Lambda methods reported as missing classes

[iloveeclipse]

This is a side effect of not properly supporting INVOKEDYNAMIC instruction (issue #6): the snippet below generates "The following classes needed for SpotBugs analysis on project A were missing: run" warning on every analysis in Eclipse.
This is most likely same as issue spotbugs/discuss/issues/29.

public class Client {	
	public void errorOnLambda() {
		Object o = getObject();
		if (o != null) { 
			useRunnable(() -> toString());
		}
		o.hashCode();
	}

	public Object getObject() {
		return null;
	}

	public void useRunnable(Runnable listener) {
	}
}

While we still lacks the proper INVOKEDYNAMIC support, we should at least make sure we don't raise stupid warnings.

[iloveeclipse]

Merged in 3.1 and master.

[Vampire]

This still happens in 3.1.11:

<BugCollection version="3.1.11" sequence="0" tim.estamp="1550070145794" analysisTimestamp="1550075180425" release="">
...
  <Errors errors="0" missingClasses="14">
    <MissingClass>accept</MissingClass>
    <MissingClass>actionPerformed</MissingClass>
    <MissingClass>apply</MissingClass>
    <MissingClass>changed</MissingClass>
    <MissingClass>deliverSelectedHuman</MissingClass>
    <MissingClass>get</MissingClass>
    <MissingClass>getLineData</MissingClass>
    <MissingClass>handle</MissingClass>
    <MissingClass>handleEvent</MissingClass>
    <MissingClass>makeConcatWithConstants</MissingClass>
    <MissingClass>objectSelected</MissingClass>
    <MissingClass>run</MissingClass>
    <MissingClass>test</MissingClass>
    <MissingClass>valueChanged</MissingClass>
  </Errors>
  <FindBugsSummary timestamp="Wed, 13 Feb 2019 16:02:25 +0100" total_classes="1193" referenced_classes="2829" total_bugs="114" total_size="64357" num_packages="124" java_version="11.0.1" vm_version="11.0.1+13" cpu_seconds="264.19" clock_seconds="104.04" peak_mbytes="4467.56" alloc_mbytes="3072.00" gc_seconds="1.93" priority_2="113" priority_1="1">
...

[Vampire]

I also tested with Java 8 and the SpotBugs 3.1.2 like in the milestone, there it is exactly the same.

[d1ss0nanz]

I can confirm, the issue still exists.

[ati90ati]

In a bigger project I've using spotbugs to detect issues and I have these warning on the output while building:

The following classes needed for analysis were missing:
  apply
  test
  makeConcatWithConstants
  run
  get

I've created a small example to reproduce this bug.
In the repo the Java version used is 11, but these errors happens with Java 8 also.

https://github.com/ati90ati/bugreport-spotbugs-gradle-plugin-logging

In the repo I'm getting this unwanted output:

The following classes needed for analysis were missing:
  apply

I hope that you guys can find a solution to fix this bug.

[abcfy2]

Same issue for 3.1.12:

> Task :spotbugsMain
The following classes needed for analysis were missing:
  handle
  accept

> Task :spotbugsMain FAILED

[clistoq]

On Maven, also can see this issue.
Env:

• spotbugs: 3.1.12
• mvn: 3.6.1
• findsec: 1.9.0
• fb-contrib: 7.4.3.sb

Stacktrace:
[java] The following classes needed for analysis were missing: [java] test [java] accept [java] apply [java] get [java] run [java] onRead [java] go [java] adjustInto [java] handle [java] Warnings generated: 89 [java] Missing classes: 9

[testn]

still happens in SpotBugs 4.0.0

[Omniscience619]

In a bigger project I've using spotbugs to detect issues and I have these warning on the output while building:

The following classes needed for analysis were missing:
  apply
  test
  makeConcatWithConstants
  run
  get

I've created a small example to reproduce this bug.
In the repo the Java version used is 11, but these errors happens with Java 8 also.

https://github.com/ati90ati/bugreport-spotbugs-gradle-plugin-logging

In the repo I'm getting this unwanted output:

The following classes needed for analysis were missing:
  apply

I hope that you guys can find a solution to fix this bug.

Pardon my dumb question, but do these warnings mean that the findbugs plugin didn't run at all, or simply worked, but couldn't find these classes? I wasn't able to understand what's exactly going on in the plugin when it encounters this error.

[ati90ati]

The plugin worked, just the output was very disturbing, especially when you have more modules.

[jonathansantilli]

Hello @ati90ati, you mentioned that the plugin still works, good.

have you noticed if the results are affected by that behavior? like the one you describe here

I have noticed an increase in False Positives when that error shows up.

