All Classes and Interfaces
Class
Description
Abstract base class for finding assertions
Abstract base class for BlockOrder variants.
An abstract class which provides much of the functionality required of all
BugReporter objects.
Convenience class for defining Dataflow classes which use a
BasicAbstractDataflowAnalysis subtype.
Abstract base class providing functionality that will be useful for most
dataflow analysis implementations that model instructions within basic
blocks.
Perform a depth first search on a graph.
A dataflow analysis to compute dominator relationships between basic blocks.
GraphEdge implementation for use with AbstractGraph.
A common base class for frame modeling visitors.
A simple Graph implementation where the vertex objects store a list of
incoming and outgoing edges.
Accumulate type qualifier annotations on method, taking supertype methods
into account.
Abstract base class for implementations of IScannableCodeBase.
GraphVertex implementation for use with AbstractGraph.
Abstract base class for implementing warning properties.
Common superinterface for code entities having access flags: classes, fields,
and methods.
Add human-readable messages to a dom4j tree containing FindBugs XML output.
Find relevant type qualifiers needing to be checked for a given method.
Implementation of IAnalysisCache.
An implementation of org.apache.bcel.util.Repository that uses the
AnalysisCache as its backing store.
A context for analysis of a complete project.
Any class or package annotation with this annotation must avoid using mutable static data,
and instead use the AnalysisContext for any cross-instance data.
Object recording a recoverable error that occurred during analysis.
A kind of runtime exception that can be thrown to indicate a fatal error in
an analysis.
Abstract factory class for creating analysis objects.
Boolean analysis properties for use in the AnalysisContext.
Configure a specific boolean analysis property.
Deprecated.
This class is not necessary to realize multi-thread model in SpotBugs 4.0.
An analysis pass in the overall ExecutionPlan.
Database to keep track of annotated fields/methods/classes/etc.
Base class for Detectors which want to perform a preorder traversal of the
classfile including visiting Annotations.
The "raw" version of an annotation appearing in a class file.
Subclass of PreorderVisitor that visits annotations on classes, fields,
methods, and method parameters.
Factory for stream objects of a particular base class type returned by any
method.
A TypeMatcher that matches all types.
A version of an analyzed application.
Utility methods for working with zip/jar archives.
Mark methodref constant pool entries of methods that are likely to implement
assertions.
Class analysis engine for creating AssertionMethods objects.
Analysis engine for producing an AssignedFieldMap for a class.
if we get from a ConcurrentHashMap and assign to a variable...
An AvailableLoad indicates a field and (optionally) object reference for
which a value is available.
Abstract base class for backward dataflow analyses.
Dataflow class for BackwardTypeQualifierDataflowAnalysis.
Backwards type qualifier dataflow analysis.
Factory for BackwardTypeQualifierDataflow objects for given type qualifier
values.
Factory to create BackwardTypeQualifierDataflowFactory objects.
Simple implementation of a Bag
A useful starting point for defining a dataflow analysis.
Simple basic block abstraction for BCEL.
Utility methods for detectors and analyses using BCEL.
A CFGBuilder that really tries to construct accurate control flow graphs.
Fixedup of from org.apache.bcel.classfile.Visitor
A Binding binds a name to a Variable.
A set of Bindings, which are definitions of variables occurring in a
ByteCodePattern.
Specify an order for visiting basic blocks.
Dataflow value representing the current nesting of catch and finally blocks.
Dataflow analysis to determine the nesting of catch and finally blocks within
a method.
Analysis engine for producing BlockTypeDataflow for an analyzed method.
Utility methods for working with bootstrap methods
Special "bottom" type.
Accumulate warnings that may occur at multiple source locations,
consolidating them into a single warning.
An object providing context information about a particular BugInstance.
Utility methods for BugAnnotation classes.
A BugCategory object collects all of the metadata for a category of bugs.
A BugCode is an abbreviation that is shared among some number of BugPatterns.
An instance of a bug pattern.
Match bug instances having one of given codes or patterns.
A BugPattern object collects all of the metadata for a particular species of
BugInstance.
Name/value metadata pair that may be attached to a BugInstance.
Smaller value is scarier
Bug rankers are used to compute a bug rank for each bug instance.
Bug reporter delegate actual operation to each bug reporter in the list.
Generic interface for bug reporter objects.
Abstract base class for bug reporters defined as plugins.
Observer to determine when a BugReporter reports a bug.
Scan application classes for CheckReturnValue annotations.
Build the interprocedural call graph.
Deprecated.
AnnotationDatabases are being phased out, since annotations are
now stored directly in the XClass/XMethod/XField objects.
