gt; Class names should be nouns, in mixed case with the first letter of each internal word capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms and abbreviations (unless the abbreviation is much more widely used than the long form, such as URL or HTML).
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_METHOD_NAMING_CONVENTION' priority='MAJOR'>
    <name>Bad practice - Method names should start with a lower case letter</name>
    <configKey>NM_METHOD_NAMING_CONVENTION</configKey>
    <description>&lt;p&gt;
Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_FIELD_NAMING_CONVENTION' priority='MAJOR'>
    <name>Bad practice - Field names should start with a lower case letter</name>
    <configKey>NM_FIELD_NAMING_CONVENTION</configKey>
    <description>&lt;p&gt;
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_VERY_CONFUSING' priority='MAJOR'>
    <name>Correctness - Very confusing method names</name>
    <configKey>NM_VERY_CONFUSING</configKey>
    <description>&lt;p&gt; The referenced methods have names that differ only by capitalization.
This is very confusing because if the capitalization were
identical then one of the methods would override the other.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_VERY_CONFUSING_INTENTIONAL' priority='MAJOR'>
    <name>Bad practice - Very confusing method names (but perhaps intentional)</name>
    <configKey>NM_VERY_CONFUSING_INTENTIONAL</configKey>
    <description>&lt;p&gt; The referenced methods have names that differ only by capitalization.
This is very confusing because if the capitalization were
identical then one of the methods would override the other. From the existence of other methods, it
seems that the existence of both of these methods is intentional, but is sure is confusing.
You should try hard to eliminate one of them, unless you are forced to have both due to frozen APIs.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_WRONG_PACKAGE' priority='MAJOR'>
    <name>Correctness - Method doesn't override method in superclass due to wrong package for parameter</name>
    <configKey>NM_WRONG_PACKAGE</configKey>
    <description>&lt;p&gt; The method in the subclass doesn't override a similar method in a superclass because the type of a parameter doesn't exactly match
the type of the corresponding parameter in the superclass. For example, if you have:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;import alpha.Foo;

public class A {
    public int f(Foo x) { return 17; }
}
----
import beta.Foo;

public class B extends A {
    public int f(Foo x) { return 42; }
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The &lt;code&gt;f(Foo)&lt;/code&gt; method defined in class &lt;code&gt;B&lt;/code&gt; doesn't
override the
&lt;code&gt;f(Foo)&lt;/code&gt; method defined in class &lt;code&gt;A&lt;/code&gt;, because the argument
types are &lt;code&gt;Foo&lt;/code&gt;'s from different packages.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_WRONG_PACKAGE_INTENTIONAL' priority='MAJOR'>
    <name>Bad practice - Method doesn't override method in superclass due to wrong package for parameter</name>
    <configKey>NM_WRONG_PACKAGE_INTENTIONAL</configKey>
    <description>&lt;p&gt; The method in the subclass doesn't override a similar method in a superclass because the type of a parameter doesn't exactly match
the type of the corresponding parameter in the superclass. For example, if you have:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;import alpha.Foo;

public class A {
    public int f(Foo x) { return 17; }
}
----
import beta.Foo;

public class B extends A {
    public int f(Foo x) { return 42; }
    public int f(alpha.Foo x) { return 27; }
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The &lt;code&gt;f(Foo)&lt;/code&gt; method defined in class &lt;code&gt;B&lt;/code&gt; doesn't
override the
&lt;code&gt;f(Foo)&lt;/code&gt; method defined in class &lt;code&gt;A&lt;/code&gt;, because the argument
types are &lt;code&gt;Foo&lt;/code&gt;'s from different packages.
&lt;/p&gt;