[DanielFran]

I add this issue ~ 2 years ago, we were using an old Sonar version (v6.7.x), we were trying to migrate sonar to a newer version compatible with Java 11, but the false positive in the new Spotbug version used were blocking the pipelines. We needed to rollback to that Sonar version and at that time this was blocking us for example to migrate projects from Java 8 to 11....
We never try again to use projects with Java 11 till today 👎

[ati90ati]

@jonathansantilli I haven't noticed any problem in the behavior. Spotbugs seemed to work well, only it had a disturbing output.

@DanielFran You can suppress warnings (even false positives) in Spotbugs so this shouldn't stop you to upgrade to Java 11 (some examples: https://github.com/undertow-io/undertow/blob/master/spotbugs-exclude.xml).

[rios0rios0]

Hello guys!
I think this bug still happens in newer version:

[INFO] --- spotbugs-maven-plugin:4.2.3:spotbugs (spotbugs) @ API ---
[INFO] Fork Value is true
     [java] Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
     [java] The following classes needed for analysis were missing:
     [java]   makeConcatWithConstants
     [java]   accept
     [java]   apply
     [java]   run
     [java]   test
[INFO] Done SpotBugs Analysis....

[dmivankov]

Still happens with 4.3.0.
If used with -exitcode flag it makes tests fail on lambdas. And since this isn't reported as usual bug, it's not possible to manually ignore specific lambdas (or say regexp-ignore any missing classes without packages).
On the other hand, the feature is useful as it can help detecting NoClassDefFoundError.
As a workaround it could be possible to analyze stderr in a post-processing script

[slott]

Still happening on 5.0.10...

The following classes needed for analysis were missing:
java.rmi.Remote
java.util.Arrays$ArrayList
SpotBugs ended with exit code 3

[CreeTar]

Using Java 11 still a problem, is there an celebration for this bugs 5th year anniversary? Off to 5 more years :)

[delanym]

I only get this, i.e.

     [java] The following classes needed for analysis were missing:
     [java]   makeConcatWithConstants
     [java]   test
     [java]   apply
     [java]   accept
     [java]   actionPerformed
     [java]   run
     [java]   compare
     [java]   get

when I include findsecbugs

        <plugin>
          <groupId>com.github.spotbugs</groupId>
          <artifactId>spotbugs-maven-plugin</artifactId>
          <version>4.7.3.4</version>
          <configuration>
            <plugins>
              <plugin>
                <groupId>com.h3xstream.findsecbugs</groupId>
                <artifactId>findsecbugs-plugin</artifactId>
                <version>1.12.0</version>
              </plugin>
            </plugins>
          </configuration>

Apache Maven 3.9.0 (9b58d2bad23a66be161c4664ef21ce219c2c8584)
Maven home: /home/sol/.m2/wrapper/dists/apache-maven-3.9.0/86b67b91
Java version: 20-ea, vendor: Private Build, runtime: /usr/lib/jvm/java-20-openjdk-amd64
Default locale: en_ZA, platform encoding: UTF-8
OS name: "linux", version: "5.19.0-38-generic", arch: "amd64", family: "unix"

[in-fke]

Still a Bug after more than five years.

[SimSonic]

In my case list is bigger:

     [java] The following classes needed for analysis were missing:
     [java]   makeConcatWithConstants
     [java]   apply
     [java]   equals
     [java]   toString
     [java]   hashCode
     [java]   get
     [java]   accept
     [java]   test
     [java]   customize
     [java]   doInTransaction
     [java]   resolve
     [java]   applyAsInt
     [java]   getAddress
     [java]   getAsBoolean
     [java]   run
     [java]   handleError
     [java]   getTags
     [java]   call
     [java]   typeSwitch
     [java]   applyAsLong
     [java]   getSpecification
     [java]   applyAsDouble
     [java]   configure
     [java]   mapRow
     [java]   doInPreparedStatement

jdk 20
spotbugs 4.7.3.0
findsecbugs 1.12.0

[Vampire]

It even got worse now, because it is reported once per report.
so if you have XML and HTML report configured, you get the message printed twice. :-(

[victorwss]

@delanym I also only get this when using find-sec-bugs.

[soloturn]

@JuditKnoll you happen to know what could be done here?

[JuditKnoll]

@soloturn I'm sorry, I don't know. I haven't looked into this issue properly, but for me it looks like it may be a find-sec-bugs issue. I'm not really familiar how exactly SpotBugs and its plugins interacts with each other.
There was a workaround merged into find-sec-bugs recently (find-sec-bugs/find-sec-bugs#690), which is marked as "may solve this issue", but there was no new find-sec-bugs released since then.

[victorherraiz]

Version 1.13.0, released almost a month ago, of find-sec-bugs does not solve the problem for me.

[bdellegrazie]

Version 1.13.0 of find-sec-bugs doesn't solve this, even with the -Dfindsecbugs.taint.workaroundvisitinvokedynamic=true enabled or not, I see no difference.