Build database of methods that return values guaranteed to be nonnull
Build the ObligationPolicyDatabase used by ObligationAnalysis.
Builds the database of string parameters passed from method to method unchanged.
Build database of unconditionally dereferenced parameters.
DetectorFactorySelector implementation that chooses detectors based on an
implemented interface or extended superclass.
A ByteCodePattern is a pattern matching a sequence of bytecode instructions.
A base class for bug detectors that are based on a ByteCodePattern.
Scan the raw bytecodes of a method.
Callback interface to report scanned instructions.
Base class for Detectors which want to extend DismantleBytecode.
Detector to find private methods that are never called.
Dataflow class for CallListAnalysis.
Analysis engine to produce CallListDataflow objects for a method.
The site of a method call.
Filter reported warnings by category.
Simple control flow graph abstraction for BCEL.
Abstract interface for CFG builder classes.
Factory object to create CFGBuilders for methods.
Base class for detectors that analyze CFG (and/or use CFG-based analyses).
Analysis engine to produce CFG (control flow graph) objects for an analyzed
method.
Print out a representation of a control-flow graph.
Check that the BCEL classes present seem to be the right ones.
This is just for debugging method call resolution.
Common superclass for all checked exceptions that can be thrown while
performing some kind of analysis.
Deprecated.
The annotation based approach is useless for lambdas.
Checks that overriding methods do not relax
Nonnull (made
CheckForNull) on return values or CheckForNull (made
Nonnull) on parameters.Check JSR-305 type qualifiers.
A BugAnnotation object specifying a Java class involved in the bug.
A ClassContext caches all of the auxiliary objects used to analyze the
methods of a class.
Adapter to produce the ClassContext for a given class.
The data (bytes) of a class.
Analysis engine to produce the data (bytes) of a class.
Descriptor identifying a class.
Factory to create codebase/classpath/classfile objects.
Features of a class which may be used to identify it if it is renamed or
modified.
Compute a hash of method names and signatures.
ClassInfo represents important metadata about a loaded class, such as its
superclass, access flags, codebase entry, etc.
Analysis engine to produce the ClassInfo for a loaded class.
Common super-interface for class members (fields and methods).
Utility methods for working with class names.
Represents the class name, superclass name, and interface list of a class.
Analysis engine to produce the ClassInfo for a loaded class.
Exception to indicate that the class name defined in a class file does not
match its expected class name (as indicated by its resource name).
Rewrite class names.
Utility methods for using a ClassNameRewriter.
Analysis engine to produce the ClassNode (ASM tree format) for a class.
Abstract base class to to reduce boilerplate needed for writing ASM-based
Detectors implemented as ClassNode visitors
Parse the detail message in a ClassNotFoundException to extract the name of
the missing class.
Parse a class to extract symbolic information.
Interface implemented by ClassParsers - objects that take the raw bytes of a
classfile and parse the important symbolic information to produce
ClassNameAndSuperclassInfo and ClassInfo objects.
Deprecated.
Implementation of IClassPathBuilder.
Implementation of IClassPath.
Some utility methods for working with the Java class path.
Analysis engine to produce an ASM ClassReader for a class.
Class to pre-screen class files, so that only a subset are analyzed.
Helper class for parsing command line arguments.
Implementation of the UI callback for command line sessions.
Compute a compact numbering of Locations in a CFG.
Analysis engine to produce CompactLocationNumbering objects for methods.
Deprecated.
Matcher to select BugInstances with a particular confidence.
Abstract dataflow value representing a value which may or may not be a
constant.
Dataflow analysis to find constant values.
Dataflow class for ConstantAnalysis.
Analysis engine to produce ConstantDataflow objects for an analyzed method.
Dataflow Frame for Constants.
Visitor to model the effect of bytecode instructions on ConstantFrames.
Analysis engine to produce ConstantPoolGen objects for an analyzed class.
Edge in a ConstraintGraph.
Graph of Detector ordering constraints.
This detector can find constructors that throw exception.
A StringMatcher that checks to see if a candidate string (assumed to be a
camel-case word), when broken into components, contains a given word.
Java main application to compute update a historical bug collection with
results from another build/analysis.
Java main application to compute update a historical bug collection with
results from another build/analysis.
Perform dataflow analysis on a method using a control flow graph.
A dataflow analysis to be used with the
Dataflow class.Exception type to indicate a dataflow analysis failure.
CFGPrinter class which prints dataflow values at each basic block and
instruction.
Predicate for dataflow values.
Warning property for FindDeadLocalStores.
