FindBugs Report

Project Information

Project: JAP

FindBugs version: 1.2.1-rc2

Code analyzed:



Metrics

72437 lines of code analysed, in 1227 classes, in 77 packages.

Metric Total Density*
High Priority Warnings 104 1.44
Medium Priority Warnings 643 8.88
Total Warnings 747 10.31

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 221
Correctness Warnings 36
Malicious code vulnerability Warnings 129
Multithreaded correctness Warnings 108
Performance Warnings 117
Dodgy Warnings 136
Total 747

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code  Warning
BC Random object created and used only once in anon.mixminion.FirstMMRConnection.sendJunk()
BC Random object created and used only once in gui.PopupMenu.PopupMenu(JPopupMenu, boolean)
BC Random object created and used only once in infoservice.agreement.multicast.messages.CommitmentMessage.CommitmentMessage()
BC Random object created and used only once in infoservice.agreement.multicast.messages.CommitmentMessage.CommitmentMessage()
BC Random object created and used only once in infoservice.agreement.multicast.messages.CommitmentMessage.CommitmentMessage()
BC Random object created and used only once in jap.TrustModel.TrustModel()
DE anon.infoservice.Database.getRandomEntry() might ignore java.lang.Exception
DE anon.infoservice.StatusInfo.StatusInfo(Element, int) might ignore java.lang.Exception
DE anon.util.XMLUtil.<static initializer>() might ignore java.lang.Exception
DE forward.server.ForwardScheduler.setMaximumNumberOfConnections(int) might ignore java.lang.Exception
DE infoservice.agreement.multicast.messages.EchoMulticastMessageFactory.checkOriginator(Node, String) might ignore java.lang.Exception
DE infoservice.agreement.paxos.integration.InfoServiceMessageFactory.checkOriginator(Node, String) might ignore java.lang.Exception
DE infoservice.Configuration.Configuration(Properties) might ignore java.lang.Exception
DE infoservice.tor.MixminionDirectoryAgent.run() might ignore java.lang.Exception
DE jpi.helper.DummyCreditCardHelper.run() might ignore java.lang.Exception
DE platform.LinuxOS.LinuxOS() might ignore java.lang.Exception
Dm infoservice.InfoService.InfoService(String) invokes System.exit(...), which shuts down the entire virtual machine
Dm infoservice.InfoServicePropagandist.run() invokes System.exit(...), which shuts down the entire virtual machine
Dm JAP.startJAP() invokes System.exit(...), which shuts down the entire virtual machine
Dm jap.JAPController.loadConfigFile(String, boolean, ISplashResponse) invokes System.exit(...), which shuts down the entire virtual machine
Dm jap.JAPController$18.run() invokes System.exit(...), which shuts down the entire virtual machine
Eq anon.infoservice.ListenerInterface defines equals(ListenerInterface) method and uses Object.equals(Object)
Eq anon.infoservice.ProxyInterface defines equals(ProxyInterface) method and uses Object.equals(Object)
Eq anon.pay.xml.XMLJapPublicKey defines equals(XMLJapPublicKey) method and uses Object.equals(Object)
Eq anon.util.test.DummyXMLEncodable defines equals(DummyXMLEncodable) method and uses Object.equals(Object)
FI anon.shared.IOQueue.buff is set to null inside finalize method
FI gui.dialog.JAPDialog.dispose() explicitly invokes gui.GUIUtils$WindowDocker.finalize()
FI gui.dialog.JAPDialog.setDockable(boolean) explicitly invokes gui.GUIUtils$WindowDocker.finalize()
FI gui.GUIUtils$WindowDocker.m_queue is set to null inside finalize method
FI gui.GUIUtils$WindowDocker.m_listener is set to null inside finalize method
FI jap.JAPViewIconified.dispose() explicitly invokes gui.GUIUtils$WindowDocker.finalize()
HE anon.infoservice.ListenerInterface defines equals and uses Object.hashCode()
HE anon.infoservice.ProxyInterface defines equals and uses Object.hashCode()
HE anon.pay.xml.XMLJapPublicKey defines equals and uses Object.hashCode()
HE anon.util.test.DummyXMLEncodable defines equals and uses Object.hashCode()
HE infoservice.agreement.paxos.messages.PaxosMessage defines equals and uses Object.hashCode()
IMSE Dubious catching of IllegalMonitorStateException in gui.dialog.DialogContentPane.closeDialog(boolean)
IMSE Dubious catching of IllegalMonitorStateException in gui.dialog.JAPDialog$7.run()
IMSE Dubious catching of IllegalMonitorStateException in gui.dialog.JAPDialog$DialogWindowAdapter.windowClosing(WindowEvent)
IMSE Dubious catching of IllegalMonitorStateException in gui.GUIUtils$8.run()
Nm The class name anon.crypto.tinytls.test.tlsclienttest doesn't start with an upper case letter
Nm The method name anon.crypto.tinytls.TLSException.Alert() doesn't start with an lower case letter
Nm The class name anon.crypto.tinytls.util.hash doesn't start with an upper case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Delete(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Delete(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.ExtensionMethod(String, String, HttpOutputStream, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.ExtensionMethod(String, String, byte[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Get(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Get(String, String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Get(String, String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Get(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Get(String, NVPair[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Head(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Head(String, String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Head(String, String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Head(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Head(String, NVPair[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Options(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Options(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Options(String, NVPair[], HttpOutputStream) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Options(String, NVPair[], byte[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, HttpOutputStream) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, HttpOutputStream, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, byte[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, byte[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Post(String, NVPair[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, HttpOutputStream) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, HttpOutputStream, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, byte[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Put(String, byte[], NVPair[]) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Trace(String) doesn't start with an lower case letter
Nm The method name anon.infoservice.test.DummyHTTPConnection.Trace(String, NVPair[]) doesn't start with an lower case letter
Nm The method name anon.mixminion.message.MixMinionCryptoUtil.Encrypt(byte[], byte[]) doesn't start with an lower case letter
Nm The class name anon.tor.test.proxythread doesn't start with an upper case letter
Nm The class name anon.tor.test.tor2jap doesn't start with an upper case letter
Nm The method name gui.JAPAWTMsgBox.MsgBox(Frame, String, String) doesn't start with an lower case letter
NP gui.AbstractISOCodeMapper.toString() may return null
ODR jpi.db.DataBase.buyFlatrate(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.buyFlatrate(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.buyVolumePlan(long, XMLVolumePlan) may fail to close java.sql.Statement
ODR jpi.db.DataBase.buyVolumePlan(long, XMLVolumePlan) may fail to close java.sql.Statement
ODR jpi.db.DataBase.chargeAccount(long, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.chargeAccount(long, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.chargeAccount(long, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.chargeAccount(long, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.checkValidity(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.createTables() may fail to close java.sql.Statement
ODR jpi.db.DataBase.createTables() may fail to close java.sql.Statement
ODR jpi.db.DataBase.creditMixes(Hashtable, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.debitAccount(long, Hashtable, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.dropTables() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getCC(long, String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getCostConfirmations(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getFlatrateConfig() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getNextAccountNumber() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getNextTransferNumber() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getOperatorBalance(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getOperatorInfo(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getOperatorOfMix(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPassivePaymentData(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPaymentOptionsFromDb() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPaymentOptionsFromDb() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPaymentSettings() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPriceCertForHash(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPriceCerts(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getPriceCertsForMix(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getTransferAmount(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getUsedDate(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getVolumePlan(String) may fail to close java.sql.Statement
ODR jpi.db.DataBase.getVolumePlans() may fail to close java.sql.Statement
ODR jpi.db.DataBase.getXmlBalance(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.insertCC(XMLEasyCC) may fail to close java.sql.Statement
ODR jpi.db.DataBase.isTanUsed(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.redeemCoupon(String, long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.setPaymentOptions() may fail to close java.sql.Statement
ODR jpi.db.DataBase.setPaymentSettings() may fail to close java.sql.Statement
ODR jpi.db.DataBase.setTransferNumberUsed(long) may fail to close java.sql.Statement
ODR jpi.db.DataBase.setVolumePlans() may fail to close java.sql.Statement
ODR jpi.db.DataBase.storeBankAccount(XMLBankAccount) may fail to close java.sql.Statement
ODR jpi.db.DataBase.updateCC(XMLEasyCC) may fail to close java.sql.Statement
OS anon.infoservice.InfoServiceDBEntry$1.run() may fail to close stream
OS infoservice.InfoService.InfoService(String) may fail to close stream
OS infoservice.mailsystem.central.MailContext.MailContext(String) may fail to close stream
OS jap.JAPSplash.JAPSplash(Frame, String) may fail to close stream
OS jap.JAPSplash.JAPSplash(Frame, String) may fail to close stream
OS jap.JAPSplash.JAPSplash(Frame, String) may fail to close stream
OS jap.JAPSplash.JAPSplash(Frame, String) may fail to close stream
OS platform.WindowsOS.getConfigPath() may fail to close stream
RR anon.mixminion.FirstMMRConnection.connect() ignores result of java.io.BufferedInputStream.read(byte[], int, int)
RR anon.mixminion.FirstMMRConnection.receive(byte[], String) ignores result of java.io.BufferedInputStream.read(byte[], int, int)
Se Class anon.crypto.MyRSAPrivateKey defines non-transient non-serializable instance field m_algorithm
Se Class anon.crypto.MyRSAPublicKey defines non-transient non-serializable instance field m_algorithm
Se Class anon.crypto.test.DummyPrivateKey defines non-transient non-serializable instance field m_algorithm
Se anon.crypto.test.DummySignatureAlgorithm stored into non-transient field DummyPrivateKey.m_algorithm
Se Class anon.crypto.test.DummyPublicKey defines non-transient non-serializable instance field m_algorithm
Se anon.crypto.test.DummySignatureAlgorithm stored into non-transient field DummyPublicKey.m_algorithm
Se Class gui.CaptchaDialog$2 defines non-transient non-serializable instance field val$captcha
Se Class gui.CertDetailsDialog$CertShortInfoPanel defines non-transient non-serializable instance field m_selectedCert
Se Class gui.JAPAboutAutoScroller defines non-transient non-serializable instance field m_Thread
Se Class gui.JAPAboutAutoScroller defines non-transient non-serializable instance field m_imgBackground
Se Class gui.JAPAboutAutoScroller defines non-transient non-serializable instance field m_imgBackgroundPicture
Se Class gui.JAPAboutAutoScroller defines non-transient non-serializable instance field m_imgDoubleBuffer
Se Class gui.JAPAboutAutoScroller defines non-transient non-serializable instance field m_imgOffScreen
Se Class gui.JAPJIntField defines non-transient non-serializable instance field m_bounds
Se Class gui.JAPProgressBar defines non-transient non-serializable instance field m_ui
Se Class jap.forward.JAPRoutingEstablishForwardedConnectionDialog$9 defines non-transient non-serializable instance field val$a_captcha
Se Class jap.JAPMixCascadeComboBox defines non-transient non-serializable instance field m_currentCascade
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_configMovedAdapter
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_dlgConfig
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_helpMovedAdapter
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_mainMovedAdapter
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_miniMovedAdapter
Se Class jap.JAPNewView defines non-transient non-serializable instance field m_transferedBytesJobs
Se jap.JAPNewView$6 stored into non-transient field JAPNewView.m_listenerEnableIS
Se jap.JAPNewView$7 stored into non-transient field JAPNewView.m_listenerNewServices
Se jap.JAPNewView$5 stored into non-transient field JAPNewView.m_listenerUpdate
Se Class jap.JAPSplash defines non-transient non-serializable instance field m_imgBusy
Se Class jap.JAPSplash defines non-transient non-serializable instance field m_imgOffScreen
Se Class jap.JAPSplash defines non-transient non-serializable instance field m_imgSplash
Se Class jap.JAPViewIconified defines non-transient non-serializable instance field m_Controller
Se Class jap.JAPViewIconified defines non-transient non-serializable instance field m_docker
Se jap.JAPViewIconified$1 stored into non-transient field JAPViewIconified.m_runnableValueUpdate
Se Class jap.pay.PaymentMainPanel defines non-transient non-serializable instance field m_MyPaymentListener
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_Msgs
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_Thread
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_imageError
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_imageInformation
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_imageWarning
Se Class jap.StatusPanel defines non-transient non-serializable instance field m_lastMsg
Se Class update.JAPWelcomeWizardPage defines non-transient non-serializable instance field jarFileFilter
SnVI jap.JAPConfAnon$MyTableModel is Serializable; consider declaring a serialVersionUID
SnVI jap.pay.TransactionOverviewDialog$MyTableModel is Serializable; consider declaring a serialVersionUID
SQL Method jpi.db.DataBase.addAccount(long, String, Timestamp, String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.buyFlatrate(long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.buyVolumePlan(long, XMLVolumePlan) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.checkValidity(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.creditMixes(Hashtable, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.deletePriceCert(XMLPriceCertificate) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getCC(long, String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getIdForOperatorCert(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getOperatorInfo(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getOperatorOfMix(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getPriceCertForHash(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getPriceCertForHash(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getPriceCertsForMix(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getVolumePlan(String) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.handleTransferRequest(XMLTransferRequest) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.insertCC(XMLEasyCC) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.redeemCoupon(String, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.redeemCoupon(String, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.redeemCoupon(String, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaymentOptions() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaymentOptions() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaymentOptions() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaymentOptions() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaymentSettings() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setPaysafecardPaymentUsed(XMLPassivePayment) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.setVolumePlans() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storeBankAccount(XMLBankAccount) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storePassivePayment(XMLPassivePayment) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storePaysafecardPayment(XMLPassivePayment) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storePriceCert(XMLPriceCertificate) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storePriceCert(XMLPriceCertificate) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.updateCC(XMLEasyCC) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeJapTraffic(long, String, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeJapTraffic(long, String, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.getBalance(long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.purgePaysafecardPayments() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.purgePaysafecardPayments() passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.storeTransferNumber(long, long, long, Timestamp) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeMixStats(Enumeration, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeMixTraffic(Enumeration, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeMixTraffic(Enumeration, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase.writeMixTraffic(Enumeration, long) passes a nonconstant String to an execute method on an SQL statement
SQL Method jpi.db.DataBase$CleanupThread.run() passes a nonconstant String to an execute method on an SQL statement