&lt;p&gt;In this case, the subclass does define a method with a signature identical to the method in the superclass,
so this is presumably understood. However, such methods are exceptionally confusing. You should strongly consider
removing or deprecating the method with the similar but not identical signature.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_CONFUSING' priority='MAJOR'>
    <name>Bad practice - Confusing method names</name>
    <configKey>NM_CONFUSING</configKey>
    <description>&lt;p&gt; The referenced methods have names that differ only by capitalization.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NM_METHOD_CONSTRUCTOR_CONFUSION' priority='MAJOR'>
    <name>Correctness - Apparent method/constructor confusion</name>
    <configKey>NM_METHOD_CONSTRUCTOR_CONFUSION</configKey>
    <description>&lt;p&gt; This regular method has the same name as the class it is defined in. It is likely that this was intended to be a constructor.
      If it was intended to be a constructor, remove the declaration of a void return value.
    If you had accidentally defined this method, realized the mistake, defined a proper constructor
    but can't get rid of this method due to backwards compatibility, deprecate the method.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_LCASE_HASHCODE' priority='MAJOR'>
    <name>Correctness - Class defines hashcode(); should it be hashCode()?</name>
    <configKey>NM_LCASE_HASHCODE</configKey>
    <description>&lt;p&gt; This class defines a method called &lt;code&gt;hashcode()&lt;/code&gt;.&amp;nbsp; This method
  does not override the &lt;code&gt;hashCode()&lt;/code&gt; method in &lt;code&gt;java.lang.Object&lt;/code&gt;,
  which is probably what was intended.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_LCASE_TOSTRING' priority='MAJOR'>
    <name>Correctness - Class defines tostring(); should it be toString()?</name>
    <configKey>NM_LCASE_TOSTRING</configKey>
    <description>&lt;p&gt; This class defines a method called &lt;code&gt;tostring()&lt;/code&gt;.&amp;nbsp; This method
  does not override the &lt;code&gt;toString()&lt;/code&gt; method in &lt;code&gt;java.lang.Object&lt;/code&gt;,
  which is probably what was intended.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_BAD_EQUAL' priority='MAJOR'>
    <name>Correctness - Class defines equal(Object); should it be equals(Object)?</name>
    <configKey>NM_BAD_EQUAL</configKey>
    <description>&lt;p&gt; This class defines a method &lt;code&gt;equal(Object)&lt;/code&gt;.&amp;nbsp; This method does
not override the &lt;code&gt;equals(Object)&lt;/code&gt; method in &lt;code&gt;java.lang.Object&lt;/code&gt;,
which is probably what was intended.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NM_CLASS_NOT_EXCEPTION' priority='MAJOR'>
    <name>Bad practice - Class is not derived from an Exception, even though it is named as such</name>
    <configKey>NM_CLASS_NOT_EXCEPTION</configKey>
    <description>&lt;p&gt; This class is not derived from another exception, but ends with 'Exception'. This will
be confusing to users of this class.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='RR_NOT_CHECKED' priority='MAJOR'>
    <name>Bad practice - Method ignores results of InputStream.read()</name>
    <configKey>RR_NOT_CHECKED</configKey>
    <description>&lt;p&gt; This method ignores the return value of one of the variants of
  &lt;code&gt;java.io.InputStream.read()&lt;/code&gt; which can return multiple bytes.&amp;nbsp;
  If the return value is not checked, the caller will not be able to correctly
  handle the case where fewer bytes were read than the caller requested.&amp;nbsp;
  This is a particularly insidious kind of bug, because in many programs,
  reads from input streams usually do read the full amount of data requested,
  causing the program to fail only sporadically.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SR_NOT_CHECKED' priority='MAJOR'>
    <name>Bad practice - Method ignores results of InputStream.skip()</name>
    <configKey>SR_NOT_CHECKED</configKey>
    <description>&lt;p&gt; This method ignores the return value of
  &lt;code&gt;java.io.InputStream.skip()&lt;/code&gt; which can skip multiple bytes.&amp;nbsp;
  If the return value is not checked, the caller will not be able to correctly
  handle the case where fewer bytes were skipped than the caller requested.&amp;nbsp;
  This is a particularly insidious kind of bug, because in many programs,
  skips from input streams usually do skip the full amount of data requested,
  causing the program to fail only sporadically. With Buffered streams, however,
  skip() will only skip data in the buffer, and will routinely fail to skip the
  requested number of bytes.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_READ_RESOLVE_IS_STATIC' priority='MAJOR'>
    <name>Correctness - The readResolve method must not be declared as a static method.  </name>
    <configKey>SE_READ_RESOLVE_IS_STATIC</configKey>
    <description>&lt;p&gt; In order for the readResolve method to be recognized by the serialization
mechanism, it must not be declared as a static method.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SE_PRIVATE_READ_RESOLVE_NOT_INHERITED' priority='INFO'>
    <name>Style - Private readResolve method not inherited by subclasses</name>
    <configKey>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED</configKey>
    <description>&lt;p&gt; This class defines a private readResolve method. Since it is private, it won't be inherited by subclasses.
This might be intentional and OK, but should be reviewed to ensure it is what is intended.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SE_READ_RESOLVE_MUST_RETURN_OBJECT' priority='MAJOR'>
    <name>Bad practice - The readResolve method must be declared with a return type of Object. </name>
    <configKey>SE_READ_RESOLVE_MUST_RETURN_OBJECT</configKey>
    <description>&lt;p&gt; In order for the readResolve method to be recognized by the serialization
mechanism, it must be declared to have a return type of Object.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS' priority='INFO'>
    <name>Style - Transient field of class that isn't Serializable. </name>
    <configKey>SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS</configKey>
    <description>&lt;p&gt; The field is marked as transient, but the class isn't Serializable, so marking it as transient
has absolutely no effect.
This may be leftover marking from a previous version of the code in which the class was transient, or
it may indicate a misunderstanding of how serialization works.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SE_TRANSIENT_FIELD_NOT_RESTORED' priority='MAJOR'>
    <name>Bad practice - Transient field that isn't set by deserialization. </name>
    <configKey>SE_TRANSIENT_FIELD_NOT_RESTORED</configKey>
    <description>&lt;p&gt; This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any
deserialized instance of the class.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_METHOD_MUST_BE_PRIVATE' priority='MAJOR'>
    <name>Correctness - Method must be private in order for serialization to work</name>
    <configKey>SE_METHOD_MUST_BE_PRIVATE</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;Serializable&lt;/code&gt; interface, and defines a method
  for custom serialization/deserialization. But since that method isn't declared private,
  it will be silently ignored by the serialization/deserialization API.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION' priority='MAJOR'>
    <name>Bad practice - Class is Externalizable but doesn't define a void constructor</name>
    <configKey>SE_NO_SUITABLE_CONSTRUCTOR_FOR_EXTERNALIZATION</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;Externalizable&lt;/code&gt; interface, but does
  not define a void constructor. When Externalizable objects are deserialized,
   they first need to be constructed by invoking the void
   constructor. Since this class does not have one,
   serialization and deserialization will fail at runtime.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_NO_SUITABLE_CONSTRUCTOR' priority='MAJOR'>
    <name>Bad practice - Class is Serializable but its superclass doesn't define a void constructor</name>
    <configKey>SE_NO_SUITABLE_CONSTRUCTOR</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;Serializable&lt;/code&gt; interface
   and its superclass does not. When such an object is deserialized,
   the fields of the superclass need to be initialized by
   invoking the void constructor of the superclass.
   Since the superclass does not have one,
   serialization and deserialization will fail at runtime.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_NO_SERIALVERSIONID' priority='MAJOR'>
    <name>Bad practice - Class is Serializable, but doesn't define serialVersionUID</name>
    <configKey>SE_NO_SERIALVERSIONID</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;Serializable&lt;/code&gt; interface, but does
  not define a &lt;code&gt;serialVersionUID&lt;/code&gt; field.&amp;nbsp;
  A change as simple as adding a reference to a .class object
    will add synthetic fields to the class,
   which will unfortunately change the implicit
   serialVersionUID (e.g., adding a reference to &lt;code&gt;String.class&lt;/code&gt;
   will generate a static field &lt;code&gt;class$java$lang$String&lt;/code&gt;).
   Also, different source code to bytecode compilers may use different
   naming conventions for synthetic variables generated for
   references to class objects or inner classes.
   To ensure interoperability of Serializable across versions,
   consider adding an explicit serialVersionUID.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_COMPARATOR_SHOULD_BE_SERIALIZABLE' priority='MAJOR'>
    <name>Bad practice - Comparator doesn't implement Serializable</name>
    <configKey>SE_COMPARATOR_SHOULD_BE_SERIALIZABLE</configKey>
    <description>&lt;p&gt; This class implements the &lt;code&gt;Comparator&lt;/code&gt; interface. You
should consider whether or not it should also implement the &lt;code&gt;Serializable&lt;/code&gt;
interface. If a comparator is used to construct an ordered collection
such as a &lt;code&gt;TreeMap&lt;/code&gt;, then the &lt;code&gt;TreeMap&lt;/code&gt;
will be serializable only if the comparator is also serializable.
As most comparators have little or no state, making them serializable
is generally easy and good defensive programming.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SF_SWITCH_FALLTHROUGH' priority='INFO'>
    <name>Style - Switch statement found where one case falls through to the next case</name>
    <configKey>SF_SWITCH_FALLTHROUGH</configKey>
    <description>&lt;p&gt; This method contains a switch statement where one case branch will fall through to the next case.
  Usually you need to end this case with a break or return.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SF_SWITCH_NO_DEFAULT' priority='INFO'>
    <name>Style - Switch statement found where default case is missing</name>
    <configKey>SF_SWITCH_NO_DEFAULT</configKey>
    <description>&lt;p&gt; This method contains a switch statement where default case is missing.
  Usually you need to provide a default case.&lt;/p&gt;
  &lt;p&gt;Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if
the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other
cases.</description>
    <tag>style</tag>
  </rule>
  <rule key='SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH' priority='MAJOR'>
    <name>Correctness - Dead store due to switch statement fall through</name>
    <configKey>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH</configKey>
    <description>&lt;p&gt; A value stored in the previous switch case is overwritten here due to a switch fall through. It is likely that
    you forgot to put a break or return at the end of the previous case.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW' priority='MAJOR'>
    <name>Correctness - Dead store due to switch statement fall through to throw</name>
    <configKey>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW</configKey>
    <description>&lt;p&gt; A value stored in the previous switch case is ignored here due to a switch fall through to a place where
    an exception is thrown. It is likely that
    you forgot to put a break or return at the end of the previous case.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='WS_WRITEOBJECT_SYNC' priority='MAJOR'>
    <name>Multi-threading - Class's writeObject() method is synchronized but nothing else is</name>
    <configKey>WS_WRITEOBJECT_SYNC</configKey>
    <description>&lt;p&gt; This class has a &lt;code&gt;writeObject()&lt;/code&gt; method which is synchronized;
  however, no other method of the class is synchronized.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RS_READOBJECT_SYNC' priority='MAJOR'>
    <name>Multi-threading - Class's readObject() method is synchronized</name>
    <configKey>RS_READOBJECT_SYNC</configKey>
    <description>&lt;p&gt; This serializable class defines a &lt;code&gt;readObject()&lt;/code&gt; which is
  synchronized.&amp;nbsp; By definition, an object created by deserialization
  is only reachable by one thread, and thus there is no need for
  &lt;code&gt;readObject()&lt;/code&gt; to be synchronized.&amp;nbsp; If the &lt;code&gt;readObject()&lt;/code&gt;
  method itself is causing the object to become visible to another thread,
  that is an example of very dubious coding style.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SE_NONSTATIC_SERIALVERSIONID' priority='MAJOR'>
    <name>Bad practice - serialVersionUID isn't static</name>
    <configKey>SE_NONSTATIC_SERIALVERSIONID</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;serialVersionUID&lt;/code&gt; field that is not static.&amp;nbsp;
  The field should be made static
   if it is intended to specify
   the version UID for purposes of serialization.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_NONFINAL_SERIALVERSIONID' priority='MAJOR'>
    <name>Bad practice - serialVersionUID isn't final</name>
    <configKey>SE_NONFINAL_SERIALVERSIONID</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;serialVersionUID&lt;/code&gt; field that is not final.&amp;nbsp;
  The field should be made final
   if it is intended to specify
   the version UID for purposes of serialization.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_NONLONG_SERIALVERSIONID' priority='MAJOR'>
    <name>Bad practice - serialVersionUID isn't long</name>
    <configKey>SE_NONLONG_SERIALVERSIONID</configKey>
    <description>&lt;p&gt; This class defines a &lt;code&gt;serialVersionUID&lt;/code&gt; field that is not long.&amp;nbsp;
  The field should be made long
   if it is intended to specify
   the version UID for purposes of serialization.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_BAD_FIELD' priority='MAJOR'>
    <name>Bad practice - Non-transient non-serializable instance field in serializable class</name>
    <configKey>SE_BAD_FIELD</configKey>
    <description>&lt;p&gt; This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or &lt;code&gt;java.lang.Object&lt;/code&gt;, and does not appear to implement
the &lt;code&gt;Externalizable&lt;/code&gt; interface or the
&lt;code&gt;readObject()&lt;/code&gt; and &lt;code&gt;writeObject()&lt;/code&gt; methods.&amp;nbsp;
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_BAD_FIELD_INNER_CLASS' priority='MAJOR'>
    <name>Bad practice - Non-serializable class has a serializable inner class</name>
    <configKey>SE_BAD_FIELD_INNER_CLASS</configKey>
    <description>&lt;p&gt; This Serializable class is an inner class of a non-serializable class.
Thus, attempts to serialize it will also attempt to associate instance of the outer
class with which it is associated, leading to a runtime error.
&lt;/p&gt;
&lt;p&gt;If possible, making the inner class a static inner class should solve the
problem. Making the outer class serializable might also work, but that would
mean serializing an instance of the inner class would always also serialize the instance
of the outer class, which it often not what you really want.</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_INNER_CLASS' priority='MAJOR'>
    <name>Bad practice - Serializable inner class</name>
    <configKey>SE_INNER_CLASS</configKey>
    <description>&lt;p&gt; This Serializable class is an inner class.  Any attempt to serialize
it will also serialize the associated outer instance. The outer instance is serializable,
so this won't fail, but it might serialize a lot more data than intended.
If possible, making the inner class a static inner class (also known as a nested class) should solve the
problem.</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SE_BAD_FIELD_STORE' priority='MAJOR'>
    <name>Bad practice - Non-serializable value stored into instance field of a serializable class</name>
    <configKey>SE_BAD_FIELD_STORE</configKey>
    <description>&lt;p&gt; A non-serializable value is stored into a non-transient field
of a serializable class.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SC_START_IN_CTOR' priority='MAJOR'>
    <name>Multi-threading - Constructor invokes Thread.start()</name>
    <configKey>SC_START_IN_CTOR</configKey>
    <description>&lt;p&gt; The constructor starts a thread. This is likely to be wrong if
   the class is ever extended/subclassed, since the thread will be started
   before the subclass constructor is started.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SS_SHOULD_BE_STATIC' priority='MAJOR'>
    <name>Performance - Unread field: should this field be static?</name>
    <configKey>SS_SHOULD_BE_STATIC</configKey>
    <description>&lt;p&gt; This class contains an instance final field that
   is initialized to a compile-time static value.
   Consider making the field static.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UUF_UNUSED_FIELD' priority='MAJOR'>
    <name>Performance - Unused field</name>
    <configKey>UUF_UNUSED_FIELD</configKey>
    <description>&lt;p&gt; This field is never used.&amp;nbsp; Consider removing it from the class.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='URF_UNREAD_FIELD' priority='MAJOR'>
    <name>Performance - Unread field</name>
    <configKey>URF_UNREAD_FIELD</configKey>
    <description>&lt;p&gt; This field is never read.&amp;nbsp; Consider removing it from the class.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD' priority='INFO'>
    <name>Style - Unused public or protected field</name>
    <configKey>UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD</configKey>
    <description>&lt;p&gt; This field is never used.&amp;nbsp;
The field is public or protected, so perhaps
    it is intended to be used with classes not seen as part of the analysis. If not,
consider removing it from the class.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD' priority='INFO'>
    <name>Style - Unread public/protected field</name>
    <configKey>URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD</configKey>
    <description>&lt;p&gt; This field is never read.&amp;nbsp;
The field is public or protected, so perhaps
    it is intended to be used with classes not seen as part of the analysis. If not,
consider removing it from the class.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='QF_QUESTIONABLE_FOR_LOOP' priority='INFO'>
    <name>Style - Complicated, subtle or wrong increment in for-loop </name>
    <configKey>QF_QUESTIONABLE_FOR_LOOP</configKey>
    <description>&lt;p&gt;Are you sure this for loop is incrementing the correct variable?
   It appears that another variable is being initialized and checked
   by the for loop.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UWF_NULL_FIELD' priority='MAJOR'>
    <name>Correctness - Field only ever set to null</name>
    <configKey>UWF_NULL_FIELD</configKey>
    <description>&lt;p&gt; All writes to this field are of the constant value null, and thus
all reads of the field will return null.
Check for errors, or remove it if it is useless.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD' priority='INFO'>
    <name>Style - Unwritten public or protected field</name>
    <configKey>UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</configKey>
    <description>&lt;p&gt; No writes were seen to this public/protected field.&amp;nbsp; All reads of it will return the default
value. Check for errors (should it have been initialized?), or remove it if it is useless.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UWF_UNWRITTEN_FIELD' priority='MAJOR'>
    <name>Correctness - Unwritten field</name>
    <configKey>UWF_UNWRITTEN_FIELD</configKey>
    <description>&lt;p&gt; This field is never written.&amp;nbsp; All reads of it will return the default
value. Check for errors (should it have been initialized?), or remove it if it is useless.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD' priority='INFO'>
    <name>Style - Write to static field from instance method</name>
    <configKey>ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD</configKey>
    <description>&lt;p&gt; This instance method writes to a static field. This is tricky to get
correct if multiple instances are being manipulated,
and generally bad practice.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_LOAD_OF_KNOWN_NULL_VALUE' priority='INFO'>
    <name>Style - Load of known null value</name>
    <configKey>NP_LOAD_OF_KNOWN_NULL_VALUE</configKey>
    <description>&lt;p&gt; The variable referenced at this point is known to be null due to an earlier
   check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see if the
variable is null should have been a check to see if it was non-null).
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_DEREFERENCE_OF_READLINE_VALUE' priority='INFO'>
    <name>Style - Dereference of the result of readLine() without nullcheck</name>
    <configKey>NP_DEREFERENCE_OF_READLINE_VALUE</configKey>
    <description>&lt;p&gt; The result of invoking readLine() is dereferenced without checking to see if the result is null. If there are no more lines of text
to read, readLine() will return null and dereferencing that will generate a null pointer exception.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_IMMEDIATE_DEREFERENCE_OF_READLINE' priority='INFO'>
    <name>Style - Immediate dereference of the result of readLine()</name>
    <configKey>NP_IMMEDIATE_DEREFERENCE_OF_READLINE</configKey>
    <description>&lt;p&gt; The result of invoking readLine() is immediately dereferenced. If there are no more lines of text
to read, readLine() will return null and dereferencing that will generate a null pointer exception.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_UNWRITTEN_FIELD' priority='MAJOR'>
    <name>Correctness - Read of unwritten field</name>
    <configKey>NP_UNWRITTEN_FIELD</configKey>
    <description>&lt;p&gt; The program is dereferencing a field that does not seem to ever have a non-null value written to it.
Unless the field is initialized via some mechanism not seen by the analysis,
dereferencing this value will generate a null pointer exception.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD' priority='INFO'>
    <name>Style - Read of unwritten public or protected field</name>
    <configKey>NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD</configKey>
    <description>&lt;p&gt; The program is dereferencing a public or protected
field that does not seem to ever have a non-null value written to it.
Unless the field is initialized via some mechanism not seen by the analysis,
dereferencing this value will generate a null pointer exception.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SIC_THREADLOCAL_DEADLY_EMBRACE' priority='MAJOR'>
    <name>Correctness - Deadly embrace of non-static inner class and thread local</name>
    <configKey>SIC_THREADLOCAL_DEADLY_EMBRACE</configKey>
    <description>&lt;p&gt; This class is an inner class, but should probably be a static inner class.
  As it is, there is a serious danger of a deadly embrace between the inner class
  and the thread local in the outer class. Because the inner class isn't static,
  it retains a reference to the outer class.
  If the thread local contains a reference to an instance of the inner
  class, the inner and outer instance will both be reachable
  and not eligible for garbage collection.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SIC_INNER_SHOULD_BE_STATIC' priority='MAJOR'>
    <name>Performance - Should be a static inner class</name>
    <configKey>SIC_INNER_SHOULD_BE_STATIC</configKey>
    <description>&lt;p&gt; This class is an inner class, but does not use its embedded reference
  to the object which created it.&amp;nbsp; This reference makes the instances
  of the class larger, and may keep the reference to the creator object
  alive longer than necessary.&amp;nbsp; If possible, the class should be
   made static.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR' priority='INFO'>
    <name>Style - Field not initialized in constructor but dereferenced without null check</name>
    <configKey>UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</configKey>
    <description>&lt;p&gt; This field is never initialized within any constructor, and is therefore could be null after
the object is constructed. Elsewhere, it is loaded and dereferenced without a null check.
This could be a either an error or a questionable design, since
it means a null pointer exception will be generated if that field is dereferenced
before being initialized.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SIC_INNER_SHOULD_BE_STATIC_ANON' priority='MAJOR'>
    <name>Performance - Could be refactored into a named static inner class</name>
    <configKey>SIC_INNER_SHOULD_BE_STATIC_ANON</configKey>
    <description>&lt;p&gt; This class is an inner class, but does not use its embedded reference
  to the object which created it.&amp;nbsp; This reference makes the instances
  of the class larger, and may keep the reference to the creator object
  alive longer than necessary.&amp;nbsp; If possible, the class should be
  made into a &lt;em&gt;static&lt;/em&gt; inner class. Since anonymous inner
classes cannot be marked as static, doing this will require refactoring
the inner class so that it is a named inner class.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SIC_INNER_SHOULD_BE_STATIC_NEEDS_THIS' priority='MAJOR'>
    <name>Performance - Could be refactored into a static inner class</name>
    <configKey>SIC_INNER_SHOULD_BE_STATIC_NEEDS_THIS</configKey>
    <description>&lt;p&gt; This class is an inner class, but does not use its embedded reference
  to the object which created it except during construction of the
inner object.&amp;nbsp; This reference makes the instances
  of the class larger, and may keep the reference to the creator object
  alive longer than necessary.&amp;nbsp; If possible, the class should be
  made into a &lt;em&gt;static&lt;/em&gt; inner class. Since the reference to the
   outer object is required during construction of the inner instance,
   the inner class will need to be refactored so as to
   pass a reference to the outer instance to the constructor
   for the inner class.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='WA_NOT_IN_LOOP' priority='MAJOR'>
    <name>Multi-threading - Wait not in loop </name>
    <configKey>WA_NOT_IN_LOOP</configKey>
    <description>&lt;p&gt; This method contains a call to &lt;code&gt;java.lang.Object.wait()&lt;/code&gt;
  which is not in a loop.&amp;nbsp; If the monitor is used for multiple conditions,
  the condition the caller intended to wait for might not be the one
  that actually occurred.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='WA_AWAIT_NOT_IN_LOOP' priority='MAJOR'>
    <name>Multi-threading - Condition.await() not in loop </name>
    <configKey>WA_AWAIT_NOT_IN_LOOP</configKey>
    <description>&lt;p&gt; This method contains a call to &lt;code&gt;java.util.concurrent.await()&lt;/code&gt;
   (or variants)
  which is not in a loop.&amp;nbsp; If the object is used for multiple conditions,
  the condition the caller intended to wait for might not be the one
  that actually occurred.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NO_NOTIFY_NOT_NOTIFYALL' priority='MAJOR'>
    <name>Multi-threading - Using notify() rather than notifyAll()</name>
    <configKey>NO_NOTIFY_NOT_NOTIFYALL</configKey>
    <description>&lt;p&gt; This method calls &lt;code&gt;notify()&lt;/code&gt; rather than &lt;code&gt;notifyAll()&lt;/code&gt;.&amp;nbsp;
  Java monitors are often used for multiple conditions.&amp;nbsp; Calling &lt;code&gt;notify()&lt;/code&gt;
  only wakes up one thread, meaning that the thread woken up might not be the
  one waiting for the condition that the caller just satisfied.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UC_USELESS_VOID_METHOD' priority='INFO'>
    <name>Style - Useless non-empty void method</name>
    <configKey>UC_USELESS_VOID_METHOD</configKey>
    <description>&lt;p&gt;Our analysis shows that this non-empty void method does not actually perform any useful work.
Please check it: probably there's a mistake in its code or its body can be fully removed.
&lt;/p&gt;
&lt;p&gt;We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.
Common false-positive cases include:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;The method is intended to trigger loading of some class which may have a side effect.&lt;/li&gt;
&lt;li&gt;The method is intended to implicitly throw some obscure exception.&lt;/li&gt;
&lt;/ul&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UC_USELESS_CONDITION' priority='INFO'>
    <name>Style - Condition has no effect</name>
    <configKey>UC_USELESS_CONDITION</configKey>
    <description>&lt;p&gt;This condition always produces the same result as the value of the involved variable that was narrowed before.
Probably something else was meant or the condition can be removed.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UC_USELESS_CONDITION_TYPE' priority='INFO'>
    <name>Style - Condition has no effect due to the variable type</name>
    <configKey>UC_USELESS_CONDITION_TYPE</configKey>
    <description>&lt;p&gt;This condition always produces the same result due to the type range of the involved variable.
Probably something else was meant or the condition can be removed.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UC_USELESS_OBJECT' priority='INFO'>
    <name>Style - Useless object created</name>
    <configKey>UC_USELESS_OBJECT</configKey>
    <description>&lt;p&gt;Our analysis shows that this object is useless.
It's created and modified, but its value never go outside of the method or produce any side-effect.
Either there is a mistake and object was intended to be used or it can be removed.&lt;/p&gt;
&lt;p&gt;This analysis rarely produces false-positives. Common false-positive cases include:&lt;/p&gt;
&lt;p&gt;- This object used to implicitly throw some obscure exception.&lt;/p&gt;
&lt;p&gt;- This object used as a stub to generalize the code.&lt;/p&gt;
&lt;p&gt;- This object used to hold strong references to weak/soft-referenced objects.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UC_USELESS_OBJECT_STACK' priority='INFO'>
    <name>Style - Useless object created on stack</name>
    <configKey>UC_USELESS_OBJECT_STACK</configKey>
    <description>&lt;p&gt;This object is created just to perform some modifications which don't have any side-effect.
Probably something else was meant or the object can be removed.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RANGE_ARRAY_INDEX' priority='CRITICAL'>
    <name>Correctness - Array index is out of bounds</name>
    <configKey>RANGE_ARRAY_INDEX</configKey>
    <description>&lt;p&gt; Array operation is performed, but array index is out of bounds, which will result in ArrayIndexOutOfBoundsException at runtime.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RANGE_ARRAY_OFFSET' priority='CRITICAL'>
    <name>Correctness - Array offset is out of bounds</name>
    <configKey>RANGE_ARRAY_OFFSET</configKey>
    <description>&lt;p&gt; Method is called with array parameter and offset parameter, but the offset is out of bounds. This will result in IndexOutOfBoundsException at runtime. &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RANGE_ARRAY_LENGTH' priority='CRITICAL'>
    <name>Correctness - Array length is out of bounds</name>
    <configKey>RANGE_ARRAY_LENGTH</configKey>
    <description>&lt;p&gt; Method is called with array parameter and length parameter, but the length is out of bounds. This will result in IndexOutOfBoundsException at runtime. &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RANGE_STRING_INDEX' priority='CRITICAL'>
    <name>Correctness - String index is out of bounds</name>
    <configKey>RANGE_STRING_INDEX</configKey>
    <description>&lt;p&gt; String method is called and specified string index is out of bounds. This will result in StringIndexOutOfBoundsException at runtime. &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_CHECK_FOR_POSITIVE_INDEXOF' priority='INFO'>
    <name>Style - Method checks to see if result of String.indexOf is positive</name>
    <configKey>RV_CHECK_FOR_POSITIVE_INDEXOF</configKey>
    <description>&lt;p&gt; The method invokes String.indexOf and checks to see if the result is positive or non-positive.
   It is much more typical to check to see if the result is negative or non-negative. It is
   positive only if the substring checked for occurs at some place other than at the beginning of
   the String.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RV_DONT_JUST_NULL_CHECK_READLINE' priority='INFO'>
    <name>Style - Method discards result of readLine after checking if it is non-null</name>
    <configKey>RV_DONT_JUST_NULL_CHECK_READLINE</configKey>
    <description>&lt;p&gt; The value returned by readLine is discarded after checking to see if the return
value is non-null. In almost all situations, if the result is non-null, you will want
to use that non-null value. Calling readLine again will give you a different line.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RV_RETURN_VALUE_IGNORED_INFERRED' priority='INFO'>
    <name>Style - Method ignores return value, is this OK?</name>
    <configKey>RV_RETURN_VALUE_IGNORED_INFERRED</configKey>
    <description>&lt;p&gt;This code calls a method and ignores the return value. The return value
is the same type as the type the method is invoked on, and from our analysis it looks
like the return value might be important (e.g., like ignoring the
return value of &lt;code&gt;String.toLowerCase()&lt;/code&gt;).
&lt;/p&gt;
&lt;p&gt;We are guessing that ignoring the return value might be a bad idea just from
a simple analysis of the body of the method. You can use a @CheckReturnValue annotation
to instruct SpotBugs as to whether ignoring the return value of this method
is important or acceptable.
&lt;/p&gt;
&lt;p&gt;Please investigate this closely to decide whether it is OK to ignore the return value.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT' priority='INFO'>
    <name>Style - Return value of method without side effect is ignored</name>
    <configKey>RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT</configKey>
    <description>&lt;p&gt;This code calls a method and ignores the return value. However our analysis shows that
the method (including its implementations in subclasses if any) does not produce any effect
other than return value. Thus this call can be removed.
&lt;/p&gt;
&lt;p&gt;We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.
Common false-positive cases include:&lt;/p&gt;
&lt;p&gt;- The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis.&lt;/p&gt;
&lt;p&gt;- The method is called to trigger the class loading which may have a side effect.&lt;/p&gt;
&lt;p&gt;- The method is called just to get some exception.&lt;/p&gt;
&lt;p&gt;If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation
to instruct SpotBugs that ignoring the return value of this method is acceptable.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RV_RETURN_VALUE_IGNORED' priority='MAJOR'>
    <name>Correctness - Method ignores return value</name>
    <configKey>RV_RETURN_VALUE_IGNORED</configKey>
    <description>&lt;p&gt; The return value of this method should be checked. One common
cause of this warning is to invoke a method on an immutable object,
thinking that it updates the object. For example, in the following code
fragment,&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;String dateString = getHeaderField(name);
dateString.trim();
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;the programmer seems to be thinking that the trim() method will update
the String referenced by dateString. But since Strings are immutable, the trim()
function returns a new String value, which is being ignored here. The code
should be corrected to: &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;String dateString = getHeaderField(name);
dateString = dateString.trim();
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_RETURN_VALUE_IGNORED_BAD_PRACTICE' priority='MAJOR'>
    <name>Bad practice - Method ignores exceptional return value</name>
    <configKey>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE</configKey>
    <description>&lt;p&gt; This method returns a value that is not checked. The return value should be checked
since it can indicate an unusual or unexpected function execution. For
example, the &lt;code&gt;File.delete()&lt;/code&gt; method returns false
if the file could not be successfully deleted (rather than
throwing an Exception).
If you don't check the result, you won't notice if the method invocation
signals unexpected behavior by returning an atypical return value.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE' priority='MAJOR'>
    <name>Correctness - Code checks for specific values returned by compareTo</name>
    <configKey>RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE</configKey>
    <description>&lt;p&gt; This code invoked a compareTo or compare method, and checks to see if the return value is a specific value,
such as 1 or -1. When invoking these methods, you should only check the sign of the result, not for any specific
non-zero value. While many or most compareTo and compare methods only return -1, 0 or 1, some of them
will return other values.</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_EXCEPTION_NOT_THROWN' priority='MAJOR'>
    <name>Correctness - Exception created and dropped rather than thrown</name>
    <configKey>RV_EXCEPTION_NOT_THROWN</configKey>
    <description>&lt;p&gt; This code creates an exception (or error) object, but doesn't do anything with it. For example,
something like &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;if (x &amp;lt; 0) {
    new IllegalArgumentException("x must be nonnegative");
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;It was probably the intent of the programmer to throw the created exception:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;if (x &amp;lt; 0) {
    throw new IllegalArgumentException("x must be nonnegative");
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_ALWAYS_NULL' priority='MAJOR'>
    <name>Correctness - Null pointer dereference</name>
    <configKey>NP_ALWAYS_NULL</configKey>
    <description>&lt;p&gt; A null pointer is dereferenced here.&amp;nbsp; This will lead to a
&lt;code&gt;NullPointerException&lt;/code&gt; when the code is executed.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_CLOSING_NULL' priority='MAJOR'>
    <name>Correctness - close() invoked on a value that is always null</name>
    <configKey>NP_CLOSING_NULL</configKey>
    <description>&lt;p&gt; close() is being invoked on a value that is always null. If this statement is executed,
a null pointer exception will occur. But the big risk here you never close
something that should be closed.</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_STORE_INTO_NONNULL_FIELD' priority='MAJOR'>
    <name>Correctness - Store of null value into field annotated @Nonnull</name>
    <configKey>NP_STORE_INTO_NONNULL_FIELD</configKey>
    <description>&lt;p&gt; A value that could be null is stored into a field that has been annotated as @Nonnull. &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_ALWAYS_NULL_EXCEPTION' priority='MAJOR'>
    <name>Correctness - Null pointer dereference in method on exception path</name>
    <configKey>NP_ALWAYS_NULL_EXCEPTION</configKey>
    <description>&lt;p&gt; A pointer which is null on an exception path is dereferenced here.&amp;nbsp;
This will lead to a &lt;code&gt;NullPointerException&lt;/code&gt; when the code is executed.&amp;nbsp;
Note that because SpotBugs currently does not prune infeasible exception paths,
this may be a false warning.&lt;/p&gt;

