1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2<html>
3<head>
4<title>FindBugs Change Log</title>
5<link rel="stylesheet" type="text/css" href="findbugs.css">
6
7</head>
8
9<body>
10
11	<table width="100%">
12		<tr>
13
14
15<td bgcolor="#b9b9fe" valign="top" align="left" width="20%">
16<table width="100%" cellspacing="0" border="0">
17<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr>
18
19<tr><td>&nbsp;</td></tr>
20
21<tr><td><b>Docs and Info</b></td></tr>
22<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr>
23<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr>
24<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr>
25<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr>
26<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr>
27<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr>
28<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/&#26085;&#26412;&#35486;)</a></font></td></tr>
29<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr>
30<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr>
31<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr>
32<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr>
33<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr>
34
35<tr><td>&nbsp;</td></tr>
36
37<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr>
38
39<tr><td>&nbsp;</td></tr>
40
41<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>
42
43<tr><td>&nbsp;</td></tr>
44
45<tr><td><b>Development</b></td></tr>
46<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr>
47<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr>
48<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr>
49<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr>
50<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr>
51<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr>
52<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr>
53<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr>
54<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr>
55</table>
56</td>
57
58			<td align="left" valign="top">
59
60
61				<h1>FindBugs Change Log, Version 2.0.3</h1>
62				<ul>
63					<li>New Bug patterns: <a
64						href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FOR_PARSING</a>,
65						<a
66						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETURN_RELAXING_ANNOTATION</a>,
67						and
68						<a
69						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</a>
70					</li>
71					<li>Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output.
72					<li>When dataflow does't terminate, make sure we continue with
73						analysis.
74
75					<li>Fix some problems that resulting in dataflow analysis not
76						terminating
77
78					<li>Get parameter annotations from default parameters
79						annotations applied to the method.
80					<li>Add subversion change number to eclipse plugin qualifier.
81
82					<li>Disabled detector for <a
83						href="http://findbugs.sourceforge.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR_FILE_ENTRY</a>;
84						it complaints inappropriately about code that creates directory
85						entries.
86
87					<li>Add warnings about incompatible types passed to
88						org.testng.Assert.assertEquals</li>
89					<li>Add logic that understands more of the Google Guava APIs.
90					<li>Disable type qualifier validator execution within Eclipse plugin;
91						too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures)
92					<li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is
93					inconsistent about where synthetic elements are marked.
94
95				<li>Fixed false positives for the following bug patterns (17
96						occurrences in findbugsTestCases):
97						<ul>
98							<li><a
99								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC">BC</a>
100							<li><a
101								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIBLE_INSTANCEOF</a>
102							<li><a
103								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
104							<li><a
105								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
106							<li><a
107								href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a>
108							<li><a
109								href="http://findbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTENT_SYNC</a>
110							<li><a
111								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a>
112							<li><a
113								href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSATISFIED_OBLIGATION</a>
114							<li><a
115								href="http://findbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a>
116							<li><a
117								href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
118							<li><a
119								href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
120							</li>
121						</ul>
122					<li>Fixed false negatives for the following bug patterns (45
123						occurrences in findbugsTestCases):
124						<ul>
125							<li><a
126								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
127							<li><a
128								href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a>
129							<li><a
130								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_NONARRAY</a>
131							<li><a
132								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INCOMPATIBLE_ARRAY_COMPARE</a>
133							<li><a
134								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
135							<li><a
136								href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
137							<li><a
138								href="http://findbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GUARDED</a>
139							<li><a
140								href="http://findbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMENT</a>
141							<li><a
142								href="http://findbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a>
143							<li><a
144								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME_PATH</a>
145							<li><a
146								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNULL_PARAM_VIOLATION</a>
147							<li><a
148								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a>
149							<li><a
150								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>
151							<li><a
152								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE_INTO_NONNULL_FIELD</a>
153							<li><a
154								href="http://findbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_POSSIBLE_UNINTENDED_PATTERN</a>
155							<li><a
156								href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
157						</ul>
158				</ul>
159				<h1>FindBugs Change Log, Version 2.0.2</h1>
160
161				<ul>
162					<li>Fix false positions for <a
163						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a>
164						- fixing <a
165						href="https://sourceforge.net/tracker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>,
166						<a
167						href="https://sourceforge.net/tracker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>,
168						<a
169						href="https://sourceforge.net/tracker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a>
170						and <a
171						href="https://sourceforge.net/tracker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>.
172
173
174					</li>
175					<li>Fix false positives for <a
176						href="http://findbugs.sourceforge.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a>
177					<li>Inline access methods for private fields,
178                    fixing false positive in  <a
179                        href="https://sourceforge.net/tracker/?func=detail&aid=3484713&group_id=96405&atid=614693">Bug3484713</a>.
180
181                    <li>Type qualifier annotations, including nullness
182						annotations, are now ignored on vararg parameters (including
183						default and inherited annotations), awaiting JSR308.
184					<li>Defined new bug pattern to give better explanations of
185						issues involving strict type qualifiers <a
186						href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
187					<li>Adjusted analysis of type qualifiers, now giving warnings
188						where a computed value is used in a place where a value with a
189						strict type qualifier is required.
190					<li>Complain about missing classes only if they are
191						encountered while analyzing application classes; ignore missing
192						classes that are encounted while analyzing classes loaded from the
193						auxclasspath. Fix for <a
194						href="https://sourceforge.net/tracker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a>
195					<li>Fixed false positive null pointer warning coming from
196						synthetic bridge methods, fixing <a
197						href="https://sourceforge.net/tracker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a>
198					<li>In general, suppress warnings in synthetic methods.
199					<li>Fix some false positives involving <a
200						href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
201						on classes that extend generic collection classes.
202
203					</li>
204                    <li>Combine multiple identical warnings about
205                     <a
206                        href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a>
207                         that occur in the same method,
208                    simplifying issue triage.
209
210					<li>Changes by Andrey Loskutov
211						<ul>
212							<li>fixed job scheduling errors in 3.8/4.2 Eclipse <a
213								href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=393748">bug
214									report</a>
215							<li>more realistic progress bar updates for jobs
216							<li>added nullness annotations for some common Eclipse API
217								methods known to usually return null values
218							<li>Added support for org.eclipse.jdt.annotation.Nullable,
219								NonNull and NonNullByDefault annotations (introduced with
220								Eclipse 3.8/4.2)</li>
221						</ul>
222					<li>Documentation improvements
223					<li><a href="http://code.google.com/p/findbugs/source/list">lots
224							of other small changes</a>
225				</ul>
226				<h1>FindBugs Change Log, Version 2.0.1</h1>
227
228				<ul>
229					<li>New bug patterns; in some cases, bugs previous reported as
230						other bug patterns are reported as instances of these new bug
231						patterns in order to make it easier for developers to understand
232						the bug reports
233						<ul>
234							<li><a
235								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
236							<li><a
237								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL</a></li>
238							<li><a
239								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li>
240							<li><a
241								href="http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li>
242							<li><a
243								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li>
244							<li><a
245								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
246							<li><a
247								href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li>
248						</ul>
249					</li>
250
251					<li>Changes to fix false negatives for the following bug
252						patterns: <a
253						href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>,
254						<a
255						href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>,
256						<a
257						href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>,
258						<a
259						href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>,
260						and <a
261						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>.
262					</li>
263
264					<li>Changes to fix false positions for the following bug
265						patterns: <a
266						href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>,
267						<a
268						href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>,
269						and <a
270						href="http://findbugs.sourceforge.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>.
271					</li>
272				</ul>
273
274				<h1>FindBugs Change Log, Version 2.0.0</h1>
275
276				<h2>Changes since version 1.3.8</h2>
277				<ul>
278					<li>New bug patterns; in some cases, bugs previous reported as
279						other bug patterns are reported as instances of these new bug
280						patterns in order to make it easier for developers to understand
281						the bug reports
282						<ul>
283							<li><a
284								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
285							</a></li>
286							<li><a
287								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
288							</a></li>
289							<li><a
290								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
291							</a></li>
292							<li><a
293								href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
294							</a></li>
295							<li><a
296								href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
297							</a></li>
298							<li><a
299								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
300							</a></li>
301							<li><a
302								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
303							</a></li>
304							<li><a
305								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
306							</a></li>
307							<li><a
308								href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
309							</a></li>
310							<li><a
311								href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
312							</a></li>
313							<li><a
314								href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
315							</a></li>
316							<li><a
317								href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
318							</a></li>
319						</ul>
320					</li>
321					<li>Providing a bug rank (1-20), and the ability to filter by
322						bug rank. Eventually, it will be possible to specify your own
323						rules for ranking bugs, but the procedure for doing so hasn't been
324						specified yet.</li>
325					<li>Fixed about <a
326						href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
327							bugs filed</a> through SourceForge
328					</li>
329					<li>Various reclassifications and priority tweaks</li>
330					<li>Added more bug annotations to a variety of bug reports.
331						This provides more context for understanding bug reports (e.g., if
332						the value in question was is the return value of a method, the
333						method is described as the source of the value in a bug
334						annotation). This also provide more accurate tracking of issues
335						across versions of the code being analyzed, but has the downside
336						that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
337						on the same version of code being analyzed, FindBugs may think
338						that mistakenly believe that the issue reported by 1.3.8 was fixed
339						and a new issue was introduced that was reported by FindBugs
340						1.3.9. While annoying, it would be unusual for more than a dozen
341						issues per million lines of codes to be mistracked.</li>
342					<li>Lots of internal changes moving towards FindBugs 2.0, but
343						these features are undocumented, not yet officially supported, and
344						subject to radical changes before FindBugs 2.0 is released.</li>
345				</ul>
346
347				<p>Changes since version 1.3.8</p>
348				<ul>
349					<li>New bug patterns; in some cases, bugs previous reported as
350						other bug patterns are reported as instances of these new bug
351						patterns in order to make it easier for developers to understand
352						the bug reports
353						<ul>
354							<li><a
355								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
356							</a>
357							<li><a
358								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
359							</a>
360							<li><a
361								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
362							</a>
363							<li><a
364								href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
365							</a>
366							<li><a
367								href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
368							</a>
369							<li><a
370								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
371							</a>
372							<li><a
373								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
374							</a>
375							<li><a
376								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
377							</a>
378							<li><a
379								href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
380							</a>
381							<li><a
382								href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
383							</a>
384							<li><a
385								href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
386							</a>
387							<li><a
388								href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
389							</a>
390						</ul>
391					</li>
392					<li>Providing a bug rank (1-20), and the ability to filter by
393						bug rank. Eventually, it will be possible to specify your own
394						rules for ranking bugs, but the procedure for doing so hasn't been
395						specified yet.</li>
396					<li>Fixed about <a
397						href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
398							bugs filed</a> through SourceForge
399					</li>
400					<li>Various reclassifications and priority tweaks</li>
401					<li>Added more bug annotations to a variety of bug reports.
402						This provides more context for understanding bug reports (e.g., if
403						the value in question was is the return value of a method, the
404						method is described as the source of the value in a bug
405						annotation). This also provide more accurate tracking of issues
406						across versions of the code being analyzed, but has the downside
407						that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
408						on the same version of code being analyzed, FindBugs may think
409						that mistakenly believe that the issue reported by 1.3.8 was fixed
410						and a new issue was introduced that was reported by FindBugs
411						1.3.9. While annoying, it would be unusual for more than a dozen
412						issues per million lines of codes to be mistracked.</li>
413					<li>Lots of internal changes moving towards FindBugs 2.0, but
414						these features are undocumented, not yet officially supported, and
415						subject to radical changes before FindBugs 2.0 is released.</li>
416				</ul>
417
418				<p>Changes since version 1.3.7</p>
419				<ul>
420					<li>Primarily another small bugfix release.</li>
421					<li>FindBugs base:
422						<ul>
423							<li>New Reports:
424								<ul>
425									<li>SF_SWITCH_NO_DEFAULT: missing default case in switch
426										statement.</li>
427									<li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW:
428										value ignored when switch fallthrough leads to thrown
429										exception.</li>
430									<li>INT_VACUOUS_BIT_OPERATION: bit operations that don't
431										do any meaningful work.</li>
432									<li>FB_UNEXPECTED_WARNING: warning generated that
433										conflicts with @NoWarning FindBugs annotation.</li>
434									<li>FB_MISSING_EXPECTED_WARNING: warning not generated
435										despite presence of @ExpectedWarning FindBugs annotation.</li>
436									<li>NOISE category: intended for use in data mining
437										experiments.
438										<ul>
439											<li>NOISE_NULL_DEREFERENCE: fake null point dereference
440												warning.</li>
441											<li>NOISE_METHOD_CALL: fake method call warning.</li>
442											<li>NOISE_FIELD_REFERENCE: fake field dereference
443												warning.</li>
444											<li>NOISE_OPERATION: fake operation warning.</li>
445										</ul>
446									</li>
447								</ul>
448							</li>
449							<li>Other:
450								<ul>
451									<li>Garvin Leclaire has created a new Apache Maven
452										repository for FindBugs at <a
453										href="http://code.google.com/p/findbugs/">the Google Code
454											FindBugs SVN repository</a>. (Thanks Garvin!)
455									</li>
456								</ul>
457							</li>
458							<li>Fixes:
459								<ul>
460									<li>[ 2317842 ] Highlighting broken in Windows</li>
461									<li>[ 2515908 ] check for oddness should track sign of
462										argument</li>
463									<li>[ 2487936 ] &quot;L B GC&quot; false pos cast from
464										Map.Entry.getKey() to Map.get()</li>
465									<li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li>
466									<li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message
467										reported</li>
468									<li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is
469										incorrect</li>
470									<li>[ 2545098 ] Invalid character in analysis results file</li>
471									<li>[ 2492673 ] Plugin sites should specify &quot;requires
472										Eclipse 3.3 or newer&quot;</li>
473									<li>[ 2588044 ] a tiny typing error</li>
474									<li>[ 2589048 ] Documentation for convertXmlToText
475										insufficient</li>
476									<li>[ 2638739 ] NullPointerException when building</li>
477								</ul>
478							</li>
479							<li>Patches:
480								<ul>
481									<li>[ 2538184 ] Make BugCollection implement
482										Iterable&lt;BugInstance&gt; (thanks to Tomas Pollak)</li>
483									<li>[ 2249771 ] Add Maven2 Findbugs plugin link to the
484										Links page (thanks to Garvin Leclaire)</li>
485									<li>[ 2609526 ] Japanese manual update (thanks to K.