Correctness Warnings

Code&nbsp; Warning
BIT Bitwise OR of signed byte value computed in anon.crypto.tinytls.TinyTLSServerSocket$TLSInputStream.readClientHello()
BIT Bitwise OR of signed byte value computed in anon.crypto.tinytls.TinyTLSServerSocket$TLSInputStream.readClientKeyExchange()
EC Call to equals() comparing different types in gui.JAPMessages.init(Locale, String)
INT Bad comparison of signed byte with 128 in anon.crypto.JAPCertificate.toASN1Sequence(byte[], String)
NP Null pointer dereference of a_values in anon.crypto.AbstractX509AlternativeName.createValue(Vector, Vector)
NP Non-virtual method call in anon.infoservice.MixInfo.MixInfo(String, CertPath) passes null for unconditionally dereferenced parameter of ServiceLocation.ServiceLocation(Node, JAPCertificate)
NP Non-virtual method call in anon.infoservice.MixInfo.MixInfo(String, CertPath, XMLPriceCertificate, long) passes null for unconditionally dereferenced parameter of ServiceLocation.ServiceLocation(Node, JAPCertificate)
NP Possible null pointer dereference of DummyXMLEncodable.m_id in anon.util.test.DummyXMLEncodable.equals(DummyXMLEncodable)
NP Non-virtual method call in anon.util.XMLUtil.toXMLDocument(String) passes null for unconditionally dereferenced parameter of toXMLDocument(byte[])
NP Non-virtual method call in jap.JAPConfAnon$InfoServiceTempLayer.getServiceLocation(MixCascade, String) passes null for unconditionally dereferenced parameter of anon.infoservice.ServiceLocation.ServiceLocation(Node, JAPCertificate)
NP Possible null pointer dereference of currentMixCascade in jap.JAPNewView.onUpdateValues()
NP Non-virtual method call in jap.JAPUtil.formatTimestamp(Timestamp, boolean) passes null for unconditionally dereferenced parameter of formatTimestamp(Timestamp, boolean, String)
NP Possible null pointer dereference of reply in jap.pay.FlatrateDialog.buyFlatrate()
NP Possible null pointer dereference of pp in jpi.PICommandUser.storePassivePayment(byte[]) on exception path
QBA Method jap.forward.JAPRoutingConnectionClass.loadSettingsFromXml(Element) assigns boolean literal in boolean expression
RCN Nullcheck of a_Database at line 108 of value previously dereferenced in anon.infoservice.Database.registerInstance(Database)
RCN Nullcheck of a_vector at line 523 of value previously dereferenced in gui.CertDetailsDialog.idsToNames(Vector)
RCN Nullcheck of a_trustModel at line 320 of value previously dereferenced in jap.TrustModel.removeTrustModel(TrustModel)
RV Bad attempt to compute absolute value of signed 32-bit random integer in anon.crypto.DESCrypt.crypt(String)
RV Bad attempt to compute absolute value of signed 32-bit random integer in anon.crypto.DESCrypt.crypt(String)
RV Bad attempt to compute absolute value of signed 32-bit random integer in anon.infoservice.InfoServiceHolder.fetchInformation(int, Vector)
RV infoservice.Configuration.Configuration(Properties) ignores return value of java.lang.String.trim()
RV infoservice.Configuration.Configuration(Properties) ignores return value of java.lang.String.trim()
RV infoservice.Configuration.Configuration(Properties) ignores return value of java.lang.String.trim()
RV Bad attempt to compute absolute value of signed 32-bit random integer in infoservice.dynamic.ComleteRandomStrategy.randomizeVector(Vector, Random)
RV jap.JAPController.loadConfigFile(String, boolean, ISplashResponse) ignores return value of java.lang.String.trim()
RV Bad attempt to compute absolute value of signed 32-bit random integer in jap.StatusPanel.addStatusMsg(String, int, boolean, ActionListener)
RV jpi.db.DataBase.debitAccount(long, Hashtable, long) ignores return value of java.math.BigDecimal.setScale(int, int)
RV jpi.db.DataBase.debitAccount(long, Hashtable, long) ignores return value of java.math.BigDecimal.setScale(int, int)
SA Double assignment of currentEntry in anon.client.AbstractDataChain$DataChainInputStreamImplementation.read(byte[], int, int)
UR Uninitialized read of m_lastUpdate in anon.infoservice.JavaVersionDBEntry.JavaVersionDBEntry(String, String, URL, String)
UR Uninitialized read of m_strPackage in anon.util.ClassUtil$Package.Package(String)
UR Uninitialized read of m_infoService in jap.JAPConfAnon.JAPConfAnon(IJAPConfSavePoint)
UR Uninitialized read of m_allowedTrustSettings in jap.TrustModel$AbstractTrustFilter.AbstractTrustFilter(String, Hashtable)
UwF Unwritten field: jap.forward.JAPRoutingEstablishForwardedConnectionDialog.m_fontSetting
UwF Unwritten field: update.JAPUpdateWizard.updJapJar