&lt;p&gt; Also note that SpotBugs considers the default case of a switch statement to
be an exception path, since the default case is often infeasible.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE' priority='INFO'>
    <name>Style - Parameter must be non-null but is marked as nullable</name>
    <configKey>NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</configKey>
    <description>&lt;p&gt; This parameter is always used in a way that requires it to be non-null,
but the parameter is explicitly annotated as being Nullable. Either the use
of the parameter or the annotation is wrong.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_NULL_ON_SOME_PATH' priority='MAJOR'>
    <name>Correctness - Possible null pointer dereference</name>
    <configKey>NP_NULL_ON_SOME_PATH</configKey>
    <description>&lt;p&gt; There is a branch of statement that, &lt;em&gt;if executed,&lt;/em&gt;  guarantees that
a null value will be dereferenced, which
would generate a &lt;code&gt;NullPointerException&lt;/code&gt; when the code is executed.
Of course, the problem might be that the branch or statement is infeasible and that
the null pointer exception can't ever be executed; deciding that is beyond the ability of SpotBugs.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE' priority='INFO'>
    <name>Style - Possible null pointer dereference on branch that might be infeasible</name>
    <configKey>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE</configKey>
    <description>&lt;p&gt; There is a branch of statement that, &lt;em&gt;if executed,&lt;/em&gt;  guarantees that
a null value will be dereferenced, which
would generate a &lt;code&gt;NullPointerException&lt;/code&gt; when the code is executed.
Of course, the problem might be that the branch or statement is infeasible and that
the null pointer exception can't ever be executed; deciding that is beyond the ability of SpotBugs.
Due to the fact that this value had been previously tested for nullness,
this is a definite possibility.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_NULL_ON_SOME_PATH_EXCEPTION' priority='MAJOR'>
    <name>Correctness - Possible null pointer dereference in method on exception path</name>
    <configKey>NP_NULL_ON_SOME_PATH_EXCEPTION</configKey>
    <description>&lt;p&gt; A reference value which is null on some exception control path is
dereferenced here.&amp;nbsp; This may lead to a &lt;code&gt;NullPointerException&lt;/code&gt;
when the code is executed.&amp;nbsp;
Note that because SpotBugs currently does not prune infeasible exception paths,
this may be a false warning.&lt;/p&gt;

&lt;p&gt; Also note that SpotBugs considers the default case of a switch statement to
be an exception path, since the default case is often infeasible.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE' priority='INFO'>
    <name>Style - Possible null pointer dereference due to return value of called method</name>
    <configKey>NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</configKey>
    <description>&lt;p&gt; The return value from a method is dereferenced without a null check,
and the return value of that method is one that should generally be checked
for null.  This may lead to a &lt;code&gt;NullPointerException&lt;/code&gt; when the code is executed.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_NULL_PARAM_DEREF_NONVIRTUAL' priority='MAJOR'>
    <name>Correctness - Non-virtual method call passes null for non-null parameter</name>
    <configKey>NP_NULL_PARAM_DEREF_NONVIRTUAL</configKey>
    <description>&lt;p&gt;
      A possibly-null value is passed to a non-null method parameter.
    Either the parameter is annotated as a parameter that should
    always be non-null, or analysis has shown that it will always be
    dereferenced.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS' priority='MAJOR'>
    <name>Correctness - Method call passes null for non-null parameter</name>
    <configKey>NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</configKey>
    <description>&lt;p&gt;
      A possibly-null value is passed at a call site where all known
      target methods require the parameter to be non-null.
    Either the parameter is annotated as a parameter that should
    always be non-null, or analysis has shown that it will always be
    dereferenced.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NULL_PARAM_DEREF' priority='MAJOR'>
    <name>Correctness - Method call passes null for non-null parameter</name>
    <configKey>NP_NULL_PARAM_DEREF</configKey>
    <description>&lt;p&gt;
      This method call passes a null value for a non-null method parameter.
    Either the parameter is annotated as a parameter that should
    always be non-null, or analysis has shown that it will always be
    dereferenced.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NONNULL_PARAM_VIOLATION' priority='MAJOR'>
    <name>Correctness - Method call passes null to a non-null parameter </name>
    <configKey>NP_NONNULL_PARAM_VIOLATION</configKey>
    <description>&lt;p&gt;
      This method passes a null value as the parameter of a method which
    must be non-null. Either this parameter has been explicitly marked
    as @Nonnull, or analysis has determined that this parameter is
    always dereferenced.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NONNULL_RETURN_VIOLATION' priority='MAJOR'>
    <name>Correctness - Method may return null, but is declared @Nonnull</name>
    <configKey>NP_NONNULL_RETURN_VIOLATION</configKey>
    <description>&lt;p&gt;
      This method may return a null value, but the method (or a superclass method
      which it overrides) is declared to return @Nonnull.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_CLONE_COULD_RETURN_NULL' priority='MAJOR'>
    <name>Bad practice - Clone method may return null</name>
    <configKey>NP_CLONE_COULD_RETURN_NULL</configKey>
    <description>&lt;p&gt;
    This clone method seems to return null in some circumstances, but clone is never
    allowed to return a null value.  If you are convinced this path is unreachable, throw an AssertionError
    instead.
      &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NP_TOSTRING_COULD_RETURN_NULL' priority='MAJOR'>
    <name>Bad practice - toString method may return null</name>
    <configKey>NP_TOSTRING_COULD_RETURN_NULL</configKey>
    <description>&lt;p&gt;
    This toString method seems to return null in some circumstances. A liberal reading of the
    spec could be interpreted as allowing this, but it is probably a bad idea and could cause
    other code to break. Return the empty string or some other appropriate string rather than null.
      &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='NP_GUARANTEED_DEREF' priority='MAJOR'>
    <name>Correctness - Null value is guaranteed to be dereferenced</name>
    <configKey>NP_GUARANTEED_DEREF</configKey>
    <description>&lt;p&gt;
              There is a statement or branch that if executed guarantees that
              a value is null at this point, and that
              value that is guaranteed to be dereferenced
              (except on forward paths involving runtime exceptions).
              &lt;/p&gt;
        &lt;p&gt;Note that a check such as
            &lt;code&gt;if (x == null) throw new NullPointerException();&lt;/code&gt;
            is treated as a dereference of &lt;code&gt;x&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH' priority='MAJOR'>
    <name>Correctness - Value is null and guaranteed to be dereferenced on exception path</name>
    <configKey>NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH</configKey>
    <description>&lt;p&gt;
              There is a statement or branch on an exception path
                that if executed guarantees that
              a value is null at this point, and that
              value that is guaranteed to be dereferenced
              (except on forward paths involving runtime exceptions).
              &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SI_INSTANCE_BEFORE_FINALS_ASSIGNED' priority='MAJOR'>
    <name>Bad practice - Static initializer creates instance before all static final fields assigned</name>
    <configKey>SI_INSTANCE_BEFORE_FINALS_ASSIGNED</configKey>
    <description>&lt;p&gt; The class's static initializer creates an instance of the class
before all of the static final fields are assigned.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='OS_OPEN_STREAM' priority='MAJOR'>
    <name>Bad practice - Method may fail to close stream</name>
    <configKey>OS_OPEN_STREAM</configKey>
    <description>&lt;p&gt; The method creates an IO stream object, does not assign it to any
fields, pass it to other methods that might close it,
or return it, and does not appear to close
the stream on all paths out of the method.&amp;nbsp; This may result in
a file descriptor leak.&amp;nbsp; It is generally a good
idea to use a &lt;code&gt;finally&lt;/code&gt; block to ensure that streams are
closed.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='OS_OPEN_STREAM_EXCEPTION_PATH' priority='MAJOR'>
    <name>Bad practice - Method may fail to close stream on exception</name>
    <configKey>OS_OPEN_STREAM_EXCEPTION_PATH</configKey>
    <description>&lt;p&gt; The method creates an IO stream object, does not assign it to any
fields, pass it to other methods, or return it, and does not appear to close
it on all possible exception paths out of the method.&amp;nbsp;
This may result in a file descriptor leak.&amp;nbsp; It is generally a good
idea to use a &lt;code&gt;finally&lt;/code&gt; block to ensure that streams are
closed.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='PZLA_PREFER_ZERO_LENGTH_ARRAYS' priority='INFO'>
    <name>Style - Consider returning a zero length array rather than null</name>
    <configKey>PZLA_PREFER_ZERO_LENGTH_ARRAYS</configKey>
    <description>&lt;p&gt; It is often a better design to
return a length zero array rather than a null reference to indicate that there
are no results (i.e., an empty list of results).
This way, no explicit check for null is needed by clients of the method.&lt;/p&gt;

&lt;p&gt;On the other hand, using null to indicate
"there is no answer to this question" is probably appropriate.
For example, &lt;code&gt;File.listFiles()&lt;/code&gt; returns an empty list
if given a directory containing no files, and returns null if the file
is not a directory.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UCF_USELESS_CONTROL_FLOW' priority='INFO'>
    <name>Style - Useless control flow</name>
    <configKey>UCF_USELESS_CONTROL_FLOW</configKey>
    <description>&lt;p&gt; This method contains a useless control flow statement, where
control flow continues onto the same place regardless of whether or not
the branch is taken. For example,
this is caused by having an empty statement
block for an &lt;code&gt;if&lt;/code&gt; statement:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;if (argv.length == 0) {
    // TODO: handle this case
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UCF_USELESS_CONTROL_FLOW_NEXT_LINE' priority='INFO'>
    <name>Style - Useless control flow to next line</name>
    <configKey>UCF_USELESS_CONTROL_FLOW_NEXT_LINE</configKey>
    <description>&lt;p&gt; This method contains a useless control flow statement in which control
flow follows to the same or following line regardless of whether or not
the branch is taken.
Often, this is caused by inadvertently using an empty statement as the
body of an &lt;code&gt;if&lt;/code&gt; statement, e.g.:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;if (argv.length == 1);
    System.out.println("Hello, " + argv[0]);
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE' priority='MAJOR'>
    <name>Correctness - Nullcheck of value previously dereferenced</name>
    <configKey>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</configKey>
    <description>&lt;p&gt; A value is checked here to see whether it is null, but this value can't
be null because it was previously dereferenced and if it were null a null pointer
exception would have occurred at the earlier dereference.
Essentially, this code and the previous dereference
disagree as to whether this value is allowed to be null. Either the check is redundant
or the previous dereference is erroneous.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE' priority='INFO'>
    <name>Style - Redundant nullcheck of value known to be null</name>
    <configKey>RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</configKey>
    <description>&lt;p&gt; This method contains a redundant check of a known null value against
the constant null.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE' priority='INFO'>
    <name>Style - Redundant nullcheck of value known to be non-null</name>
    <configKey>RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE</configKey>
    <description>&lt;p&gt; This method contains a redundant check of a known non-null value against
the constant null.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES' priority='INFO'>
    <name>Style - Redundant comparison of two null values</name>
    <configKey>RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES</configKey>
    <description>&lt;p&gt; This method contains a redundant comparison of two references known to
both be definitely null.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE' priority='INFO'>
    <name>Style - Redundant comparison of non-null value to null</name>
    <configKey>RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE</configKey>
    <description>&lt;p&gt; This method contains a reference known to be non-null with another reference
known to be null.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RCN_REDUNDANT_CHECKED_NULL_COMPARISON' priority='INFO'>
    <name>Experimental - Redundant comparison to null of previously checked value</name>
    <configKey>RCN_REDUNDANT_CHECKED_NULL_COMPARISON</configKey>
    <description>&lt;p&gt; This method contains a redundant comparison of a reference value
to null. Two types of redundant comparison are reported:
&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt; Both values compared are definitely null&lt;/li&gt;
&lt;li&gt; One value is definitely null and the other is definitely not null&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt; This particular warning generally indicates that a
value known not to be null was checked against null.
While the check is not necessary, it may simply be a case
of defensive programming.&lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='UL_UNRELEASED_LOCK' priority='MAJOR'>
    <name>Multi-threading - Method does not release lock on all paths</name>
    <configKey>UL_UNRELEASED_LOCK</configKey>
    <description>&lt;p&gt; This method acquires a JSR-166 (&lt;code&gt;java.util.concurrent&lt;/code&gt;) lock,
but does not release it on all paths out of the method.  In general, the correct idiom
for using a JSR-166 lock is:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;Lock l = ...;
l.lock();
try {
    // do something
} finally {
    l.unlock();
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UL_UNRELEASED_LOCK_EXCEPTION_PATH' priority='MAJOR'>
    <name>Multi-threading - Method does not release lock on all exception paths</name>
    <configKey>UL_UNRELEASED_LOCK_EXCEPTION_PATH</configKey>
    <description>&lt;p&gt; This method acquires a JSR-166 (&lt;code&gt;java.util.concurrent&lt;/code&gt;) lock,
but does not release it on all exception paths out of the method.  In general, the correct idiom
for using a JSR-166 lock is:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;Lock l = ...;
l.lock();
try {
    // do something
} finally {
    l.unlock();
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RC_REF_COMPARISON' priority='MAJOR'>
    <name>Correctness - Suspicious reference comparison</name>
    <configKey>RC_REF_COMPARISON</configKey>
    <description>&lt;p&gt; This method compares two reference values using the == or != operator,
where the correct way to compare instances of this type is generally
with the equals() method.
It is possible to create distinct instances that are equal but do not compare as == since
they are different objects.
Examples of classes which should generally
not be compared by reference are java.lang.Integer, java.lang.Float, etc.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RC_REF_COMPARISON_BAD_PRACTICE' priority='MAJOR'>
    <name>Bad practice - Suspicious reference comparison to constant</name>
    <configKey>RC_REF_COMPARISON_BAD_PRACTICE</configKey>
    <description>&lt;p&gt; This method compares a reference value to a constant using the == or != operator,
where the correct way to compare instances of this type is generally
with the equals() method.
It is possible to create distinct instances that are equal but do not compare as == since
they are different objects.
Examples of classes which should generally
not be compared by reference are java.lang.Integer, java.lang.Float, etc.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN' priority='MAJOR'>
    <name>Bad practice - Suspicious reference comparison of Boolean values</name>
    <configKey>RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN</configKey>
    <description>&lt;p&gt; This method compares two Boolean values using the == or != operator.
Normally, there are only two Boolean values (Boolean.TRUE and Boolean.FALSE),
but it is possible to create other Boolean objects using the &lt;code&gt;new Boolean(b)&lt;/code&gt;
constructor. It is best to avoid such objects, but if they do exist,
then checking Boolean objects for equality using == or != will give results
than are different than you would get using &lt;code&gt;.equals(...)&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='EC_UNRELATED_TYPES_USING_POINTER_EQUALITY' priority='MAJOR'>
    <name>Correctness - Using pointer equality to compare different types</name>
    <configKey>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY</configKey>
    <description>&lt;p&gt; This method uses using pointer equality to compare two references that seem to be of
different types.  The result of this comparison will always be false at runtime.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_UNRELATED_TYPES' priority='MAJOR'>
    <name>Correctness - Call to equals() comparing different types</name>
    <configKey>EC_UNRELATED_TYPES</configKey>
    <description>&lt;p&gt; This method calls equals(Object) on two references of different
class types and analysis suggests they will be to objects of different classes
at runtime. Further, examination of the equals methods that would be invoked suggest that either
this call will always return false, or else the equals method is not be symmetric (which is
a property required by the contract
for equals in class Object).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_UNRELATED_INTERFACES' priority='MAJOR'>
    <name>Correctness - Call to equals() comparing different interface types</name>
    <configKey>EC_UNRELATED_INTERFACES</configKey>
    <description>&lt;p&gt; This method calls equals(Object) on two references of unrelated
interface types, where neither is a subtype of the other,
and there are no known non-abstract classes which implement both interfaces.
Therefore, the objects being compared
are unlikely to be members of the same class at runtime
(unless some application classes were not analyzed, or dynamic class
loading can occur at runtime).
According to the contract of equals(),
objects of different
classes should always compare as unequal; therefore, according to the
contract defined by java.lang.Object.equals(Object),
the result of this comparison will always be false at runtime.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_UNRELATED_CLASS_AND_INTERFACE' priority='MAJOR'>
    <name>Correctness - Call to equals() comparing unrelated class and interface</name>
    <configKey>EC_UNRELATED_CLASS_AND_INTERFACE</configKey>
    <description>&lt;p&gt;
This method calls equals(Object) on two references,  one of which is a class
and the other an interface, where neither the class nor any of its
non-abstract subclasses implement the interface.
Therefore, the objects being compared
are unlikely to be members of the same class at runtime
(unless some application classes were not analyzed, or dynamic class
loading can occur at runtime).
According to the contract of equals(),
objects of different
classes should always compare as unequal; therefore, according to the
contract defined by java.lang.Object.equals(Object),
the result of this comparison will always be false at runtime.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_NULL_ARG' priority='MAJOR'>
    <name>Correctness - Call to equals(null)</name>
    <configKey>EC_NULL_ARG</configKey>
    <description>&lt;p&gt; This method calls equals(Object), passing a null value as
the argument. According to the contract of the equals() method,
this call should always return &lt;code&gt;false&lt;/code&gt;.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MWN_MISMATCHED_WAIT' priority='MAJOR'>
    <name>Multi-threading - Mismatched wait()</name>
    <configKey>MWN_MISMATCHED_WAIT</configKey>
    <description>&lt;p&gt; This method calls Object.wait() without obviously holding a lock
on the object.&amp;nbsp;  Calling wait() without a lock held will result in
an &lt;code&gt;IllegalMonitorStateException&lt;/code&gt; being thrown.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MWN_MISMATCHED_NOTIFY' priority='MAJOR'>
    <name>Multi-threading - Mismatched notify()</name>
    <configKey>MWN_MISMATCHED_NOTIFY</configKey>
    <description>&lt;p&gt; This method calls Object.notify() or Object.notifyAll() without obviously holding a lock
on the object.&amp;nbsp;  Calling notify() or notifyAll() without a lock held will result in
an &lt;code&gt;IllegalMonitorStateException&lt;/code&gt; being thrown.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD' priority='MAJOR'>
    <name>Correctness - Self assignment of local rather than assignment to field</name>
    <configKey>SA_LOCAL_SELF_ASSIGNMENT_INSTEAD_OF_FIELD</configKey>
    <description>&lt;p&gt; This method contains a self assignment of a local variable, and there
is a field with an identical name.
assignment appears to have been ; e.g.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;    int foo;
    public void setFoo(int foo) {
        foo = foo;
    }
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The assignment is useless. Did you mean to assign to the field instead?&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_LOCAL_SELF_ASSIGNMENT' priority='INFO'>
    <name>Style - Self assignment of local variable</name>
    <configKey>SA_LOCAL_SELF_ASSIGNMENT</configKey>
    <description>&lt;p&gt; This method contains a self assignment of a local variable; e.g.&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public void foo() {
    int x = 3;
    x = x;
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;
Such assignments are useless, and may indicate a logic error or typo.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SA_FIELD_SELF_ASSIGNMENT' priority='MAJOR'>
    <name>Correctness - Self assignment of field</name>
    <configKey>SA_FIELD_SELF_ASSIGNMENT</configKey>
    <description>&lt;p&gt; This method contains a self assignment of a field; e.g.
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int x;
public void foo() {
    x = x;
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Such assignments are useless, and may indicate a logic error or typo.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_FIELD_DOUBLE_ASSIGNMENT' priority='INFO'>
    <name>Style - Double assignment of field</name>
    <configKey>SA_FIELD_DOUBLE_ASSIGNMENT</configKey>
    <description>&lt;p&gt; This method contains a double assignment of a field; e.g.
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int x,y;
public void foo() {
    x = x = 17;
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Assigning to a field twice is useless, and may indicate a logic error or typo.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SA_LOCAL_DOUBLE_ASSIGNMENT' priority='INFO'>
    <name>Style - Double assignment of local variable </name>
    <configKey>SA_LOCAL_DOUBLE_ASSIGNMENT</configKey>
    <description>&lt;p&gt; This method contains a double assignment of a local variable; e.g.
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public void foo() {
    int x,y;
    x = x = 17;
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;Assigning the same value to a variable twice is useless, and may indicate a logic error or typo.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='SA_FIELD_SELF_COMPUTATION' priority='MAJOR'>
    <name>Correctness - Nonsensical self computation involving a field (e.g., x &amp; x)</name>
    <configKey>SA_FIELD_SELF_COMPUTATION</configKey>
    <description>&lt;p&gt; This method performs a nonsensical computation of a field with another
reference to the same field (e.g., x&amp;x or x-x). Because of the nature
of the computation, this operation doesn't seem to make sense,
and may indicate a typo or
a logic error.  Double check the computation.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_LOCAL_SELF_COMPUTATION' priority='MAJOR'>
    <name>Correctness - Nonsensical self computation involving a variable (e.g., x &amp; x)</name>
    <configKey>SA_LOCAL_SELF_COMPUTATION</configKey>
    <description>&lt;p&gt; This method performs a nonsensical computation of a local variable with another
reference to the same variable (e.g., x&amp;x or x-x). Because of the nature
of the computation, this operation doesn't seem to make sense,
and may indicate a typo or
a logic error.  Double check the computation.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_FIELD_SELF_COMPARISON' priority='MAJOR'>
    <name>Correctness - Self comparison of field with itself</name>
    <configKey>SA_FIELD_SELF_COMPARISON</configKey>
    <description>&lt;p&gt; This method compares a field with itself, and may indicate a typo or
a logic error.  Make sure that you are comparing the right things.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SA_LOCAL_SELF_COMPARISON' priority='MAJOR'>
    <name>Correctness - Self comparison of value with itself</name>
    <configKey>SA_LOCAL_SELF_COMPARISON</configKey>
    <description>&lt;p&gt; This method compares a local variable with itself, and may indicate a typo or
a logic error.  Make sure that you are comparing the right things.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT' priority='MAJOR'>
    <name>Correctness - Double.longBitsToDouble invoked on an int</name>
    <configKey>DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT</configKey>
    <description>&lt;p&gt; The Double.longBitsToDouble method is invoked, but a 32 bit int value is passed
    as an argument. This almost certainly is not intended and is unlikely
    to give the intended result.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_ARGUMENTS_WRONG_ORDER' priority='MAJOR'>
    <name>Correctness - Reversed method arguments</name>
    <configKey>DMI_ARGUMENTS_WRONG_ORDER</configKey>
    <description>&lt;p&gt; The arguments to this method call seem to be in the wrong order.
For example, a call &lt;code&gt;Preconditions.checkNotNull("message", message)&lt;/code&gt;
has reserved arguments: the value to be checked is the first argument.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_RANDOM_USED_ONLY_ONCE' priority='MAJOR'>
    <name>Bad practice - Random object created and used only once</name>
    <configKey>DMI_RANDOM_USED_ONLY_ONCE</configKey>
    <description>&lt;p&gt; This code creates a java.util.Random object, uses it to generate one random number, and then discards
the Random object. This produces mediocre quality random numbers and is inefficient.
If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number
is required invoke a method on the existing Random object to obtain it.
&lt;/p&gt;