486										Hashimoto)</li>
487									<li>[ 2119482 ] CheckBcel checks for nonexistent classes
488										(thanks to Jerry James)</li>
489								</ul>
490							</li>
491						</ul>
492					</li>
493					<li>FindBugs Eclipse plugin:
494						<ul>
495							<li>Major feature enhancements (thanks to Andrey Loskutov).
496								See <a href="http://andrei.gmxhome.de/findbugs/index.html">this
497									overview</a> for more information.
498							</li>
499							<li>Major test improvements (thanks to Tomas Pollak).</li>
500							<li>Fixes:
501								<ul>
502									<li>[ 2532365 ] Compiler warning</li>
503									<li>[ 2522989 ] Fix filter files selection</li>
504									<li>[ 2504068 ] NullPointerException</li>
505									<li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse
506										3.5 M5</li>
507								</ul>
508							</li>
509							<li>Patches:
510								<ul>
511									<li>[ 2143140 ] Unchecked conversion fixes for Eclipse
512										plugin (thanks to Jerry James)
513								</ul>
514							</li>
515						</ul>
516					</li>
517				</ul>
518
519				<p>Changes since version 1.3.6</p>
520				<ul>
521					<li>Overall, a small bugfix release.
522					<li>New detection of accidental vacuous/useless calls to
523						EasyMock methods, and of generic signatures that proclaim the use
524						of unhashable classes in ways that require that they be hashed.
525					<li>Eliminate some false positives where we were warning about
526						a useless call (e.g., comparing two incompatible types for
527						equality), but the only thing the code was doing with the result
528						was passing it to assertFalse.
529					<li>Japanese localization and manual by K.Hashimoto. (Thanks!)
530
531					<li>Added -exclude and -outputDir command line options to
532						rejarForAnalysis
533					<li>Extended -adjustPriorities option to FindBugs analysis
534						textui so that you can modify the priorities of individual bug
535						patterns as well as visitors, and also completely suppress
536						individual bug patterns or visitors.
537						<ul>
538							<li>e.g., -adjustPriority
539								MS_SHOULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise
540
541						</ul>
542				</ul>
543
544
545				<p>Changes since version 1.3.5</p>
546				<ul>
547					<li>Added fairly exhaustive static analysis of uses of format
548						strings, checking for missing or extra arguements, invalid format
549						specifiers, or mismatched format specifiers and arguments (e.g,
550						passing a String value for a %d format specifier). The logic for
551						doing so is derived from Sun's java.util.Formatter class, and
552						available separately from FindBugs as part of the <a
553						href="https://jformatstring.dev.java.net/">jFormatString</a>
554						project.
555					<li>More tuning of the unsatisfied obligation detector. Since
556						this detector is still rather noisy and an unfinished research
557						project, I've moved the generated issues to a new category:
558						EXPERIMENTAL.
559					<li>Added check for <a
560						href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>;
561						similar to <a
562						href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>,
563						except that addition is being used to combine shifted signed
564						bytes.
565					<li>Changed detection of EI_EXPOSE_REP2, so we only report it
566						if the value stored is guaranteed to be the same value that was
567						passed in as a parameter.
568					<li>Added <a
569						href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>,
570						a warning when an equals method checks to see if an operand is an
571						instance of a class not compatible with itself. For example, if
572						the Foo class checks to see if the argument is an instance of
573						String. This is either a questionable design decision or a coding
574						mistake.
575					<li>Added <a
576						href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE_ON_ARRAY</a>,
577						which checks for invoking <code>hashCode()</code> on an array,
578						which returns a hash code that ignores the contents of the array.
579
580					<li>Added checks for using <code>x.removeAll(x)</code> to
581						rather than <code>x.clear()</code> to clear an array.
582					<li>Add checks for calls such as <code>x.contains(x)</code>, <code>x.remove(x)</code>
583						and <code>x.containsAll(x)</code>.
584					<li>Improvements to Eclipse plugin (thanks to Andrey
585						Loskutov):
586						<ul>
587							<li>Report separate markers for each occurrence of an issue
588								that appears multiple times in a method
589							<li>fine tuning for reported markers: add only one marker
590								for fields, add marker on right position
591							<li>link bugs selected in bug explorer view to the opened
592								editor and vice versa
593							<li>select bugs selected in editor ruler in the opened bug
594								explorer view
595							<li>consistent abbreviations used in both bug explorer and
596								bug details view
597							<li>added "Expand All" button to the bug explorer view
598							<li>added "Go Into/Go Up" buttons to the bug explorer view
599							<li>added "Copy to clipboard" menu/functionality to the
600								details view list widget
601							<li>fix for CNF exception if loading the backup solution for
602								broken browser widget
603						</ul>
604				</ul>
605
606
607
608				<p>Changes since version 1.3.4</p>
609				<ul>
610					<li>Analysis about 15% faster
611					<li><a
612						href="http://sourceforge.net/tracker/?atid=614693&group_id=96405&func=browse&status=closed">38
613							bugs closed</a></li>
614					<li>New defect warnings:
615						<ul>
616							<li>calls to methods that always throw
617								UnsupportedOperationException (DMI_UNSUPPORTED_METHOD)
618							<li>repeated conditional tests (e.g., <code>if (x
619									&lt; 0 || x &lt; 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST)
620							<li>Complete rewrite of detector for format string problems.
621								More accurate, finds more problems, generates more descriptive
622								reports, several different bug pattern
623								(VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED,
624								VA_FORMAT_STRING_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT,
625								VA_FORMAT_STRING_BAD_ARGUMENT,
626								VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT)
627							<li>Fairly complete implementation of JSR-305 custom type
628								qualifier analysis (no support for custom validators yet).
629								(TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK
630								TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK
631								TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK)
632							<li>New detector for unsatisfied obligations such forgetting
633								to close a file (OBL_UNSATISFIED_OBLIGATION).
634							<li>Warning when a parameter is marked as nullable, but is
635								always dereferenced.
636								(NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)
637							<lI>Separate warning for dereference the result of readLine
638								(NP_DEREFERENCE_OF_READLINE_VALUE)
639						</ul>
640					<li>When XML is generated with messages, the project stats now
641						include &lt;FileStat&gt; elements. For each source file, this
642						gives the path for the file, the total number of warnings for that
643						file, and a bugHash for the file. While the instanceHash for a bug
644						is intended to be version invariant (ignoring line numbers, etc),
645						the bugHash for a file is intended to reflect all the information
646						about the warnings in that file. The intended use case is that if
647						the bugHash for a file is the same in two analysis runs, then <em>nothing</em>
648						has changed about any of the warnings reported for that file
649						between the two analysis runs.
650					<li>More merging of similar issues within a method. For
651						example, if the result of readLine() is dereferences multiple
652						times within a method, it will be reported as a single warning
653						with occurrences at multiple source lines.
654				</ul>
655				<p>Changes since version 1.3.3</p>
656
657				<ul>
658					<li>FindBugs base
659						<ul>
660							<li>New Reports:
661								<ul>
662									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method
663										overrides equals in superclass and may not be symmetric</li>
664									<li>EQ_ALWAYS_TRUE: equals method always returns true</li>
665									<li>EQ_ALWAYS_FALSE: equals method always returns false</li>
666									<li>EQ_COMPARING_CLASS_NAMES: equals method compares class
667										names rather than class objects</li>
668									<li>EQ_UNUSUAL: Unusual equals method</li>
669									<li>EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails
670										for subtypes</li>
671									<li>SE_READ_RESOLVE_IS_STATIC: The readResolve method must
672										not be declared as a static method.</li>
673									<li>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private
674										readResolve method not inherited by subclasses</li>
675									<li>MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field</li>
676									<li>XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected
677										cross site scripting vulnerability</li>
678									<li>SKIPPED_CLASS_TOO_BIG: Class too big for analysis</li>
679								</ul>
680							</li>
681							<li>Other:
682								<ul>
683									<li>Value-number analysis now more space-efficient</li>
684									<li>Enhancements to reduce memory overhead when analyzing
685										very large classes</li>
686									<li>Now skips very large classes that would otherwise take
687										too much time and memory to analyze</li>
688									<li>Infrastructure for tracking effectively-constant/
689										effectively-final fields</li>
690									<li>Added more cweids</li>
691									<li>Enhanced taint tracking for taint-based detectors</li>
692									<li>Ignore doomed calls to equals if result is used as an
693										argument to assertFalse</li>
694									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li>
695									<li>Priority tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG
696										(only low priority if multiplying by 1000)</li>
697									<li>Improved tracking of fields across method calls</li>
698								</ul>
699							</li>
700							<li>Fixes:
701								<ul>
702									<li>[ 1941450 ] DLS_DEAD_LOCAL_STORE not reported</li>
703									<li>[ 1953323 ] Omitted break statement in
704										SynchronizeAndNullCheckField</li>
705									<li>[ 1942620 ] Source Directories selection dialog
706										interface confusion (partial)</li>
707									<li>[ 1948275 ] Unhelpful "Load of known null"</li>
708									<li>[ 1933922 ] MWM error in findbugs</li>
709									<li>[ 1934772 ] 1.3.3 appears to rely on JDK 1.6, JNLP
710										still specifies 1.5</li>
711									<li>[ 1933945 ] -loadbugs doesn't work</li>
712									<li>Fixed problems for class names starting with '$'</li>
713									<li>Fixed bugs and incomplete handling of annotations in
714										VersionInsensitiveBugComparator</li>
715								</ul>
716							</li>
717							<li>Patches:
718								<ul>
719									<li>[ 1955106 ] Javadoc fixes</li>
720									<li>[ 1951930 ] Superfluous import statements (thanks to
721										Jerry James)</li>
722									<li>[ 1951907 ] Missing @Deprecated annotations (thanks to
723										Jerry James)</li>
724									<li>[ 1951876 ] Infonode Docking Windows compile fix
725										(thanks to Jerry James)</li>
726									<li>[ 1936055 ] bugfix for findbugs.de.comment not working
727										(thanks to Peter Fokkinga)
728								</ul>
729							</li>
730						</ul>
731					<li>FindBugs BlueJ plugin
732						<ul>
733							<li>Updated to use FindBugs 1.3.4 (first new release since
734								1.1.3)</li>
735						</ul>
736					</li>
737				</ul>
738
739				<p>Changes since version 1.3.2</p>
740
741				<ul>
742					<li>FindBugs base
743						<ul>
744							<li>New Detectors:
745								<ul>
746									<li>FieldItemSummary: Produces summary information for
747										what is stored into fields</li>
748									<li>SynchronizeOnClassLiteralNotGetClass: Look for code
749										that synchronizes on the results of getClass rather than on
750										class literals</li>
751									<li>SynchronizingOnContentsOfFieldToProtectField: This
752										detector looks for code that seems to be synchronizing on a
753										field in order to guard updates of that field</li>
754								</ul>
755							</li>
756							<li>New BugCode:
757								<ul>
758									<li>HRS: HTTP Response splitting vulnerability</li>
759									<li>WL: Possible locking on wrong object</li>
760								</ul>
761							</li>
762							<li>New Reports:
763								<ul>
764									<li>DMI_CONSTANT_DB_PASSWORD: This code creates a database
765										connect using a hard coded, constant password</li>
766									<li>HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed
767										from untrusted input</li>
768									<li>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter
769										directly written to HTTP header output</li>
770									<li>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines
771										clone() but doesn't implement Cloneable</li>
772									<li>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization
773										on boxed primitive could lead to deadlock</li>
774									<li>DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on
775										Boolean could lead to deadlock</li>
776									<li>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD:
777										Synchronization on field in futile attempt to guard that field
778									</li>
779									<li>DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in
780										return statement</li>
781									<li>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL:
782										Synchronization on getClass rather than class literal</li>
783								</ul>
784							</li>
785							<li>Other:
786								<ul>
787									<li>Many enhancements to cross-site scripting detector and
788										its documentation</li>
789									<li>Enhanced switch fall through handling</li>
790									<li>Enhanced unread field handling (look for IF_ACMPEQ and
791										IF_ACMPNE)</li>
792									<li>Clarified documentation for @Nullable in manual</li>
793									<li>Fewer DeadLocalStore false positives</li>
794									<li>Fewer UnreadField false positives</li>
795									<li>Fewer StaticCalendarDetector false positives</li>
796									<li>Performance fix for slow file system IO e.g. Clearcase
797										repositories (thanks, Andrei!)</li>
798									<li>Other, general performance enhancements (thanks,
799										Andrei!)</li>
800									<li>Enhancements for using FindBugs scripts with MKS on
801										Windows (thanks, Kelly O'Hair!)</li>
802									<li>Noted in the manual that jsr305.jar must be present
803										for annotations to compile</li>
804									<li>Added and fine-tuned default-nullness annotations</li>
805									<li>More CWE IDs added</li>
806									<li>Check and warning for unexpected BCEL version in
807										classpath</li>
808								</ul>
809							</li>
810							<li>Fixes:
811								<ul>
812									<li>Bug fix to handling of local variable tables in BCEL</li>
813									<li>Refined documentation for
814										MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li>
815									<li>[ 1927295 ] NPE when called on project root</li>
816									<li>[ 1926405 ] Incorrect dead store warning</li>
817									<li>[ 1926409 ] Incorrect redundant nullcheck warning</li>
818									<li>[ 1926389 ] Wrong line number printed/highlighted in
819										bug</li>
820									<li>[ 1927040 ] typo in bug description</li>
821									<li>[ 1926263 ] Minor glitch in HTML output</li>
822									<li>[ 1926240 ] Minor error in standard options in manual</li>
823									<li>[ 1926236 ] Minor bug in installation section of
824										manual</li>
825									<li>[ 1925539 ] ZIP is default file system code base</li>
826									<li>[ 1894701 ] Livelock / memory leak in
827										ObjectTypeFactory (thanks, Andrei!)</li>
828									<li>[ 1867491 ] Doesn't reload annotations after code
829										changes in IDE (thanks, Andrei!)</li>
830									<li>[ 1921399 ] -project option not supported</li>
831									<li>[ 1913834 ] "Dead" store to variable with method call</li>
832									<li>[ 1917352 ] H B se:...field in serializable class</li>
833									<li>[ 1911617 ] CloneIdiom relies on
834										getNameConstantOperand for INSTANCEOF</li>
835									<li>[ 1911620 ] False +: DLS predecrement before return</li>
836									<li>[ 1871376 ] False negative: non-serializable Map field</li>
837									<li>[ 1871051 ] non standard clone() method</li>