Malicious code vulnerability Warnings

Code&nbsp; Warning
EI anon.client.crypto.SymCipher.getKey() may expose internal representation by returning SymCipher.m_aesKey
EI anon.client.DataChainInputStreamQueueEntry.getData() may expose internal representation by returning DataChainInputStreamQueueEntry.m_data
EI anon.client.DataChainSendOrderStructure.getChannelCell() may expose internal representation by returning DataChainSendOrderStructure.m_channelCell
EI anon.client.DataChainSendOrderStructure.getOrderData() may expose internal representation by returning DataChainSendOrderStructure.m_orderData
EI anon.client.InternalChannelMessage.getMessageData() may expose internal representation by returning InternalChannelMessage.m_messageData
EI anon.client.KeyExchangeManager.getMixParameters() may expose internal representation by returning KeyExchangeManager.m_mixParameters
EI anon.client.MixPacket.getPayloadData() may expose internal representation by returning MixPacket.m_payloadData
EI anon.crypto.AbstractX509Extension.getDEROctets() may expose internal representation by returning AbstractX509Extension.m_value
EI anon.crypto.tinytls.AbstractTLSRecord.getData() may expose internal representation by returning AbstractTLSRecord.m_Data
EI anon.crypto.tinytls.AbstractTLSRecord.getHeader() may expose internal representation by returning AbstractTLSRecord.m_Header
EI anon.crypto.tinytls.ciphersuites.CipherSuite.getCipherSuiteCode() may expose internal representation by returning CipherSuite.m_ciphersuitecode
EI anon.infoservice.JAPMinVersion.getPostData() may expose internal representation by returning JAPMinVersion.m_bytesPostData
EI anon.infoservice.JAPVersionInfo.getDate() may expose internal representation by returning JAPVersionInfo.m_releaseDate
EI anon.infoservice.MixCascade.getCompressedData() may expose internal representation by returning MixCascade.m_compressedXmlStructure
EI anon.infoservice.MixCascade.getPostData() may expose internal representation by returning MixCascade.m_compressedXmlStructure
EI anon.infoservice.StatusInfo.getPostData() may expose internal representation by returning StatusInfo.m_statusXmlDataBytes
EI anon.infoservice.test.DummyHTTPConnection.getDefaultHeaders() may expose internal representation by returning DummyHTTPConnection.m_actualDefaultHeaders
EI anon.mixminion.EMail.getReceiver() may expose internal representation by returning EMail.m_receiver
EI anon.mixminion.message.FragmentContainer.getID() may expose internal representation by returning FragmentContainer.m_id
EI anon.mixminion.message.Header.getAsByteArray() may expose internal representation by returning Header.m_header
EI anon.mixminion.message.ReplyBlock.getHeaderBytes() may expose internal representation by returning ReplyBlock.m_headerbytes
EI anon.mixminion.message.ReplyBlock.getSharedSecret() may expose internal representation by returning ReplyBlock.m_sharedSecret
EI anon.mixminion.mmrdescription.MMRDescription.getDigest() may expose internal representation by returning MMRDescription.m_digest
EI anon.mixminion.mmrdescription.MMRDescription.getKeyDigest() may expose internal representation by returning MMRDescription.m_keydigest
EI anon.pay.xml.XMLResponse.getResponse() may expose internal representation by returning XMLResponse.m_arbResponse
EI anon.pay.xml.XMLTransCert.getReceivedDate() may expose internal representation by returning XMLTransCert.m_receivedDate
EI anon.pay.xml.XMLTransCert.getUsedDate() may expose internal representation by returning XMLTransCert.m_usedDate
EI anon.tor.cells.Cell.getPayload() may expose internal representation by returning Cell.m_payload
EI anon.tor.ordescription.ORList.getPublished() may expose internal representation by returning ORList.m_datePublished
EI gui.CaptchaDialog.getSolution() may expose internal representation by returning CaptchaDialog.m_solution
EI gui.dialog.CaptchaContentPane.getSolution() may expose internal representation by returning CaptchaContentPane.m_solution
EI gui.dialog.PasswordContentPane.getOldPassword() may expose internal representation by returning PasswordContentPane.m_oldPasswd
EI gui.dialog.PasswordContentPane.getPassword() may expose internal representation by returning PasswordContentPane.m_passwd
EI infoservice.agreement.multicast.messages.AMessage.getPostData() may expose internal representation by returning AMessage.m_compressedData
EI infoservice.agreement.multicast.messages.CommitMessage.getEchoMessages() may expose internal representation by returning CommitMessage.m_EchoMessages
EI infoservice.agreement.paxos.integration.InfoServiceCollectMessage.getPostData() may expose internal representation by returning InfoServiceCollectMessage.m_compressedData
EI infoservice.agreement.paxos.integration.InfoServiceFreezeProofMessage.getPostData() may expose internal representation by returning InfoServiceFreezeProofMessage.m_compressedData
EI infoservice.agreement.paxos.integration.InfoServicePaxosMessage.getPostData() may expose internal representation by returning InfoServicePaxosMessage.m_compressedData
EI infoservice.agreement.paxos.PaxosCommunicator.getTargets() may expose internal representation by returning PaxosCommunicator.m_targets
EI infoservice.agreement.paxos.PaxosInstance.getDecissions() may expose internal representation by returning PaxosInstance.m_decissions
EI infoservice.agreement.paxos.PaxosInstance.getExecutions() may expose internal representation by returning PaxosInstance.m_executions
EI infoservice.Configuration.getStartupTime() may expose internal representation by returning Configuration.m_startupTime
EI infoservice.dynamic.VirtualCascade.getEstablishedDate() may expose internal representation by returning VirtualCascade.m_established
EI infoservice.HttpResponseStructure.getResponseData() may expose internal representation by returning HttpResponseStructure.m_httpReturnData
EI infoservice.tor.DummyORListFetcher.getORList() may expose internal representation by returning DummyORListFetcher.m_torNodesListStructure
EI infoservice.tor.MixminionDirectoryAgent.getMixminionNodesList() may expose internal representation by returning MixminionDirectoryAgent.m_currentMixminionNodesList
EI infoservice.tor.TorDirectoryAgent.getCompressedTorNodesList() may expose internal representation by returning TorDirectoryAgent.m_currentCompressedTorNodesList
EI infoservice.tor.TorDirectoryAgent.getTorNodesList() may expose internal representation by returning TorDirectoryAgent.m_currentTorNodesList
EI2 anon.client.crypto.MixCipherChain.MixCipherChain(IMixCipher[]) may expose internal representation by storing an externally mutable object into MixCipherChain.m_cipherChain
EI2 anon.client.DataChainInputStreamQueueEntry.DataChainInputStreamQueueEntry(int, byte[]) may expose internal representation by storing an externally mutable object into DataChainInputStreamQueueEntry.m_data
EI2 anon.client.DataChainSendOrderStructure.DataChainSendOrderStructure(byte[]) may expose internal representation by storing an externally mutable object into DataChainSendOrderStructure.m_orderData
EI2 anon.client.DataChainSendOrderStructure.setChannelCell(byte[]) may expose internal representation by storing an externally mutable object into DataChainSendOrderStructure.m_channelCell
EI2 anon.client.InternalChannelMessage.InternalChannelMessage(int, byte[]) may expose internal representation by storing an externally mutable object into InternalChannelMessage.m_messageData
EI2 anon.client.replay.TimestampUpdater.TimestampUpdater(MixParameters[], ReplayControlChannel) may expose internal representation by storing an externally mutable object into TimestampUpdater.m_mixParameters
EI2 anon.crypto.AbstractX509Extension.AbstractX509Extension(String, boolean, byte[]) may expose internal representation by storing an externally mutable object into AbstractX509Extension.m_value
EI2 anon.crypto.tinytls.ciphersuites.CipherSuite.CipherSuite(byte[]) may expose internal representation by storing an externally mutable object into CipherSuite.m_ciphersuitecode
EI2 anon.crypto.tinytls.keyexchange.DHE_DSS_Key_Exchange.generateServerKeyExchange(IMyPrivateKey, byte[], byte[]) may expose internal representation by storing an externally mutable object into DHE_DSS_Key_Exchange.m_clientrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_DSS_Key_Exchange.generateServerKeyExchange(IMyPrivateKey, byte[], byte[]) may expose internal representation by storing an externally mutable object into DHE_DSS_Key_Exchange.m_serverrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_DSS_Key_Exchange.processServerKeyExchange(byte[], int, int, byte[], byte[], JAPCertificate) may expose internal representation by storing an externally mutable object into DHE_DSS_Key_Exchange.m_clientrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_DSS_Key_Exchange.processServerKeyExchange(byte[], int, int, byte[], byte[], JAPCertificate) may expose internal representation by storing an externally mutable object into DHE_DSS_Key_Exchange.m_serverrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.generateServerKeyExchange(IMyPrivateKey, byte[], byte[]) may expose internal representation by storing an externally mutable object into DHE_RSA_Key_Exchange.m_clientrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.generateServerKeyExchange(IMyPrivateKey, byte[], byte[]) may expose internal representation by storing an externally mutable object into DHE_RSA_Key_Exchange.m_serverrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.processServerKeyExchange(byte[], int, int, byte[], byte[], JAPCertificate) may expose internal representation by storing an externally mutable object into DHE_RSA_Key_Exchange.m_clientrandom