DebugRepositoryLookupFailureCallback implementation for debugging.
Finds invocations of JDK methods that rely on the default platform encoding.
Java main application to compute defect density for a bug collection (stored
as an XML collection)
A BugReporter which delegates all method calls to another BugReporter.
Implementation of ICodeBaseEntry that delegates to another codebase entry.
An implementation of ICodeBaseIterator that delegates to another codebase.
Algorithm to perform a depth first search on a CFG.
Perform a forward depth first search of a graph.
Analysis engine to produce DepthFirstSearch objects for analyzed methods.
Factory for creating ClassDescriptors, MethodDescriptors, and
FieldDescriptors.
The interface which all bug pattern detectors must implement.
Detector interface for new bytecode-framework-neutral architecture.
A DetectorFactory is responsible for creating instances of Detector objects
and for maintaining meta-information about the detector class.
Predicate for choosing DetectorFactory objects.
The DetectorFactoryCollection stores all of the DetectorFactory objects used
to create the Detectors which implement the various analyses.
Select one or more DetectorFactories as part of satisfying a Detector
ordering constraint.
Node in a ConstraintGraph.
An ordering constraint which must be taken into account when Detectors are
run.
An adapter allowing classes implementing the Detector interface to support
the new Detector2 interface.
Interface defining depth first search edge type Const.
Edge types in a depth first search.
Database of type qualfiers applied directly to methods.
IScannableCodeBase implementation to read resources from a filesystem
directory.
Codebase entry class for directory codebases.
Based on the contents of the application directories/archives in a Project,
and a "root" source directory (under which some number of "real" source
directories may be located), scan to find the source directories containing
the application's source files.
Progress callback interface for reporting the progress of source
directory discovery.
XMLOutput class to build all or part of a dom4j tree.
Dataflow analysis to compute dominator sets for a CFG.
A detector that checks for lines in JUnit tests that look like `assertTrue(object instanceof Class)` and discourages them.
A WarningProperty for warnings that are reported at a "doomed" Location; one
that cannot return normally.
Denotes a class name or package name where the .
Special type used to represent the "extra" part of a double value.
An edge of a control flow graph.
Interface for choosing CFG Edges.
Constants defining the type of control flow edges, as well as flags defining
additional information about the edges.
BugReporter to output warnings in Emacs format.
This detector is currently disabled by default.
Analysis engine registrar for ASM-based analyses.
Register BCEL-framework analysis engines.
Register analysis engines with an analysis cache.
Represents an enumeration value used with an application of an annotation.
A delegating bug reporter which counts reported bug instances, missing
classes, and serious analysis errors.
Exact String-matching predicate.
This class provides a convenient way of determining the exception handlers
for instructions in a method.
Special ReferenceType representing the type of a caught exception.
Class for keeping track of exceptions that can be thrown by an instruction.
Analysis engine to produce ExceptionSetFactory objects for analyzed methods.
A plan for executing Detectors on an application.
Flags returned in the process exit code returned when the FindBugs text UI is
invoked with the -exitcode command line argument.
Extended type codes used by StackAndLocalTypes and StackAndLocalTypeAnalysis
for typing locals and stack values used in Java bytecode.
A fatal exception which should completely halt the FindBugs analysis.
Base class for Load and Store PatternElements.
A BugAnnotation specifying a particular field in particular class.
Descriptor uniquely identifying a field in a class.
Common superclass for FieldDescriptor and MethodDescriptor.
Interprocedural field property database.
Field property storing the types of values stored in a field.
Interprocedural analysis summary
For each source file that has reported bugs, compute a hash of all the issues
reported for that file.
Data source for source files which are stored in the filesystem.
Codebase locator for files and directories in the filesystem.
Filter to match a subset of BugInstances.
Java main application to filter/transform an XML bug collection or bug
history collection.
This detector can find Assertions that try to validate method
arguments.
This detector can find assertions that violate the EXP06 rule.
Static methods and fields useful for working with instances of
IFindBugsEngine.
FindBugs driver class.
Boolean-valued analysis properties for FindBugs.
Base class for FindBugs command line classes.
Deprecated.
Format the message for a BugInstance.
A callback that may be installed in a FindBugs instance to asynchronously
keep track of its progress.
Find dead stores to local variables.
Find instance fields which are sometimes accessed (read or written) with the
receiver lock held and sometimes without.
Find places where ordinary (balanced) synchronization is performed on JSR166
Lock objects.
Public status of the method in NSE database
TODO: implement CHECK
A Detector to find instructions where a NullPointerException might be raised.
A Detector to look for streams that are opened in a method, do not escape the
method, and are not closed on all paths out of the method.