&lt;p&gt;If it is important that the generated Random numbers not be guessable, you &lt;em&gt;must&lt;/em&gt; not create a new Random for each random
number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead
(and avoid allocating a new SecureRandom for each random number needed).
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='RV_ABSOLUTE_VALUE_OF_RANDOM_INT' priority='MAJOR'>
    <name>Correctness - Bad attempt to compute absolute value of signed random integer</name>
    <configKey>RV_ABSOLUTE_VALUE_OF_RANDOM_INT</configKey>
    <description>&lt;p&gt; This code generates a random signed integer and then computes
the absolute value of that random integer.  If the number returned by the random number
generator is &lt;code&gt;Integer.MIN_VALUE&lt;/code&gt;, then the result will be negative as well (since
&lt;code&gt;Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE&lt;/code&gt;). (Same problem arises for long values as well).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_ABSOLUTE_VALUE_OF_HASHCODE' priority='MAJOR'>
    <name>Correctness - Bad attempt to compute absolute value of signed 32-bit hashcode </name>
    <configKey>RV_ABSOLUTE_VALUE_OF_HASHCODE</configKey>
    <description>&lt;p&gt; This code generates a hashcode and then computes
the absolute value of that hashcode.  If the hashcode
is &lt;code&gt;Integer.MIN_VALUE&lt;/code&gt;, then the result will be negative as well (since
&lt;code&gt;Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE&lt;/code&gt;).
&lt;/p&gt;
&lt;p&gt;One out of 2^32 strings have a hashCode of Integer.MIN_VALUE,
including "polygenelubricants" "GydZG_" and ""DESIGNING WORKHOUSES".
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_REM_OF_RANDOM_INT' priority='INFO'>
    <name>Style - Remainder of 32-bit signed random integer</name>
    <configKey>RV_REM_OF_RANDOM_INT</configKey>
    <description>&lt;p&gt; This code generates a random signed integer and then computes
the remainder of that value modulo another value. Since the random
number can be negative, the result of the remainder operation
can also be negative. Be sure this is intended, and strongly
consider using the Random.nextInt(int) method instead.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RV_REM_OF_HASHCODE' priority='INFO'>
    <name>Style - Remainder of hashCode could be negative</name>
    <configKey>RV_REM_OF_HASHCODE</configKey>
    <description>&lt;p&gt; This code computes a hashCode, and then computes
the remainder of that value modulo another value. Since the hashCode
can be negative, the result of the remainder operation
can also be negative. &lt;/p&gt;
&lt;p&gt; Assuming you want to ensure that the result of your computation is nonnegative,
you may need to change your code.
If you know the divisor is a power of 2,
you can use a bitwise and operator instead (i.e., instead of
using &lt;code&gt;x.hashCode()%n&lt;/code&gt;, use &lt;code&gt;x.hashCode()&amp;amp;(n-1)&lt;/code&gt;).
This is probably faster than computing the remainder as well.
If you don't know that the divisor is a power of 2, take the absolute
value of the result of the remainder operation (i.e., use
&lt;code&gt;Math.abs(x.hashCode()%n)&lt;/code&gt;).
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE' priority='MAJOR'>
    <name>Correctness - Bad comparison of nonnegative value with negative constant or zero</name>
    <configKey>INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</configKey>
    <description>&lt;p&gt; This code compares a value that is guaranteed to be non-negative with a negative constant or zero.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='INT_BAD_COMPARISON_WITH_SIGNED_BYTE' priority='MAJOR'>
    <name>Correctness - Bad comparison of signed byte</name>
    <configKey>INT_BAD_COMPARISON_WITH_SIGNED_BYTE</configKey>
    <description>&lt;p&gt; Signed bytes can only have a value in the range -128 to 127. Comparing
a signed byte with a value outside that range is vacuous and likely to be incorrect.
To convert a signed byte &lt;code&gt;b&lt;/code&gt; to an unsigned value in the range 0..255,
use &lt;code&gt;0xff &amp;amp; b&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='INT_BAD_COMPARISON_WITH_INT_VALUE' priority='MAJOR'>
    <name>Correctness - Bad comparison of int value with long constant</name>
    <configKey>INT_BAD_COMPARISON_WITH_INT_VALUE</configKey>
    <description>&lt;p&gt; This code compares an int value with a long constant that is outside
the range of values that can be represented as an int value.
This comparison is vacuous and possibly incorrect.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='INT_VACUOUS_BIT_OPERATION' priority='INFO'>
    <name>Style - Vacuous bit mask operation on integer value</name>
    <configKey>INT_VACUOUS_BIT_OPERATION</configKey>
    <description>&lt;p&gt; This is an integer bit operation (and, or, or exclusive or) that doesn't do any useful work
(e.g., &lt;code&gt;v &amp; 0xffffffff&lt;/code&gt;).

&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='INT_VACUOUS_COMPARISON' priority='INFO'>
    <name>Style - Vacuous comparison of integer value</name>
    <configKey>INT_VACUOUS_COMPARISON</configKey>
    <description>&lt;p&gt; There is an integer comparison that always returns
the same value (e.g., x &amp;lt;= Integer.MAX_VALUE).
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='INT_BAD_REM_BY_1' priority='INFO'>
    <name>Style - Integer remainder modulo 1</name>
    <configKey>INT_BAD_REM_BY_1</configKey>
    <description>&lt;p&gt; Any expression (exp % 1) is guaranteed to always return zero.
Did you mean (exp &amp;amp; 1) or (exp % 2) instead?
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BIT_IOR_OF_SIGNED_BYTE' priority='MAJOR'>
    <name>Correctness - Bitwise OR of signed byte value</name>
    <configKey>BIT_IOR_OF_SIGNED_BYTE</configKey>
    <description>&lt;p&gt; Loads a byte value (e.g., a value loaded from a byte array or returned by a method
with return type byte)  and performs a bitwise OR with
that value. Byte values are sign extended to 32 bits
before any bitwise operations are performed on the value.
Thus, if &lt;code&gt;b[0]&lt;/code&gt; contains the value &lt;code&gt;0xff&lt;/code&gt;, and
&lt;code&gt;x&lt;/code&gt; is initially 0, then the code
&lt;code&gt;((x &amp;lt;&amp;lt; 8) | b[0])&lt;/code&gt;  will sign extend &lt;code&gt;0xff&lt;/code&gt;
to get &lt;code&gt;0xffffffff&lt;/code&gt;, and thus give the value
&lt;code&gt;0xffffffff&lt;/code&gt; as the result.
&lt;/p&gt;

&lt;p&gt;In particular, the following code for packing a byte array into an int is badly wrong: &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int result = 0;
for(int i = 0; i &amp;lt; 4; i++) {
    result = ((result &amp;lt;&amp;lt; 8) | b[i]);
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The following idiom will work instead: &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int result = 0;
for(int i = 0; i &amp;lt; 4; i++) {
    result = ((result &amp;lt;&amp;lt; 8) | (b[i] &amp;amp; 0xff));
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BIT_ADD_OF_SIGNED_BYTE' priority='MAJOR'>
    <name>Correctness - Bitwise add of signed byte value</name>
    <configKey>BIT_ADD_OF_SIGNED_BYTE</configKey>
    <description>&lt;p&gt; Adds a byte value and a value which is known to have the 8 lower bits clear.
Values loaded from a byte array are sign extended to 32 bits
before any bitwise operations are performed on the value.
Thus, if &lt;code&gt;b[0]&lt;/code&gt; contains the value &lt;code&gt;0xff&lt;/code&gt;, and
&lt;code&gt;x&lt;/code&gt; is initially 0, then the code
&lt;code&gt;((x &amp;lt;&amp;lt; 8) + b[0])&lt;/code&gt;  will sign extend &lt;code&gt;0xff&lt;/code&gt;
to get &lt;code&gt;0xffffffff&lt;/code&gt;, and thus give the value
&lt;code&gt;0xffffffff&lt;/code&gt; as the result.
&lt;/p&gt;

&lt;p&gt;In particular, the following code for packing a byte array into an int is badly wrong: &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int result = 0;
for(int i = 0; i &amp;lt; 4; i++)
    result = ((result &amp;lt;&amp;lt; 8) + b[i]);
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The following idiom will work instead: &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int result = 0;
for(int i = 0; i &amp;lt; 4; i++)
    result = ((result &amp;lt;&amp;lt; 8) + (b[i] &amp;amp; 0xff));
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BIT_AND' priority='MAJOR'>
    <name>Correctness - Incompatible bit masks</name>
    <configKey>BIT_AND</configKey>
    <description>&lt;p&gt; This method compares an expression of the form (e &amp;amp; C) to D,
which will always compare unequal
due to the specific values of constants C and D.
This may indicate a logic error or typo.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BIT_SIGNED_CHECK' priority='MAJOR'>
    <name>Bad practice - Check for sign of bitwise operation</name>
    <configKey>BIT_SIGNED_CHECK</configKey>
    <description>&lt;p&gt; This method compares an expression such as
&lt;code&gt;((event.detail &amp;amp; SWT.SELECTED) &amp;gt; 0)&lt;/code&gt;.
Using bit arithmetic and then comparing with the greater than operator can
lead to unexpected results (of course depending on the value of
SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate
for a bug. Even when SWT.SELECTED is not negative, it seems good practice
to use '!= 0' instead of '&amp;gt; 0'.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='BIT_SIGNED_CHECK_HIGH_BIT' priority='MAJOR'>
    <name>Correctness - Check for sign of bitwise operation involving negative number</name>
    <configKey>BIT_SIGNED_CHECK_HIGH_BIT</configKey>
    <description>&lt;p&gt; This method compares a bitwise expression such as
&lt;code&gt;((val &amp;amp; CONSTANT) &amp;gt; 0)&lt;/code&gt; where CONSTANT is the negative number.
Using bit arithmetic and then comparing with the greater than operator can
lead to unexpected results. This comparison is unlikely to work as expected. The good practice is
to use '!= 0' instead of '&amp;gt; 0'.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BIT_AND_ZZ' priority='MAJOR'>
    <name>Correctness - Check to see if ((...) &amp; 0) == 0</name>
    <configKey>BIT_AND_ZZ</configKey>
    <description>&lt;p&gt; This method compares an expression of the form &lt;code&gt;(e &amp;amp; 0)&lt;/code&gt; to 0,
which will always compare equal.
This may indicate a logic error or typo.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BIT_IOR' priority='MAJOR'>
    <name>Correctness - Incompatible bit masks</name>
    <configKey>BIT_IOR</configKey>
    <description>&lt;p&gt; This method compares an expression of the form &lt;code&gt;(e | C)&lt;/code&gt; to D.
which will always compare unequal
due to the specific values of constants C and D.
This may indicate a logic error or typo.&lt;/p&gt;

&lt;p&gt; Typically, this bug occurs because the code wants to perform
a membership test in a bit set, but uses the bitwise OR
operator ("|") instead of bitwise AND ("&amp;amp;").&lt;/p&gt;