EI2 anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.processServerKeyExchange(byte[], int, int, byte[], byte[], JAPCertificate) may expose internal representation by storing an externally mutable object into DHE_RSA_Key_Exchange.m_serverrandom
EI2 anon.crypto.tinytls.TinyTLS.setClientCertificate(JAPCertificate[], IMyPrivateKey) may expose internal representation by storing an externally mutable object into TinyTLS.m_clientcertificates
EI2 anon.crypto.tinytls.util.P_Hash.P_Hash(byte[], byte[], Digest) may expose internal representation by storing an externally mutable object into P_Hash.m_secret
EI2 anon.crypto.tinytls.util.P_Hash.P_Hash(byte[], byte[], Digest) may expose internal representation by storing an externally mutable object into P_Hash.m_seed
EI2 anon.crypto.tinytls.util.PRF.PRF(byte[], byte[], byte[]) may expose internal representation by storing an externally mutable object into PRF.m_label
EI2 anon.crypto.tinytls.util.PRF.PRF(byte[], byte[], byte[]) may expose internal representation by storing an externally mutable object into PRF.m_secret
EI2 anon.crypto.tinytls.util.PRF.PRF(byte[], byte[], byte[]) may expose internal representation by storing an externally mutable object into PRF.m_seed
EI2 anon.infoservice.test.DummyHTTPConnection.setDefaultHeaders(NVPair[]) may expose internal representation by storing an externally mutable object into DummyHTTPConnection.m_actualDefaultHeaders
EI2 anon.mixminion.EMail.EMail(String[], String) may expose internal representation by storing an externally mutable object into EMail.m_receiver
EI2 anon.mixminion.fec.PureCode.PureCode(int, int, char[]) may expose internal representation by storing an externally mutable object into PureCode.encMatrix
EI2 anon.mixminion.message.FragmentContainer.FragmentContainer(byte[], int) may expose internal representation by storing an externally mutable object into FragmentContainer.m_id
EI2 anon.mixminion.message.FragmentedMessage.FragmentedMessage(String[], byte[]) may expose internal representation by storing an externally mutable object into FragmentedMessage.m_payload
EI2 anon.mixminion.message.FragmentedMessage.FragmentedMessage(String[], byte[]) may expose internal representation by storing an externally mutable object into FragmentedMessage.m_recipient
EI2 anon.mixminion.message.NoReplyMessage.NoReplyMessage(byte[][], int, String[], MMRList) may expose internal representation by storing an externally mutable object into NoReplyMessage.m_message_parts
EI2 anon.mixminion.message.NoReplyMessage.NoReplyMessage(byte[][], int, String[], MMRList) may expose internal representation by storing an externally mutable object into NoReplyMessage.m_recipient
EI2 anon.mixminion.message.ReplyBlock.ReplyBlock(RoutingInformation, byte[], byte[], long) may expose internal representation by storing an externally mutable object into ReplyBlock.m_headerbytes
EI2 anon.mixminion.message.ReplyBlock.ReplyBlock(RoutingInformation, byte[], byte[], long) may expose internal representation by storing an externally mutable object into ReplyBlock.m_sharedSecret
EI2 anon.mixminion.message.ReplyBlock.ReplyBlock(String, Vector, byte[]) may expose internal representation by storing an externally mutable object into ReplyBlock.m_longterm_secret
EI2 anon.mixminion.message.ReplyMessage.ReplyMessage(byte[][], int, Vector, MMRList) may expose internal representation by storing an externally mutable object into ReplyMessage.m_message_parts
EI2 anon.mixminion.message.SingleBlockMessage.SingleBlockMessage(byte[]) may expose internal representation by storing an externally mutable object into SingleBlockMessage.m_payload
EI2 anon.mixminion.mmrdescription.MMRDescription.MMRDescription(String, String, int, byte[], byte[], boolean, boolean, String, SimpleDateFormat) may expose internal representation by storing an externally mutable object into MMRDescription.m_digest
EI2 anon.mixminion.mmrdescription.MMRDescription.MMRDescription(String, String, int, byte[], byte[], boolean, boolean, String, SimpleDateFormat) may expose internal representation by storing an externally mutable object into MMRDescription.m_keydigest
EI2 anon.pay.BIConnection.setCaptchaSolution(byte[]) may expose internal representation by storing an externally mutable object into BIConnection.m_captchaSolution
EI2 anon.pay.xml.XMLChallenge.XMLChallenge(byte[]) may expose internal representation by storing an externally mutable object into XMLChallenge.m_arbChallenge
EI2 anon.pay.xml.XMLEasyCC.setPriceCerts(Hashtable) may expose internal representation by storing an externally mutable object into XMLEasyCC.m_priceCerts
EI2 anon.pay.xml.XMLPaymentSettings.XMLPaymentSettings(Hashtable) may expose internal representation by storing an externally mutable object into XMLPaymentSettings.m_paymentSettings
EI2 anon.pay.xml.XMLResponse.XMLResponse(byte[]) may expose internal representation by storing an externally mutable object into XMLResponse.m_arbResponse
EI2 anon.pay.xml.XMLTransCert.setReceivedDate(Date) may expose internal representation by storing an externally mutable object into XMLTransCert.m_receivedDate
EI2 anon.pay.xml.XMLTransCert.setUsedDate(Date) may expose internal representation by storing an externally mutable object into XMLTransCert.m_usedDate
EI2 infoservice.agreement.multicast.messages.CommitMessage.CommitMessage(InitMessage, String, Hashtable) may expose internal representation by storing an externally mutable object into CommitMessage.m_EchoMessages
EI2 infoservice.agreement.multicast.messages.CommitMessage.setEchoMessages(Hashtable) may expose internal representation by storing an externally mutable object into CommitMessage.m_EchoMessages
EI2 infoservice.agreement.multicast.messages.RawMessage.RawMessage(byte[]) may expose internal representation by storing an externally mutable object into RawMessage.m_postData
EI2 infoservice.agreement.paxos.PaxosCommunicator.setTargets(Hashtable) may expose internal representation by storing an externally mutable object into PaxosCommunicator.m_targets
EI2 infoservice.tor.DummyORListFetcher.DummyORListFetcher(byte[]) may expose internal representation by storing an externally mutable object into DummyORListFetcher.m_torNodesListStructure
FI anon.shared.AbstractChannel.finalize() is public; should be protected
FI anon.shared.IOQueue.finalize() is public; should be protected
FI anon.xmlrpc.client.ChannelProxy.finalize() is public; should be protected
FI gui.GUIUtils$WindowDocker.finalize() is public; should be protected
FI jap.JAPDebug.finalize() is public; should be protected
FI jap.StatusPanel.finalize() is public; should be protected
FI logging.LogHolder.finalize() is public; should be protected
MS anon.crypto.tinytls.TinyTLS.PROTOCOLVERSION should be both final and package protected
MS anon.crypto.tinytls.TinyTLSServerSocket.PROTOCOLVERSION should be both final and package protected
MS anon.mixminion.fec.FECMath.prim_polys should be package protected
MS public static anon.pay.xml.XMLAuthenticationSuccess.getXMLByteArray() may expose internal representation by returning XMLAuthenticationSuccess.XML_AUTH_SUCCESS
MS anon.pay.xml.XMLBankAccount.ms_strElemName isn't final but should be
MS anon.pay.xml.XMLEmail.ms_strElemName isn't final but should be
MS anon.pay.xml.XMLMixAccountBalance.ms_strElemName isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.COLLECT isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.DECIDE isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.FREEZE isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.FREEZEPROOF isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.PROPOSE isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.REJECT isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.STRONG isn't final but should be
MS infoservice.agreement.paxos.messages.PaxosMessage.WEAK isn't final but should be
MS jap.JAPConstants.ACCOUNTICONFNARRAY is a mutable array
MS jap.JAPConstants.DEFAULT_INFOSERVICE_HOSTNAMES should be package protected
MS jap.JAPConstants.DEFAULT_INFOSERVICE_NAMES should be package protected
MS jap.JAPConstants.DEFAULT_INFOSERVICE_PORT_NUMBERS should be package protected
MS jap.JAPConstants.INFOSERVICE_ROOT_CERTS should be package protected
MS jap.JAPConstants.MIX_ROOT_CERTS should be package protected
MS jap.JAPConstants.PI_CERTS should be package protected
MS jpi.Configuration.ms_keyFile should be package protected
MS jpi.Configuration.ms_keyFilePassword should be package protected
MS logging.LogLevel.STR_Levels is a mutable array