Find suspicious reference comparisons.
Type representing a dynamically created String.
Type representing a String passed as a parameter.
Type representing a static String.
Find calls to Thread.sleep() made with a lock held.
Find potential SQL injection vulnerabilities.
Detector to find private methods that are never called.
Find unsatisfied obligations in Java methods.
A Detector to look for useless control flow.
This detector finds all the vulnerable methods which uses Security Manager to perform
some security check but are declared non-final and non-private in a non-final class.
A Detector that can be run in the first pass.
Matcher to select BugInstances with a particular first version.
Flow value type for type qualifier dataflow analysis.
Class to maintain a snapshot of a processes's time and memory usage.
Wrapper so that possible NoClassDefFoundError can be caught.
Wrapper so that possible NoClassDefFoundError can be caught.
Wrapper so that possible NoClassDefFoundError can be caught.
Abstract base class for forward dataflow analyses.
Dataflow object for ForwardTypeQualifierDataflowAnalysis.
Forward type qualifier dataflow analysis.
Factory for producing ForwardTypeQualifierDataflow objects for various kinds
of type qualifiers.
Factory for ForwardTypeQualifierDataflowFactory objects.
Generic class for representing a Java stack frame as a dataflow value.
A convenient base class for dataflow analysis classes which use Frames as
values.
A slightly more intellegent way of comparing BugInstances from two versions
to see if they are the "same".
General warning properties.
Extension to ObjectType that includes additional information about the
generic signature.
A simple class to parse method signatures that include generic information.
Utilities for adding support for generics.
Static methods for accessing objects that are global to an analysis session.
Graph interface; defines the operations used to access and manipulate a
graph.
GraphEdge interface; represents an edge in a graph.
An interface for creating Graph objects, and for copying auxiliary
information in vertices and edges.
GraphVertex interface; represents a vertex in a graph.
The GUID calculator class has methods to calculate UUIDs based on UUID version 5.
Facade for class hierarchy queries.
Facade for class hierarchy queries.
Singleton responsible for returning localized strings for information
returned to the user.
The analysis cache performs analyses on classes and methods and caches the
results.
An engine for analyzing classes or methods.
Interface for a registrar class that registers analysis engines with an
analysis cache.
Engine for performing an analysis on classes.
Observer for classes being visited in some manner.
A classpath from which resources (classes and other files) may be loaded.
Build a classpath.
Progress callback interface for classpath construction.
Screen class files to decide which subset of them to analyze.
Interface for a basic code base in which we can look up resources but not
necessarily scan for the list of all resources.
Object representing a resource in a code base.
Iterator over the resources in an IScannableCodeBase.
Specify the location of a codebase.
Interface for a database factory.
ClassNameRewriter that leaves classe names unchanged.
Interface for objects that log various kinds of analysis errors.
Interface for a FindBugs engine class.
Interface for any kind of GUI attached to the current FindBug analysis
Engine for performing an analysis on methods.
Find comparisons involving values computed with bitwise operations whose
outcomes are fixed at compile time.
Warning properties for inconsistent synchronization detector.
Use whenever possible String.indexOf(int) instead of String.indexOf(String),
or String.lastIndexOf(int) instead of String.lastIndexOf(String).
Find occurrences of collection.toArray( new Foo[0] ); This causes another
memory allocation through reflection Much better to do collection.toArray(
new Foo[collection.size()] );
An edge in the InheritanceGraph.
Graph of inheritance relationships.
Visitor interface for traversals of the inheritance graph.
Determine which methods are accessors used by inner classes to access fields
in their enclosing classes.
StreamFactory for stream objects loaded from instance fields.
A cache for looking up the collection of ObligationPolicyDatabaseActions
associated with a given InstructionHandle.
Map BCEL InstructionHandles to some kind of value type.
A scanner for implementing a state machine over a sequence of instructions
and control edges.
Drive an InstructionScannerGenerator over the instructions of a simple path.
Class for generating InstructionScanners at particular instructions of a
path.
Bug annotation class for integer values.
Deprecated.
A class representing an edge in the interprocedural call graph; i.e., a call
from one method to another.
Class representing a vertex in the interprocedural call graph; i.e., a
method.
Detector implementing a slow first pass to collect interprocedural properties
for a later detector pass.
Interface for querying nullness annotations on methods, fields, and
parameters.
An exception that may be thrown by frame modeling visitor classes to indicate
that the method being analyzed contains invalid bytecode.
A PatternElement to match a method invocation.
A StreamFactory for normal java.io streams that are created using NEW
instructions.