&lt;p&gt;Also such bug may appear in expressions like &lt;code&gt;(e &amp;amp; A | B) == C&lt;/code&gt;
which is parsed like &lt;code&gt;((e &amp;amp; A) | B) == C&lt;/code&gt; while &lt;code&gt;(e &amp;amp; (A | B)) == C&lt;/code&gt; was intended.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='LI_LAZY_INIT_INSTANCE' priority='MAJOR'>
    <name>Multi-threading - Incorrect lazy initialization of instance field</name>
    <configKey>LI_LAZY_INIT_INSTANCE</configKey>
    <description>&lt;p&gt; This method contains an unsynchronized lazy initialization of a non-volatile field.
Because the compiler or processor may reorder instructions,
threads are not guaranteed to see a completely initialized object,
&lt;em&gt;if the method can be called by multiple threads&lt;/em&gt;.
You can make the field volatile to correct the problem.
For more information, see the
&lt;a href="http://www.cs.umd.edu/~pugh/java/memoryModel/"&gt;Java Memory Model web site&lt;/a&gt;.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='LI_LAZY_INIT_STATIC' priority='MAJOR'>
    <name>Multi-threading - Incorrect lazy initialization of static field</name>
    <configKey>LI_LAZY_INIT_STATIC</configKey>
    <description>&lt;p&gt; This method contains an unsynchronized lazy initialization of a non-volatile static field.
Because the compiler or processor may reorder instructions,
threads are not guaranteed to see a completely initialized object,
&lt;em&gt;if the method can be called by multiple threads&lt;/em&gt;.
You can make the field volatile to correct the problem.
For more information, see the
&lt;a href="http://www.cs.umd.edu/~pugh/java/memoryModel/"&gt;Java Memory Model web site&lt;/a&gt;.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='LI_LAZY_INIT_UPDATE_STATIC' priority='MAJOR'>
    <name>Multi-threading - Incorrect lazy initialization and update of static field</name>
    <configKey>LI_LAZY_INIT_UPDATE_STATIC</configKey>
    <description>&lt;p&gt; This method contains an unsynchronized lazy initialization of a static field.
After the field is set, the object stored into that location is further updated or accessed.
The setting of the field is visible to other threads as soon as it is set. If the
further accesses in the method that set the field serve to initialize the object, then
you have a &lt;em&gt;very serious&lt;/em&gt; multithreading bug, unless something else prevents
any other thread from accessing the stored object until it is fully initialized.
&lt;/p&gt;
&lt;p&gt;Even if you feel confident that the method is never called by multiple
threads, it might be better to not set the static field until the value
you are setting it to is fully populated/initialized.</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='JLM_JSR166_LOCK_MONITORENTER' priority='MAJOR'>
    <name>Multi-threading - Synchronization performed on Lock</name>
    <configKey>JLM_JSR166_LOCK_MONITORENTER</configKey>
    <description>&lt;p&gt; This method performs synchronization an object that implements
java.util.concurrent.locks.Lock. Such an object is locked/unlocked
using
&lt;code&gt;acquire()&lt;/code&gt;/&lt;code&gt;release()&lt;/code&gt; rather
than using the &lt;code&gt;synchronized (...)&lt;/code&gt; construct.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT' priority='MAJOR'>
    <name>Multi-threading - Using monitor style wait methods on util.concurrent abstraction</name>
    <configKey>JML_JSR166_CALLING_WAIT_RATHER_THAN_AWAIT</configKey>
    <description>&lt;p&gt; This method calls
&lt;code&gt;wait()&lt;/code&gt;,
&lt;code&gt;notify()&lt;/code&gt; or
&lt;code&gt;notifyAll()()&lt;/code&gt;
on an object that also provides an
&lt;code&gt;await()&lt;/code&gt;,
&lt;code&gt;signal()&lt;/code&gt;,
&lt;code&gt;signalAll()&lt;/code&gt; method (such as util.concurrent Condition objects).
This probably isn't what you want, and even if you do want it, you should consider changing
your design, as other developers will find it exceptionally confusing.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='JLM_JSR166_UTILCONCURRENT_MONITORENTER' priority='MAJOR'>
    <name>Multi-threading - Synchronization performed on util.concurrent instance</name>
    <configKey>JLM_JSR166_UTILCONCURRENT_MONITORENTER</configKey>
    <description>&lt;p&gt; This method performs synchronization an object that is an instance of
a class from the java.util.concurrent package (or its subclasses). Instances
of these classes have their own concurrency control mechanisms that are orthogonal to
the synchronization provided by the Java keyword &lt;code&gt;synchronized&lt;/code&gt;. For example,
synchronizing on an &lt;code&gt;AtomicBoolean&lt;/code&gt; will not prevent other threads
from modifying the  &lt;code&gt;AtomicBoolean&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;Such code may be correct, but should be carefully reviewed and documented,
and may confuse people who have to maintain the code at a later date.
&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UPM_UNCALLED_PRIVATE_METHOD' priority='MAJOR'>
    <name>Performance - Private method is never called</name>
    <configKey>UPM_UNCALLED_PRIVATE_METHOD</configKey>
    <description>&lt;p&gt; This private method is never called. Although it is
possible that the method will be invoked through reflection,
it is more likely that the method is never used, and should be
removed.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS' priority='MAJOR'>
    <name>Correctness - Uncallable method defined in anonymous class</name>
    <configKey>UMAC_UNCALLABLE_METHOD_OF_ANONYMOUS_CLASS</configKey>
    <description>&lt;p&gt; This anonymous class defined a method that is not directly invoked and does not override
a method in a superclass. Since methods in other classes cannot directly invoke methods
declared in an anonymous class, it seems that this method is uncallable. The method
might simply be dead code, but it is also possible that the method is intended to
override a method declared in a superclass, and due to an typo or other error the method does not,
in fact, override the method it is intended to.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ODR_OPEN_DATABASE_RESOURCE' priority='MAJOR'>
    <name>Bad practice - Method may fail to close database resource</name>
    <configKey>ODR_OPEN_DATABASE_RESOURCE</configKey>
    <description>&lt;p&gt; The method creates a database resource (such as a database connection
or row set), does not assign it to any
fields, pass it to other methods, or return it, and does not appear to close
the object on all paths out of the method.&amp;nbsp; Failure to
close database resources on all paths out of a method may
result in poor performance, and could cause the application to
have problems communicating with the database.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='ODR_OPEN_DATABASE_RESOURCE_EXCEPTION_PATH' priority='MAJOR'>
    <name>Bad practice - Method may fail to close database resource on exception</name>
    <configKey>ODR_OPEN_DATABASE_RESOURCE_EXCEPTION_PATH</configKey>
    <description>&lt;p&gt; The method creates a database resource (such as a database connection
or row set), does not assign it to any
fields, pass it to other methods, or return it, and does not appear to close
the object on all exception paths out of the method.&amp;nbsp; Failure to
close database resources on all paths out of a method may
result in poor performance, and could cause the application to
have problems communicating with the database.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='SBSC_USE_STRINGBUFFER_CONCATENATION' priority='MAJOR'>
    <name>Performance - Method concatenates strings using + in a loop</name>
    <configKey>SBSC_USE_STRINGBUFFER_CONCATENATION</configKey>
    <description>&lt;p&gt; The method seems to be building a String using concatenation in a loop.
In each iteration, the String is converted to a StringBuffer/StringBuilder,
   appended to, and converted back to a String.
   This can lead to a cost quadratic in the number of iterations,
   as the growing string is recopied in each iteration. &lt;/p&gt;

&lt;p&gt;Better performance can be obtained by using
a StringBuffer (or StringBuilder in Java 1.5) explicitly.&lt;/p&gt;

&lt;p&gt; For example:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;// This is bad
String s = "";
for (int i = 0; i &amp;lt; field.length; ++i) {
    s = s + field[i];
}

// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i &amp;lt; field.length; ++i) {
    buf.append(field[i]);
}
String s = buf.toString();
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIL_PREPARE_STATEMENT_IN_LOOP' priority='MAJOR'>
    <name>Performance - Method calls prepareStatement in a loop</name>
    <configKey>IIL_PREPARE_STATEMENT_IN_LOOP</configKey>
    <description>&lt;p&gt; The method calls Connection.prepareStatement inside the loop passing the constant arguments.
If the PreparedStatement should be executed several times there's no reason to recreate it for each loop iteration.
Move this call outside of the loop.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIL_ELEMENTS_GET_LENGTH_IN_LOOP' priority='MAJOR'>
    <name>Performance - NodeList.getLength() called in a loop</name>
    <configKey>IIL_ELEMENTS_GET_LENGTH_IN_LOOP</configKey>
    <description>&lt;p&gt; The method calls NodeList.getLength() inside the loop and NodeList was produced by getElementsByTagName call.
This NodeList doesn't store its length, but computes it every time in not very optimal way.
Consider storing the length to the variable before the loop.
&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIL_PATTERN_COMPILE_IN_LOOP' priority='MAJOR'>
    <name>Performance - Method calls Pattern.compile in a loop</name>
    <configKey>IIL_PATTERN_COMPILE_IN_LOOP</configKey>
    <description>&lt;p&gt; The method calls Pattern.compile inside the loop passing the constant arguments.
If the Pattern should be used several times there's no reason to compile it for each loop iteration.
Move this call outside of the loop or even into static final field.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT' priority='MAJOR'>
    <name>Performance - Method compiles the regular expression in a loop</name>
    <configKey>IIL_PATTERN_COMPILE_IN_LOOP_INDIRECT</configKey>
    <description>&lt;p&gt; The method creates the same regular expression inside the loop, so it will be compiled every iteration.
It would be more optimal to precompile this regular expression using Pattern.compile outside of the loop.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIO_INEFFICIENT_INDEX_OF' priority='MAJOR'>
    <name>Performance - Inefficient use of String.indexOf(String)</name>
    <configKey>IIO_INEFFICIENT_INDEX_OF</configKey>
    <description>&lt;p&gt; This code passes a constant string of length 1 to String.indexOf().
It is more efficient to use the integer implementations of String.indexOf().
f. e. call &lt;code&gt;myString.indexOf('.')&lt;/code&gt; instead of &lt;code&gt;myString.indexOf(".")&lt;/code&gt;&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IIO_INEFFICIENT_LAST_INDEX_OF' priority='MAJOR'>
    <name>Performance - Inefficient use of String.lastIndexOf(String)</name>
    <configKey>IIO_INEFFICIENT_LAST_INDEX_OF</configKey>
    <description>&lt;p&gt; This code passes a constant string of length 1 to String.lastIndexOf().
It is more efficient to use the integer implementations of String.lastIndexOf().
f. e. call &lt;code&gt;myString.lastIndexOf('.')&lt;/code&gt; instead of &lt;code&gt;myString.lastIndexOf(".")&lt;/code&gt;&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ITA_INEFFICIENT_TO_ARRAY' priority='MAJOR'>
    <name>Performance - Method uses toArray() with zero-length array argument</name>
    <configKey>ITA_INEFFICIENT_TO_ARRAY</configKey>
    <description>&lt;p&gt; This method uses the toArray() method of a collection derived class, and passes
in a zero-length prototype array argument.  It is more efficient to use
&lt;code&gt;myCollection.toArray(new Foo[myCollection.size()])&lt;/code&gt;
If the array passed in is big enough to store all of the
elements of the collection, then it is populated and returned
directly. This avoids the need to create a second array
(by reflection) to return as the result.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD' priority='MAJOR'>
    <name>Correctness - JUnit assertion in run method will not be noticed by JUnit</name>
    <configKey>IJU_ASSERT_METHOD_INVOKED_FROM_RUN_METHOD</configKey>
    <description>&lt;p&gt; A JUnit assertion is performed in a run method. Failed JUnit assertions
just result in exceptions being thrown.
Thus, if this exception occurs in a thread other than the thread that invokes
the test method, the exception will terminate the thread but not result
in the test failing.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_SETUP_NO_SUPER' priority='MAJOR'>
    <name>Correctness - TestCase defines setUp that doesn't call super.setUp()</name>
    <configKey>IJU_SETUP_NO_SUPER</configKey>
    <description>&lt;p&gt; Class is a JUnit TestCase and implements the setUp method. The setUp method should call
super.setUp(), but doesn't.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_TEARDOWN_NO_SUPER' priority='MAJOR'>
    <name>Correctness - TestCase defines tearDown that doesn't call super.tearDown()</name>
    <configKey>IJU_TEARDOWN_NO_SUPER</configKey>
    <description>&lt;p&gt; Class is a JUnit TestCase and implements the tearDown method. The tearDown method should call
super.tearDown(), but doesn't.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_SUITE_NOT_STATIC' priority='MAJOR'>
    <name>Correctness - TestCase implements a non-static suite method </name>
    <configKey>IJU_SUITE_NOT_STATIC</configKey>
    <description>&lt;p&gt; Class is a JUnit TestCase and implements the suite() method.
 The suite method should be declared as being static, but isn't.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_BAD_SUITE_METHOD' priority='MAJOR'>
    <name>Correctness - TestCase declares a bad suite method </name>
    <configKey>IJU_BAD_SUITE_METHOD</configKey>
    <description>&lt;p&gt; Class is a JUnit TestCase and defines a suite() method.
However, the suite method needs to be declared as either&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public static junit.framework.Test suite()
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;
or
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public static junit.framework.TestSuite suite()
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IJU_NO_TESTS' priority='MAJOR'>
    <name>Correctness - TestCase has no tests</name>
    <configKey>IJU_NO_TESTS</configKey>
    <description>&lt;p&gt; Class is a JUnit TestCase but has not implemented any test methods.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BOA_BADLY_OVERRIDDEN_ADAPTER' priority='MAJOR'>
    <name>Correctness - Class overrides a method implemented in super class Adapter wrongly</name>
    <configKey>BOA_BADLY_OVERRIDDEN_ADAPTER</configKey>
    <description>&lt;p&gt; This method overrides a method found in a parent class, where that class is an Adapter that implements
a listener defined in the java.awt.event or javax.swing.event package. As a result, this method will not
get called when the event occurs.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BRSA_BAD_RESULTSET_ACCESS' priority='MAJOR'>
    <name>Correctness - Method attempts to access a result set field with index 0</name>
    <configKey>BRSA_BAD_RESULTSET_ACCESS</configKey>
    <description>&lt;p&gt; A call to getXXX or updateXXX methods of a result set was made where the
field index is 0. As ResultSet fields start at index 1, this is always a mistake.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SQL_BAD_RESULTSET_ACCESS' priority='MAJOR'>
    <name>Correctness - Method attempts to access a result set field with index 0</name>
    <configKey>SQL_BAD_RESULTSET_ACCESS</configKey>
    <description>&lt;p&gt; A call to getXXX or updateXXX methods of a result set was made where the
field index is 0. As ResultSet fields start at index 1, this is always a mistake.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SQL_BAD_PREPARED_STATEMENT_ACCESS' priority='MAJOR'>
    <name>Correctness - Method attempts to access a prepared statement parameter with index 0</name>
    <configKey>SQL_BAD_PREPARED_STATEMENT_ACCESS</configKey>
    <description>&lt;p&gt; A call to a setXXX method of a prepared statement was made where the
parameter index is 0. As parameter indexes start at index 1, this is always a mistake.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SIO_SUPERFLUOUS_INSTANCEOF' priority='MAJOR'>
    <name>Correctness - Unnecessary type check done using instanceof operator</name>
    <configKey>SIO_SUPERFLUOUS_INSTANCEOF</configKey>
    <description>&lt;p&gt; Type check performed using the instanceof operator where it can be statically determined whether the object
is of the type requested. &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BAC_BAD_APPLET_CONSTRUCTOR' priority='MAJOR'>
    <name>Correctness - Bad Applet Constructor relies on uninitialized AppletStub</name>
    <configKey>BAC_BAD_APPLET_CONSTRUCTOR</configKey>
    <description>&lt;p&gt;
This constructor calls methods in the parent Applet that rely on the AppletStub. Since the AppletStub
isn't initialized until the init() method of this applet is called, these methods will not perform
correctly.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_ARRAY_AND_NONARRAY' priority='MAJOR'>
    <name>Correctness - equals() used to compare array and nonarray</name>
    <configKey>EC_ARRAY_AND_NONARRAY</configKey>
    <description>&lt;p&gt;
This method invokes the .equals(Object o) to compare an array and a reference that doesn't seem
to be an array. If things being compared are of different types, they are guaranteed to be unequal
and the comparison is almost certainly an error. Even if they are both arrays, the equals method
on arrays only determines of the two arrays are the same object.
To compare the
contents of the arrays, use java.util.Arrays.equals(Object[], Object[]).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_BAD_ARRAY_COMPARE' priority='MAJOR'>
    <name>Correctness - Invocation of equals() on an array, which is equivalent to ==</name>
    <configKey>EC_BAD_ARRAY_COMPARE</configKey>
    <description>&lt;p&gt;
This method invokes the .equals(Object o) method on an array. Since arrays do not override the equals
method of Object, calling equals on an array is the same as comparing their addresses. To compare the
contents of the arrays, use &lt;code&gt;java.util.Arrays.equals(Object[], Object[])&lt;/code&gt;.
To compare the addresses of the arrays, it would be
less confusing to explicitly check pointer equality using &lt;code&gt;==&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='EC_INCOMPATIBLE_ARRAY_COMPARE' priority='MAJOR'>
    <name>Correctness - equals(...) used to compare incompatible arrays</name>
    <configKey>EC_INCOMPATIBLE_ARRAY_COMPARE</configKey>
    <description>&lt;p&gt;
This method invokes the .equals(Object o) to compare two arrays, but the arrays of
of incompatible types (e.g., String[] and StringBuffer[], or String[] and int[]).
They will never be equal. In addition, when equals(...) is used to compare arrays it
only checks to see if they are the same array, and ignores the contents of the arrays.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='STI_INTERRUPTED_ON_CURRENTTHREAD' priority='MAJOR'>
    <name>Correctness - Unneeded use of currentThread() call, to call interrupted() </name>
    <configKey>STI_INTERRUPTED_ON_CURRENTTHREAD</configKey>
    <description>&lt;p&gt;
This method invokes the Thread.currentThread() call, just to call the interrupted() method. As interrupted() is a
static method, is more simple and clear to use Thread.interrupted().
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='STI_INTERRUPTED_ON_UNKNOWNTHREAD' priority='MAJOR'>
    <name>Correctness - Static Thread.interrupted() method invoked on thread instance</name>
    <configKey>STI_INTERRUPTED_ON_UNKNOWNTHREAD</configKey>
    <description>&lt;p&gt;
This method invokes the Thread.interrupted() method on a Thread object that appears to be a Thread object that is
not the current thread. As the interrupted() method is static, the interrupted method will be called on a different
object than the one the author intended.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN' priority='MAJOR'>
    <name>Correctness - A parameter is dead upon entry to a method but overwritten</name>
    <configKey>IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN</configKey>
    <description>&lt;p&gt;
The initial value of this parameter is ignored, and the parameter
is overwritten here. This often indicates a mistaken belief that
the write to the parameter will be conveyed back to
the caller.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD' priority='INFO'>
    <name>Style - Dead store to local variable that shadows field</name>
    <configKey>DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD</configKey>
    <description>&lt;p&gt;
This instruction assigns a value to a local variable,
but the value is not read or used in any subsequent instruction.
Often, this indicates an error, because the value computed is never
used. There is a field with the same name as the local variable. Did you
mean to assign to that variable instead?
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DLS_DEAD_LOCAL_STORE' priority='INFO'>
    <name>Style - Dead store to local variable</name>
    <configKey>DLS_DEAD_LOCAL_STORE</configKey>
    <description>&lt;p&gt;
This instruction assigns a value to a local variable,
but the value is not read or used in any subsequent instruction.
Often, this indicates an error, because the value computed is never
used.
&lt;/p&gt;
&lt;p&gt;
Note that Sun's javac compiler often generates dead stores for
final local variables.  Because SpotBugs is a bytecode-based tool,
there is no easy way to eliminate these false positives.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DLS_DEAD_LOCAL_STORE_IN_RETURN' priority='INFO'>
    <name>Style - Useless assignment in return statement</name>
    <configKey>DLS_DEAD_LOCAL_STORE_IN_RETURN</configKey>
    <description>&lt;p&gt;
This statement assigns to a local variable in a return statement. This assignment
has effect. Please verify that this statement does the right thing.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DLS_DEAD_LOCAL_INCREMENT_IN_RETURN' priority='MAJOR'>
    <name>Correctness - Useless increment in return statement</name>
    <configKey>DLS_DEAD_LOCAL_INCREMENT_IN_RETURN</configKey>
    <description>&lt;p&gt;This statement has a return such as &lt;code&gt;return x++;&lt;/code&gt;.
A postfix increment/decrement does not impact the value of the expression,
so this increment/decrement has no effect.
Please verify that this statement does the right thing.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DLS_DEAD_STORE_OF_CLASS_LITERAL' priority='MAJOR'>
    <name>Correctness - Dead store of class literal</name>
    <configKey>DLS_DEAD_STORE_OF_CLASS_LITERAL</configKey>
    <description>&lt;p&gt;
This instruction assigns a class literal to a variable and then never uses it.
&lt;a href="http://www.oracle.com/technetwork/java/javase/compatibility-137462.html#literal"&gt;The behavior of this differs in Java 1.4 and in Java 5.&lt;/a&gt;
In Java 1.4 and earlier, a reference to &lt;code&gt;Foo.class&lt;/code&gt; would force the static initializer
for &lt;code&gt;Foo&lt;/code&gt; to be executed, if it has not been executed already.
In Java 5 and later, it does not.
&lt;/p&gt;
&lt;p&gt;See Sun's &lt;a href="http://www.oracle.com/technetwork/java/javase/compatibility-137462.html#literal"&gt;article on Java SE compatibility&lt;/a&gt;
for more details and examples, and suggestions on how to force class initialization in Java 5.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DLS_DEAD_LOCAL_STORE_OF_NULL' priority='INFO'>
    <name>Style - Dead store of null to local variable</name>
    <configKey>DLS_DEAD_LOCAL_STORE_OF_NULL</configKey>
    <description>&lt;p&gt;The code stores null into a local variable, and the stored value is not
read. This store may have been introduced to assist the garbage collector, but
as of Java SE 6.0, this is no longer needed or useful.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='MF_METHOD_MASKS_FIELD' priority='MAJOR'>
    <name>Correctness - Method defines a variable that obscures a field</name>
    <configKey>MF_METHOD_MASKS_FIELD</configKey>
    <description>&lt;p&gt; This method defines a local variable with the same name as a field
in this class or a superclass.  This may cause the method to
read an uninitialized value from the field, leave the field uninitialized,
or both.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='MF_CLASS_MASKS_FIELD' priority='MAJOR'>
    <name>Correctness - Class defines field that masks a superclass field</name>
    <configKey>MF_CLASS_MASKS_FIELD</configKey>
    <description>&lt;p&gt; This class defines a field with the same name as a visible
instance field in a superclass.  This is confusing, and
may indicate an error if methods update or access one of
the fields when they wanted the other.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='WMI_WRONG_MAP_ITERATOR' priority='MAJOR'>
    <name>Performance - Inefficient use of keySet iterator instead of entrySet iterator</name>
    <configKey>WMI_WRONG_MAP_ITERATOR</configKey>
    <description>&lt;p&gt; This method accesses the value of a Map entry, using a key that was retrieved from
a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
Map.get(key) lookup.&lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ISC_INSTANTIATE_STATIC_CLASS' priority='MAJOR'>
    <name>Bad practice - Needless instantiation of class that only supplies static methods</name>
    <configKey>ISC_INSTANTIATE_STATIC_CLASS</configKey>
    <description>&lt;p&gt; This class allocates an object that is based on a class that only supplies static methods. This object
does not need to be created, just access the static methods directly using the class name as a qualifier.&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='REC_CATCH_EXCEPTION' priority='INFO'>
    <name>Style - Exception is caught when Exception is not thrown</name>
    <configKey>REC_CATCH_EXCEPTION</configKey>
    <description>&lt;p&gt;
  This method uses a try-catch block that catches Exception objects, but Exception is not
  thrown within the try block, and RuntimeException is not explicitly caught.  It is a common bug pattern to
  say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception
  each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well,
  masking potential bugs.
  &lt;/p&gt;
  &lt;p&gt;A better approach is to either explicitly catch the specific exceptions that are thrown,
  or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;try {
    ...
} catch (RuntimeException e) {
    throw e;
} catch (Exception e) {
    ... deal with all non-runtime exceptions ...
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER' priority='MAJOR'>
    <name>Correctness - Doomed test for equality to NaN</name>
    <configKey>FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER</configKey>
    <description>&lt;p&gt;
    This code checks to see if a floating point value is equal to the special
    Not A Number value (e.g., &lt;code&gt;if (x == Double.NaN)&lt;/code&gt;). However,
    because of the special semantics of &lt;code&gt;NaN&lt;/code&gt;, no value
    is equal to &lt;code&gt;Nan&lt;/code&gt;, including &lt;code&gt;NaN&lt;/code&gt;. Thus,
    &lt;code&gt;x == Double.NaN&lt;/code&gt; always evaluates to false.