Multithreaded correctness Warnings

Code&nbsp; Warning
IS Inconsistent synchronization of anon.crypto.tinytls.TinyTLS$TLSInputStream.m_aktPendOffset; locked 66% of time
IS Inconsistent synchronization of anon.crypto.tinytls.TinyTLSServerSocket$TLSInputStream.m_aktPendOffset; locked 66% of time
IS Inconsistent synchronization of anon.infoservice.InfoServiceHolder.m_changeInfoServices; locked 80% of time
IS Inconsistent synchronization of anon.infoservice.ProxyInterface.m_bAuthPassDialogShown; locked 66% of time
IS Inconsistent synchronization of anon.pay.xml.XMLEasyCC.m_lTransferredBytes; locked 60% of time
IS Inconsistent synchronization of anon.tor.Circuit.m_MaxStreamsPerCircuit; locked 50% of time
IS Inconsistent synchronization of anon.tor.Circuit.m_streamCounter; locked 75% of time
IS Inconsistent synchronization of anon.tor.FirstOnionRouterConnection.m_Circuits; locked 75% of time
IS Inconsistent synchronization of anon.tor.FirstOnionRouterConnection.m_bIsClosed; locked 50% of time
IS Inconsistent synchronization of anon.tor.FirstOnionRouterConnection.m_istream; locked 50% of time
IS Inconsistent synchronization of anon.tor.Tor.m_useDNSCache; locked 50% of time
IS Inconsistent synchronization of gui.dialog.DialogContentPane.m_lblSeeFullText; locked 82% of time
IS Inconsistent synchronization of gui.dialog.DialogContentPane.m_lblText; locked 81% of time
IS Inconsistent synchronization of gui.dialog.DialogContentPane.m_strText; locked 69% of time
IS Inconsistent synchronization of gui.JAPAboutAutoScroller.m_msSleep; locked 50% of time
IS Inconsistent synchronization of infoservice.agreement.common.FifoQueue.m_messages; locked 86% of time
IS Inconsistent synchronization of infoservice.agreement.multicast.messages.AMessage.m_xmlNode; locked 66% of time
IS Inconsistent synchronization of infoservice.agreement.paxos.integration.InfoServiceCollectMessage.m_compressedData; locked 66% of time
IS Inconsistent synchronization of infoservice.agreement.paxos.integration.InfoServiceFreezeProofMessage.m_compressedData; locked 66% of time
IS Inconsistent synchronization of infoservice.agreement.paxos.integration.InfoServicePaxosMessage.m_compressedData; locked 66% of time
IS Inconsistent synchronization of infoservice.mailsystem.central.server.util.LimitedLengthInputStream.m_readLimit; locked 82% of time
IS Inconsistent synchronization of infoservice.tor.MixminionDirectoryAgent.m_updateInterval; locked 66% of time
IS Inconsistent synchronization of jap.AbstractDatabaseUpdater.m_bAutoUpdateChanged; locked 83% of time
IS Inconsistent synchronization of jap.forward.JAPConfForwardingClient.m_messageSystem; locked 66% of time
IS Inconsistent synchronization of jap.forward.JAPRoutingRegistrationInfoServices.m_updateInfoServiceListThread; locked 81% of time
IS Inconsistent synchronization of jap.forward.JAPRoutingSettings.m_serverPort; locked 71% of time
IS Inconsistent synchronization of jap.forward.JAPRoutingUseableMixCascades.m_allowAllAvailableCascades; locked 85% of time
IS Inconsistent synchronization of jap.forward.JAPRoutingUseableMixCascades.m_updateMixCascadesListThread; locked 88% of time
IS Inconsistent synchronization of jap.JAPConfAnon.m_lblMix; locked 87% of time
IS Inconsistent synchronization of jap.JAPConfAnon$MyTableModel.m_vecCascades; locked 80% of time
IS Inconsistent synchronization of jap.JAPConfServices.m_anonModule; locked 80% of time
IS Inconsistent synchronization of jap.JAPConfServices.m_tabbedModules; locked 83% of time
IS Inconsistent synchronization of jap.JAPConfServices.m_tabsAnon; locked 87% of time
IS Inconsistent synchronization of jap.JAPController.m_iStatusPanelMsgIdForwarderServerStatus; locked 83% of time
IS Inconsistent synchronization of jap.JAPController.m_nrOfBytesOther; locked 75% of time
IS Inconsistent synchronization of jap.JAPController.m_nrOfBytesWWW; locked 75% of time
ML anon.client.replay.TimestampUpdater.TimestampUpdater(MixParameters[], ReplayControlChannel) synchronizes on updated field TimestampUpdater.m_internalSynchronization
ML captcha.graphics.RgbMemoryImageConsumer.RgbMemoryImageConsumer(ImageProducer) synchronizes on updated field RgbMemoryImageConsumer.m_productionLock
ML gui.dialog.CaptchaContentPane.gotCaptcha(ICaptchaSender, IImageEncodedCaptcha) synchronizes on updated field CaptchaContentPane.m_syncObject
MWN Mismatched notify() in anon.client.crypto.KeyPool.getKey(byte[], int)
MWN Mismatched wait() in anon.client.crypto.KeyPool.getKey(byte[], int)
MWN Mismatched wait() in infoservice.agreement.multicast.MessageHandlerThread.run()
MWN Mismatched notify() in jap.AbstractDatabaseUpdater.stop()
MWN Mismatched wait() in jap.JAPController$22.run()
NN Naked notify in anon.client.Multiplexer.sendPacket(MixPacket)
NN Naked notify in anon.client.SequentialChannelDataChain.run()
NN Naked notify in update.JAPUpdateWizard$JapDownloadManager.run()
SC anon.client.AbstractDataChain.AbstractDataChain(IDataChannelCreator, DataChainErrorListener) invokes java.lang.Thread.start()
SC anon.client.Multiplexer.Multiplexer(InputStream, OutputStream, KeyExchangeManager, SecureRandom) invokes java.lang.Thread.start()
SC anon.util.JobQueue.JobQueue(String) invokes java.lang.Thread.start()
SC forward.server.ForwardConnection.ForwardConnection(Socket, ForwardScheduler) invokes java.lang.Thread.start()
SC forward.server.ForwardConnection.ForwardConnection(Socket, ForwardScheduler) invokes java.lang.Thread.start()
SC forward.server.ForwardConnection.ForwardConnection(Socket, ForwardScheduler) invokes java.lang.Thread.start()
SC forward.server.ForwardScheduler.ForwardScheduler() invokes java.lang.Thread.start()
SC forward.server.ServerSocketPropagandist.ServerSocketPropagandist(int, InfoServiceDBEntry) invokes java.lang.Thread.start()
SC infoservice.agreement.multicast.InfoserviceEMCAdapter.InfoserviceEMCAdapter() invokes infoservice.agreement.multicast.InfoserviceEMCAdapter$1.start()
SC infoservice.agreement.paxos.integration.InfoServicePaxosAdapter.InfoServicePaxosAdapter() invokes infoservice.agreement.paxos.integration.InfoServicePaxosAdapter$1.start()
SC infoservice.agreement.paxos.integration.PaxosAdapter.PaxosAdapter() invokes infoservice.agreement.paxos.integration.PaxosAdapter$AgreementStarterThread.start()
SC infoservice.agreement.paxos.PaxosRound.PaxosRound(PaxosExecution, int, String) invokes infoservice.agreement.common.TimeoutThread.start()
SC infoservice.InfoServiceDistributor.InfoServiceDistributor() invokes java.lang.Thread.start()
SC infoservice.InfoServiceDistributor.InfoServiceDistributor() invokes java.lang.Thread.start()
SC infoservice.mailsystem.central.server.ConnectionHandle.ConnectionHandle(Socket, IServerImplementationFactory) invokes java.lang.Thread.start()
SC infoservice.mailsystem.central.server.ConnectionHandle.ConnectionHandle(Socket, IServerImplementationFactory) invokes java.lang.Thread.start()
SC jap.StatusPanel.StatusPanel() invokes java.lang.Thread.start()
STCAL Call to method of static java.text.DateFormat in anon.tor.ordescription.ORList.parseStatus(byte[], boolean)
STCAL Found static field of type java.text.DateFormat in anon.tor.ordescription.ORList.ms_DateFormat
STCAL Call to method of static java.text.DateFormat in infoservice.Configuration.Configuration(Properties)
STCAL Found static field of type java.text.DateFormat in infoservice.Configuration.ms_httpDateFormat
STCAL Found static field of type java.text.DateFormat in jap.JAPDebug.dateFormatter
STCAL Call to method of static java.text.DateFormat in proxy.DirectProxyConnection.handleFTP()
STCAL Found static field of type java.text.DateFormat in proxy.DirectProxyConnection.m_DateFormat
SWL anon.tor.Tor.stop() calls Thread.sleep() with a lock held
SWL gui.dialog.WorkerContentPane$WorkerComponentListener.run() calls Thread.sleep() with a lock held
SWL jap.JAPController$SetAnonModeAsync.setServerMode(boolean) calls Thread.sleep() with a lock held
TLW wait() with two locks held in anon.client.SequentialChannelDataChain.orderPacketInternal(DataChainSendOrderStructure, boolean, boolean)
TLW wait() with two locks held in jap.AbstractDatabaseUpdater.start(boolean)
TLW wait() with two locks held in jap.AbstractDatabaseUpdater.update(boolean)
UG anon.infoservice.InfoServiceHolder.getPreferredInfoService() is unsynchronized, anon.infoservice.InfoServiceHolder.setPreferredInfoService(InfoServiceDBEntry) is synchronized
UG anon.pay.xml.XMLEasyCC.getPIID() is unsynchronized, anon.pay.xml.XMLEasyCC.setPIID(String) is synchronized
UG anon.pay.xml.XMLEasyCC.getTransferredBytes() is unsynchronized, anon.pay.xml.XMLEasyCC.setTransferredBytes(long) is synchronized
UG gui.dialog.DialogContentPane.getText() is unsynchronized, gui.dialog.DialogContentPane.setText(String) is synchronized
UG jap.JAPMixCascadeComboBox.getMixCascade() is unsynchronized, jap.JAPMixCascadeComboBox.setMixCascade(MixCascade) is synchronized
UW Unconditional wait in anon.client.crypto.KeyPool.getKey(byte[], int)
UW Unconditional wait in anon.client.crypto.KeyPool.run()
UW Unconditional wait in anon.util.ThreadPool.addRequestAndWait(Runnable)
UW Unconditional wait in gui.dialog.CaptchaContentPane.gotCaptcha(ICaptchaSender, IImageEncodedCaptcha)
UW Unconditional wait in infoservice.agreement.multicast.MessageHandlerThread.run()
UW Unconditional wait in infoservice.mailsystem.central.MailSystem.main(String[])
UW Unconditional wait in misc.AnonProxyTest.main(String[])
UW Unconditional wait in update.JAPUpdateWizard.downloadUpdate()
Wa Wait not in loop in anon.client.AbstractDataChain$DataChainInputStreamImplementation.read(byte[], int, int)
Wa Wait not in loop in anon.client.AbstractDataChain$DataChainOutputStreamImplementation.write(byte[], int, int)
Wa Wait not in loop in anon.client.crypto.KeyPool.getKey(byte[], int)
Wa Wait not in loop in anon.client.Multiplexer.sendPacket(MixPacket)
Wa Wait not in loop in anon.client.SequentialChannelDataChain.orderPacketInternal(DataChainSendOrderStructure, boolean, boolean)
Wa Wait not in loop in anon.client.UnlimitedDataChannel.organizeChannelClose()
Wa Wait not in loop in anon.util.CondVar.cvTimedWait(BusyFlag, int)
Wa Wait not in loop in anon.util.ThreadPool.addRequestAndWait(Runnable)
Wa Wait not in loop in captcha.graphics.RgbMemoryImageConsumer.RgbMemoryImageConsumer(ImageProducer)
Wa Wait not in loop in gui.dialog.CaptchaContentPane.gotCaptcha(ICaptchaSender, IImageEncodedCaptcha)
Wa Wait not in loop in infoservice.mailsystem.central.MailSystem.main(String[])
Wa Wait not in loop in jap.AbstractDatabaseUpdater.start(boolean)
Wa Wait not in loop in jap.AbstractDatabaseUpdater.update(boolean)
Wa Wait not in loop in jap.forward.JAPRoutingSettings.setRoutingMode(int)
Wa Wait not in loop in jap.forward.JAPRoutingSettings.startPropaganda(boolean)
Wa Wait not in loop in jap.JAPNewView$31.run()
Wa Wait not in loop in misc.AnonProxyTest.main(String[])
Wa Wait not in loop in update.JAPUpdateWizard.downloadUpdate()