A scannable code base: in addition to looking up a named resource, scannable
code bases can also enumerate the names of the resources they contain.
A control decision which resulted in information being gained about whether a
particular value is null or non-null on the IFCMP_EDGE and FALL_THROUGH_EDGE
branches.
A class to abstractly represent values in stack slots, indicating whether
thoses values can be null, non-null, null on some incoming path, or unknown.
A dataflow analysis to detect potential null pointer dereferences.
Knobs for null value analysis.
Analysis engine to produce IsNullValueDataflow objects for an analyzed
method.
Callbacks for parsing an extenal annotation file.
Parse an external annotation file.
Lexical scanner for external annotation files.
Analysis engine to produce a BCEL JavaClass object for a named class.
A JavaClass and a Method belonging to the class.
Deprecated.
Support for finding out what version of Java we're running on.
Exception indicating that a Java version string couldn't be parsed.
Code base supporting Java 9 new jimage packed modules
ClassDescriptors for JSR-305 nullness annotations.
Matcher to select BugInstances with a particular last version.
Class to launch the appropriate textUI or GUI.
Summarize line numbers (and other source information) for a method.
Java main application to compute update a historical bug collection with
results from another build/analysis.
List the analysis errors in a bug collection
Dataflow analysis to find live stores of locals.
Dataflow class for LiveLocalStoreAnalysis.
Analysis engine to produce LiveLocalStoreDataflow objects for analyzed
methods.
A PatternElement representing a load from a field.
Analysis engine to produce LoadDataflow objects for analyzed methods.
Object which stores which fields are loaded and stored by the instructions in
a method (including through inner-class access methods), and also which
fields are loaded/stored by the overall method.
Count number of times a field is loaded and/or stored in the method.
Factory to determine which fields are loaded and stored by the instructions
in a method, and the overall method.
Bug annotation class for local variable names
A class representing a location in the CFG for a method.
A Location where a particular value number becomes null.
Analysis to determine where particular values are locked in a method.
Front-end for LockDataflow that can avoid doing unnecessary work (e.g.,
actually performing the lock dataflow) if the method analyzed does not
contain explicit monitorenter/monitorexit instructions.
Analysis engine to produce LockChecker objects for analyzed methods.
Dataflow class for LockAnalysis.
Analysis engine to produce LockDataflow objects for analyzed methods.
Lock counts for values (as produced by ValueNumberAnalysis).
Special type used to represent the "extra" part of a long value.
We found a problem with the new OpenJDK that everyone is now using to compile
and run java code.
Eases access to a BCEL LocalVariable object
Provide a HashMap that can only grow to a specified maximum capacity, with
entries discarded using a LRU policy to keep the size of the HashMap within
that bound.
A "meta" PatternElement that matches any of a list of other child
PatternElements.
Match BugInstances for some feature.
An ObligationPolicyDatabaseEntry which creates or deletes an obligation based
on a call to a specified method.
The result of matching a single PatternElement against a single instruction.
Deprecated.
Utility to analyze class members.
Data structure to keep track of which input ValueNumbers were combined to
produce which other output ValueNumbers.
Algorithm to merge a set of vertices into a single vertex.
Map of metacharacters that need to be escaped, and what to replace them with.
A BugAnnotation specifying a particular method in a particular class.
Class representing the set of opcodes used in a method.
Interface for choosing methods.
Descriptor uniquely identifying a method in a class.
Method analysis engine to produce BCEL Method objects.
Analysis engine to produce MethodGen objects for analyzed methods.
Compute a hash of the bytecode for given method.
A MethodPropertyDatabase keeps track of properties of methods.
Look for calls to methods where the return value is erroneously ignored.
StreamFactory for streams that are created as the result of calling a method
on an object.
Used to signal a method not analyzed because it seemed unprofitable to do so
Mine historical information from a BugCollection.
DataflowAnalysisException variant to report a class lookup failure that
caused dataflow analysis to abort.
CheckedAnalysisException subtype to indicate that a required class was
missing.
A PatternElement for matching a MONITORENTER instruction.
Build a map of added class names to removed class names.
Matches a String value against a predefined specification.
Provides checks to support JEP 181, improved nested member access.
A scannable code base class for a zip (or Jar) file nested inside some other
codebase.
Codebase locator for a zip/jar archive nested inside a parent codebase.
A PatternElement which matches NEW instructions and binds the result to a
variable.
Deprecated.
Signals that FindBugs found no classes on the classpath it was invoked to
analyze.
A Detector to find instructions where a NullPointerException might be raised.
DominatorsAnalysis variant in which all exception edges are ignored.