838									<li>[ 1908854 ] Error in TestASM</li>
839									<li>[ 1907539 ] 22 minor errors in bug checker
840										documentation</li>
841									<li>[ 1897323 ] EJB implementation class false positives</li>
842									<li>[ 1899648 ] Crash on startup on Vista with Java
843										1.6.0_04</li>
844								</ul>
845							</li>
846						</ul>
847					</li>
848					<li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
849						<ul>
850							<li>new feature: export basic FindBugs numbers for projects
851								via File-&gt;Export-&gt;Java-&gt;BugCounts (Andrey Loskutov)</li>
852							<li>new feature: jobs for different projects will be run in
853								parallel per default if running on a multi-core PC
854								("fb.allowParallelBuild" system property not used anymore)
855								(Andrey Loskutov)</li>
856							<li>fixed performance slowdown in the multi-threaded build,
857								caused by workspace operation locks during assigning marker
858								attributes (Andrey Loskutov)</li>
859						</ul>
860					</li>
861				</ul>
862
863				<p>Changes since version 1.3.1</p>
864
865				<ul>
866					<li>FindBugs base
867						<ul>
868							<li>New Bug Category:
869								<ul>
870									<li>SECURITY (Abbrev: S), A use of untrusted input in a
871										way that could create a remotely exploitable security
872										vulnerability</li>
873								</ul>
874							</li>
875							<li>New Detectors:
876								<ul>
877									<li>CrossSiteScripting: This detector looks for
878										obvious/blatant cases of cross site scripting vulnerabilities</li>
879								</ul>
880							</li>
881							<li>New BugCode:
882								<ul>
883									<li>XSS: Cross site scripting</li>
884								</ul>
885							</li>
886							<li>New Reports:
887								<ul>
888									<li>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP
889										parameter directly written to Servlet output, giving XSS
890										vulnerability</li>
891									<li>XSS_REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter
892										directly written to JSP output, giving XSS vulnerability</li>
893									<li>EQ_OTHER_USE_OBJECT: equals() method defined that
894										doesn't override Object.equals(Object)</li>
895									<li>EQ_OTHER_NO_OBJECT: equals() method inherits rather
896										than overrides equals(Object)</li>
897									<li>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible
898										null pointer dereference on path that might be infeasible</li>
899								</ul>
900							</li>
901							<li>Other:
902								<ul>
903									<li>Added -noClassOk command-line parameter to
904										command-line and ant interfaces; when -noClassOk is specified
905										and no classfiles are given, FindBugs will print a warning
906										message and output a well- formed file with no warnings</li>
907									<li>Fewer false positives for null pointer bugs</li>
908									<li>Suppress dead-local-store false positives in .jsp code</li>
909									<li>Type fixes in warning messages</li>
910									<li>Better warning message for NP_NULL_ON_SOME_PATH</li>
911									<li>"WMI" bug code description renamed from "Wrong Map
912										Iterator" to "Inefficient Map Iterator"</li>
913								</ul>
914							</li>
915							<li>Fixes:
916								<ul>
917									<li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li>
918									<li>[ 1878528 ] XSL xforms don't support history features</li>
919									<li>[ 1876584 ] two default.xsl flaws</li>
920									<li>[ 1874856 ] Format string bug detector doesn't handle
921										special operators</li>
922									<li>[ 1872645 ] computeBugHistory -
923										java.lang.IllegalArgumentException</li>
924									<li>[ 1872237 ] Ant task fails when no .class files</li>
925									<li>[ 1868670 ] Filters: include AND exclude don't allowed</li>
926									<li>[ 1868666 ] check-for-oddness reported, but array
927										length can never be negative</li>
928									<li>[ 1866108 ] SetBugDatabaseInfoTask strips dir from
929										output filename</li>
930									<li>[ 1866021 ] MineBugHistoryTask strips dir of output
931										filename</li>
932									<li>[ 1865265 ] code doesn't handle
933										StringBuffer.append([CII) right</li>
934									<li>[ 1864793 ] Warning when casting a null reference
935										compared to a String</li>
936									<li>[ 1863376 ] Typo in manual chap 8: Filter Files</li>
937									<li>[ 1862705 ] Transient fields that default to null</li>
938									<li>[ 1842545 ] DLS on catch variable (with priority
939										tweaking)</li>
940									<li>[ 1816258 ] false positive BC_IMPOSSIBLE_CAST</li>
941									<li>[ 1551732 ] Get erroneous DLS with while loop</li>
942								</ul>
943							</li>
944						</ul>
945					</li>
946					<li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
947						<ul>
948							<li>new feature: added Bug explorer view (replacing Bug tree
949								view), based on Common Navigator framework (Andrey Loskutov)</li>
950							<li>bug 1873860 fixed: empty projects are no longer shown in
951								Bug tree view (Andrey Loskutov)</li>
952							<li>new feature: bug counts decorators for projects, folders
953								and files (has to be activated via Preferences -&gt; general
954								-&gt; appearance -&gt; label decorations)(Andrey Loskutov)</li>
955							<li>patch 1746499: better icons (Alessandro Nistico)</li>
956							<li>patch 1893685: Find bug actions on change sets bug
957								(Alessandro Nistico)</li>
958							<li>fixed bug 1855384: Bug configuration is broken in
959								Eclipse (Andrey Loskutov)</li>
960							<li>refactored FindBugs properties page (Andrey Loskutov)</li>
961							<li>refactored FindBugs worker/builder/run action (Andrey
962								Loskutov)</li>
963							<li>FB detects now only bugs from classes on project's
964								classpath (no double work on duplicated class files) (Andrey
965								Loskutov)</li>
966							<li>fixed bug introduced by the bad patch for 1867951: FB
967								cannot be executed incrementally on a folder of file (Andrey
968								Loskutov)</li>
969							<li>fixed job rule: now jobs for different projects may run
970								in parallel if running on a multi-core PC and
971								"fb.allowParallelBuild" system property is set to true (Andrey
972								Loskutov)</li>
973							<li>fixed FB auto-build not started if .fbprefs or
974								.classpath was changed (Andrey Loskutov)</li>
975							<li>fixed not reporting bugs on secondary types (classes
976								defined in java files with different name) (Andrey Loskutov)</li>
977						</ul>
978					</li>
979				</ul>
980
981				<p>Changes since version 1.3.0</p>
982				<ul>
983					<li>New Reports
984						<ul>
985							<li>VA_FORMAT_STRING_ARG_MISMATCH: A format-string method
986								with a variable number of arguments is called, but the number of
987								arguments passed does not match with the number of %
988								placeholders in the format string. This is probably not what the
989								author intended.
990							<li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: This code opens a
991								file in append mode and that wraps the result in an object
992								output stream. This won't allow you to append to an existing
993								object output stream stored in a file. If you want to be able to
994								append to an object output stream, you need to keep the object
995								output stream open. The only situation in which opening a file
996								in append mode and the writing an object output stream could
997								work is if on reading the file you plan to open it in random
998								access mode and seek to the byte offset where the append
999								started.
1000							<li>NP_BOOLEAN_RETURN_NULL: A method that returns either
1001								Boolean.TRUE, Boolean.FALSE or null is an accident waiting to
1002								happen. This method can be invoked as though it returned a value
1003								of type boolean, and the compiler will insert automatic unboxing
1004								of the Boolean value. If a null value is returned, this will
1005								result in a NullPointerException.
1006						</ul>
1007					</li>
1008					<li>Changes to Existing Reports
1009						<ul>
1010							<li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -&gt;
1011								STYLE</li>
1012							<li>DMI_INVOKING_TOSTRING_ON_ARRAY: Long description
1013								mentions array name whenever possible</li>
1014						</ul>
1015					</li>
1016					<li>Fixes:
1017						<ul>
1018							<li>Updated manual to mention that Java 1.5 is now a
1019								requirement for running FindBugs
1020							<li>Applied patch 1840206 fixing issue "Ant task does not
1021								work when presetdef is used" - thanks to phejl
1022							<li>Applied patch 1778690 fixing issue "Ant task: tolerate
1023								but complain about invalid auxClasspath" - thanks to David
1024								Schmidt
1025							<li>Applied patch 1852125 adding a Chinese-language GUI
1026								bundle props file - thanks to fifi
1027							<li>Applied patch 1845903 adding ability to load XML results
1028								with the Eclipse plugin - thanks to Alex Mont
1029							<li>Fixed issue 1844671 - "FP for "reversed" null check in
1030								catch for stream close"
1031							<li>Fixed issue 1836050 - "-onlyAnalyze broken"
1032							<li>Fixed issue 1853011 - "Typo: Field names should start
1033								with aN lower case letter"
1034							<li>Fixed issue 1844181 - "JNLP file does not contain all
1035								necessary JARs"
1036							<li>Fixed issue 1840245 - "xxxException class does not
1037								derive from Exception"
1038							<li>Fixed issue 1840277 - "[M D EC] Typo in bug
1039								documentation"
1040							<li>Fixed issue 1782447 - "OutOfMemoryError if i activate
1041								Findbugs on my project"
1042							<li>Fixed issue 1830576 - "[regression] keySet/entrySet
1043								false positive"
1044						</ul>
1045					</li>
1046					<li>Other:
1047						<ul>
1048							<li>New bug code: "IO" (for
1049								IO_APPENDING_TO_OBJECT_OUTPUT_STREAM)</li>
1050							<li>Added "-onlyMostRecent" option for computeBugHistory
1051								script/ant task
1052							<li>More explicit language in
1053								RV_RETURN_VALUE_IGNORED_BAD_PRACTICE messages
1054							<li>Modified ResourceValueAnalysis to correctly identify
1055								null == X or null != X as a null check (for issue 1844671)
1056							<li>Modified DMI_HARDCODED_ABSOLUTE_FILENAME logic in
1057								DumbMethodInvocations to ignore files from /etc or /dev and
1058								increase priority of files from /home
1059							<li>Better bug details for infinite loop warnings
1060							<li>Modified unread-fields detector to reduce false
1061								positives from reflective fields
1062							<li>build.xml "classes" target now builds all sources in one
1063								step
1064						</ul>
1065					</li>
1066				</ul>
1067
1068				<p>Changes since version 1.2.1</p>
1069				<ul>
1070					<li>New Detectors and Reports
1071						<ul>
1072							<li>SynchronizationOnSharedBuiltinConstant
1073								<ul>
1074									<li>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT: The code
1075										synchronizes on a shared primitive constant, such as an
1076										interned String. Such constants are interned and shared across
1077										all other classes loaded by the JVM. Thus, this could be
1078										locking on something that other code might also be locking.
1079										This could result in very strange and hard to diagnose
1080										blocking and deadlock behavior. See <a
1081										href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a>
1082										and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>.
1083
1084								</ul>
1085							</li>
1086							<li>OverridingEqualsNotSymmetrical
1087								<ul>
1088									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals
1089										methods that override equals methods in a superclass where the
1090										equivalence relationship might not be symmetrical.
1091								</ul>
1092							</li>
1093							<li>CheckTypeQualifiers
1094								<ul>
1095									<li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value
1096										specified as carrying a type qualifier annotation is consumed
1097										in a location or locations requiring that the value not carry
1098										that annotation. More precisely, a value annotated with a type
1099										qualifier specifying when=ALWAYS is guaranteed to reach a use
1100										or uses where the same type qualifier specifies when=NEVER.</li>
1101									<li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value
1102										specified as not carrying a type qualifier annotation is
1103										guaranteed to be consumed in a location or locations requiring
1104										that the value does carry that annotation. More precisely, a
1105										value annotated with a type qualifier specifying when=NEVER is
1106										guaranteed to reach a use or uses where the same type
1107										qualifier specifies when=ALWAYS.</li>
1108									<li>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value
1109										that might not carry a type qualifier annotation reaches a use
1110										which requires that annotation.</li>
1111									<li>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value
1112										which might carry a type qualifier annotation reaches a use
1113										which forbids values carrying that annotation.</li>
1114								</ul>
1115							</li>
1116						</ul>
1117					</li>
1118					<li>New Reports (existing detectors)
1119						<ul>
1120							<li>FindHEmismatch
1121								<ul>
1122									<li>EQ_DOESNT_OVERRIDE_EQUALS: This class extends a class
1123										that defines an equals method and adds fields, but doesn't
1124										define an equals method itself. Thus, equality on instances of
1125										this class will ignore the identity of the subclass and the
1126										added fields. Be sure this is what is intended, and that you
1127										don't need to override the equals method. Even if you don't
1128										need to override the equals method, consider overriding it
1129										anyway to document the fact that the equals method for the
1130										subclass just return the result of invoking super.equals(o).</li>
1131								</ul>
1132							</li>
1133							<li>Naming
1134								<ul>
1135									<li>NM_WRONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The
1136										method in the subclass doesn't override a similar method in a
1137										superclass because the type of a parameter doesn't exactly
1138										match the type of the corresponding parameter in the
1139										superclass.</li>
1140									<li>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS: This class has a
1141										simple name that is identical to that of its superclass,
1142										except that its superclass is in a different package (e.g., <code>alpha.Foo</code>
1143										extends <code>beta.Foo</code>). This can be exceptionally
1144										confusing, create lots of situations in which you have to look
1145										at import statements to resolve references and creates many
1146										opportunities to accidently define methods that do not
1147										override methods in their superclasses.
1148									</li>
1149									<li>NM_SAME_SIMPLE_NAME_AS_INTERFACE: This class/interface
1150										has a simple name that is identical to that of an
1151										implemented/extended interface, except that the interface is
1152										in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).
1153										This can be exceptionally confusing, create lots of situations
1154										in which you have to look at import statements to resolve
1155										references and creates many opportunities to accidently define
1156										methods that do not override methods in their superclasses.
1157									</li>
1158								</ul>
1159							<li>FindRefComparison
1160								<ul>
1161									<li>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY: This method
1162										uses using pointer equality to compare two references that
1163										seem to be of different types. The result of this comparison
1164										will always be false at runtime.</li>
1165								</ul>
1166							</li>
1167							<li>IncompatMask
1168								<ul>
1169									<li>BIT_SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This
1170										method compares an expression such as <tt>((event.detail
1171											&amp; SWT.SELECTED) &gt; 0)</tt>. Using bit arithmetic and then
1172										comparing with the greater than operator can lead to
1173										unexpected results (of course depending on the value of
1174										SWT.SELECTED). If SWT.SELECTED is a negative number, this is a
1175										candidate for a bug. Even when SWT.SELECTED is not negative,
1176										it seems good practice to use '!= 0' instead of '&gt; 0'.