Performance Warnings

Code&nbsp; Warning
Dm anon.crypto.CertPath.toString() invokes inefficient new String(String) constructor
Dm anon.crypto.CertPath.toString() invokes inefficient new String() constructor
Dm anon.crypto.XMLSignature.signInternal(Node, IMyPrivateKey) invokes inefficient new String(String) constructor
Dm anon.mixminion.fec.Pure16Code.toString() invokes inefficient new String(String) constructor
Dm anon.mixminion.fec.PureCode.toString() invokes inefficient new String(String) constructor
Dm anon.pay.PayAccount$1.readPassword(Object) invokes inefficient new String(String) constructor
Dm anon.pay.xml.XMLPriceCertificate.toString() invokes inefficient new String(String) constructor
Dm anon.util.XMLUtil.formatHumanReadable(Node, int) invokes inefficient new String() constructor
Dm forward.server.ServerSocketPropagandist.announceNewForwarder() invokes inefficient new String(String) constructor
Dm gui.CertDetailsDialog.drawDetailsPanel(JAPCertificate, boolean) invokes inefficient new String(String) constructor
Dm Method infoservice.agreement.multicast.messages.AMessage.getHashKey() invokes toString() method on a String
Dm Method infoservice.agreement.multicast.messages.AMessage.toString() invokes toString() method on a String
Dm infoservice.agreement.multicast.messages.CommitmentMessage.deconcat(String) invokes inefficient new String() constructor
Dm infoservice.agreement.multicast.messages.CommitmentMessage.deconcatenate(String) invokes inefficient new String() constructor
Dm Method infoservice.agreement.multicast.messages.CommitMessage.getHashKey() invokes toString() method on a String
Dm Method infoservice.agreement.multicast.messages.CommitMessage.toString() invokes toString() method on a String
Dm jap.JAPUtil.getCurrencyDelimiter(String) invokes inefficient new String(String) constructor
Dm jap.pay.wizardnew.VolumePlanSelectionPane.getCurrency() invokes inefficient new String(String) constructor
Dm jpi.db.DataBase.getOperatorInfo(String) invokes inefficient new String(String) constructor
SIC Should anon.client.AbstractDataChain$DataChainInputStreamImplementation be a _static_ inner class?
SIC Should anon.client.crypto.FirstMixCipher$MixEncryptionHandler be a _static_ inner class?
SIC Should anon.client.crypto.KeyPool$KeyList be a _static_ inner class?
SIC Should anon.client.replay.ReplayControlChannel$MessageDistributor be a _static_ inner class?
SIC Should anon.client.SequentialChannelDataChain$InvalidChainCellException be a _static_ inner class?
SIC Should anon.client.SequentialChannelDataChain$SendOrderProtocolData be a _static_ inner class?
SIC Should anon.client.SingleChannelDataChain$InvalidChainCellException be a _static_ inner class?
SIC Should anon.crypto.X509DistinguishedName$IllegalCharacterException be a _static_ inner class?
SIC Should anon.proxy.AnonProxy$DummyMixCascadeContainer be a _static_ inner class?
SIC Should anon.tor.CellQueue$CellQueueEntry be a _static_ inner class?
SIC Should anon.tor.ordescription.ORAcl$AclElement be a _static_ inner class?
SIC Should anon.util.ResourceLoader$ByteArrayInstantiator be a _static_ inner class?
SIC Should anon.util.ResourceLoader$FileTypeInstantiator be a _static_ inner class?
SIC Should anon.util.ThreadPool$ThreadPoolRequest be a _static_ inner class?
SIC Should gui.CertDetailsDialog$CertPathListCellRenderer be a _static_ inner class?
SIC Should gui.dialog.CaptchaContentPane$MyDocument be a _static_ inner class?
SIC Should gui.dialog.WorkerContentPane$InternalThread be a _static_ inner class?
SIC Should gui.JAPProgressBar$MyProgressBarUI be a _static_ inner class?
SIC Should jap.JAPConfAnon$MixCascadeCellRenderer be a _static_ inner class?
SIC Should jap.JAPConfAnon$TempCascade be a _static_ inner class?
SIC Should jap.JAPConfMixminion$MyJTable be a _static_ inner class?
SIC Should jap.JAPConfTor$MyJTable be a _static_ inner class?
SIC Should jap.JAPConfUI$DialogFormat be a _static_ inner class?
SIC Should jap.JAPController$AutoSwitchedMixCascadeContainer be a _static_ inner class?
SIC Should jap.JAPMixCascadeComboBox$JAPMixCascadeComboBoxModel be a _static_ inner class?
SIC Should jap.JAPNewView$ComponentMovedAdapter be a _static_ inner class?
SIC Should jap.pay.AccountSettingsPanel$CustomRenderer be a _static_ inner class?
SIC Should jap.StatusPanel$MsgQueueEntry be a _static_ inner class?
SIC Should jarify.JarManifest$EntryData be a _static_ inner class?
SIC Should jpi.helper.ExternalChargeHelper$ExternalCharge be a _static_ inner class?
SIC Should proxy.DirectProxy$SendAnonWarning be a _static_ inner class?
SS Unread field: anon.crypto.PKCS7SignedData.ID_DSA; should this field be static?
SS Unread field: anon.crypto.PKCS7SignedData.ID_MD2; should this field be static?
SS Unread field: anon.crypto.PKCS7SignedData.ID_MD5; should this field be static?
SS Unread field: anon.crypto.PKCS7SignedData.ID_RSA; should this field be static?
SS Unread field: anon.crypto.PKCS7SignedData.ID_SHA1; should this field be static?
SS Unread field: anon.mixminion.message.Decoder.KEY_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Decoder.MAXHOPS; should this field be static?
SS Unread field: anon.mixminion.message.Decoder.PACKETSIZE; should this field be static?
SS Unread field: anon.mixminion.message.Header.HASH_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Header.HEADER_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Header.MIN_SH; should this field be static?
SS Unread field: anon.mixminion.message.Header.MIN_SUBHEADER_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Header.OAEP_OVERHEAD; should this field be static?
SS Unread field: anon.mixminion.message.Header.PK_ENC_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Header.PK_MAX_DATA_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Header.PK_OVERHEAD_LEN; should this field be static?
SS Unread field: anon.mixminion.message.Keyring.KEY_LEN; should this field be static?
SS Unread field: gui.JAPDll$MyFileFilter.ACCOUNT_DESCRIPTION; should this field be static?
SS Unread field: jap.pay.AccountSettingsPanel$MyFileFilter.ACCOUNT_DESCRIPTION; should this field be static?
SS Unread field: jap.pay.PaymentMainPanel.WARNING_AMOUNT; should this field be static?
SS Unread field: update.JAPWelcomeWizardPage.COMMAND_SEARCH; should this field be static?
SS Unread field: update.JarFileFilter.jarExtension; should this field be static?
UrF Unread field: anon.client.SequentialChannelDataChain.m_chainTimeout
UrF Unread field: anon.crypto.MyDSASignature.m_initKey
UrF Unread field: anon.crypto.MyRSASignature.m_initKey
UrF Unread field: anon.crypto.tinytls.ciphersuites.CipherSuite.m_servercertificate
UrF Unread field: anon.crypto.tinytls.TinyTLSServer.m_Certificate
UrF Unread field: anon.crypto.tinytls.TinyTLSServer.m_PrivateKey
UrF Unread field: anon.infoservice.test.DummyHTTPConnection.m_actualLocalAddress
UrF Unread field: anon.infoservice.test.DummyHTTPConnection.m_actualLocalPort
UrF Unread field: anon.mixminion.message.Message.EXP_FACTOR
UrF Unread field: anon.mixminion.message.Message.MAX_FRAGMENTS_PER_CHUNK
UrF Unread field: anon.pay.AIControlChannel.m_diff
UrF Unread field: anon.pay.AIControlChannel.m_lastDiffBytes
UrF Unread field: anon.xmlrpc.client.AnonServiceImplProxy.m_RpcServerHost
UrF Unread field: anon.xmlrpc.client.AnonServiceImplProxy.m_RpcServerPort
UrF Unread field: anon.xmlrpc.client.ChannelProxy.m_bIsClosed
UrF Unread field: anon.xmlrpc.client.ChannelProxy.m_bIsClosedByPeer
UrF Unread field: infoservice.mailsystem.central.MailAddressDBEntry.m_creationTime
UrF Unread field: jap.JAPConfMixminion.m_lastUpdate
UrF Unread field: jap.JAPConfTor.m_lastUpdate
UrF Unread field: jap.pay.wizardnew.PaymentInfoPane.m_url
UrF Unread field: jpi.helper.IncomingPayPalConnection.m_socket
UrF Unread field: jpi.util.HttpServer.m_errors
UrF Unread field: misc.JAPHTTPProxy.runFlag
UrF Unread field: proxy.DirectProxyConnection.m_strVersion
UrF Unread field: update.JAPUpdateWizard.countPackages
UuF Unused field: anon.infoservice.test.AllTests.m_proxy
UuF Unused field: anon.util.test.AllTests.m_proxy
UuF Unused field: forward.client.DefaultClientProtocolHandler.m_selectedMixCascade
UuF Unused field: gui.wizard.BasicWizard.currentWizardPage
UuF Unused field: gui.wizard.BasicWizardHost.m_bttnOk
UuF Unused field: jap.JAPController.m_bChangedCascade
UuF Unused field: jap.JAPController.m_nrOfJAPStarts
UuF Unused field: jap.pay.FlatrateDialog.m_strBalance
UuF Unused field: jap.pay.FlatrateDialog.m_strDuration
UuF Unused field: jap.pay.FlatrateDialog.m_strPrice
UuF Unused field: jap.pay.FlatrateDialog.m_strUnit
UuF Unused field: jpi.Configuration.m_settingsInDb
UuF Unused field: jpi.helper.PaysafecardHandler.pscThread
UuF Unused field: jpi.PIAnswer.m_iStatusCode
UuF Unused field: jpi.PICommandAI.m_Database
UuF Unused field: jpi.PICommandAI.m_SecureRandom
UuF Unused field: jpi.PICommandAI.m_arbChallenge
UuF Unused field: jpi.PICommandAI.m_iState
UuF Unused field: jpi.PICommandAI.notifiedMixes
UuF Unused field: jpi.PICommandMC.m_Database