Analysis engine to produce DominatorsAnalysis objects for analyzed methods.
PostDominatorsAnalysis variant in which all exception edges are ignored.
Analysis engine to produce NonExceptionPostDominatorsAnalysis objects for
analyzed methods.
DominatorsAnalysis variant in which implicit exception edges are ignored.
Analysis engine to produce NonImplicitExceptionDominatorsAnalysis objects
for analyzed methods.
PostDominatorsAnalysis variant in which implicit exception edges are ignored.
Analysis engine to produce NonImplicitExceptionPostDominatorsAnalysis objects
for analyzed methods.
A synthetic instruction that converts a reference to a boolean value,
translating any nonnull value to 1 (true), and null value to 0 (false).
A Detector which does not report warnings.
Scan classes for @CheckReturnValue annotations
Scan methods for directly-relevant type qualifiers, building the
DirectlyRelevantTypeQualifiersDatabase.
Deprecated.
AnnotationDatabases are being phased out, since annotations are
now stored directly in the XClass/XMethod/XField objects.
As a first scanning pass, make a note of unconditionally dereferenced
parameters for later use by FindNullDerefs.
Make a note of unconditionally dereferenced parameters for later use by
FindNullDerefs.
A synthetic instruction that converts a reference to a boolean value,
translating null to 1 (true), and any nonnull value to 0 (false).
Warning property for a null argument being passed to a method which might
dereference it.
Callback interface for collecting null pointer derefs and redundant null
comparisons.
A user-friendly front end for finding null pointer dereferences and redundant
null comparisons.
Warning properties for null pointer dereference and redundant null comparison
warnings.
An Iterator that returns no elements.
Nullness annotation detector.
Deprecated.
A synthetic instruction that converts a the nullness of a reference to a boolean value.
Special type representing the null value.
Collected information about a single value number observed at one or more
locations to be both definitely-null and unconditionally dereferenced.
Detector to find calls to Number constructors with base type argument in Java
5 or newer bytecode.
An obligation that must be cleaned up by error handling code.
Exception to indicate that ObligationAnalysis has detected a situation in
which an obligation is either acquired or released inside a loop.
Dataflow analysis to track obligations (i/o streams and other resources which
must be closed).
Dataflow class for ObligationAnalysis.
Analysis factory which creates instances of ObligationDataflow.
Factory for Obligation and ObligationSet objects to be used in an instance of
ObligationAnalysis.
Policy database which defines which methods create and remove obligations.
An action applied by an entry in the ObligationPolicyDatabase.
Enumeration describing possible actions for policy database entries.
Interface defining an entry in the ObligationPolicyDatabase.
Types of ObligationPolicyDatabaseEntries.
A multiset of obligations that must be cleaned up by error-handling code.
Abstract PatternElement subclass for matching single instructions which have
a single Variable.
PatternElement to match instructions with a particular opcode.
tracks the types and numbers of objects that are currently on the operand
stack throughout the execution of method.
You can put this annotation on a OpcodeStack detector
to indicate that it uses
OpcodeStack.Item.userValue,
and thus should not reuse generic OpcodeStack information
from an iterative evaluation of the opcode stack.A type qualifier to mark
int value as SpecialKind type.Base class for Detectors that want to scan the bytecode of a method and use
an opcode stack.
Methods with "Optional" return type should never return null.
An exception indicating that the detector ordering constraints specified by a
plugin are invalid.
Write XML to an output stream.
This class implements a best-effort visitation of all methods overridden by a
given derived instance method.
Abstract base class for BugAnnotations describing constructs which are
contained in a Java package.
Accumulate type qualifier annotations for a method parameter.
Method property database storing which method parameters might be
unconditionally dereferenced.
Method property recording which parameters are have some property
(originally, which were required to be nonnull, now made more generic)
Analysis engine to produce parameter signature lists for analyzed methods.
A Path is a sequence of basic blocks.
Visit the BasicBlocks, InstructionHandles, and Edges along a Path.
A PatternElement is an element of a ByteCodePattern.
PatternElementMatch represents matching a PatternElement against a single
instruction.
Match a ByteCodePattern against the code of a method, represented by a CFG.
A FindBugs plugin.
An exception to indicate that a plugin could not be loaded.
Loader for a FindBugs plugin.
Dataflow analysis to compute postdominator sets for a CFG.
Base class for Detectors which want to perform a preorder traversal of the
classfile.
Interface to make the use of a visitor pattern programming style possible.
Print the AppVersion information from a BugCollection.
A simple BugReporter which simply prints the formatted message to the output
stream.