1177									</li>
1178								</ul>
1179							</li>
1180							<li>LazyInit
1181								<ul>
1182									<li>LI_LAZY_INIT_UPDATE_STATIC: This method contains an
1183										unsynchronized lazy initialization of a static field. After
1184										the field is set, the object stored into that location is
1185										further accessed. The setting of the field is visible to other
1186										threads as soon as it is set. If the further accesses in the
1187										method that set the field serve to initialize the object, then
1188										you have a <em>very serious</em> multithreading bug, unless
1189										something else prevents any other thread from accessing the
1190										stored object until it is fully initialized.
1191									</li>
1192								</ul>
1193							</li>
1194							<li>FindDeadLocalStores
1195								<ul>
1196									<li>DLS_DEAD_STORE_OF_CLASS_LITERAL: This instruction
1197										assigns a class literal to a variable and then never uses it.
1198										<a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The
1199											behavior of this differs in Java 1.4 and in Java 5.</a> In Java
1200										1.4 and earlier, a reference to <code>Foo.class</code> would
1201										force the static initializer for <code>Foo</code> to be
1202										executed, if it has not been executed already. In Java 5 and
1203										later, it does not. See Sun's <a
1204										href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article
1205											on Java SE compatibility</a> for more details and examples, and
1206										suggestions on how to force class initialization in Java 5.
1207									</li>
1208								</ul>
1209							</li>
1210							<li>MethodReturnCheck
1211								<ul>
1212									<li>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: This method
1213										returns a value that is not checked. The return value should
1214										be checked since it can indication an unusual or unexpected
1215										function execution. For example, the <code>File.delete()</code>
1216										method returns false if the file could not be successfully
1217										deleted (rather than throwing an Exception). If you don't
1218										check the result, you won't notice if the method invocation
1219										signals unexpected behavior by returning an atypical return
1220										value.
1221									</li>
1222									<li>RV_EXCEPTION_NOT_THROWN: This code creates an
1223										exception (or error) object, but doesn't do anything with it.
1224									</li>
1225								</ul>
1226							</li>
1227						</ul>
1228					</li>
1229					<li>Changes to Existing Reports
1230						<ul>
1231							<li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -&gt; STYLE</li>
1232							<li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CORRECTNESS -&gt; STYLE</li>
1233							<li>RC_REF_COMPARISON: CORRECTNESS -&gt; BAD_PRACTICE</li>
1234						</ul>
1235					</li>
1236					<li>GUI Changes
1237						<ul>
1238							<li>Added importing and exporting of bug filters</li>
1239							<li>Better handling of failed analysis runs</li>
1240							<li>Added "-look" parameter for selecting look-and-feel</li>
1241							<li>Fixed incorrect package filtering</li>
1242							<li>Fixed issue where "synchronized" was not
1243								syntax-highlighted</li>
1244						</ul>
1245					</li>
1246					<li>Ant-task Changes
1247						<ul>
1248							<li>Refactored common ant-task code to AbstractFindBugsTask</li>
1249							<li>Added tasks for computeBugHistory, convertXmlToText,
1250								filterBugs, mineBugHistory, setBugDatabaseInfo</li>
1251						</ul>
1252					</li>
1253					<li>Manual
1254						<ul>
1255							<li>Updates to GUI section, including new screenshots</li>
1256							<li>Added description of rejarForAnalysis</li>
1257							<li>Revamp of data-mining section</li>
1258						</ul>
1259					</li>
1260					<li>Other Major
1261						<ul>
1262							<li>Internal restructuring for lower memory overhead</li>
1263						</ul>
1264					</li>
1265					<li>Other Minor
1266						<ul>
1267							<li>Fixed typo: was STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE
1268								now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li>
1269							<li>-outputFile parameter became -output</li>
1270							<li>More sensitivity and specificity inLazyInit detector</li>
1271							<li>More sensitivity and specificity in Naming detector</li>
1272							<li>More sensitivity and specificity in UnreadFields
1273								detector</li>
1274							<li>More sensitivity in FindNullDeref detector</li>
1275							<li>More sensitivity in FindBadCast2 detector</li>
1276							<li>More specificity in FindReturnRef detector</li>
1277							<li>Many other tweaks and bug fixes</li>
1278						</ul>
1279					</li>
1280				</ul>
1281
1282				<p>Changes since version 1.2.0</p>
1283				<ul>
1284					<li>Bug fixes:
1285						<ul>
1286							<li><a
1287								href="http://fisheye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a>
1288								<a
1289								href="http://sourceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a>
1290								with detectors that were requested to be disabled but were
1291								enabled due to requirements of other detectors.</li>
1292							<li>Fix bugs in incremental analysis within Eclipse plugin</li>
1293							<li>Fix some analysis errors</li>
1294							<li>Fix some threading bugs in GUI2</li>
1295							<li>Report version as version when it was compiled, not when
1296								it was run</li>
1297							<li>Copy analysis time stamp when filtering or transforming
1298								analysis files.</li>
1299						</ul>
1300					<li>Enabled StaticCalendarDetector</li>
1301					<li>Reworked GUI2 to use standard FindBugs filters
1302						<ul>
1303							<li>Allow a suppression filter to be stored in a project and
1304								persisted to the XML representation of a project.</li>
1305						</ul>
1306					</li>
1307
1308					<li>Move away from old GUI2 save format (a directory
1309						containing an xml file and another file containing serialized
1310						filters).</li>
1311					<li>Support/recommend use of two new file extensions/formats:
1312						<dl>
1313							<dt>.fba - FindBugs Analysis File</dt>
1314							<dd>Exactly the same as an existing bug collection file
1315								stored in XML format, but using a distinct file extension to
1316								make it easier to figure out which xml files contain FindBugs
1317								results.</dd>
1318							<dt>.fbp - FindBugs Project File</dt>
1319							<dd>Contains just the information needed to run FindBugs and
1320								display the results (e.g., the files to be analyzed, the
1321								auxiliary class path and the location of source files)
1322						</dl>
1323					</li>
1324				</ul>
1325				<p>Changes since version 1.1.3</p>
1326				<ul>
1327					<li>Added -xml:withAbridgedMessages option to generate xml
1328						containing shorter messages. The messages will be shorted by doing
1329						things like eliding package names, and leaving off the source line
1330						from the LongMessage. These messages are appropriate if being used
1331						in a context where the non-message components of the bug
1332						annotations will be used to provide more information (e.g.,
1333						clicking on the message for a MethodAnnotation will display the
1334						source for the method).
1335						<ul>
1336							<li>FindBugsDisplayFeatures.setAbridgedMessages(true) can be
1337								used to generate abridged messages when FindBugs is being
1338								accessed directly (not via generated XML) from a GUI or IDE.</li>
1339						</ul>
1340					<li>In null pointer analysis, try to be better about always
1341						showing two locations: where it is known null and where it is
1342						dereferenced.
1343					<li>Interprocedural analysis of which methods return nonnull
1344						values
1345					<li>Use method calls to select order in which classes are
1346						analyzed, and order in which methods are analyzed, to improve
1347						interprocedural analysis results.
1348					<li>Significant improvements in memory footprint, memory
1349						allocation and CPU utilization (20-30% reduction in all three)
1350					<li>Added a project name, to provide better descriptions in
1351						the HTML output.
1352					<li>Added new bug pattern: Casting to char, or bit masking
1353						with nonnegative value, and then checking to see if the result is
1354						negative.
1355					<li>Stopped reporting transient fields of classes not marked
1356						as serializable. Transient is used by other persistence
1357						frameworks.
1358					<li>Improvements to detector for SQL injection (Thanks to <a
1359						href="http://www.clock.org/~matt">Matt Hargett</a> for his
1360						contributions
1361					<li>Changed open/save options in GUI2 to not distinguish
1362						between FindBugs projects and saved FindBugs analysis results.
1363					<li>Improvements to detection of serious non-short-circuit
1364						evaluation.
1365					<li>Updated Japanese localization (thanks to Ruimo Uno)
1366					<li>Eclipse plugin changes:
1367						<ul>
1368							<li>Created Bug User Annotations and Bug Tree Views
1369							<li>Use different icons for different bug priorities
1370							<li>Provide more information in Bug Details view
1371						</ul>
1372				</ul>
1373
1374				<p>Changes since version 1.1.2:</p>
1375				<ul>
1376					<li>Fixed broken Ant task
1377					<li>Added running ant task to smoke test
1378					<li>Added validating xml and html output to smoke test
1379					<li>Fixed some (but not all) issues with html output
1380						validation
1381					<li>Added check for x.equals(x) and x.compareTo(x)
1382					<li>Various bug fixes
1383				</ul>
1384				<p>Changes since version 1.1.1:</p>
1385				<ul>
1386					<li>Added check for infinite iterative loops</li>
1387					<li>Added check for use of incompatible types in a collection
1388						(e.g., checking to see if a Set&lt;String&gt; contains a
1389						StringBuffer).</li>
1390					<li>Added check for invocations of equals or hashCode on a
1391						URL, which, <a
1392						href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising
1393							many people</a>, requires DNS resolution.
1394					</li>
1395					<li>Added check for classes that define compareTo but not
1396						equals; such classes can exhibit some anomalous behavior (e.g.,
1397						they are treated differently by PriorityQueues in Java 5 and Java
1398						6).</li>
1399					<li>Added a check for useless self operations (e.g., x &lt; x
1400						or x ^ x).</li>
1401					<li>Fixed a data race that could cause the GUI to fail on
1402						startup</li>
1403					<li>Partial internationalization of the new GUI</li>
1404					<li>Fix bug in "Redo analysis" option of new GUI</li>
1405					<li>Tuning to reduce false positives</li>
1406					<li>Fixed a bug in null pointer analysis that was generating
1407						false positive null pointer warnings on exception paths. Fixing
1408						this bug eliminates about 1/4 of the warnings on null pointer
1409						exceptions on exception paths.</li>
1410					<li>Fixed a bug in the processing of phi nodes for fields in
1411						the null pointer analysis</li>
1412					<li>Applied contributed patch that provides more quick fixes
1413						in Eclipse plugin.</li>
1414					<li>Fixed a number of bugs in the Eclipse auto update sites,
1415						and in the way date qualifiers were being used in the Eclipse
1416						plugin. You may need to manually disable your existing version of
1417						the plugin and download the 1.1.2 from the update site to get the
1418						automatic update function working correctly. The Eclipse update
1419						sites are described at <a
1420						href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>.
1421
1422					</li>
1423					<li>Fixed progress bar in Eclipse plugin</li>
1424					<li>A number of other bug fixes.</li>
1425				</ul>
1426
1427				<p>Changes since version 1.1.0:</p>
1428				<ul>
1429					<li>less scanning of classes not on the analysis path (This
1430						was causing some performance problems.)</li>
1431					<li>no unread field warnings for fields annotated with
1432						javax.persistent or javax.ejb3</li>
1433					<li>Eclipse plugin
1434						<ul>
1435							<li>bug annotation info displayed in Bug Details tab</li>
1436							<li>.fbwarnings data file now stored in .metadata (not in
1437								the project itself)</li>
1438						</ul>
1439					</li>
1440					<li>new SE_BAD_FIELD_INNER_CLASS pattern</li>
1441					<li>updates to Japanese translation (ruimo)</li>
1442					<li>fix some internal slashed/dotted path confusion</li>
1443					<li>other minor improvements</li>
1444				</ul>
1445
1446				<p>Changes since version 1.0.0:</p>
1447
1448				<ul>
1449					<li>Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0
1450						has been a big change. We've done a lot of work in a lot of areas,
1451						and aren't even going to try to enumerate all the changes.</li>
1452					<li>We spent a lot of time reviewing the results generated by
1453						FindBugs for open source and commercial code bases, and made a
1454						number of changes, small and large, to minimize the number of
1455						false positives. Our primary focus for this was warnings reported
1456						as high and medium priority correctness warnings. Our internal
1457						evaluation is that we produce very few high/medium priority
1458						correctness warnings where the analysis is actually wrong, and
1459						that more than 75% of the high/medium priority correctness
1460						warnings correspond to real coding defects that need addressing in
1461						the source code. The remaining 25% are largely cases such as a
1462						branch or statement that if taken would lead to an error, but in
1463						fact is a dead branch or statement that can never be taken. Such
1464						coding is confusing and hard to maintain, so it should arguably be
1465						fixed, but it is unlikely to actually result in an error during
1466						execution. Thus, some might classify those warnings as false
1467						positives.</li>
1468					<li>We've substantially improved the analysis for errors that
1469						could result in null pointer dereferences. Overall, our experience
1470						has been that these changes have roughly doubled the number of
1471						null pointer errors we detect, without increasing the number of
1472						false positives (in fact, our false positive rate has gone down).
1473						The improvements are due to four factors:
1474						<ul>
1475							<li>By default, we now do some interprocedural analysis to
1476								determine methods that unconditionally dereference their
1477								parameters.</li>
1478							<li>FindBugs also comes with a model of which JDK methods
1479								unconditionally dereference their parameters.</li>
1480							<li>We do limited tracking of fields, so that we can detect
1481								null values stored in fields that lead to exceptions.</li>
1482							<li>We implemented a new analysis technique to find
1483								guaranteed dereferences. Consider the following example: <pre>public int f(Object x, boolean b) {
1484  int result = 0;
1485  if (x == null) result++;
1486  else result--;
1487  // at this point, we know x is null on a simple path
1488  if (b) {
1489    // at this point, x is only null on a complex path
1490    // we don't know if the path in which x is null and b is true is feasible
1491    return result + x.hashCode();
1492    }
1493  else {
1494    // at this point, x is only null on a complex path
1495    // we don't know if the path in which x is null and b is false is feasible
1496    return result - x.hashCode();
1497    }
1498</pre>
1499
1500								<p>
1501									FindBugs 1.0 used forward dataflow analysis to determine
1502									whether each value is definitely null, null on a simple path,
1503									possible null on a complex path, or definitely nonnull. Thus,
1504									at the statement where
1505									<code> result </code>
1506									is decremented, we know that
1507									<code> x </code>
1508									is definitely null, and at the point before
1509									<code> if (b) </code>
1510									, we know that
1511									<code> x </code>
1512									is null on a simple path. If
1513									<code> x </code>
1514									were to be dereferenced here, we would generate a warning,
1515									because if the else branch of the
1516									<code> if (x == null) </code>
1517									were ever taken, a null pointer exception would result.