Dodgy Warnings

Code&nbsp; Warning
BC Unchecked/unconfirmed cast from java.util.Observable to forward.server.ServerSocketPropagandist in jap.forward.JAPRoutingInfoServiceRegistrationTableModel.update(Observable, Object)
BC Unchecked/unconfirmed cast from java.util.Observable to forward.server.ServerSocketPropagandist in jap.forward.JAPRoutingRegistrationStatusObserver.update(Observable, Object)
DB Method gui.dialog.DialogContentPane$ButtonListener.actionPerformed(ActionEvent) uses the same code for two branches
DLS Dead store to updater in anon.client.AnonClient.finishInitialization(Multiplexer, KeyExchangeManager, IMutableProxyInterface, PacketCounter, Socket, IServiceContainer, MixCascade)
DLS Dead store to seed in anon.client.crypto.KeyPool.run()
DLS Dead store to msgReceived in anon.client.XmlControlChannel.processMessage(byte[])
DLS Dead store to password in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to md5_1_digest in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to md5_2_digest in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to pwLength in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to salt in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to saltBytes in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to saltLength in anon.crypto.MD5Crypt.crypt(String, String)
DLS Dead store to prf in anon.crypto.tinytls.keyexchange.DHE_DSS_Key_Exchange.processClientFinished(byte[], byte[])
DLS Dead store to prf in anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.processClientFinished(byte[], byte[])
DLS Dead store to w in anon.crypto.tinytls.test.tlsclienttest.main(String[])
DLS Dead store to len in anon.crypto.tinytls.TinyTLS$TLSInputStream.gotCertificate(TLSHandshakeRecord)
DLS Dead store to len in anon.crypto.tinytls.TinyTLS$TLSInputStream.gotCertificateRequest(TLSHandshakeRecord)
DLS Dead store to sessionid in anon.crypto.tinytls.TinyTLS$TLSInputStream.gotServerHello(TLSHandshakeRecord)
DLS Dead store to len in anon.crypto.XMLEncryption.encryptElement(Element, String)
DLS Dead store to a_nrAskedInfoServices in anon.infoservice.InfoServiceHolder.setNumberOfAskedInfoServices(int)
DLS Dead store to dbEntryFromXML in anon.infoservice.test.InfoServiceDBEntryTest.testToXML()
DLS Dead store to temp_row in anon.mixminion.fec.FECMath.invertMatrix(char[], int)
DLS Dead store to init in anon.mixminion.FirstMMRConnection.sending(byte[], String)
DLS Dead store to tag in anon.mixminion.message.Decoder.decode()
DLS Dead store to l in anon.mixminion.message.Decoder.testPayload(byte[])
DLS Dead store to flag in anon.mixminion.message.FragmentedMessage.buildPayload()
DLS Dead store to path1 in anon.mixminion.message.NoReplyMessage.buildMessage()
DLS Dead store to path2 in anon.mixminion.message.NoReplyMessage.buildMessage()
DLS Dead store to signature in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader)
DLS Dead store to debug in anon.pay.xml.XMLPaymentOption.getHeading(String)
DLS Dead store to m_accountNumber in anon.pay.xml.XMLVolumePlanPurchase.setValues(Element)
DLS Dead store to m_planName in anon.pay.xml.XMLVolumePlanPurchase.setValues(Element)
DLS Dead store to socksport in anon.tor.ordescription.ORDescription.parse(LineNumberReader)
DLS Dead store to socksport in anon.tor.ordescription.ORDescriptor.parse(LineNumberReader)
DLS Dead store to decBlock in anon.util.captcha.ZipBinaryImageCaptchaClient.solveCaptcha(String, byte[])
DLS Dead store to o in anon.xmlrpc.client.AnonServiceImplProxy.send(int, byte[], int, int)
DLS Dead store to fill in gui.CertDetailsDialog$CertPathListCellRenderer.getListCellRendererComponent(JList, Object, int, boolean, boolean)
DLS Dead store to msgbox in gui.JAPAWTMsgBox.MsgBox(Frame, String, String)
DLS Dead store to $L3 in infoservice.mailsystem.central.server.GenericServer.run()
DLS Dead store to resultValue in jap.forward.JAPRoutingRegistrationInfoServices.getRegistrationInfoServicesForStartup()
DLS Dead store to textArea in jap.JAPAboutNew.JAPAboutNew(Component)
DLS Dead store to gbl in jap.JAPNewView.buildForwarderPanel()
DLS Dead store to d in jap.pay.AccountSettingsPanel.doShowTransactions(PayAccount)
DLS Dead store to durationLimited in jpi.db.DataBase.getVolumePlan(String)
DLS Dead store to volumeLimited in jpi.db.DataBase.getVolumePlan(String)
DLS Dead store to foo in jpi.db.DataBase.storePassivePayment(XMLPassivePayment)
DLS Dead store to chStr in jpi.PICommandUser.getChallengeXML()
DLS Dead store to chargeclient in jpi.util.ChargeClient.main(String[])
DLS Dead store to encBlock in jpi.util.XMLCaptcha.XMLCaptcha(byte[], int, int)
ICAST Result of integer multiplication cast to long in anon.mixminion.message.ReplyBlock.buildBlock()
ICAST Result of integer multiplication cast to long in anon.mixminion.message.ReplyBlock.timetoliveIsOK()
ICAST Result of integer multiplication cast to long in jpi.db.DataBase.purgePaysafecardPayments()
NP Load of known null value in anon.crypto.AbstractX509AlternativeName.createValue(Vector, Vector)
NP Possible null pointer dereference in anon.mixminion.EMail.trimPayload(String) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.EMail.trimPayload(String) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.Decoder.decode() due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.Decoder.decode() due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.Decoder.decode() due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.Decoder.decode() due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.Decoder.decode() due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.ReplyBlock.parseReplyBlocks(String, byte[]) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.message.ReplyBlock.parseReplyBlocks(String, byte[]) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.mixminion.mmrdescription.MMRDescription.parse(LineNumberReader) due to return value of called method
NP Possible null pointer dereference in anon.tor.ordescription.ORList.parseStatus(byte[], boolean) due to return value of called method
NP Possible null pointer dereference in anon.tor.ordescription.ORList.parseStatus(byte[], boolean) due to return value of called method
NP Load of known null value in anon.util.ClassUtil.loadClasses(Class, File)
NP Load of known null value in gui.GUIUtils.getParentWindow(Component)
NP Possible null pointer dereference in infoservice.KeyGenTest.generateKeys(String, String) due to return value of called method
NP Possible null pointer dereference in jpi.JPIMain.main(String[]) due to return value of called method
RCN Redundant nullcheck of keyring which is known to be null in anon.mixminion.message.Keyring.Keyring(String)
RCN Redundant nullcheck of ln, which is known to be non-null in anon.tor.ordescription.ORDescription.parse(LineNumberReader)
RCN Redundant nullcheck of ln, which is known to be non-null in anon.tor.ordescription.ORDescriptor.parse(LineNumberReader)
RCN Redundant nullcheck of a_positionOnScreen, which is known to be non-null in gui.GUIUtils.getRelativePosition(Point, Component)
RCN Redundant nullcheck of gui.MapBox.m_urlString which is known to be null in gui.MapBox.refresh()
RCN Redundant nullcheck of socket which is known to be null in infoservice.InfoServiceServer.run()
RCN Redundant nullcheck of cascade, which is known to be non-null in jap.JAPConfAnon.valueChanged(ListSelectionEvent)
RCN Redundant nullcheck of jap.StatusPanel.m_Msgs, which is known to be non-null in jap.StatusPanel.run()
REC Exception is caught when Exception is not thrown in anon.crypto.AbstractX509Extension.getInstance(DERSequence)
REC Exception is caught when Exception is not thrown in anon.crypto.tinytls.keyexchange.DHE_RSA_Key_Exchange.processServerKeyExchange(byte[], int, int, byte[], byte[], JAPCertificate)
REC Exception is caught when Exception is not thrown in anon.infoservice.InfoServiceDBEntry.getUpdateEntries(Class, boolean)
REC Exception is caught when Exception is not thrown in anon.tor.Tor.createNewCircuit(String, int)
REC Exception is caught when Exception is not thrown in anon.util.ClassUtil.getClassPath(boolean)
REC Exception is caught when Exception is not thrown in anon.util.ResourceLoader.ResourceLoader()
REC Exception is caught when Exception is not thrown in anon.util.ResourceLoader.loadResources(String, File, IResourceInstantiator, boolean, boolean, Hashtable)
REC Exception is caught when Exception is not thrown in captcha.graphics.BinaryImageCreator.imageToBinary(Image)
REC Exception is caught when Exception is not thrown in gui.dialog.JAPDialog.JAPDialog(Component, String, boolean, boolean)
REC Exception is caught when Exception is not thrown in gui.dialog.JAPDialog.requestFocusForFirstFocusableComponent(Container)
REC Exception is caught when Exception is not thrown in gui.dialog.JAPDialog$7.run()
REC Exception is caught when Exception is not thrown in gui.dialog.PasswordContentPane$CapsLockAdapter.keyPressed(KeyEvent)
REC Exception is caught when Exception is not thrown in gui.GUIUtils.addTimedTooltipListener(JComponent)
REC Exception is caught when Exception is not thrown in gui.GUIUtils.getCurrentScreen(Window)
REC Exception is caught when Exception is not thrown in gui.GUIUtils.getDefaultScreenBounds(Window)
REC Exception is caught when Exception is not thrown in gui.GUIUtils.getScreens(Window)
REC Exception is caught when Exception is not thrown in gui.JAPAWTMsgBox.JAPAWTMsgBox(Frame, String, String)
REC Exception is caught when Exception is not thrown in gui.JAPMessages.getString(String)
REC Exception is caught when Exception is not thrown in infoservice.CertificateManager.update(Observable, Object)
REC Exception is caught when Exception is not thrown in infoservice.Configuration.Configuration(Properties)
REC Exception is caught when Exception is not thrown in infoservice.dynamic.DynamicCommandsExtension.doPing(InetAddress, int, long)
REC Exception is caught when Exception is not thrown in infoservice.InfoServiceCommands.humanGetStatus()
REC Exception is caught when Exception is not thrown in jap.JAPConfAnon.deleteManualCascade()
REC Exception is caught when Exception is not thrown in jap.JAPConfAnon.update(Observable, Object)
REC Exception is caught when Exception is not thrown in jap.JAPConfInfoService$10.update(Observable, Object)
REC Exception is caught when Exception is not thrown in jap.JAPConfInfoService$12.actionPerformed(ActionEvent)
REC Exception is caught when Exception is not thrown in jap.JAPController.loadConfigFile(String, boolean, ISplashResponse)
REC Exception is caught when Exception is not thrown in jap.JAPDebug.actionPerformed(ActionEvent)
REC Exception is caught when Exception is not thrown in jap.JAPSplash.centerOnScreen(Window)
REC Exception is caught when Exception is not thrown in jap.StatusPanel.run()
REC Exception is caught when Exception is not thrown in jpi.db.DataBase.getFlatrateConfigOption(String)
REC Exception is caught when Exception is not thrown in jpi.db.DataBase.getPaymentOptionsFromDb()
REC Exception is caught when Exception is not thrown in jpi.db.DataBase.setPaymentSettings()
REC Exception is caught when Exception is not thrown in update.JAPUpdateWizard.createNewJAPJar()
REC Exception is caught when Exception is not thrown in update.JAPUpdateWizard.overwriteJapJar()
REC Exception is caught when Exception is not thrown in update.JAPUpdateWizard$JapDownloadManager.run()
SF Switch statement found in anon.crypto.tinytls.TinyTLSServerSocket$TLSInputStream.read(byte[], int, int) where one case falls through to the next case
ST Write to static field anon.mixminion.Mixminion.m_serviceDescription from instance method anon.mixminion.Mixminion.initialize(AnonServerDescription, IServiceContainer)
ST Write to static field infoservice.Configuration.configurationInstance from instance method infoservice.Configuration.Configuration(Properties)
ST Write to static field infoservice.Configuration.ms_httpDateFormat from instance method infoservice.Configuration.Configuration(Properties)
ST Write to static field jap.JAPConf.ms_JapConfInstance from instance method jap.JAPConf.JAPConf(AbstractJAPMainView, boolean)
ST Write to static field jap.JAPDebug.m_bConsole from instance method jap.JAPDebug.actionPerformed(ActionEvent)
ST Write to static field jap.JAPDebug.ms_bFile from instance method jap.JAPDebug.finalize()
ST Write to static field jap.JAPDebug.m_textareaConsole from instance method jap.JAPDebug.internal_showConsole(boolean, Window)
ST Write to static field jap.JAPDebug.m_textareaConsole from instance method jap.JAPDebug.internal_showConsole(boolean, Window)
ST Write to static field jap.JAPDebug.m_bConsole from instance method jap.JAPDebug.windowClosing(WindowEvent)
ST Write to static field jpi.util.ErrorCodeMap.m_map from instance method jpi.util.ErrorCodeMap.ErrorCodeMap()
ST Write to static field logging.LogHolder.ms_logInstance from instance method logging.LogHolder.LogHolder()

Details

DMI_RANDOM_USED_ONLY_ONCE: Random object created and used only once

This code creates a java.util.Random object, uses it to generate one random number, and then discards the Random object. This produces mediocre quality random numbers and is inefficient. If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number is required invoke a method on the existing Random object to obtain it.

If it is important that the generated Random numbers not be guessable, you must not create a new Random for each random number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead (and avoid allocating a new SecureRandom for each random number needed).

BC_UNCONFIRMED_CAST: Unchecked/unconfirmed cast

This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.

BIT_IOR_OF_SIGNED_BYTE: Bitwise OR of signed byte value

Loads a value from a byte array and performs a bitwise OR with that value. Values loaded from a byte array are sign extended to 32 bits before any any bitwise operations are performed on the value. Thus, if b[0] contains the value 0xff, and x is initially 0, then the code ((x << 8) | b[0]) will sign extend 0xff to get 0xffffffff, and thus give the value 0xffffffff as the result.

In particular, the following code for packing a byte array into an int is badly wrong:

int result = 0; for(int i = 0; i < 4; i++) result = ((result << 8) | b[i]);

The following idiom will work instead:

int result = 0; for(int i = 0; i < 4; i++) result = ((result << 8) | (b[i] &s; 0xff));

DB_DUPLICATE_BRANCHES: Method uses the same code for two branches

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

DE_MIGHT_IGNORE: Method might ignore exception

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

DLS_DEAD_LOCAL_STORE: Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

DM_STRING_VOID_CTOR: Method invokes inefficient new String() constructor

Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant "".  Java guarantees that identical string constants will be represented by the same String object.  Therefore, you should just use the empty string constant directly.

DM_STRING_CTOR: Method invokes inefficient new String(String) constructor

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter.  Just use the argument String directly.

DM_EXIT: Method invokes System.exit(...)

Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.

DM_STRING_TOSTRING: Method invokes toString() method on a String

Calling String.toString() is just a redundant operation. Just use the String.