Enum representing how a particular warning property is expected to affect its
likelihood of being serious, benign, or a false positive.
Matcher to select BugInstances with a particular priority.
This class is mutable and not synchronized, so create independent
Profiler instance for each worker thread.
A class that summarize profile recorded by multiple
Profiler instances.A project in the GUI.
Settings for user filtering of warnings for a project.
Statistics resulting from analyzing a project.
Property database for interprocedural analysis.
Prune a CFG to remove infeasible exception edges.
This class contains all the public identifiers that are part of the
Java Standard Library.
finds public classes that use 'this' as a semaphore, which can cause
conflicts if clients of this class use an instance of this class as their own
synchronization point.
Quote metacharacters in a String.
Matcher to select BugInstances with a particular rank or higher.
Mine historical information from a BugCollection.
Recursively search a directory, its subdirectories, etc.
An instruction recorded as a redundant reference comparison.
Warning properties for FindRefComparison detector.
A generic database factory that tries to create the database by (in order of
preference)
Invoking a static create method
Invoking a no-arg constructor
Detector to find private methods that are never called.
Repopulate a BugCollection with class features from the classes in a
specified jar file.
StringMatcher that matches based on a regular expression.
Select all detector factories for reporting detectors.
A special version of ClassParser that automatically enters parsed classes
into the Repository.
An interface which Repository class lookup failures are reported to.
A ResourceCollection defines all of the resources created and used in a
particular method.
A resource creation point.
Exception to indicate that a resource was not found.
A ResourceTracker is used with ResourceValueAnalysis to determine where in a
method a certain kind of resource is created, and to model the effect of
instructions on the state of that resource.
Abstract implementation of a Detector to find methods where a particular kind
of created resource is not cleaned up or closed properly.
Analysis engine to produce ReturnPathDataflow objects for analyzed methods.
A dataflow value that indicates what kind of return path is possible at the
current program location.
A dataflow analysis to determine, at each location in a method's CFG, whether
or not it is possible to return normally at that location.
Dataflow class for ReturnPathTypeAnalysis.
Analysis engine to produce ReturnPathTypeDataflow objects for analyzed
methods.
Method property database storing which methods return values guaranteed to be
nonnull
Algorithm to perform a reverse depth first search on a CFG.
Perform a reverse depth first search of a graph.
Analysis engine to produce ReverseDepthFirstSearch objects for analyzed
methods.
A BlockOrder for visiting the blocks of a CFG in the order they would be
visited in a depth first search of the reversed CFG.
A BlockOrder for visiting the blocks of a CFG in the reverse of the order in
which they are finished in a depth first search.
RuntimeExceptionCapture
Build a BugCollection based on SAX events.
SearchTree represents a search tree produced by a graph search algorithm,
such as BreadthFirstSearch or DepthFirstSearch.
A search tree callback implementation that builds a list of SearchTrees
recording a graph search.
Callback interface for building a search tree from a depth first search.
Since Java 17, the security manager is deprecated for removal and invoking related methods
causes a warning to be printed to the console.
Build a call graph of the self calls in a class.
Java main application to compute update a historical bug collection with
results from another build/analysis.
Show command line help.
Convert part or all of a Java type signature into something closer to what
types look like in the source code.
A simple class to parse method signatures.
A set of classes considered similar because of their features.
Object to enumerate (some subset of) the simple paths in a CFG.
Select a detector factory for a specific detector class.
Implementation of ICodeBase for a single classfile.
Codebase entry for a single-file codebase.
An abstract PatternElement subclass for pattern elements which must match
exactly one instruction and accept any kind of branch.
Denotes a class name or package name where the / character is used to
separate package/class name components.
Very sloppy bug comparator: if the warnings are of the same type, and in the
same class/method/field, assume they are the same.
An implementation of
BugCollection that keeps the BugInstances sorted
by class (using the native comparison ordering of BugInstance's compareTo()
method as a tie-breaker).A BugReporter which stores all of the reported bug instances, and sorts them
by class name before printing them.
Cached data for a source file.
A data source which can produce a stream for a source file.
Class to open input streams on source files.
Global information about the source code for an application.
A range of source lines.
A BugAnnotation that records a range of source lines in a class.
Information about a source or sink in the type qualifier dataflow analysis.
Types of sources and sinks in type qualifier dataflow analysis.
Split a camel case identifier into individual words.
Dataflow fact to represent the depth of the Java operand stack.
A really simple forward dataflow analysis to find the depth of the Java
operand stack.
A TypeMerger which applies standard Java semantics when merging Types.