1518								</p>
1519
1520								<p>
1521									However, in both the then and else branches of the
1522									<code> if (b) </code>
1523									statement,
1524									<code> x </code>
1525									is only null on a complex path that may be infeasible. It might
1526									be that the program logic is such that if
1527									<code> x </code>
1528									is null, then
1529									<code> b </code>
1530									is never true, so generating a warning about the dereference in
1531									the then clause might be a false positive. We could try to
1532									analyze the program to determine whether it is possible for
1533									<code> x </code>
1534									to be null and
1535									<code> b </code>
1536									to be true, but that can be a hard analysis problem.
1537								</p>
1538
1539								<p>
1540									However,
1541									<code> x </code>
1542									is dereferenced in both the then <em>and</em> else branches of
1543									the
1544									<code> if (b) </code>
1545									statement. So at the point immediately before
1546									<code> if (b) </code>
1547									, we know that
1548									<code> x </code>
1549									is null on a simple path <em>and</em> that
1550									<code> x </code>
1551									is guaranteed to be dereferenced on all paths from this point
1552									forward. FindBugs 1.1 performs a backwards data flow analysis
1553									to determine the values that are guaranteed to be dereferenced,
1554									and will generate a warning in this case.
1555								</p>
1556							</li>
1557						</ul>
1558						<p>
1559							The following screen shot of our new GUI shows an example of this
1560							analysis, as well as showing off our new GUI and points out a
1561							limitation of our current plugins for Eclipse and NetBeans. The
1562							screen shot shows a null pointer bug in HelpDisplay.java. The
1563							test for
1564							<code> href!=null </code>
1565							on line 78 suggests that
1566							<code> href </code>
1567							could be null. If it is, then
1568							<code> href </code>
1569							will be dereferenced on either line 87 or on line 90, generating
1570							a NPE. Note that our analysis here also understands that passing
1571							<code> href </code>
1572							to
1573							<code> URLEncoder.encode </code>
1574							will deference it, and thus treats line 87 as a dereference, even
1575							though
1576							<code> href </code>
1577							is not actually dereferenced at that line. Within our new GUI,
1578							all of these locations are highlighted and listed in the summary
1579							panel. In the original GUI (and in HTML output) we list all of
1580							the locations, but only the primary location is highlighted by
1581							the original GUI. In the Eclipse and NetBeans plugins, only the
1582							primary location is displayed; fixing this is on our todo list
1583							(contributions welcome).
1584						</p>
1585						<p>
1586							<img src="guaranteedDereference.png" alt="">
1587
1588
1589						</p>
1590
1591					</li>
1592					<li>Preliminary support for detectors using the frameworks
1593						other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a>
1594						bytecode framework. You may experiment with writing ASM-based
1595						detectors, but beware the API may still change (which could
1596						possibly also affect BCEL-based detectors). In general, we've
1597						started trying to move away from a deep dependence on BCEL, but
1598						that change is only partially complete. Probably best to just
1599						avoid this until we complete more work on this. This change is
1600						only visible to FindBugs plugin developers, and shouldn't be
1601						visible to FindBugs users.
1602					</li>
1603					<li>
1604						<p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no
1605							longer hard-coded, but rather defined in xml files associated
1606							with plugins, including the core plugin which defines the
1607							standard categories. Third-party plugins can define their own
1608							categories.</p>
1609					</li>
1610					<li>
1611						<p>Several bug patterns have been moved from CORRECTNESS and
1612							STYLE into a new category, BAD_PRACTICE. The English localization
1613							of STYLE has changed from "Style" to "Dodgy."</p>
1614						<p>In general, we've worked very hard to limit CORRECTNESS
1615							bugs to be real programming errors and sins of commission. We
1616							have reclassified as BAD_PRACTICE a number of bad design
1617							practices that result in overly fragile code, such as defining an
1618							equals method that doesn't accept null or defining class with a
1619							equals method that inherits hashCode from class Object.</p>
1620						<p>In general, our guidelines for deciding whether a bug
1621							should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p>
1622						<dl>
1623							<dt>CORRECTNESS</dt>
1624							<dd>A problem that we can recognize with high confidence and
1625								is an issue that we believe almost all developers would want to
1626								examine and address. We recommend that software teams review all
1627								high and medium priority warnings in their entire code base.</dd>
1628							<dt>BAD_PRACTICE</dt>
1629							<dd>A problem that we can recognize with high confidence and
1630								represents a clear violation of recommended and standard coding
1631								practice. We believe each software team should decide which bad
1632								practices identified by FindBugs it wants to prohibit in the
1633								team's coding standard, and take action to remedy violations of
1634								those coding standards.</dd>
1635							<dt>STYLE</dt>
1636							<dd>These are places where something strange or dodgy is
1637								going on, such as a dead store to a local variable. Typically,
1638								less than half of these represent actionable programming
1639								defects. Reviewing these warnings in any code under active
1640								development is probably a good idea, but reviewing all such
1641								warnings in your entire code base might be appropriate only in
1642								some situations. Individual or team programming styles can
1643								substantially influence the effectiveness of each of these
1644								warnings (e.g., you might have a coding practice or style in
1645								your group that confuses one of the detectors into generating a
1646								lot of STYLE warnings); you will likely want to selectively
1647								suppress or report the STYLE warnings that are effective for
1648								your group.</dd>
1649						</dl>
1650					</li>
1651					<li>Released a preliminary version of a new GUI (known
1652						internally as GUI2 -- not very creative, huh?)</li>
1653					<li>Provided standard ways to mark user designations of bug
1654						warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic
1655						now records this, it is represented in the XML file, and GUI2
1656						allows the designations to be applied (along with free-form user
1657						annotations about each warning). The user designations and
1658						annotations are not yet supported by the Eclipse plugin, but we
1659						clearly want to support it in Eclipse shortly.</li>
1660					<li>Added a check for a bad comparison with a signed byte with
1661						a value not in the range -128..127. For example: <pre>boolean find200(byte b[]) {
1662  for(int i = 0; i &lt; b.length; i++) if (b[i] == 200) return i;
1663  return -1;
1664}
1665</pre>
1666					</li>
1667					<li>Added a checking for testing if a value is equal to
1668						Double.NaN (no value is equal to NaN, not even NaN).</li>
1669					<li>Added a check for using a class with an equals method but
1670						no hashCode method in a hashed data structure.</li>
1671					<li>Added check for uncallable method of an anonymous inner
1672						class. For example, in the following code, it is impossible to
1673						invoke the initalValue method (because the name is misspelled and
1674						as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new ThreadLocal() {
1675         protected synchronized Object initalValue() {
1676             return new Integer(nextSerialNum++);
1677         }
1678     };
1679</pre>
1680					</li>
1681					<li>Added check for a dead local store caused by a switch
1682						statement fall through</li>
1683					<li>Added check for computing the absolute value of a random
1684						32 bit integer or of a hashcode. This is broken because <code>
1685							Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE </code> , and thus
1686						result of calling Math.abs, which is expected to be nonnegative,
1687						will in fact be negative one time out of 2 <sup> 32 </sup> , which
1688						will invariably be the time your boss is demoing the software to
1689						your customers.
1690
1691					</li>
1692					<li>More careful resolution of inherited methods and fields.
1693						Some of the shortcuts we were taking in FindBugs 1.0.0 were
1694						leading to inaccurate results, and it was fairly easy to address
1695						this by making the analysis more accurate.</li>
1696					<li>Overall, analysis times are about 1.6 times longer in
1697						FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have
1698						enabled substantial additional analysis at the default effort
1699						level (the actual analysis engine is significantly faster than in
1700						FindBugs 1.0). On a recent AMD Athlon processor, analyzing
1701						JDK1.6.0 (about 1 million lines of code) requires about 15 minutes
1702						of wall clock time.</li>
1703					<li>Provided class and script (printClass) to print classfile
1704						in the human readable format produced by BCEL</li>
1705					<li>Provided -findSource option to setBugDatabaseInfo</li>
1706				</ul>
1707
1708
1709				<p>Changes since version 0.9.7:</p>
1710
1711				<ul>
1712					<li>fix ObjectTypeFactory bug that was suppressing some bugs</li>
1713					<li>opcode stack may determine definite zeros on some paths</li>
1714					<li>opcode stack can track some constant string concatenations
1715						(dbrosius)</li>
1716					<li>default effort performs iterative opcode analysis (but min
1717						effort does not)</li>
1718					<li>default heap size upped to 384m</li>
1719					<li>schema for XML output available: bugcollection.xsd</li>
1720					<li>fixed some internal confusion between dotted and slashed
1721						class names</li>
1722					<li>New detectors
1723						<ul>
1724							<li>CheckImmutableAnnotation.java: checks JCIP annotations</li>
1725						</ul>
1726					</li>
1727					<li>Updated detectors
1728						<ul>
1729							<li>BadRegEx.java: understands Pattern.LITERAL, warns about
1730								"."</li>
1731							<li>FindUnreleasedLock.java: fewer false positives</li>
1732							<li>DumbMethods.java: check for vacuous comparisons to
1733								MAX_INTEGER or MIN_INTEGER, fix bugs detecting
1734								DM_NEXTINT_VIA_NEXTDOUBLE</li>
1735							<li>FindPuzzlers.java: detect <tt>n%2==1</tt>, detect
1736								toString() on array types
1737							</li>
1738							<li>FindInconsistentSync2.java: detects IS_FIELD_NOT_GUARDED
1739							</li>
1740							<li>MethodReturnCheck.java: add check for discarded newly
1741								constructed values, increase priority of some ignored
1742								constructed exceptions, better handling of bytecode compiled by
1743								Eclipse</li>
1744							<li>FindEmptySynchronizedBlock.java: better handling of
1745								bytecode compiled by Eclipse</li>
1746							<li>DoInsideDoPrivileged.java: warn if call to setAccessible
1747								isn't in doPriviledged, don't report private methods</li>
1748							<li>LoadOfKnownNullValue.java: fix bug that was reporting
1749								false positives on <code> finally </code> blocks
1750							</li>
1751							<li>CheckReturnAnnotationDatabase.java: better checks for
1752								unstarted threads</li>
1753							<li>ConfusionBetweenInheritedAndOuterMethod.java: fewer
1754								false positives, fixed a package-handling bug</li>
1755							<li>BadResultSetAccess.java: separate bug pattern for
1756								PreparedStatements, <code> BRZA </code> category folded into <code>
1757									SQL </code> category
1758							</li>
1759							<li>FindDeadLocalStores.java, FindBadCast2.java,
1760								DumbMethods.java, RuntimeExceptionCapture.java: coalesce similar
1761								bugs within a method into a single bug instance with multiple
1762								source lines</li>
1763						</ul>
1764					</li>
1765					<li>Eclipse plugin
1766						<ul>
1767							<li>plugin ID changed from <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt>
1768							</li>
1769							<li>support for findbugs eclipse auto-update site</li>
1770						</ul>
1771					</li>
1772					<li>Updated test case files
1773						<ul>
1774							<li>BadRegEx.java</li>
1775							<li>JSR166.java</li>
1776							<li>ConcurrentModificationBug.java</li>
1777							<li>DeadStore.java</li>
1778							<li>InstanceOf.java</li>
1779							<li>LoadKnownNull.java</li>
1780							<li>NeedsToCheckReturnValue.java</li>
1781							<li>BadResultSetAccessTest.java</li>
1782							<li>DeadStore.java</li>
1783							<li>TestNonNull2.java</li>
1784							<li>TestImmutable.java</li>
1785							<li>TestGuardedBy.java</li>
1786							<li>BadRandomInt.java</li>
1787							<li>six test cases added to new <code> TigerTraps </code>
1788								directory
1789							</li>
1790						</ul>
1791					</li>
1792					<li>fix bug that was generating duplicate uids</li>
1793					<li>fix bug with <code> -onlyAnalyze some.package.* </code> on
1794						jdk1.4
1795					</li>
1796					<li>fix regression bug in
1797						DismantleByteCode.getRefConstantOperand()</li>
1798					<li>fix some minor bugs with the Swing GUI</li>
1799					<li>reordered some bugInstances so that source line
1800						annotations come last</li>
1801					<li>removed references to unused java system properties</li>
1802					<li>French translation updates (David Cotton)</li>
1803					<li>Japanese translation updates (Hanai Shisei)</li>
1804					<li>content cleanup for findbugs.xml and messages.xml</li>
1805					<li>references to cvs hostname updated to
1806						findbugs.cvs.sourceforge.net</li>
1807					<li>documented xdoc output options, new
1808						mineBugHistory/computeBugHistory options</li>
1809				</ul>
1810
1811				<p>Changes since version 0.9.6:</p>
1812
1813				<ul>
1814					<li>performance improvements</li>
1815					<li>ObjectType instances are cached to reduce memory footprint
1816					</li>
1817					<li>for performance and memory reasons stateless detectors are
1818						no longer cloned, must clear their own state between .class files
1819					</li>
1820					<li>fixed bug in bytecode-set lookup for methods (was causing
1821						bad results for IS2, perhaps others)</li>
1822					<li>fix some OpcodeStack bugs with integer and long
1823						operations, perform iterative analysis when effort is <tt>max</tt>
1824					</li>
1825					<li>HTML output includes LongMessage text again (regression in
1826						0.95 - 0.96)</li>
1827					<li>New detectors
1828						<ul>
1829							<li>CalledMethods.java: builds a list of invoked methods for
1830								other detectors to consult (non-reporting)</li>
1831							<li>UncallableMethodOfAnonymousClass.java: detect anonymous
1832								inner classes that define methods that are probably intended to
1833								but do not override methods in a superclass.</li>
1834						</ul>
1835					</li>
1836					<li>Updated detectors
1837						<ul>
1838							<li>FindFieldSelfAssignment.java: recognize separate fields
1839								with the same name (one from superclass)</li>
1840							<li>FindLocalSelfAssignment2.java: handles backward branches
1841								better (Dave Brosius)</li>
1842							<li>FindBadCast2.java: BC_NULL_INSTANCEOF changed to
1843								NP_NULL_INSTANCEOF</li>