EC_UNRELATED_TYPES: Call to equals() comparing different types

This method calls equals(Object) on two references of different class types with no common subclasses. Therefore, the objects being compared are unlikely to be members of the same class at runtime (unless some application classes were not analyzed, or dynamic class loading can occur at runtime). According to the contract of equals(), objects of different classes should always compare as unequal; therefore, according to the contract defined by java.lang.Object.equals(Object), the result of this comparison will always be false at runtime.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

EQ_SELF_USE_OBJECT: Covariant equals() method defined, Object.equals(Object) inherited

This class defines a covariant version of the equals() method, but inherits the normal equals(Object) method defined in the base java.lang.Object class.  The class should probably define a non-covariant version of equals().  (I.e., a method with the signature boolean equals(java.lang.Object).

FI_EXPLICIT_INVOCATION: Explicit invocation of finalizer

This method contains an explicit invocation of the finalize() method on an object.  Because finalizer methods are supposed to be executed once, and only by the VM, this is a bad idea.

If a connected set of objects beings finalizable, then the VM will invoke the finalize method on all the finalizable object, possibly at the same time in different threads. Thus, it is a particularly bad idea, in the finalize method for a class X, invoke finalize on objects referenced by X, because they may already be getting finalized in a separate thread.

FI_FINALIZER_NULLS_FIELDS: Finalizer nulls fields

This finalizer nulls out fields. This is usually an error, as it does not aid garbage collection, and the object is going to be garbage collected anyway.

FI_PUBLIC_SHOULD_BE_PROTECTED: Finalizer should be protected, not public

A class's finalize() method should have protected access, not public.

HE_EQUALS_USE_HASHCODE: Class defines equals() and uses Object.hashCode()

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }

ICAST_INTEGER_MULTIPLY_CAST_TO_LONG: Result of integer multiplication cast to long

This code performs integer multiply and then converts the result to a long, as in: 

 
	long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; }
If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to: 
 
	long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; }
or 
 
	static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
	long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; }

IMSE_DONT_CATCH_IMSE: Dubious catching of IllegalMonitorStateException

IllegalMonitorStateException is generally only thrown in case of a design flaw in your code (calling wait or notify on an object you do not hold a lock on).

INT_BAD_COMPARISON_WITH_SIGNED_BYTE: Bad comparison of signed byte

Signed bytes can only have a value in the range -128 to 127. Comparing a signed byte with a value outside that range is vacuous and likely to be incorrect. To convert a signed byte b to an unsigned value in the range 0..255, use 0xff & b

IS2_INCONSISTENT_SYNC: Inconsistent synchronization

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

  1. The class contains a mix of locked and unlocked accesses,
  2. At least one locked access was performed by one of the class's own methods, and
  3. The number of unsynchronized field accesses (reads and writes) was no more than one third of all accesses, with writes being weighed twice as high as reads

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.

ML_SYNC_ON_UPDATED_FIELD: Method synchronizes on an updated field

This method synchronizes on an object references from a mutable field. This is unlikely to have useful semantics, since different threads may be synchronizing on different objects.

MS_MUTABLE_ARRAY: Field is a mutable array

A final static field references an array and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the array.

MS_SHOULD_BE_FINAL: Field isn't final but should be

A mutable static field could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

MS_FINAL_PKGPROTECT: Field should be both final and package protected

A mutable static field could be changed by malicious code or by accident from another package. The field could be made package protected and/or made final to avoid this vulnerability.

MS_PKGPROTECT: Field should be package protected

A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

MS_EXPOSE_REP: Public static method may expose internal representation by returning array

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.

MWN_MISMATCHED_NOTIFY: Mismatched notify()

This method calls Object.notify() or Object.notifyAll() without obviously holding a lock on the object.  Calling notify() or notifyAll() without a lock held will result in an IllegalMonitorStateException being thrown.

MWN_MISMATCHED_WAIT: Mismatched wait()

This method calls Object.wait() without obviously holding a lock on the object.  Calling wait() without a lock held will result in an IllegalMonitorStateException being thrown.

NM_CLASS_NAMING_CONVENTION: Class names should start with an upper case letter

Class names should be nouns, in mixed case with the first letter of each internal word capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms and abbreviations (unless the abbreviation is much more widely used than the long form, such as URL or HTML).

NM_METHOD_NAMING_CONVENTION: Method names should start with an lower case letter

Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.

NN_NAKED_NOTIFY: Naked notify

A call to notify() or notifyAll() was made without any (apparent) accompanying modification to mutable object state.  In general, calling a notify method on a monitor is done because some condition another thread is waiting for has become true.  However, for the condition to be meaningful, it must involve a heap object that is visible to both threads.

This bug does not necessarily indicate an error, since the change to mutable object state may have taken place in a method which then called the method containing the notification.

NP_LOAD_OF_KNOWN_NULL_VALUE: Load of known null value

The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.

NP_NULL_PARAM_DEREF_NONVIRTUAL: Non-virtual method call passes null for unconditionally dereferenced parameter

A possibly-null value is passed to a method which unconditionally dereferences it. This will almost certainly result in a null pointer exception.

NP_ALWAYS_NULL: Null pointer dereference

A null pointer is dereferenced here.  This will lead to a NullPointerException when the code is executed.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

A reference value dereferenced here might be null at runtime.  This may lead to a NullPointerException when the code is executed.

NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE: Possible null pointer dereference due to return value of called method

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  The value may be null because it was return from a method which is known to return possibly-null values.

NP_NULL_ON_SOME_PATH_EXCEPTION: Possible null pointer dereference in method on exception path

A reference value which is null on some exception control path is dereferenced here.  This may lead to a NullPointerException when the code is executed.  Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

NP_TOSTRING_COULD_RETURN_NULL: toString method may return null

This toString method seems to return null in some circumstances. A liberal reading of the spec could be interpreted as allowing this, but it is probably a bad idea and could cause other code to break. Return the empty string or some other appropriate string rather than null.

ODR_OPEN_DATABASE_RESOURCE: Method may fail to close database resource

The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method.  Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.

OS_OPEN_STREAM: Method may fail to close stream

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT: Method assigns boolean literal in boolean expression

This method assigns a literal boolean value (true or false) to a boolean variable inside an if or while expression. Most probably this was supposed to be a boolean comparison using ==, not an assignment using =.

RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE: Nullcheck of value previously dereferenced

A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.

RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null

This method contains a redundant check of a known non-null value against the constant null.

RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE: Redundant nullcheck of value known to be null

This method contains a redundant check of a known null value against the constant null.

REC_CATCH_EXCEPTION: Exception is caught when Exception is not thrown

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

RR_NOT_CHECKED: Method ignores results of InputStream.read()

This method ignores the return value of one of the variants of java.io.InputStream.read() which can return multiple bytes.  If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were read than the caller requested.  This is a particularly insidious kind of bug, because in many programs, reads from input streams usually do read the full amount of data requested, causing the program to fail only sporadically.

RV_ABSOLUTE_VALUE_OF_RANDOM_INT: Bad attempt to compute absolute value of signed 32-bit random integer

This code generates a random signed integer and then computes the absolute value of that random integer. If the number returned by the random number generator is Integer.MIN_VALUE, then the result will be negative as well (since Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE).

RV_RETURN_VALUE_IGNORED: Method ignores return value

The return value of this method should be checked. One common cause of this warning is to invoke a method on an immutable object, thinking that it updates the object. For example, in the following code fragment,

String dateString = getHeaderField(name);
dateString.trim();

the programmer seems to be thinking that the trim() method will update the String referenced by dateString. But since Strings are immutable, the trim() function returns a new String value, which is being ignored here. The code should be corrected to: 

String dateString = getHeaderField(name);
dateString = dateString.trim();

SA_LOCAL_DOUBLE_ASSIGNMENT: Double assignment of local variable

This method contains a double assignment of a local variable; e.g. 

  public void foo() {
    int x,y;
    x = x = 17;
  }

Assigning the same value to a variable twice is useless, and may indicate a logic error or typo.

SC_START_IN_CTOR: Constructor invokes Thread.start()

The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.

SE_BAD_FIELD_STORE: Non-serializable value stored into instance field of a serializable class

A non-serializable value is stored into a non-transient field of a serializable class.

SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

SF_SWITCH_FALLTHROUGH: Switch statement found where one case falls through to the next case

This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return.

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

SE_NO_SERIALVERSIONID: Class is Serializable, but doesn't define serialVersionUID

This class implements the Serializable interface, but does not define a serialVersionUID field.  A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE: Nonconstant string passed to execute method on an SQL statement

The method invokes the execute method on an SQL statement with a String that seems to be dynamically generated. Consider using a prepared statement instead. It is more efficient and less vulnerable to SQL injection attacks.

SS_SHOULD_BE_STATIC: Unread field: should this field be static?

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE: Call to static DateFormat

As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. The detector has found a call to an instance of DateFormat that has been obtained via a static field. This looks suspicous.

For more information on this see Sun Bug #6231579 and Sun Bug #6178997.

STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE: Static DateFormat

As the JavaDoc states, DateFormats are inherently unsafe for multithreaded use. Sharing a single instance across thread boundaries without proper synchronization will result in erratic behavior of the application.

You may also experience serialization problems.

Using an instance field is recommended.

For more information on this see Sun Bug #6231579 and Sun Bug #6178997.

SWL_SLEEP_WITH_LOCK_HELD: Method calls Thread.sleep() with a lock held

This method calls Thread.sleep() with a lock held. This may result in very poor performance and scalability, or a deadlock, since other threads may be waiting to acquire the lock. It is a much better idea to call wait() on the lock, which releases the lock and allows other threads to run.

TLW_TWO_LOCK_WAIT: Wait with two locks held

Waiting on a monitor while two locks are held may cause deadlock.   Performing a wait only releases the lock on the object being waited on, not any other locks.   This not necessarily a bug, but is worth examining closely.

UG_SYNC_SET_UNSYNC_GET: Unsynchronized get method, synchronized set method

This class contains similarly-named get and set methods where the set method is synchronized and the get method is not.  This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object.  The get method should be made synchronized.

UR_UNINIT_READ: Uninitialized read of field in constructor

This constructor reads a field which has not yet been assigned a value.  This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.

UUF_UNUSED_FIELD: Unused field

This field is never used.  Consider removing it from the class.

UW_UNCOND_WAIT: Unconditional wait

This method contains a call to java.lang.Object.wait() which is not guarded by conditional control flow.  The code should verify that condition it intends to wait for is not already satisfied before calling wait; any previous notifications will be ignored.

UWF_UNWRITTEN_FIELD: Unwritten field

This field is never written.  All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.

WA_NOT_IN_LOOP: Wait not in loop

This method contains a call to java.lang.Object.wait() which is not in a loop.  If the monitor is used for multiple conditions, the condition the caller intended to wait for might not be the one that actually occurred.