    To check to see if a value contained in &lt;code&gt;x&lt;/code&gt;
    is the special Not A Number value, use
    &lt;code&gt;Double.isNaN(x)&lt;/code&gt; (or &lt;code&gt;Float.isNaN(x)&lt;/code&gt; if
    &lt;code&gt;x&lt;/code&gt; is floating point precision).
    &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='FE_FLOATING_POINT_EQUALITY' priority='INFO'>
    <name>Style - Test for floating point equality</name>
    <configKey>FE_FLOATING_POINT_EQUALITY</configKey>
    <description>&lt;p&gt;
    This operation compares two floating point values for equality.
    Because floating point calculations may involve rounding,
   calculated float and double values may not be accurate.
    For values that must be precise, such as monetary values,
   consider using a fixed-precision type such as BigDecimal.
    For values that need not be precise, consider comparing for equality
    within some range, for example:
    &lt;code&gt;if ( Math.abs(x - y) &amp;lt; .0000001 )&lt;/code&gt;.
   See the Java Language Specification, section 4.2.4.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='UM_UNNECESSARY_MATH' priority='MAJOR'>
    <name>Performance - Method calls static Math class method on a constant value</name>
    <configKey>UM_UNNECESSARY_MATH</configKey>
    <description>&lt;p&gt; This method uses a static method from java.lang.Math on a constant value. This method's
result in this case, can be determined statically, and is faster and sometimes more accurate to
just use the constant. Methods detected are:
&lt;/p&gt;
&lt;table&gt;
&lt;tr&gt;
   &lt;th&gt;Method&lt;/th&gt; &lt;th&gt;Parameter&lt;/th&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;abs&lt;/td&gt; &lt;td&gt;-any-&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;acos&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;asin&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;atan&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;atan2&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;cbrt&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;ceil&lt;/td&gt; &lt;td&gt;-any-&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;cos&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;cosh&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;exp&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;expm1&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;floor&lt;/td&gt; &lt;td&gt;-any-&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;log&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;log10&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;rint&lt;/td&gt; &lt;td&gt;-any-&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;round&lt;/td&gt; &lt;td&gt;-any-&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;sin&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;sinh&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;sqrt&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;tan&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;tanh&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;toDegrees&lt;/td&gt; &lt;td&gt;0.0 or 1.0&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
   &lt;td&gt;toRadians&lt;/td&gt; &lt;td&gt;0.0&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='CD_CIRCULAR_DEPENDENCY' priority='INFO'>
    <name>Style - Test for circular dependencies among classes</name>
    <configKey>CD_CIRCULAR_DEPENDENCY</configKey>
    <description>&lt;p&gt;
    This class has a circular dependency with other classes. This makes building these classes
    difficult, as each is dependent on the other to build correctly. Consider using interfaces
    to break the hard dependency.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RI_REDUNDANT_INTERFACES' priority='INFO'>
    <name>Style - Class implements same interface as superclass</name>
    <configKey>RI_REDUNDANT_INTERFACES</configKey>
    <description>&lt;p&gt;
    This class declares that it implements an interface that is also implemented by a superclass.
    This is redundant because once a superclass implements an interface, all subclasses by default also
    implement this interface. It may point out that the inheritance hierarchy has changed since
    this class was created, and consideration should be given to the ownership of
    the interface's implementation.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='MTIA_SUSPECT_STRUTS_INSTANCE_FIELD' priority='INFO'>
    <name>Style - Class extends Struts Action class and uses instance variables</name>
    <configKey>MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</configKey>
    <description>&lt;p&gt;
    This class extends from a Struts Action class, and uses an instance member variable. Since only
    one instance of a struts Action class is created by the Struts framework, and used in a
    multithreaded way, this paradigm is highly discouraged and most likely problematic. Consider
    only using method local variables. Only instance fields that are written outside of a monitor
    are reported.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='MTIA_SUSPECT_SERVLET_INSTANCE_FIELD' priority='INFO'>
    <name>Style - Class extends Servlet class and uses instance variables</name>
    <configKey>MTIA_SUSPECT_SERVLET_INSTANCE_FIELD</configKey>
    <description>&lt;p&gt;
    This class extends from a Servlet class, and uses an instance member variable. Since only
    one instance of a Servlet class is created by the J2EE framework, and used in a
    multithreaded way, this paradigm is highly discouraged and most likely problematic. Consider
    only using method local variables.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='PS_PUBLIC_SEMAPHORES' priority='INFO'>
    <name>Style - Class exposes synchronization and semaphores in its public interface</name>
    <configKey>PS_PUBLIC_SEMAPHORES</configKey>
    <description>&lt;p&gt;
    This class uses synchronization along with wait(), notify() or notifyAll() on itself (the this
    reference). Client classes that use this class, may, in addition, use an instance of this class
    as a synchronizing object. Because two classes are using the same object for synchronization,
    Multithread correctness is suspect. You should not synchronize nor call semaphore methods on
    a public reference. Consider using a internal private member variable to control synchronization.
    &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='ICAST_INTEGER_MULTIPLY_CAST_TO_LONG' priority='INFO'>
    <name>Style - Result of integer multiplication cast to long</name>
    <configKey>ICAST_INTEGER_MULTIPLY_CAST_TO_LONG</configKey>
    <description>&lt;p&gt;
This code performs integer multiply and then converts the result to a long,
as in:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; }
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;
If the multiplication is done using long arithmetic, you can avoid
the possibility that the result will overflow. For example, you
could fix the above code to:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; }
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;
or
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; }
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='ICAST_INT_2_LONG_AS_INSTANT' priority='MAJOR'>
    <name>Correctness - int value converted to long and used as absolute time</name>
    <configKey>ICAST_INT_2_LONG_AS_INSTANT</configKey>
    <description>&lt;p&gt;
This code converts a 32-bit int value to a 64-bit long value, and then
passes that value for a method parameter that requires an absolute time value.
An absolute time value is the number
of milliseconds since the standard base time known as "the epoch", namely January 1, 1970, 00:00:00 GMT.
For example, the following method, intended to convert seconds since the epoch into a Date, is badly
broken:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;Date getDate(int seconds) { return new Date(seconds * 1000); }
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The multiplication is done using 32-bit arithmetic, and then converted to a 64-bit value.
When a 32-bit value is converted to 64-bits and used to express an absolute time
value, only dates in December 1969 and January 1970 can be represented.&lt;/p&gt;

&lt;p&gt;Correct implementations for the above method are:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;// Fails for dates after 2037
Date getDate(int seconds) { return new Date(seconds * 1000L); }

// better, works for all dates
Date getDate(long seconds) { return new Date(seconds * 1000); }
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND' priority='MAJOR'>
    <name>Correctness - int value cast to float and then passed to Math.round</name>
    <configKey>ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND</configKey>
    <description>&lt;p&gt;
This code converts an int value to a float precision
floating point number and then
passing the result to the Math.round() function, which returns the int/long closest
to the argument. This operation should always be a no-op,
since the converting an integer to a float should give a number with no fractional part.
It is likely that the operation that generated the value to be passed
to Math.round was intended to be performed using
floating point arithmetic.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL' priority='MAJOR'>
    <name>Correctness - Integral value cast to double and then passed to Math.ceil</name>
    <configKey>ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL</configKey>
    <description>&lt;p&gt;
This code converts an integral value (e.g., int or long)
to a double precision
floating point number and then
passing the result to the Math.ceil() function, which rounds a double to
the next higher integer value. This operation should always be a no-op,
since the converting an integer to a double should give a number with no fractional part.
It is likely that the operation that generated the value to be passed
to Math.ceil was intended to be performed using double precision
floating point arithmetic.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ICAST_IDIV_CAST_TO_DOUBLE' priority='INFO'>
    <name>Style - Integral division result cast to double or float</name>
    <configKey>ICAST_IDIV_CAST_TO_DOUBLE</configKey>
    <description>&lt;p&gt;
This code casts the result of an integral division (e.g., int or long division)
operation to double or
float.
Doing division on integers truncates the result
to the integer value closest to zero.  The fact that the result
was cast to double suggests that this precision should have been retained.
What was probably meant was to cast one or both of the operands to
double &lt;em&gt;before&lt;/em&gt; performing the division.  Here is an example:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;int x = 2;
int y = 5;
// Wrong: yields result 0.0
double value1 = x / y;

// Right: yields result 0.4
double value2 = x / (double) y;
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION' priority='MAJOR'>
    <name>Bad practice - Store of non serializable object into HttpSession</name>
    <configKey>J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION</configKey>
    <description>&lt;p&gt;
This code seems to be storing a non-serializable object into an HttpSession.
If this session is passivated or migrated, an error will result.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DMI_NONSERIALIZABLE_OBJECT_WRITTEN' priority='INFO'>
    <name>Style - Non serializable object written to ObjectOutput</name>
    <configKey>DMI_NONSERIALIZABLE_OBJECT_WRITTEN</configKey>
    <description>&lt;p&gt;
This code seems to be passing a non-serializable object to the ObjectOutput.writeObject method.
If the object is, indeed, non-serializable, an error will result.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='VA_FORMAT_STRING_USES_NEWLINE' priority='MAJOR'>
    <name>Bad practice - Format string should use %n rather than \n</name>
    <configKey>VA_FORMAT_STRING_USES_NEWLINE</configKey>
    <description>&lt;p&gt;
This format string includes a newline character (\n). In format strings, it is generally
 preferable to use %n, which will produce the platform-specific line separator.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG' priority='MAJOR'>
    <name>Correctness - Primitive array passed to function expecting a variable number of object arguments</name>
    <configKey>VA_PRIMITIVE_ARRAY_PASSED_TO_OBJECT_VARARG</configKey>
    <description>&lt;p&gt;
This code passes a primitive array to a function that takes a variable number of object arguments.
This creates an array of length one to hold the primitive array and passes it to the function.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS' priority='MAJOR'>
    <name>Bad practice - Equals method should not assume anything about the type of its argument</name>
    <configKey>BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS</configKey>
    <description>&lt;p&gt;
The &lt;code&gt;equals(Object o)&lt;/code&gt; method shouldn't make any assumptions
about the type of &lt;code&gt;o&lt;/code&gt;. It should simply return
false if &lt;code&gt;o&lt;/code&gt; is not the same type as &lt;code&gt;this&lt;/code&gt;.
&lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='BC_BAD_CAST_TO_ABSTRACT_COLLECTION' priority='INFO'>
    <name>Style - Questionable cast to abstract collection </name>
    <configKey>BC_BAD_CAST_TO_ABSTRACT_COLLECTION</configKey>
    <description>&lt;p&gt;
This code casts a Collection to an abstract collection
(such as &lt;code&gt;List&lt;/code&gt;, &lt;code&gt;Set&lt;/code&gt;, or &lt;code&gt;Map&lt;/code&gt;).
Ensure that you are guaranteed that the object is of the type
you are casting to. If all you need is to be able
to iterate through a collection, you don't need to cast it to a Set or List.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BC_IMPOSSIBLE_CAST_PRIMITIVE_ARRAY' priority='CRITICAL'>
    <name>Correctness - Impossible cast involving primitive array</name>
    <configKey>BC_IMPOSSIBLE_CAST_PRIMITIVE_ARRAY</configKey>
    <description>&lt;p&gt;
This cast will always throw a ClassCastException.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_IMPOSSIBLE_CAST' priority='CRITICAL'>
    <name>Correctness - Impossible cast</name>
    <configKey>BC_IMPOSSIBLE_CAST</configKey>
    <description>&lt;p&gt;
This cast will always throw a ClassCastException.
SpotBugs tracks type information from instanceof checks,
and also uses more precise information about the types
of values returned from methods and loaded from fields.
Thus, it may have more precise information that just
the declared type of a variable, and can use this to determine
that a cast will always throw an exception at runtime.

&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_IMPOSSIBLE_DOWNCAST' priority='CRITICAL'>
    <name>Correctness - Impossible downcast</name>
    <configKey>BC_IMPOSSIBLE_DOWNCAST</configKey>
    <description>&lt;p&gt;
This cast will always throw a ClassCastException.
The analysis believes it knows
the precise type of the value being cast, and the attempt to
downcast it to a subtype will always fail by throwing a ClassCastException.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY' priority='CRITICAL'>
    <name>Correctness - Impossible downcast of toArray() result</name>
    <configKey>BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY</configKey>
    <description>&lt;p&gt;
This code is casting the result of calling &lt;code&gt;toArray()&lt;/code&gt; on a collection
to a type more specific than &lt;code&gt;Object[]&lt;/code&gt;, as in:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;String[] getAsArray(Collection&amp;lt;String&amp;gt; c) {
    return (String[]) c.toArray();
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;This will usually fail by throwing a ClassCastException. The &lt;code&gt;toArray()&lt;/code&gt;
of almost all collections return an &lt;code&gt;Object[]&lt;/code&gt;. They can't really do anything else,
since the Collection object has no reference to the declared generic type of the collection.
&lt;p&gt;The correct way to do get an array of a specific type from a collection is to use
  &lt;code&gt;c.toArray(new String[]);&lt;/code&gt;
  or &lt;code&gt;c.toArray(new String[c.size()]);&lt;/code&gt; (the latter is slightly more efficient).
&lt;p&gt;There is one common/known exception to this. The &lt;code&gt;toArray()&lt;/code&gt;
method of lists returned by &lt;code&gt;Arrays.asList(...)&lt;/code&gt; will return a covariantly
typed array. For example, &lt;code&gt;Arrays.asArray(new String[] { "a" }).toArray()&lt;/code&gt;
will return a &lt;code&gt;String []&lt;/code&gt;. SpotBugs attempts to detect and suppress
such cases, but may miss some.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='NP_NULL_INSTANCEOF' priority='MAJOR'>
    <name>Correctness - A known null value is checked to see if it is an instance of a type</name>
    <configKey>NP_NULL_INSTANCEOF</configKey>
    <description>&lt;p&gt;
This instanceof test will always return false, since the value being checked is guaranteed to be null.
Although this is safe, make sure it isn't
an indication of some misunderstanding or some other logic error.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_NULL_INSTANCEOF' priority='MAJOR'>
    <name>Correctness - A known null value is checked to see if it is an instance of a type</name>
    <configKey>BC_NULL_INSTANCEOF</configKey>
    <description>&lt;p&gt;
This instanceof test will always return false, since the value being checked is guaranteed to be null.
Although this is safe, make sure it isn't
an indication of some misunderstanding or some other logic error.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_IMPOSSIBLE_INSTANCEOF' priority='CRITICAL'>
    <name>Correctness - instanceof will always return false</name>
    <configKey>BC_IMPOSSIBLE_INSTANCEOF</configKey>
    <description>&lt;p&gt;
This instanceof test will always return false. Although this is safe, make sure it isn't
an indication of some misunderstanding or some other logic error.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='BC_VACUOUS_INSTANCEOF' priority='INFO'>
    <name>Style - instanceof will always return true</name>
    <configKey>BC_VACUOUS_INSTANCEOF</configKey>
    <description>&lt;p&gt;
This instanceof test will always return true (unless the value being tested is null).
Although this is safe, make sure it isn't
an indication of some misunderstanding or some other logic error.
If you really want to test the value for being null, perhaps it would be clearer to do
better to do a null test rather than an instanceof test.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BC_UNCONFIRMED_CAST' priority='INFO'>
    <name>Style - Unchecked/unconfirmed cast</name>
    <configKey>BC_UNCONFIRMED_CAST</configKey>
    <description>&lt;p&gt;
This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this
cast will not fail.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BC_UNCONFIRMED_CAST_OF_RETURN_VALUE' priority='INFO'>
    <name>Style - Unchecked/unconfirmed cast of return value from method</name>
    <configKey>BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</configKey>
    <description>&lt;p&gt;
This code performs an unchecked cast of the return value of a method.
The code might be calling the method in such a way that the cast is guaranteed to be
safe, but SpotBugs is unable to verify that the cast is safe.  Check that your program logic ensures that this
cast will not fail.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BC_BAD_CAST_TO_CONCRETE_COLLECTION' priority='INFO'>
    <name>Style - Questionable cast to concrete collection</name>
    <configKey>BC_BAD_CAST_TO_CONCRETE_COLLECTION</configKey>
    <description>&lt;p&gt;
This code casts an abstract collection (such as a Collection, List, or Set)
to a specific concrete implementation (such as an ArrayList or HashSet).
This might not be correct, and it may make your code fragile, since
it makes it harder to switch to other concrete implementations at a future
point. Unless you have a particular reason to do so, just use the abstract
collection class.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='RE_POSSIBLE_UNINTENDED_PATTERN' priority='MAJOR'>
    <name>Correctness - "." or "|" used for regular expression</name>
    <configKey>RE_POSSIBLE_UNINTENDED_PATTERN</configKey>
    <description>&lt;p&gt;
A String function is being invoked and "." or "|" is being passed
to a parameter that takes a regular expression as an argument. Is this what you intended?
For example
&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;s.replaceAll(".", "/") will return a String in which &lt;em&gt;every&lt;/em&gt; character has been replaced by a '/' character&lt;/li&gt;
&lt;li&gt;s.split(".") &lt;em&gt;always&lt;/em&gt; returns a zero length array of String&lt;/li&gt;
&lt;li&gt;"ab|cd".replaceAll("|", "/") will return "/a/b/|/c/d/"&lt;/li&gt;
&lt;li&gt;"ab|cd".split("|") will return array with six (!) elements: [, a, b, |, c, d]&lt;/li&gt;
&lt;/ul&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION' priority='MAJOR'>
    <name>Correctness - Invalid syntax for regular expression</name>
    <configKey>RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION</configKey>
    <description>&lt;p&gt;
The code here uses a regular expression that is invalid according to the syntax
for regular expressions. This statement will throw a PatternSyntaxException when
executed.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION' priority='MAJOR'>
    <name>Correctness - File.separator used for regular expression</name>
    <configKey>RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION</configKey>
    <description>&lt;p&gt;
The code here uses &lt;code&gt;File.separator&lt;/code&gt;
where a regular expression is required. This will fail on Windows
platforms, where the &lt;code&gt;File.separator&lt;/code&gt; is a backslash, which is interpreted in a
regular expression as an escape character. Among other options, you can just use
&lt;code&gt;File.separatorChar=='\\' ? "\\\\" : File.separator&lt;/code&gt; instead of
&lt;code&gt;File.separator&lt;/code&gt;