1844							<li>FindPuzzlers.java: eliminate false positive on setDate()
1845								(Dave Brosius)</li>
1846						</ul>
1847					</li>
1848					<li>Eclipse plugin
1849						<ul>
1850							<li>fix serious threading bug</li>
1851							<li>preferences for Filters and effort (Peter Hendriks)</li>
1852							<li>French localization (David Cotton)</li>
1853							<li>fix bug when reporting inner classes (Peter Friese)</li>
1854						</ul>
1855					</li>
1856					<li>Updated test case files
1857						<ul>
1858							<li>Mwn.java (Carl Burke/Dave Brosius)</li>
1859							<li>DumbMethodInvocations.java (Anto paul/Dave Brosius)</li>
1860							<!--sic-->
1861						</ul>
1862					</li>
1863					<li>XML output includes garbage collection duration</li>
1864					<li>French messages updated (David Cotton)</li>
1865					<li>Swing GUI shows file name after Load Bugs command</li>
1866					<li>Ant task to launch the findbugs frame (Mark McKay)</li>
1867					<li>miscellaneous code cleanup</li>
1868				</ul>
1869
1870				<p>Changes since version 0.9.5:</p>
1871
1872				<ul>
1873					<li>Updated detectors
1874						<ul>
1875							<li>FindNullDeref.java: respect NonNull and CheckForNull
1876								field annotations</li>
1877							<li>SerializableIdiom.java: detect non-private readObject
1878								and writeObject methods</li>
1879							<li>FindRefComparison.java: smarter array comparison
1880								detection</li>
1881							<li>IsNullValueAnalysis.java: detect <tt>null
1882									instanceof</tt>
1883							</li>
1884							<li>FindLocalSelfAssignment2.java: suppress some false
1885								positives (Dave Brosius)</li>
1886							<li>FindUnreleasedLock.java: don't waste time processing
1887								classes that don't refer to java.util.concurrent.locks</li>
1888							<li>MutableStaticFields.java: report the source line (Dave
1889								Brosius)</li>
1890							<li>SwitchFallthrough.java: better handling of System.exit()
1891								(Dave Brosius)</li>
1892							<li>MultithreadedInstanceAccess.java: better handling of
1893								Servlet.init() (Dave Brosius)</li>
1894							<li>ConfusionBetweenInheritedAndOuterMethod.java: now
1895								enabled</li>
1896						</ul>
1897					</li>
1898					<li>Eclipse plugin
1899						<ul>
1900							<li>background processing (Peter Friese)</li>
1901							<li>internationalization, Japanese localization (Takashi
1902								Okamoto)</li>
1903						</ul>
1904					</li>
1905					<li>findbugs <tt>-onlyAnalyze</tt> option now works on windows
1906						platforms
1907					</li>
1908					<li>mineBugHistory <tt>-noTabs</tt> option for better
1909						alignment of output columns
1910					</li>
1911					<li>filterBugs <tt>-fixed</tt> option (also: will now
1912						recognize the most recent version string)
1913					</li>
1914					<li>XML output includes running time and memory usage data</li>
1915					<li>miscellaneous minor corrections to the manual</li>
1916					<li>better bytecode analysis of the <tt>iinc</tt> instruction
1917					</li>
1918					<li>fix bug in null pointer analysis</li>
1919					<li>improved catch block heuristics</li>
1920					<li>some type analysis tweaks</li>
1921					<li>Bug priority changes
1922						<ul>
1923							<li>DumbMethodInvocations.java: decrease priority of
1924								hard-coded <tt>/tmp</tt> filenames
1925							</li>
1926							<li>ComparatorIdiom.java: decrease priority of
1927								non-serializable anonymous comparators</li>
1928							<li>FindSqlInjection.java: decrease priority of appending a
1929								constant or a static</li>
1930						</ul>
1931					</li>
1932					<li>Updated bug explanations
1933						<ul>
1934							<li>NM_VERY_CONFUSING (Dave Brosius)</li>
1935						</ul>
1936					</li>
1937					<li>Updated test case files
1938						<ul>
1939							<li>BadStoreOfNonSerializableObject.java</li>
1940							<li>BadRandomInt.java</li>
1941							<li>TestFieldAnnotations.java</li>
1942							<li>UseInitCause.java</li>
1943							<li>SqlInjection.java</li>
1944							<li>ArrayEquality.java</li>
1945							<li>BadIntegerOperations.java</li>
1946							<li>Pilhuhn.java</li>
1947							<li>InstanceOf.java</li>
1948							<li>SwitchFallthrough.java (Dave Brosius)</li>
1949						</ul>
1950					</li>
1951					<li>fix URL decoding bug when running under Java Web Start
1952						(Dave Brosius)</li>
1953					<li>distribution includes <tt>project.xml</tt> file for
1954						NetBeans
1955					</li>
1956				</ul>
1957
1958				<p>Changes since version 0.9.4:</p>
1959				<ul>
1960					<li>New detectors
1961						<ul>
1962							<li>VarArgsProblems.java</li>
1963							<li>FindSqlInjection.java: now enabled</li>
1964							<li>ComparatorIdiom.java: comparators usually implement
1965								serializable</li>
1966							<li>Naming.java: detect methods not overridden due to
1967								eponymously typed args from different packages</li>
1968						</ul>
1969					</li>
1970					<li>Updated detectors
1971						<ul>
1972							<li>SwitchFallthrough.java: surpress some false positives</li>
1973							<li>DuplicateBranches.java: surpress some false positives</li>
1974							<li>IteratorIdioms.java: surpress some false positives</li>
1975							<li>FindHEmismatch.java: surpress some false positives</li>
1976							<li>QuestionableBooleanAssignment.java: finds more cases of
1977								<tt>if (b=true)</tt> ilk
1978							</li>
1979							<li>DumbMethods.java: detect int remainder by 1, delayed gc
1980								errors</li>
1981							<li>SerializableIdiom.java: detect store of nonserializable
1982								object into field of serializable class</li>
1983							<li>FindNullDeref.java: fix potential exception</li>
1984							<li>IsNullValue.java: fix potential exception</li>
1985							<li>MultithreadedInstanceAccess.java: fix potential
1986								exception</li>
1987							<li>PreferZeroLengthArrays.java: flag the method, not the
1988								line</li>
1989						</ul>
1990					</li>
1991					<li>Remove some inadvertent dependencies on JDK 1.5</li>
1992					<li>Sort order should be more consistent</li>
1993					<li>XML output changes
1994						<ul>
1995							<li>Option to sort XML bug output</li>
1996							<li>Now contains instance IDs</li>
1997							<li>uid no longer missing (was causing problems with fancy
1998								HTML output)</li>
1999							<li>Typo fixed</li>
2000						</ul>
2001					</li>
2002					<li>Internal changes to track source files, <tt>-sourceInfo</tt>
2003						option
2004					</li>
2005					<li>Bug matching: first try exact bug pattern matching, option
2006						to compare priorities, option to disable package moves</li>
2007					<li>Architecture documentation in <tt>design/architecture</tt>
2008					</li>
2009					<li>Test cases move into their own CVS project</li>
2010					<li>Don't report warnings that occur outside the analyzed
2011						classes</li>
2012					<li>Fixes to the build.xml files</li>
2013					<li>Better handling of @CheckReturnValue and @CheckForNull
2014						annotations (also, some additional methods searched for check
2015						return value and check for null)</li>
2016					<li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave
2017						Brosius)
2018					</li>
2019					<li>Bug priority changes
2020						<ul>
2021							<li>increase priority of ignoring return value of
2022								java.sql.Connection methods</li>
2023							<li>increase priority of comparing classes like Integer
2024								using <tt>==</tt>
2025							</li>
2026							<li>decrease priority of IT_NO_SUCH_ELEMENT if we see any
2027								call to <tt>next()</tt>
2028							</li>
2029							<li>tweak priority of NM_METHOD_CONSTRUCTOR_CONFUSION</li>
2030							<li>decrease priority of RV_RETURN_VALUE_IGNORED for an
2031								inherited annotation that doesn't return same type as class</li>
2032						</ul>
2033					</li>
2034					<li>Updated bug explanations
2035						<ul>
2036							<li>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</li>
2037							<li>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</li>
2038							<li>IMA_INEFFICIENT_MEMBER_ACCESS (Dave Brosius)</li>
2039							<li>some Japanese improvements to messages_ja.xml ( <tt>ruimo</tt>)
2040							</li>
2041							<li>some German improvements to findbugs_de.properties (Dave
2042								Brosius, <tt>dvholten</tt>)
2043							</li>
2044						</ul>
2045					</li>
2046					<li>Updated test case files
2047						<ul>
2048							<li>BadIntegerOperations.java</li>
2049							<li>SecondKaboom.java</li>
2050							<li>OpenDatabase.java (Dave Brosius)</li>
2051							<li>FindOpenStream.java (Dave Brosius)</li>
2052							<li>BadRandomInt.java</li>
2053						</ul>
2054					</li>
2055					<li>Source-lines info maintained for methods (handy for
2056						abstract and native methods)</li>
2057					<li>Remove surrounding opcodes from source line annotations</li>
2058					<li>Better error when can't read file</li>
2059					<li>Swing GUI: removed console pane from FindBugsFrame, fix
2060						missing classes bug</li>
2061					<li>Fixes to OpcodeStack.java</li>
2062					<li>Detectors may attach a custom value to an OpcodeStack.Item
2063						(Dave Brosius)</li>
2064					<li>Filter.java: ability to add text messages to XML output,
2065						fix bug with <tt>-withMessages</tt>
2066					</li>
2067					<li>SourceInfoMap supports ranges of source lines</li>
2068					<li>Ant task supports the <tt>timestampNow</tt> attribute
2069					</li>
2070				</ul>
2071
2072				<p>Changes since version 0.9.3:</p>
2073				<ul>
2074					<li>Substantial rework of datamining code</li>
2075					<li>Removed bogus warnings about await on things other than
2076						Condition not being in a loop</li>
2077					<li>Fixed bug in OpcodeStack handling of dup2 of long/double
2078						values</li>
2079					<li>Don't report array types as missing classes</li>
2080					<li>Adjustment of some warnings on ignored return values</li>
2081					<li>Added thread safety annotations from Java Concurrency in
2082						Practice (no detectors written for these yet)</li>
2083					<li>Added annotation for methods that, if overridden, should
2084						be invoked by overriding methods via a call to super</li>
2085					<li>Updated -html:fancy.xsl (Etienne Giraudy)</li>
2086				</ul>
2087
2088				<p>Note: there was no version 0.9.2</p>
2089
2090				<p>Changes since version 0.9.1:</p>
2091				<ul>
2092					<!-- New detectors -->
2093					<li>Embellish USM to find abstract methods that implement an
2094						interface method (Dave Brosius)</li>
2095					<li>New detector to find stores of literal booleans inside if
2096						or while expressions (Dave Brosius)</li>
2097					<li>New style detector to find final classes that declare
2098						protected fields (Dave Brosius)</li>
2099					<li>New detector to find subclass methods that simply forward,
2100						verbatim, to the super class (Dave Brosius)</li>
2101					<li>Detector to find instances where code is attempting to
2102						write an object out via an implementation of DataOutput, but the
2103						object is not guaranteed to be Serializable (Jon Christiansen,
2104						Bill Pugh)</li>
2105
2106					<!-- Feature enhancements -->
2107					<li>Large (35%) analysis speedup (Bill Pugh)</li>
2108					<li>Add line numbers to Swing GUI code panel (Dave Brosius)</li>
2109					<li>Added effort options to Swing GUI (Dave Brosius)</li>
2110					<li>Add ability to specify bugs file to open from command line
2111						for GUI version, through -loadbugs (Phillip Martin)</li>
2112					<li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt>
2113						(Chris Nappin)
2114					</li>
2115					<li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt>
2116						(Etienne Giraudy)
2117					</li>
2118					<li>Updated Japanese bug message translations (Shisei Hanai)</li>
2119
2120					<!-- Bug fixes -->
2121					<li>XHTML compliance fixes for bug details (Etienne Giraudy)</li>
2122					<li>Various detector fixes (Shisei Hanai)</li>
2123					<li>Fixed bugs in the project preferences dialog int the
2124						Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li>
2125					<li>Lowered priority of analysis thread in Swing GUI (David
2126						Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)</li>
2127					<li>Fixed EclipsePlugin to correctly pick up auxclasspath
2128						entries (Jon Christiansen)</li>
2129				</ul>
2130
2131				<p>Changes since version 0.9.0:</p>
2132				<ul>
2133					<li>Fixed dependence on JRE 1.5: all features should work on
2134						JRE 1.4 again</li>
2135					<li>Fixed -effort command line option handling for Swing GUI</li>
2136					<li>Fixed conserveSpace and workHard attributes int Ant task</li>
2137					<li>Added support for effort attribute in Ant task</li>
2138				</ul>
2139
2140				<p>Changes since version 0.8.8:</p>
2141				<ul>
2142					<!-- New detectors and bug patterns -->
2143					<li>XMLFactoryBypass detector to find direct allocation of xml
2144						class implementations (Dave Brosius)</li>
2145					<li>InefficientMemberAccess detector to find accesses to
2146						owning class private members (Dave Brosius)</li>
2147					<li>DuplicateBranches detector checks switch statements too
2148						(Dave Brosius)</li>
2149
2150					<!-- Feature enhancements -->
2151					<li>FindBugs available from findbugs.sourceforge.net as Java
2152						Web Start application (Dave Brosius)</li>
2153					<li>Updated Japanese bug message translations (Shisei Hanai)</li>
2154					<li>Improved bug detail message for covariant equals() (Shisei
2155						Hanai)</li>
2156					<li>Modeling of instanceof checks is now enabled by default,
2157						making the bad cast detector much more useful (Bill Pugh, David
2158						Hovemeyer)</li>
2159					<li>Support for detector ordering constraints in plugin
2160						descriptor (David Hovemeyer)</li>
2161					<li>Simpler option to control analysis effort: -effort: <i>value</i>,
2162						where <i>value</i> is one of <code> min </code> , <code>
2163							default </code> , or <code> max </code> (David Hovemeyer)
2164					</li>
2165					<li>Using -effort:max, FindNullDeref checks for null arguments
2166						passed to methods which dereference them unconditionally (David
2167						Hovemeyer)</li>
2168					<li>FindNullDeref checks @Null and @NonNull annotations for
2169						parameters and return values (David Hovemeyer)</li>
2170
2171					<!-- Bug fixes -->
2172				</ul>
2173
2174				<p>Changes since version 0.8.7:</p>
2175
2176				<ul>
2177					<!-- New detectors and bug patterns -->
2178					<li>New detector to find duplicate code in if/else statements
2179						(Dave Brosius)</li>
2180					<li>Look for calls to wait() on Condition objects (David
2181						Hovemeyer)</li>
2182					<li>Look for java.util.concurrent.Lock objects not released on
2183						every path out of method (David Hovemeyer)</li>
2184					<li>Look for calls to Thread.sleep() with a lock held (David
2185						Hovemeyer)</li>
2186					<li>More accurate detection of impossible casts (Bill Pugh,
2187						David Hovemeyer)</li>
2188
2189					<!-- Feature enhancements -->
2190					<li>Saved XML now contains project statistics (Jay Dunning)</li>
2191					<li>Filter files can select by bug pattern type and warning
2192						priority (David Hovemeyer)</li>
2193
2194					<!-- Bug fixes -->
2195					<li>Restored some files inadvertently omitted from previous
2196						release (Rohan Lloyd, David Hovemeyer)</li>
2197					<li>Make sure detectors requiring JDK 1.5 runtime classes are
2198						only executed if those classes are available (David Hovemeyer)</li>
2199					<li>Don't display analysis error dialog unless there is really
2200						an error (David Hovemeyer)</li>
2201					<li>Updated and expanded French translations of bug patterns
2202						and Swing GUI (Olivier Parent)</li>
2203					<li>Fixed invalid character encoding in German Swing GUI
2204						translation (Olivier Parent)</li>
2205					<li>Fix locale used for date format in project stats (K.
2206						Hashimoto)</li>
2207					<li>Fixed LongDescription elements in xml:withMessages output
2208						format (K. Hashimoto)</li>
2209				</ul>
2210
2211				<p>Changes since version 0.8.6:</p>
2212
2213				<ul>
2214					<!-- new detectors -->
2215					<li>Extend Naming detector to look for classes that are named
2216						XXXException but that are not Exceptions (Dave Brosius)</li>
2217					<li>New detector to find classes that expose semaphores in the
2218						public implementation through the 'this' reference. (Dave Brosius)
2219					</li>
2220					<li>New Style detector to find Struts Action/Servlet derived
2221						classes that reference instance member variable not in
2222						synchronized blocks. (Dave Brosius)</li>
2223					<li>New Style detector to find classes that declare
2224						implementation of interfaces that are already implemented by super
2225						classes (Dave Brosius)</li>
2226					<li>New Style detector to find circular dependencies between
2227						classes (Dave Brosius)</li>
2228					<li>New Style detector to find unnecessary math on constants
2229						(Dave Brosius)</li>
2230					<li>New detector to find equality comparisons using floating
2231						point math (Jay Dunning)</li>
2232					<li>New faster detector to find local self assignments (Bill
2233						Pugh)</li>
2234					<li>New detector to find infinite recursive loops (Bill Pugh)
2235					</li>
2236					<li>New detector to find for loops with an incorrect increment
2237						(Bill Pugh)</li>
2238					<li>New detector to find suspicious uses of
2239						BufferedReader.readLine() and String.indexOf() (Bill Pugh)</li>
2240					<li>New detector to find suspicious integer to double casts
2241						(David Hovemeyer, Bill Pugh)</li>
2242					<li>New detector to find invalid regular expression patterns
2243						(Bill Pugh)</li>
2244					<li>New detector to find Bloch/Gafter Java puzzlers (Bill
2245						Pugh)</li>
2246
2247					<!-- feature enhancements -->
2248					<li>New system property to suppress reporting of DLS based on
2249						local variable name (Glenn Boysko)</li>
2250					<li>Enhancements to configuration dialog in Eclipse plugin,
2251						allow for saving enabled detectors in Eclipse projects (Phil
2252						Crosby)</li>
2253					<li>Sortable columns in detector dialog (Dave Brosius)</li>
2254					<li>New tab in gui for showing bugs grouped by category (Dave
2255						Brosius)</li>
2256					<li>Improved German translation of Swing GUI (Thomas Kuehne)</li>
2257					<li>Improved source file reporting in Emacs output format (Len
2258						Trigg)</li>
2259					<li>Improvements to redundant null comparison detector (Bill
2260						Pugh)</li>
2261					<li>Localization of run analysis and analysis error dialogs in
2262						Swing GUI (K. Hashimoto)</li>
2263
2264					<!-- Bug fixes -->
2265					<li>Don't scan equals methods in FindHEMismatch if code is
2266						native (Greg Bentz)</li>
2267					<li>French translation fixes (David Cotton)</li>
2268					<li>Internationalization report fixes (K. Hashimoto)</li>
2269					<li>Japanese translations updates (SHISEI Hanai)</li>
2270				</ul>
2271
2272				<p>Changes since version 0.8.5:</p>
2273				<ul>
2274					<!-- new detectors -->
2275					<li>New detector to find catch blocks that may inadvertently
2276						catch runtime exceptions (Brian Goetz)</li>
2277					<li>New detector to find objects that are instantiated based
2278						on classes that only have static methods and fields, using the
2279						synthesized constructor (Dave Brosius)</li>
2280					<li>New detector to find calls to Thread.interrupted() in a
2281						non static context, and especially with non currentThread()
2282						threads (Dave Brosius)</li>
2283					<li>New detector to find calls to equals() methods that use
2284						Object's version. (Dave Brosius)</li>
2285					<li>New detector to find Applets that call methods in the
2286						constructor refering to the AppletStub (Dave Brosius)</li>
2287					<li>New detector to find some cases of infinite recursion
2288						(Bill Pugh)</li>
2289					<li>New detector to find dead stores to local variables (David
2290						Hovemeyer, Bill Pugh)</li>
2291					<li>Extend Dumb Method detector for toUpperCase(),
2292						toLowerCase() without a locale, new Integer(1).toString(), new
2293						XXX().getClass(), and new Thread() without a run implementation
2294						(Dave Brosius) <!-- feature enhancements -->
2295					</li>
2296					<li>Ant task supports "errorProperty" attribute, which sets an
2297						Ant property to "true" if an error occurs running FindBugs
2298						(Michael Tamm)</li>
2299					<li>Eclipse plugin allows filtering of warnings by bug
2300						category, priority (David Hovemeyer)</li>
2301					<li>Swing GUI allows filtering of warnings by bug category
2302						(David Hovemeyer)</li>
2303					<li>Ability to annotate methods using Java 1.5 annotations
2304						that suppress FindBugs warnings (Bill Pugh)</li>
2305					<li>New -adjustExperimental for lowering priority of
2306						BugPatterns that are experimental (Dave Brosius)</li>
2307					<li>Allow for command line options 'files' using the @ symbol
2308						(David Hovemeyer)</li>
2309					<li>New -adjustPriority command line option to for adjusting
2310						bug priorites (David Hovemeyer)</li>
2311					<li>Added an Edit menu (cut/copy/paste) to Swing GUI (Dave
2312						Brosius)</li>
2313					<li>French translation supplied (David Cotton) <!-- Bug fixes -->
2314					</li>
2315				</ul>
2316
2317				<p>Changes since version 0.8.4:</p>
2318				<ul>
2319					<!-- new detectors -->
2320					<li>New detector for volatile references to arrays (Bill Pugh)
2321					</li>
2322					<li>New detector to find instanceof usage where inheritance
2323						can be determined statically (Dave Brosius)</li>
2324					<li>New detector to find ResultSet.getXXX updateXXX calls
2325						using index 0 (Dave Brosius)</li>
2326					<li>New detector to find empty zip or jar entries (Bill Pugh)
2327
2328						<!-- feature enhancements -->
2329					</li>
2330					<li>HTML output generation using built-in XSLT stylesheet or
2331						user-defined stylesheet (David Hovemeyer)</li>
2332					<li>Allow URLs to be specified to analyze zip/jar files, local
2333						directories, and single classfiles (David Hovemeyer)</li>
2334					<li>New command line option -onlyAnalyze restricts analysis to
2335						selected classes and packages without reducing accuracy (David
2336						Hovemeyer)</li>
2337					<li>Allow Swing GUI to show source code in jar files on
2338						Windows systems (Dave Brosius) <!-- Bug fixes -->
2339					</li>
2340					<li>Fix the Switch Fall Thru detector (Dave Brosius, David
2341						Hovemeyer, Bill Pugh)</li>
2342					<li>MacOS GUI fixes (Rohan Lloyd)</li>
2343					<li>Fix false positive in BOA in case where method is
2344						correctly and 'incorrectly' overridden (Dave Brosius)</li>
2345					<li>Fixed memory blowup when analyzing methods which access a
2346						large number of fields (David Hovemeyer)</li>
2347				</ul>
2348
2349				<p>Changes since version 0.8.3:</p>
2350				<ul>
2351					<li>Initial and preliminary localization of the Swing
2352						GUI.&nbsp; Translations by:
2353						<ul>
2354							<li>German - Peter D. Stout, Holger Stenzhorn</li>
2355							<li>Finnish - Juha Knuutila</li>
2356							<li>Estonian - Tanel Lebedev</li>
2357							<li>Japanese - Hanai Shisei</li>
2358						</ul>
2359					</li>
2360					<li>Eliminated debug print statements inadvertently left
2361						enabled</li>
2362					<li>Reverted some changes in the open stream detector: this
2363						should fix some false positives that were introduced in the
2364						previous release</li>
2365					<li>Fixed a couple missing class reports</li>
2366				</ul>
2367
2368				<p>Changes since version 0.8.2:</p>
2369				<ul>
2370
2371					<!-- New detectors -->
2372					<li>New detector to find improperly overridden GUI Adapter
2373						classes (Dave Brosius)</li>
2374					<li>New detector to find improperly setup JUnit TestCases
2375						(Dave Brosius)</li>
2376					<li>New detector to find variables that mask class level
2377						fields (Dave Brosius)</li>
2378					<li>New detector to find comparisons of values computed with
2379						bitwise operators that always yield the same result (Tom Truscott)
2380					</li>
2381					<li>New detector to find unsafe getClass().getResource() calls
2382						(Bill Pugh)</li>
2383					<li>New detector to find GUI changes not in GUI thread but in
2384						static main (Bill Pugh)</li>
2385					<li>New detector to find calls to Collection.toArray() with
2386						zero-length array argument; it is more efficient to pass an array
2387						the size of the collection, which can be populated and returned as
2388						the result (Dave Brosius) <!-- Analysis improvements -->
2389					</li>
2390					<li>Better suppression of false warnings in various detectors
2391						(Bill Pugh, David Hovemeyer)</li>
2392					<li>Enhancement to ReadReturnShouldBeChecked detector for
2393						skip() (Dave Brosius)</li>
2394					<li>Enhancement to DumbMethods detector (Dave Brosius)</li>
2395					<li>Open stream detector does not report wrappers of streams
2396						passed as method parameters (David Hovemeyer) <!-- Feature enhancements -->
2397					</li>
2398					<li>Cancel confirmation dialog in Swing GUI (Pete Angstadt)</li>
2399					<li>Better relative path saving in Project file (Dave Brosius)
2400					</li>
2401					<li>Detector Priority in GUI is now saved in prefs file (Dave
2402						Brosius)</li>
2403					<li>Controls in GUI to reorder source and classpath entries,
2404						and ability to flip between Project details and bugs pages (Dave
2405						Brosius)</li>
2406					<li>In Swing GUI, analysis error dialog supports "Select All"
2407						and "Copy" operations for easy generation of error reports (Dave
2408						Brosius)</li>
2409					<li>Complete translation of bug descriptions and messages into
2410						Japanese (Hanai Shisei) <!-- Bug fixes -->
2411					</li>
2412					<li>Fixed bug in DroppedException detector (Dave Brosius) <!-- Development stuff -->
2413					</li>
2414					<li>The source distribution defaults to using JDK 1.5 javac to
2415						compile, but support for compiling with JSR-14 prototype is still
2416						supported</li>
2417				</ul>
2418
2419				<p>Changes since version 0.8.1:</p>
2420				<ul>
2421					<li>Fixed a critical ClassCastException bug (triggered if the
2422						-workHard option was used, and an exception type was merged with
2423						an array type during type inference)</li>
2424				</ul>
2425
2426				<p>Changes since version 0.8.0:</p>
2427				<ul>
2428					<li>Disabled SwitchFallthrough detector to work around
2429						NullPointerExceptions</li>
2430					<li>Added some additional false positive suppression
2431						heuristics</li>
2432				</ul>
2433
2434				<p>Also, two contributors to the 0.8.0 release were
2435					inadvertently left out of the credits:</p>
2436				<ul>
2437					<li>Pete Angstadt fixed several problems in the Swing GUI</li>
2438					<li>Francis Lalonde provided a task resource file for the
2439						FindBugs Ant task</li>
2440				</ul>
2441
2442				<p>Changes since version 0.7.4:</p>
2443				<ul>
2444					<li>New detector to look for uses of "+" operator to
2445						concatenate String objects in a loop (Dave Brosius)</li>
2446					<li>Reference comparison detector looks for places where the
2447						argument passed to the equals(Object) method isn't the same type
2448						as the receiver object</li>
2449					<li>Better suppression of false warnings in many detectors</li>
2450					<li>Many improvements to Eclipse plugin (Andrey Loskutov,
2451						Peter Friese)</li>
2452					<li>Fixed problem with building Eclipse plugin on Windows
2453						(Thomas Klaeger)</li>
2454					<li>Open stream detector looks for unclosed PreparedStatement
2455						objects (Thomas Klaeger, Rohan Lloyd)</li>
2456					<li>Fix for open stream detector: it wasn't detecting close()
2457						methods called through an invokeinterface instruction (Thomas
2458						Klaeger)</li>
2459					<li>Refactoring of visitor classes to enforce use of accessors
2460						for visited class features (Brian Goetz)</li>
2461				</ul>
2462
2463				<p>Changes since version 0.7.3:</p>
2464				<ul>
2465					<li>Experimental modification of open stream detector to look
2466						for non-escaping JDBC resources (connections and statements) that
2467						aren't closed on all paths out of method</li>
2468					<li>Eclipse plugin fixed so it compiles and runs on Eclipse
2469						2.1.x (Peter Friese)</li>
2470					<li>Option to Swing GUI and command line to generate project
2471						file using relative paths for archives, source directories, and
2472						aux classpath entries (Dave Brosius)</li>
2473					<li>Improvements to findbugs.bat script for launching FindBugs
2474						on Windows (Dave Brosius)</li>
2475					<li>Updated Japanese message translations (Hiroshi Okugawa)</li>
2476					<li>Uncalled private methods are now reported as low priority,
2477						unless they have the same name as another method in the class
2478						(which is more likely to indicate an actual bug)</li>
2479					<li>Added some missing data in the bug messages XML files</li>
2480					<li>Fixed some problems building from source on Windows
2481						systems</li>
2482					<li>Various minor bug fixes</li>
2483				</ul>
2484
2485				<p>Changes since version 0.7.2:</p>
2486				<ul>
2487					<li>Enhanced Eclipse plugin, which displays the detailed bug
2488						description in a view (Phil Crosby)</li>
2489					<li>Various tweaks to existing detectors to reduce false
2490						warnings</li>
2491					<li>New command line option <code> -workHard </code> enables
2492						pruning of infeasible or unlikely exception edges, which results
2493						in better accuracy in the open stream detector, at the expense of
2494						a 30%-100% slowdown
2495					</li>
2496					<li>New website and HTML documentation design</li>
2497					<li>Documentation includes an HTML document with descriptions
2498						of all bug patterns reported by FindBugs</li>
2499					<li>Web page has a link to a <a
2500						href="http://www.simeji.com/findbugs/doc/manual_ja/index.html">Japanese
2501							translation</a> of the FindBugs manual, contributed by Hiroshi
2502						Okugawa
2503					</li>
2504					<li>Changed the Inconsistent Synchronization detector so that
2505						fields synchronized 50% of the time (or more) are reported as
2506						medium priority bugs (previously they were reported as low)</li>