&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DLS_OVERWRITTEN_INCREMENT' priority='MAJOR'>
    <name>Correctness - Overwritten increment</name>
    <configKey>DLS_OVERWRITTEN_INCREMENT</configKey>
    <description>&lt;p&gt;
The code performs an increment operation (e.g., &lt;code&gt;i++&lt;/code&gt;) and then
immediately overwrites it. For example, &lt;code&gt;i = i++&lt;/code&gt; immediately
overwrites the incremented value with the original value.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT' priority='INFO'>
    <name>Style - Unsigned right shift cast to short/byte</name>
    <configKey>ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT</configKey>
    <description>&lt;p&gt;
The code performs an unsigned right shift, whose result is then
cast to a short or byte, which discards the upper bits of the result.
Since the upper bits are discarded, there may be no difference between
a signed and unsigned right shift (depending upon the size of the shift).
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='BSHIFT_WRONG_ADD_PRIORITY' priority='MAJOR'>
    <name>Correctness - Possible bad parsing of shift operation</name>
    <configKey>BSHIFT_WRONG_ADD_PRIORITY</configKey>
    <description>&lt;p&gt;
The code performs an operation like (x &amp;lt;&amp;lt; 8 + y). Although this might be correct, probably it was meant
to perform (x &amp;lt;&amp;lt; 8) + y, but shift operation has
a lower precedence, so it's actually parsed as x &amp;lt;&amp;lt; (8 + y).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='ICAST_BAD_SHIFT_AMOUNT' priority='MAJOR'>
    <name>Correctness - 32 bit int shifted by an amount not in the range -31..31</name>
    <configKey>ICAST_BAD_SHIFT_AMOUNT</configKey>
    <description>&lt;p&gt;
The code performs shift of a 32 bit int by a constant amount outside
the range -31..31.
The effect of this is to use the lower 5 bits of the integer
value to decide how much to shift by (e.g., shifting by 40 bits is the same as shifting by 8 bits,
and shifting by 32 bits is the same as shifting by zero bits). This probably isn't what was expected,
and it is at least confusing.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IM_MULTIPLYING_RESULT_OF_IREM' priority='MAJOR'>
    <name>Correctness - Integer multiply of result of integer remainder</name>
    <configKey>IM_MULTIPLYING_RESULT_OF_IREM</configKey>
    <description>&lt;p&gt;
The code multiplies the result of an integer remaining by an integer constant.
Be sure you don't have your operator precedence confused. For example
i % 60 * 1000 is (i % 60) * 1000, not i % (60 * 1000).
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_INVOKING_HASHCODE_ON_ARRAY' priority='MAJOR'>
    <name>Correctness - Invocation of hashCode on an array</name>
    <configKey>DMI_INVOKING_HASHCODE_ON_ARRAY</configKey>
    <description>&lt;p&gt;
The code invokes hashCode on an array. Calling hashCode on
an array returns the same value as System.identityHashCode, and ignores
the contents and length of the array. If you need a hashCode that
depends on the contents of an array &lt;code&gt;a&lt;/code&gt;,
use &lt;code&gt;java.util.Arrays.hashCode(a)&lt;/code&gt;.

&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_INVOKING_TOSTRING_ON_ARRAY' priority='MAJOR'>
    <name>Correctness - Invocation of toString on an array</name>
    <configKey>DMI_INVOKING_TOSTRING_ON_ARRAY</configKey>
    <description>&lt;p&gt;
The code invokes toString on an array, which will generate a fairly useless result
such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable
String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY' priority='MAJOR'>
    <name>Correctness - Invocation of toString on an unnamed array</name>
    <configKey>DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY</configKey>
    <description>&lt;p&gt;
The code invokes toString on an (anonymous) array.  Calling toString on an array generates a fairly useless result
such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable
String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='IM_AVERAGE_COMPUTATION_COULD_OVERFLOW' priority='INFO'>
    <name>Style - Computation of average could overflow</name>
    <configKey>IM_AVERAGE_COMPUTATION_COULD_OVERFLOW</configKey>
    <description>&lt;p&gt;The code computes the average of two integers using either division or signed right shift,
and then uses the result as the index of an array.
If the values being averaged are very large, this can overflow (resulting in the computation
of a negative average).  Assuming that the result is intended to be nonnegative, you
can use an unsigned right shift instead. In other words, rather that using &lt;code&gt;(low+high)/2&lt;/code&gt;,
use &lt;code&gt;(low+high) &amp;gt;&amp;gt;&amp;gt; 1&lt;/code&gt;
&lt;/p&gt;
&lt;p&gt;This bug exists in many earlier implementations of binary search and merge sort.
Martin Buchholz &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6412541"&gt;found and fixed it&lt;/a&gt;
in the JDK libraries, and Joshua Bloch
&lt;a href="http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html"&gt;widely
publicized the bug pattern&lt;/a&gt;.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='IM_BAD_CHECK_FOR_ODD' priority='INFO'>
    <name>Style - Check for oddness that won't work for negative numbers </name>
    <configKey>IM_BAD_CHECK_FOR_ODD</configKey>
    <description>&lt;p&gt;
The code uses x % 2 == 1 to check to see if a value is odd, but this won't work
for negative numbers (e.g., (-5) % 2 == -1). If this code is intending to check
for oddness, consider using x &amp;amp; 1 == 1, or x % 2 != 0.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DMI_HARDCODED_ABSOLUTE_FILENAME' priority='INFO'>
    <name>Style - Code contains a hard coded reference to an absolute pathname</name>
    <configKey>DMI_HARDCODED_ABSOLUTE_FILENAME</configKey>
    <description>&lt;p&gt;This code constructs a File object using a hard coded to an absolute pathname
(e.g., &lt;code&gt;new File("/home/dannyc/workspace/j2ee/src/share/com/sun/enterprise/deployment");&lt;/code&gt;
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DMI_BAD_MONTH' priority='MAJOR'>
    <name>Correctness - Bad constant value for month</name>
    <configKey>DMI_BAD_MONTH</configKey>
    <description>&lt;p&gt;
This code passes a constant month
value outside the expected range of 0..11 to a method.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_USELESS_SUBSTRING' priority='INFO'>
    <name>Style - Invocation of substring(0), which returns the original value</name>
    <configKey>DMI_USELESS_SUBSTRING</configKey>
    <description>&lt;p&gt;
This code invokes substring(0) on a String, which returns the original value.
&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DMI_CALLING_NEXT_FROM_HASNEXT' priority='MAJOR'>
    <name>Correctness - hasNext method invokes next</name>
    <configKey>DMI_CALLING_NEXT_FROM_HASNEXT</configKey>
    <description>&lt;p&gt;
The hasNext() method invokes the next() method. This is almost certainly wrong,
since the hasNext() method is not supposed to change the state of the iterator,
and the next method is supposed to change the state of the iterator.
&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='SWL_SLEEP_WITH_LOCK_HELD' priority='MAJOR'>
    <name>Multi-threading - Method calls Thread.sleep() with a lock held</name>
    <configKey>SWL_SLEEP_WITH_LOCK_HELD</configKey>
    <description>&lt;p&gt;
      This method calls Thread.sleep() with a lock held.  This may result
      in very poor performance and scalability, or a deadlock, since other threads may
      be waiting to acquire the lock.  It is a much better idea to call
      wait() on the lock, which releases the lock and allows other threads
      to run.
      &lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DB_DUPLICATE_BRANCHES' priority='INFO'>
    <name>Style - Method uses the same code for two branches</name>
    <configKey>DB_DUPLICATE_BRANCHES</configKey>
    <description>&lt;p&gt;
      This method uses the same code to implement two branches of a conditional branch.
    Check to ensure that this isn't a coding mistake.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='DB_DUPLICATE_SWITCH_CLAUSES' priority='INFO'>
    <name>Style - Method uses the same code for two switch clauses</name>
    <configKey>DB_DUPLICATE_SWITCH_CLAUSES</configKey>
    <description>&lt;p&gt;
      This method uses the same code to implement two clauses of a switch statement.
    This could be a case of duplicate code, but it might also indicate
    a coding mistake.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='IMA_INEFFICIENT_MEMBER_ACCESS' priority='MAJOR'>
    <name>Performance - Method accesses a private member variable of owning class</name>
    <configKey>IMA_INEFFICIENT_MEMBER_ACCESS</configKey>
    <description>&lt;p&gt;
      This method of an inner class reads from or writes to a private member variable of the owning class,
      or calls a private method of the owning class. The compiler must generate a special method to access this
      private member, causing this to be less efficient. Relaxing the protection of the member variable or method
      will allow the compiler to treat this as a normal access.
      &lt;/p&gt;</description>
    <tag>performance</tag>
    <tag>bug</tag>
  </rule>
  <rule key='XFB_XML_FACTORY_BYPASS' priority='INFO'>
    <name>Style - Method directly allocates a specific implementation of xml interfaces</name>
    <configKey>XFB_XML_FACTORY_BYPASS</configKey>
    <description>&lt;p&gt;
      This method allocates a specific implementation of an xml interface. It is preferable to use
      the supplied factory classes to create these objects so that the implementation can be
      changed at runtime. See
      &lt;/p&gt;
      &lt;ul&gt;
         &lt;li&gt;javax.xml.parsers.DocumentBuilderFactory&lt;/li&gt;
         &lt;li&gt;javax.xml.parsers.SAXParserFactory&lt;/li&gt;
         &lt;li&gt;javax.xml.transform.TransformerFactory&lt;/li&gt;
         &lt;li&gt;org.w3c.dom.Document.create&lt;i&gt;XXXX&lt;/i&gt;&lt;/li&gt;
      &lt;/ul&gt;
      &lt;p&gt;for details.&lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='USM_USELESS_SUBCLASS_METHOD' priority='INFO'>
    <name>Style - Method superfluously delegates to parent class method</name>
    <configKey>USM_USELESS_SUBCLASS_METHOD</configKey>
    <description>&lt;p&gt;
      This derived method merely calls the same superclass method passing in the exact parameters
      received. This method can be removed, as it provides no additional value.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='USM_USELESS_ABSTRACT_METHOD' priority='INFO'>
    <name>Style - Abstract Method is already defined in implemented interface</name>
    <configKey>USM_USELESS_ABSTRACT_METHOD</configKey>
    <description>&lt;p&gt;
      This abstract method is already defined in an interface that is implemented by this abstract
      class. This method can be removed, as it provides no additional value.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='CI_CONFUSED_INHERITANCE' priority='INFO'>
    <name>Style - Class is final but declares protected field</name>
    <configKey>CI_CONFUSED_INHERITANCE</configKey>
    <description>&lt;p&gt;
      This class is declared to be final, but declares fields to be protected. Since the class
      is final, it can not be derived from, and the use of protected is confusing. The access
      modifier for the field should be changed to private or public to represent the true
      use for the field.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT' priority='MAJOR'>
    <name>Correctness - Method assigns boolean literal in boolean expression</name>
    <configKey>QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT</configKey>
    <description>&lt;p&gt;
      This method assigns a literal boolean value (true or false) to a boolean variable inside
      an if or while expression. Most probably this was supposed to be a boolean comparison using
      ==, not an assignment using =.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='VR_UNRESOLVABLE_REFERENCE' priority='MAJOR'>
    <name>Correctness - Class makes reference to unresolvable class or method</name>
    <configKey>VR_UNRESOLVABLE_REFERENCE</configKey>
    <description>&lt;p&gt;
      This class makes a reference to a class or method that can not be
    resolved using against the libraries it is being analyzed with.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='GC_UNCHECKED_TYPE_IN_GENERIC_CALL' priority='MAJOR'>
    <name>Bad practice - Unchecked type in generic call</name>
    <configKey>GC_UNCHECKED_TYPE_IN_GENERIC_CALL</configKey>
    <description>&lt;p&gt; This call to a generic collection method passes an argument
    while compile type Object where a specific type from
    the generic type parameters is expected.
    Thus, neither the standard Java type system nor static analysis
    can provide useful information on whether the
    object being passed as a parameter is of an appropriate type.
    &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='GC_UNRELATED_TYPES' priority='MAJOR'>
    <name>Correctness - No relationship between generic parameter and method argument</name>
    <configKey>GC_UNRELATED_TYPES</configKey>
    <description>&lt;p&gt; This call to a generic collection method contains an argument
     with an incompatible class from that of the collection's parameter
    (i.e., the type of the argument is neither a supertype nor a subtype
        of the corresponding generic type argument).
     Therefore, it is unlikely that the collection contains any objects
    that are equal to the method argument used here.
    Most likely, the wrong value is being passed to the method.&lt;/p&gt;
    &lt;p&gt;In general, instances of two unrelated classes are not equal.
    For example, if the &lt;code&gt;Foo&lt;/code&gt; and &lt;code&gt;Bar&lt;/code&gt; classes
    are not related by subtyping, then an instance of &lt;code&gt;Foo&lt;/code&gt;
        should not be equal to an instance of &lt;code&gt;Bar&lt;/code&gt;.
    Among other issues, doing so will likely result in an equals method
    that is not symmetrical. For example, if you define the &lt;code&gt;Foo&lt;/code&gt; class
    so that a &lt;code&gt;Foo&lt;/code&gt; can be equal to a &lt;code&gt;String&lt;/code&gt;,
    your equals method isn't symmetrical since a &lt;code&gt;String&lt;/code&gt; can only be equal
    to a &lt;code&gt;String&lt;/code&gt;.
    &lt;/p&gt;
    &lt;p&gt;In rare cases, people do define nonsymmetrical equals methods and still manage to make
    their code work. Although none of the APIs document or guarantee it, it is typically
    the case that if you check if a &lt;code&gt;Collection&amp;lt;String&amp;gt;&lt;/code&gt; contains
    a &lt;code&gt;Foo&lt;/code&gt;, the equals method of argument (e.g., the equals method of the
    &lt;code&gt;Foo&lt;/code&gt; class) used to perform the equality checks.
    &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES' priority='MAJOR'>
    <name>Correctness - Collections should not contain themselves</name>
    <configKey>DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES</configKey>
    <description>&lt;p&gt; This call to a generic collection's method would only make sense if a collection contained
itself (e.g., if &lt;code&gt;s.contains(s)&lt;/code&gt; were true). This is unlikely to be true and would cause
problems if it were true (such as the computation of the hash code resulting in infinite recursion).
It is likely that the wrong value is being passed as a parameter.
    &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DMI_VACUOUS_SELF_COLLECTION_CALL' priority='MAJOR'>
    <name>Correctness - Vacuous call to collections</name>
    <configKey>DMI_VACUOUS_SELF_COLLECTION_CALL</configKey>
    <description>&lt;p&gt; This call doesn't make sense. For any collection &lt;code&gt;c&lt;/code&gt;, calling &lt;code&gt;c.containsAll(c)&lt;/code&gt; should
always be true, and &lt;code&gt;c.retainAll(c)&lt;/code&gt; should have no effect.
    &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS' priority='MAJOR'>
    <name>Bad practice - Don't reuse entry objects in iterators</name>
    <configKey>PZ_DONT_REUSE_ENTRY_OBJECTS_IN_ITERATORS</configKey>
    <description>&lt;p&gt; The entrySet() method is allowed to return a view of the
     underlying Map in which an Iterator and Map.Entry. This clever
     idea was used in several Map implementations, but introduces the possibility
     of nasty coding mistakes. If a map &lt;code&gt;m&lt;/code&gt; returns
     such an iterator for an entrySet, then
     &lt;code&gt;c.addAll(m.entrySet())&lt;/code&gt; will go badly wrong. All of
     the Map implementations in OpenJDK 1.7 have been rewritten to avoid this,
     you should to.
    &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS' priority='MAJOR'>
    <name>Bad practice - Adding elements of an entry set may fail due to reuse of Entry objects</name>
    <configKey>DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS</configKey>
    <description>&lt;p&gt; The entrySet() method is allowed to return a view of the
     underlying Map in which a single Entry object is reused and returned
     during the iteration.  As of Java 1.6, both IdentityHashMap
     and EnumMap did so. When iterating through such a Map,
     the Entry value is only valid until you advance to the next iteration.
     If, for example, you try to pass such an entrySet to an addAll method,
     things will go badly wrong.
    &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION' priority='MAJOR'>
    <name>Bad practice - Don't use removeAll to clear a collection</name>
    <configKey>DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION</configKey>
    <description>&lt;p&gt; If you want to remove all elements from a collection &lt;code&gt;c&lt;/code&gt;, use &lt;code&gt;c.clear&lt;/code&gt;,
not &lt;code&gt;c.removeAll(c)&lt;/code&gt;. Calling  &lt;code&gt;c.removeAll(c)&lt;/code&gt; to clear a collection
is less clear, susceptible to errors from typos, less efficient and
for some collections, might throw a &lt;code&gt;ConcurrentModificationException&lt;/code&gt;.
    &lt;/p&gt;</description>
    <tag>bad-practice</tag>
  </rule>
  <rule key='STCAL_STATIC_CALENDAR_INSTANCE' priority='MAJOR'>
    <name>Multi-threading - Static Calendar field</name>
    <configKey>STCAL_STATIC_CALENDAR_INSTANCE</configKey>
    <description>&lt;p&gt;Even though the JavaDoc does not contain a hint about it, Calendars are inherently unsafe for multithreaded use.
Sharing a single instance across thread boundaries without proper synchronization will result in erratic behavior of the
application. Under 1.4 problems seem to surface less often than under Java 5 where you will probably see
random ArrayIndexOutOfBoundsExceptions or IndexOutOfBoundsExceptions in sun.util.calendar.BaseCalendar.getCalendarDateFromFixedDate().&lt;/p&gt;
&lt;p&gt;You may also experience serialization problems.&lt;/p&gt;
&lt;p&gt;Using an instance field is recommended.&lt;/p&gt;
&lt;p&gt;For more information on this see &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6231579"&gt;JDK Bug #6231579&lt;/a&gt;
and &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6178997"&gt;JDK Bug #6178997&lt;/a&gt;.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE' priority='MAJOR'>
    <name>Multi-threading - Call to static Calendar</name>
    <configKey>STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE</configKey>
    <description>&lt;p&gt;Even though the JavaDoc does not contain a hint about it, Calendars are inherently unsafe for multithreaded use.
The detector has found a call to an instance of Calendar that has been obtained via a static
field. This looks suspicious.&lt;/p&gt;
&lt;p&gt;For more information on this see &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6231579"&gt;JDK Bug #6231579&lt;/a&gt;
and &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6178997"&gt;JDK Bug #6178997&lt;/a&gt;.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE' priority='MAJOR'>
    <name>Multi-threading - Static DateFormat</name>
    <configKey>STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</configKey>
    <description>&lt;p&gt;As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use.
Sharing a single instance across thread boundaries without proper synchronization will result in erratic behavior of the
application.&lt;/p&gt;
&lt;p&gt;You may also experience serialization problems.&lt;/p&gt;
&lt;p&gt;Using an instance field is recommended.&lt;/p&gt;
&lt;p&gt;For more information on this see &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6231579"&gt;JDK Bug #6231579&lt;/a&gt;
and &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6178997"&gt;JDK Bug #6178997&lt;/a&gt;.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE' priority='MAJOR'>
    <name>Multi-threading - Call to static DateFormat</name>
    <configKey>STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE</configKey>
    <description>&lt;p&gt;As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use.
The detector has found a call to an instance of DateFormat that has been obtained via a static
field. This looks suspicious.&lt;/p&gt;
&lt;p&gt;For more information on this see &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6231579"&gt;JDK Bug #6231579&lt;/a&gt;
and &lt;a href="http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6178997"&gt;JDK Bug #6178997&lt;/a&gt;.&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS' priority='MAJOR'>
    <name>Correctness - Comparing values with incompatible type qualifiers</name>
    <configKey>TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</configKey>
    <description>&lt;p&gt;
        A value specified as carrying a type qualifier annotation is
        compared with a value that doesn't ever carry that qualifier.
        &lt;/p&gt;