2507					<li>New detector to find code that catches
2508						IllegalMonitorStateException</li>
2509					<li>New detector to find private methods that are never called
2510					</li>
2511					<li>New detector to find suspicious uses of
2512						non-short-circuiting boolean operators ( <code> &amp; </code> and
2513						<code> | </code> , rather than <code> &amp;&amp; </code> and <code>
2514							|| </code> )
2515					</li>
2516				</ul>
2517
2518				<p>Changes since version 0.7.1:</p>
2519				<ul>
2520					<li>Incorporated patched version of BCEL, which allows classes
2521						compiled with JDK 1.5.0 beta to be analyzed</li>
2522					<li>Fixed some bugs related to lookups of array classes</li>
2523					<li>Fixed bug that prevented GUI from loading XML result files
2524						when running under JDK 1.5.0 beta</li>
2525					<li>Added new experimental bug detector, LazyInit, which looks
2526						for potentially buggy lazy initializations of static fields</li>
2527					<li>Because of long filenames, switched to distributing the
2528						source archive as a zip file rather than a tar file</li>
2529					<li>The 0.7.1 source tarfile was botched - 0.7.2 has a valid
2530						source archive</li>
2531					<li>Fixed some problems in the Ant build script</li>
2532					<li>Fixed NullPointerException when checking Class-Path
2533						attribute for Jar files without manifests</li>
2534					<li>Generate version numbers for the core and UI Eclipse
2535						plugins using the Version class; all version numbers are now in a
2536						common location</li>
2537				</ul>
2538
2539				<p>Changes since version 0.7.0:</p>
2540				<ul>
2541					<li>Eclipse plugin (contributed by Peter Friese)</li>
2542					<li>Source package structure rearranged: all source (other
2543						than Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or
2544						a subpackage</li>
2545					<li>Class-Path attributes of manifests of analyzed jar files
2546						are used to set the aux classpath automatically (Peter D. Stout)</li>
2547					<li>GUI starts in directory specified by user.home property
2548						(Peter D. Stout)</li>
2549					<li>Added -project option to GUI (Mikko T.)</li>
2550					<li>Added -look:{plastic,gtk,native} option to GUI, for
2551						setting look and feel (Mikko T.)</li>
2552					<li>Fixed DataflowAnalysisException in inconsistent
2553						synchronization detector</li>
2554					<li>Ant task supports failOnError parameter (Rohan Lloyd)</li>
2555					<li>Serializable class warnings are downgraded to low priority
2556						for GUI classes</li>
2557					<li>MWN detector will only report calls to wait(), notify(),
2558						and notifyAll() methods that have the correct signature</li>
2559					<li>FindBugs works with latest CVS version of BCEL</li>
2560					<li>Zip and Jar files may be added to the source path</li>
2561					<li>The GUI will automatically find source files residing in
2562						analyzed Zip or Jar files</li>
2563				</ul>
2564
2565				<p>Note that the version number jumped from 0.6.6 to 0.6.9;
2566					there were no 0.6.7 or 0.6.8 releases.</p>
2567				<p>Changes since version 0.6.9:</p>
2568				<ul>
2569					<li>Added -conserveSpace option to reduce memory use at the
2570						expense of analysis precision</li>
2571					<li>Bug fixes in findbugs.bat script: JAVA_HOME handling,
2572						autodetection of FINDBUGS_HOME, missing output with -textui</li>
2573					<li>Fixed NullPointerException when a missing class is
2574						encountered</li>
2575				</ul>
2576
2577				<p>Changes since version 0.6.6:</p>
2578				<ul>
2579					<li>The null pointer dereference detector is more powerful</li>
2580					<li>Significantly improved heuristics and bug fixes in
2581						inconsistent synchronization detector</li>
2582					<li>Improved heuristics in open stream and dropped exception
2583						detectors; fewer false positives should be reported</li>
2584					<li>Save HTML summary in XML results files, rather than
2585						recomputing; this makes loading results in GUI much faster</li>
2586					<li>Report at most one String comparison using == or != per
2587						method</li>
2588					<li>The findbugs.bat script on Windows autodetects
2589						FINDBUGS_HOME, and doesn't open a DOS window when launching the
2590						GUI (contributed by TJSB)</li>
2591					<li>Emacs reporting format (contributed by David Li)</li>
2592					<li>Various bug fixes</li>
2593				</ul>
2594
2595				<p>Changes since 0.6.5:</p>
2596				<ul>
2597					<li>Rewritten inconsistent synchronization detector; accuracy
2598						is significantly improved, and bug reports are prioritized</li>
2599					<li>New detector to find self assignment (x=x) of local
2600						variables (suggested by Jeff Martin)</li>
2601					<li>New detector to find calls to wait(), notify(), and
2602						notifyAll() on an object which is not obviously locked</li>
2603					<li>Open stream detector now reports Readers and Writers</li>
2604					<li>Fixed bug in finalizer idioms detector which caused
2605						spurious warnings about failure to call super.finalize() (reported
2606						by Jim Menard)</li>
2607					<li>Fixed bug where output stream was not closed using non-XML
2608						output (reported by Sigiswald Madou)</li>
2609					<li>Fixed corrupted HTML bug detail message (reported by
2610						Trevor Harmon)</li>
2611				</ul>
2612
2613				<p>Changes since version 0.6.4:</p>
2614				<ul>
2615					<li>For redundant comparison of reference values, fixed false
2616						positives resulting from duplication of code in finally blocks</li>
2617					<li>Fixed false positives resulting from wrapped byte array
2618						streams left open</li>
2619					<li>Fixed bug in Ant task preventing output file from working
2620						properly if a relative path was used</li>
2621				</ul>
2622
2623				<p>Changes since version 0.6.3:</p>
2624				<ul>
2625					<li>Fixed bug in Ant task where output would be corrupted, and
2626						added a <code> timeout </code> attribute
2627					</li>
2628					<li>Added -outputFile option to text UI, for explicitly
2629						specifying an output file</li>
2630					<li>GUI has a summary window, for statistics about overall bug
2631						densities (contributed by Mike Fagan)</li>
2632					<li>Find redundant comparisons of reference values</li>
2633					<li>More accurate detection of Strings compared with == and !=
2634						operators</li>
2635					<li>Detection of other reference types which should generally
2636						not be compared with == and != operators; Boolean, Integer, etc.</li>
2637					<li>Find non-transient non-serializable instance fields in
2638						Serializable classes</li>
2639					<li>Source code may be compiled with latest early access
2640						generics-enabled javac (version 2.2)</li>
2641				</ul>
2642
2643				<p>Changes since version 0.6.2:</p>
2644				<ul>
2645					<li>GUI supports filtering bugs by priority</li>
2646					<li>Ant task rewritten; supports all functionality offered by
2647						Text UI (contributed by Mike Fagan)</li>
2648					<li>Ant task is fully documented in the manual</li>
2649					<li>Classes in nested archives are analyzed; this allows full
2650						support for analyzing .ear and .war files (contributed by Mike
2651						Fagan)</li>
2652					<li>DepthFirstSearch changed to use non-recursive
2653						implementation; this should fix the StackOverflowErrors that
2654						several users reported</li>
2655					<li>Various minor bugfixes and improvements</li>
2656				</ul>
2657
2658				<p>Changes since version 0.6.1:</p>
2659				<ul>
2660					<li>New detector to look for useless control flow (suggested
2661						by Richard P. King and Mike Fagan)</li>
2662					<li>Look for places where return value of
2663						java.io.File.createNewFile() is ignored (suggested by Richard P.
2664						King)</li>
2665					<li>Fixed bug in resolution of source files (only the first
2666						source directory was searched)</li>
2667					<li>Fixed a NullPointerException in the bytecode pattern
2668						matching code</li>
2669					<li>Ant task supports project files (contributed by Mike
2670						Fagan)</li>
2671					<li>Unix findbugs script honors the <code> JAVA_HOME </code>
2672						environment variable (contributed by Pedro Morais)
2673					</li>
2674					<li>Allow .war and .ear files to be analyzed</li>
2675				</ul>
2676
2677				<p>Changes since version 0.6.0:</p>
2678				<ul>
2679					<li>New bug pattern detector which looks for places where a
2680						null pointer might be dereferenced</li>
2681					<li>New bug pattern detector which looks for IO streams that
2682						are opened, do not escape the method, and are not closed on all
2683						paths out of the method</li>
2684					<li>New bug pattern detector to find methods that can return
2685						null instead of a zero-length array</li>
2686					<li>New bug pattern detector to find places where the == or !=
2687						operators are used to compare String objects</li>
2688					<li>Command line interface can save bugs as XML</li>
2689					<li>GUI can save bugs to and load bugs from XML</li>
2690					<li>An "Annotations" window in the GUI allows the user to add
2691						textual annotations to bug reports; these annotations are
2692						preserved when bugs are saved as XML</li>
2693					<li>In this release, the Japanese bug summary translations by
2694						Germano Leichsenring are really included (they were inadvertently
2695						omitted in the previous release)</li>
2696					<li>Completely rewrote the control flow graph builder,
2697						hopefully for the last time</li>
2698					<li>Simplified implementation of control flow graphs, which
2699						should reduce memory use and possibly improve performance</li>
2700					<li>Improvements to command line interface (list bug
2701						priorities, filter by priority, specify aux classpath, specify
2702						project to analyze)</li>
2703					<li>Various bug fixes and enhancements</li>
2704				</ul>
2705
2706				<p>Changes since version 0.5.4</p>
2707				<ul>
2708					<li>Added an <a href="http://ant.apache.org/">Ant</a> task for
2709						FindBugs, contributed by Mike Fagan.
2710					</li>
2711					<li>Added a GUI dialog which allows individual bug pattern
2712						detectors to be enabled or disabled.&nbsp; Disabling certain slow
2713						detectors can greatly speed up analysis of large programs, at the
2714						expense of reducing the number of potential bugs found.</li>
2715					<li>Added a new detector for finding improperly ignored return
2716						values for methods such as <code> String.trim() </code> .&nbsp;
2717						Suggested by Andreas Mandel.
2718					</li>
2719					<li>Japanese translations of the bug summaries, contributed by
2720						Germano Leichsenring.</li>
2721					<li>Filtering of results is supported in command line
2722						interface. See the <a href="manual/index.html">FindBugs manual</a>
2723						for details.
2724					</li>
2725					<li>Added "byte code patterns", a general pattern matching
2726						infrastructure for bytecode instructions.&nbsp; This feature
2727						significantly reduces the complexity of implementing new bug
2728						pattern detectors.</li>
2729					<li>Enabled a new general dataflow analysis to track values in
2730						methods.</li>
2731					<li>Switched to new control-flow graph builder implementation.
2732					</li>
2733				</ul>
2734
2735				<p>Changes since version 0.5.3</p>
2736				<ul>
2737					<li>Fixed a bug in the script used to launch FindBugs on
2738						Windows platforms.</li>
2739					<li>Fixed crashes when analyzing class files without source
2740						line information.</li>
2741					<li>All major errors are reported using an error dialog; file
2742						not found errors are more informative.</li>
2743					<li>Minor GUI improvements.</li>
2744				</ul>
2745
2746				<p>Changes since version 0.5.2</p>
2747				<ul>
2748					<li>All of the source code and related files are in a single
2749						directory tree.</li>
2750					<li>Updated some of the detectors to produce source line
2751						information.</li>
2752					<li><a href="http://ant.apache.org/">Ant</a> build script and
2753						several GUI enhancements and fixes contributed by Mike Fagan.</li>
2754					<li>Converted to use a <a href="AddingDetectors.txt">plugin
2755							architecture</a> for loading bug detectors.
2756					</li>
2757					<li>Eliminated generics-related compiler warnings.</li>
2758					<li>More complete documentation has been added.</li>
2759				</ul>
2760
2761				<p>Changes since version 0.5.1:</p>
2762				<ul>
2763					<li>Fixed a large number of bugs in the BCEL Repository and
2764						FindBugs's use of the Repository.&nbsp; With these changes,
2765						FindBugs should <em>never</em> crash or otherwise misbehave
2766						because of Repository lookup failures.&nbsp; Because of these
2767						changes, you must use a modified version of <code> bcel.jar
2768						</code> with FindBugs.&nbsp; This jar file is included in the FindBugs
2769						0.5.2 binary release.&nbsp; A complete patch containing the <a
2770						href="http://faculty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications
2771							against the BCEL CVS main branch as of April 30, 2003</a> is also
2772						available.
2773					</li>
2774					<li>Implemented the "auxiliary classpath entry list".&nbsp;
2775						Aux classpath entries can be added to a project to provide classes
2776						that are referenced by the analyzed application, but should not
2777						themselves be analyzed.&nbsp; Having all referenced classes
2778						available allows FindBugs to produce more accurate results.</li>
2779				</ul>
2780
2781				<p>Changes since version 0.5.0:</p>
2782				<ul>
2783					<li>Many user interface bugs have been fixed.</li>
2784					<li>Upgraded to a recent CVS version of BCEL, with some bug
2785						fixes.&nbsp; This should prevent FindBugs from crashing when there
2786						is a failure to find a class on the classpath.</li>
2787					<li>Added support for Plastic look and feel from <a
2788						href="http://www.jgoodies.com/">jgoodies.com</a>.
2789					</li>
2790					<li>Major overhaul of infrastructure for doing dataflow
2791						analysis.</li>
2792				</ul>
2793<hr> <p>
2794<script language="JavaScript" type="text/javascript">
2795<!---//hide script from old browsers
2796document.write( "Last updated "+ document.lastModified + "." );
2797//end hiding contents --->
2798</script>
2799<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a>
2800<p>
2801<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>
2802
2803			</td>
2804
2805		</tr>
2806	</table>
2807
2808</body>
2809
2810</html>
2811