        &lt;p&gt;
        More precisely, a value annotated with a type qualifier specifying when=ALWAYS
        is compared with a value that where the same type qualifier specifies when=NEVER.
        &lt;/p&gt;

        &lt;p&gt;
        For example, say that @NonNegative is a nickname for
        the type qualifier annotation @Negative(when=When.NEVER).
        The following code will generate this warning because
        the return statement requires a @NonNegative value,
        but receives one that is marked as @Negative.
        &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public boolean example(@Negative Integer value1, @NonNegative Integer value2) {
    return value1.equals(value2);
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED' priority='MAJOR'>
    <name>Correctness - Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required</name>
    <configKey>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED</configKey>
    <description>&lt;p&gt;
        A value specified as carrying a type qualifier annotation is
        consumed in a location or locations requiring that the value not
        carry that annotation.
        &lt;/p&gt;

        &lt;p&gt;
        More precisely, a value annotated with a type qualifier specifying when=ALWAYS
        is guaranteed to reach a use or uses where the same type qualifier specifies when=NEVER.
        &lt;/p&gt;

        &lt;p&gt;
        For example, say that @NonNegative is a nickname for
        the type qualifier annotation @Negative(when=When.NEVER).
        The following code will generate this warning because
        the return statement requires a @NonNegative value,
        but receives one that is marked as @Negative.
        &lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public @NonNegative Integer example(@Negative Integer value) {
    return value;
}
&lt;/code&gt;&lt;/pre&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED' priority='MAJOR'>
    <name>Correctness - Value without a type qualifier used where a value is required to have that qualifier</name>
    <configKey>TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</configKey>
    <description>&lt;p&gt;
        A value is being used in a way that requires the value be annotation with a type qualifier.
    The type qualifier is strict, so the tool rejects any values that do not have
    the appropriate annotation.
        &lt;/p&gt;

        &lt;p&gt;
        To coerce a value to have a strict annotation, define an identity function where the return value is annotated
    with the strict annotation.
    This is the only way to turn a non-annotated value into a value with a strict type qualifier annotation.
        &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED' priority='MAJOR'>
    <name>Correctness - Value annotated as never carrying a type qualifier used where value carrying that qualifier is required</name>
    <configKey>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED</configKey>
    <description>&lt;p&gt;
        A value specified as not carrying a type qualifier annotation is guaranteed
        to be consumed in a location or locations requiring that the value does
        carry that annotation.
        &lt;/p&gt;

        &lt;p&gt;
        More precisely, a value annotated with a type qualifier specifying when=NEVER
        is guaranteed to reach a use or uses where the same type qualifier specifies when=ALWAYS.
        &lt;/p&gt;

        &lt;p&gt;
        TODO: example
        &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK' priority='MAJOR'>
    <name>Correctness - Value that might not carry a type qualifier is always used in a way requires that type qualifier</name>
    <configKey>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK</configKey>
    <description>&lt;p&gt;
      A value that is annotated as possibility not being an instance of
    the values denoted by the type qualifier, and the value is guaranteed to be used
    in a way that requires values denoted by that type qualifier.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK' priority='MAJOR'>
    <name>Correctness - Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier</name>
    <configKey>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK</configKey>
    <description>&lt;p&gt;
      A value that is annotated as possibility being an instance of
    the values denoted by the type qualifier, and the value is guaranteed to be used
    in a way that prohibits values denoted by that type qualifier.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK' priority='INFO'>
    <name>Style - Value required to not have type qualifier, but marked as unknown</name>
    <configKey>TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK</configKey>
    <description>&lt;p&gt;
      A value is used in a way that requires it to be never be a value denoted by a type qualifier, but
    there is an explicit annotation stating that it is not known where the value is prohibited from having that type qualifier.
    Either the usage or the annotation is incorrect.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK' priority='INFO'>
    <name>Style - Value required to have type qualifier, but marked as unknown</name>
    <configKey>TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK</configKey>
    <description>&lt;p&gt;
      A value is used in a way that requires it to be always be a value denoted by a type qualifier, but
    there is an explicit annotation stating that it is not known where the value is required to have that type qualifier.
    Either the usage or the annotation is incorrect.
      &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='IO_APPENDING_TO_OBJECT_OUTPUT_STREAM' priority='MAJOR'>
    <name>Correctness - Doomed attempt to append to an object output stream</name>
    <configKey>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM</configKey>
    <description>&lt;p&gt;
     This code opens a file in append mode and then wraps the result in an object output stream.
     This won't allow you to append to an existing object output stream stored in a file. If you want to be
     able to append to an object output stream, you need to keep the object output stream open.
      &lt;/p&gt;
      &lt;p&gt;The only situation in which opening a file in append mode and the writing an object output stream
      could work is if on reading the file you plan to open it in random access mode and seek to the byte offset
      where the append started.
      &lt;/p&gt;

      &lt;p&gt;
      TODO: example.
      &lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL' priority='MAJOR'>
    <name>Multi-threading - Synchronization on getClass rather than class literal</name>
    <configKey>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL</configKey>
    <description>&lt;p&gt;
     This instance method synchronizes on &lt;code&gt;this.getClass()&lt;/code&gt;. If this class is subclassed,
     subclasses will synchronize on the class object for the subclass, which isn't likely what was intended.
     For example, consider this code from java.awt.Label:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static final String base = "label";
private static int nameCounter = 0;

String constructComponentName() {
    synchronized (getClass()) {
        return base + nameCounter++;
    }
}
&lt;/code&gt;&lt;/pre&gt;
     &lt;p&gt;Subclasses of &lt;code&gt;Label&lt;/code&gt; won't synchronize on the same subclass, giving rise to a datarace.
     Instead, this code should be synchronizing on &lt;code&gt;Label.class&lt;/code&gt;&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;private static final String base = "label";
private static int nameCounter = 0;

String constructComponentName() {
    synchronized (Label.class) {
        return base + nameCounter++;
    }
}
&lt;/code&gt;&lt;/pre&gt;
      &lt;p&gt;Bug pattern contributed by Jason Mehrens&lt;/p&gt;</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='OBL_UNSATISFIED_OBLIGATION' priority='INFO'>
    <name>Experimental - Method may fail to clean up stream or resource</name>
    <configKey>OBL_UNSATISFIED_OBLIGATION</configKey>
    <description>&lt;p&gt;
          This method may fail to clean up (close, dispose of) a stream,
          database object, or other
          resource requiring an explicit cleanup operation.
          &lt;/p&gt;

          &lt;p&gt;
          In general, if a method opens a stream or other resource,
          the method should use a try/finally block to ensure that
          the stream or resource is cleaned up before the method
          returns.
          &lt;/p&gt;

          &lt;p&gt;
          This bug pattern is essentially the same as the
          OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE
          bug patterns, but is based on a different
          (and hopefully better) static analysis technique.
          We are interested is getting feedback about the
          usefulness of this bug pattern.
          For sending feedback, check:
          &lt;/p&gt;
          &lt;ul&gt;
            &lt;li&gt;&lt;a href="https://github.com/spotbugs/spotbugs/blob/master/CONTRIBUTING.md"&gt;contributing guideline&lt;/a&gt;&lt;/li&gt;
            &lt;li&gt;&lt;a href="https://github.com/spotbugs/discuss/issues?q="&gt;malinglist&lt;/a&gt;&lt;/li&gt;
          &lt;/ul&gt;

          &lt;p&gt;
          In particular,
          the false-positive suppression heuristics for this
          bug pattern have not been extensively tuned, so
          reports about false positives are helpful to us.
          &lt;/p&gt;

          &lt;p&gt;
          See Weimer and Necula, &lt;i&gt;Finding and Preventing Run-Time Error Handling Mistakes&lt;/i&gt;, for
          a description of the analysis technique.
          &lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE' priority='INFO'>
    <name>Experimental - Method may fail to clean up stream or resource on checked exception</name>
    <configKey>OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE</configKey>
    <description>&lt;p&gt;
          This method may fail to clean up (close, dispose of) a stream,
          database object, or other
          resource requiring an explicit cleanup operation.
          &lt;/p&gt;

          &lt;p&gt;
          In general, if a method opens a stream or other resource,
          the method should use a try/finally block to ensure that
          the stream or resource is cleaned up before the method
          returns.
          &lt;/p&gt;

          &lt;p&gt;
          This bug pattern is essentially the same as the
          OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE
          bug patterns, but is based on a different
          (and hopefully better) static analysis technique.
          We are interested is getting feedback about the
          usefulness of this bug pattern.
          For sending feedback, check:
          &lt;/p&gt;
          &lt;ul&gt;
            &lt;li&gt;&lt;a href="https://github.com/spotbugs/spotbugs/blob/master/CONTRIBUTING.md"&gt;contributing guideline&lt;/a&gt;&lt;/li&gt;
            &lt;li&gt;&lt;a href="https://github.com/spotbugs/discuss/issues?q="&gt;malinglist&lt;/a&gt;&lt;/li&gt;
          &lt;/ul&gt;

          &lt;p&gt;
          In particular,
          the false-positive suppression heuristics for this
          bug pattern have not been extensively tuned, so
          reports about false positives are helpful to us.
          &lt;/p&gt;

          &lt;p&gt;
          See Weimer and Necula, &lt;i&gt;Finding and Preventing Run-Time Error Handling Mistakes&lt;/i&gt;, for
          a description of the analysis technique.
          &lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='FB_UNEXPECTED_WARNING' priority='MAJOR'>
    <name>Correctness - Unexpected/undesired warning from SpotBugs</name>
    <configKey>FB_UNEXPECTED_WARNING</configKey>
    <description>&lt;p&gt;SpotBugs generated a warning that, according to a @NoWarning annotated,
            is unexpected or undesired.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='FB_MISSING_EXPECTED_WARNING' priority='MAJOR'>
    <name>Correctness - Missing expected or desired warning from SpotBugs</name>
    <configKey>FB_MISSING_EXPECTED_WARNING</configKey>
    <description>&lt;p&gt;SpotBugs didn't generate generated a warning that, according to a @ExpectedWarning annotated,
            is expected or desired.&lt;/p&gt;</description>
    <tag>correctness</tag>
    <tag>bug</tag>
  </rule>
  <rule key='RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED' priority='MAJOR'>
    <name>Multi-threading - Return value of putIfAbsent ignored, value passed to putIfAbsent reused</name>
    <configKey>RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED</configKey>
    <description>The &lt;code&gt;putIfAbsent&lt;/code&gt; method is typically used to ensure that a
        single value is associated with a given key (the first value for which put
        if absent succeeds).
        If you ignore the return value and retain a reference to the value passed in,
        you run the risk of retaining a value that is not the one that is associated with the key in the map.
        If it matters which one you use and you use the one that isn't stored in the map,
        your program will behave incorrectly.</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE' priority='INFO'>
    <name>Experimental - Potential lost logger changes due to weak reference in OpenJDK</name>
    <configKey>LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE</configKey>
    <description>&lt;p&gt;OpenJDK introduces a potential incompatibility.
 In particular, the java.util.logging.Logger behavior has
  changed. Instead of using strong references, it now uses weak references
  internally. That's a reasonable change, but unfortunately some code relies on
  the old behavior - when changing logger configuration, it simply drops the
  logger reference. That means that the garbage collector is free to reclaim
  that memory, which means that the logger configuration is lost. For example,
consider:
&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public static void initLogging() throws Exception {
    Logger logger = Logger.getLogger("edu.umd.cs");
    logger.addHandler(new FileHandler()); // call to change logger configuration
    logger.setUseParentHandlers(false); // another call to change logger configuration
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;The logger reference is lost at the end of the method (it doesn't
escape the method), so if you have a garbage collection cycle just
after the call to initLogging, the logger configuration is lost
(because Logger only keeps weak references).&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;public static void main(String[] args) throws Exception {
    initLogging(); // adds a file handler to the logger
    System.gc(); // logger configuration lost
    Logger.getLogger("edu.umd.cs").info("Some message"); // this isn't logged to the file as expected
}
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;&lt;em&gt;Ulf Ochsenfahrt and Eric Fellheimer&lt;/em&gt;&lt;/p&gt;</description>
    <tag>experimental</tag>
  </rule>
  <rule key='AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION' priority='MAJOR'>
    <name>Multi-threading - Sequence of calls to concurrent abstraction may not be atomic</name>
    <configKey>AT_OPERATION_SEQUENCE_ON_CONCURRENT_ABSTRACTION</configKey>
    <description>&lt;p&gt;This code contains a sequence of calls to a concurrent  abstraction
            (such as a concurrent hash map).
            These calls will not be executed atomically.</description>
    <tag>multi-threading</tag>
    <tag>bug</tag>
  </rule>
  <rule key='DM_DEFAULT_ENCODING' priority='INFO'>
    <name>I18n - Reliance on default encoding</name>
    <configKey>DM_DEFAULT_ENCODING</configKey>
    <description>&lt;p&gt; Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.  &lt;/p&gt;</description>
    <tag>i18n</tag>
  </rule>
  <rule key='NP_METHOD_PARAMETER_RELAXING_ANNOTATION' priority='INFO'>
    <name>Style - Method tightens nullness annotation on parameter</name>
    <configKey>NP_METHOD_PARAMETER_RELAXING_ANNOTATION</configKey>
    <description>&lt;p&gt;
        A method should always implement the contract of a method it overrides. Thus, if a method takes a parameter
    that is marked as @Nullable, you shouldn't override that method in a subclass with a method where that parameter is @Nonnull.
    Doing so violates the contract that the method should handle a null parameter.
        &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION' priority='INFO'>
    <name>Style - Method tightens nullness annotation on parameter</name>
    <configKey>NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</configKey>
    <description>&lt;p&gt;
        A method should always implement the contract of a method it overrides. Thus, if a method takes a parameter
    that is marked as @Nullable, you shouldn't override that method in a subclass with a method where that parameter is @Nonnull.
    Doing so violates the contract that the method should handle a null parameter.
        &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
  <rule key='NP_METHOD_RETURN_RELAXING_ANNOTATION' priority='INFO'>
    <name>Style - Method relaxes nullness annotation on return value</name>
    <configKey>NP_METHOD_RETURN_RELAXING_ANNOTATION</configKey>
    <description>&lt;p&gt;
        A method should always implement the contract of a method it overrides. Thus, if a method takes is annotated
    as returning a @Nonnull value,
    you shouldn't override that method in a subclass with a method annotated as returning a @Nullable or @CheckForNull value.
    Doing so violates the contract that the method shouldn't return null.
        &lt;/p&gt;</description>
    <tag>style</tag>
  </rule>
</rules>