Error-handling obligation analysis state.
is a marker interface for detectors that don't save state from one class file
to the next.
A dataflow fact used in ObligationAnalysis.
Detector for static fields of type
Calendar or
DateFormat and their subclasses.Denotes a static field that is initialized to a constant value and then never changes.
Stream factory for streams created by loading a value from a static field.
A PatternElement representing a store to a field.
Analysis engine to produce StoreDataflow objects for analyzed methods.
A Stream object marks the location in the code where a stream is created.
Set of streams that are in an equivalence class.
A StreamEscape is an object representing the escape of a Stream to a called
method.
An object that examines a Location and determines if a Stream is created
there.
A visitor to model the effect of instructions on the status of the resource
(in this case, Streams).
Resource tracker which determines where streams are created, and how they are
used within the method.
Bug annotation class for string values.
Find occurrences of using the String "+" or "+=" operators within a loop.
A boolean predicate for matching String values.
A class for static String utility methods.
Matches a string against a set of predefined values.
Algorithm to find strongly connected components in a graph.
Class for performing class hierarchy queries.
Type matcher that determines if a candidate Type is a subtype of a given
Type.
Find occurrences of a instanceof b where it can be determined statically
whether this is true or false.
Visitor interface for simple traversals of the inheritance graph.
looks for calls to Thread.interrupted from a non static context, especially
when that context is not 'currentThread()'.
The target of a branch instruction.
Visitor to find all of the targets of an instruction whose InstructionHandle
is given.
A taxon SARIF element (see: ยง3.19.3).
Sample detector, using ASM
This detector is just a test harness to test a dataflow analysis class
specified by the dataflow.classname property.
Base class for BugReporters which provides convenient formatting and
reporting of warnings and analysis errors.
Helper class to parse the command line and configure the IFindBugsEngine
object.
Display FindBugs progress in the terminal window using ASCII codes.
An exception thrown from an instruction.
Simple token class.
A simple tokenizer for Java source text.
Special "top" type.
Build a database of reference types stored into fields.
Interface to mark Detector classes which are used only as a training pass.
Deprecated.
AnnotationDatabases are being phased out, since annotations are
now stored directly in the XClass/XMethod/XField objects.
Training pass to find method parameters which are unconditionally
dereferenced.
Algorithm to transpose a graph.
A forward dataflow analysis to determine the types of all values in the Java
stack frame at all points in a Java method.
Bug annotation class for java types.
Analysis engine to produce TypeDataflow objects for analyzed methods.
A specialization of
Frame for determining the types of values in the
Java stack frame (locals and operand stack).Visitor to model the effects of bytecode instructions on the types of the
values (local and operand stack) in Java stack frames.
Predicate for matching types.
Interface for object which merges types for TypeAnalysis.
A type qualifier applied to a field, method, parameter, or return value.
The result of looking up a TypeQualifierAnnotation.
Partial result of looking up a TypeQualifierAnnotation.
Figure out where and how type qualifier annotations are applied.
Store computed type qualifiers for method parameters and return values.
Dataflow class for TypeQualifierDataflowAnalysis.
Abstract base class for type qualifier dataflow analyses.
Factory to create and cache TypeQualifierDataflow objects for a particular
method.
Implementation of INullnessAnnotationDatabase that is based on JSR-305 type
qualifiers.
Resolve annotations into type qualifiers.
A TypeQualifierValue is a pair specifying a type qualifier annotation and a
value.
Set of ValueNumbers and their corresponding FlowValues.
Base class for simple type checking detectors which tests if the method
returns null references for specific types.
Common base class for unchecked analysis exceptions.
Dataflow analysis to find values unconditionally dereferenced in the future.
Dataflow to find value numbers unconditionally dereferenced.
Analysis engine to produce UnconditionalValueDerefDataflow objects for
analyzed methods.
A set of values unconditionally dereferenced in the future.
Compute the union of two sets of bug results, preserving annotations.
Find occurrences of Math using constants, where the result of the calculation
can be determined statically.
Unpacked code for a method.
Analysis engine to produce UnpackedCode objects for analyzed methods.
Java main application to compute update a historical bug collection with
results from another build/analysis.
A work-alike class to use instead of BCEL's ClassPath class.
BCEL Repository implementation that uses an URLClassPath to find classes.
equals and hashCode are blocking methods on URL's.
A marker interface for detectors which use an AnnotationDatabase.
User Preferences outside of any one Project.
A "value number" is a value produced somewhere in a methods.
A dataflow analysis to track the production and flow of values in the Java
stack frame.
Global flags controlling ValueNumberAnalysis.
A cache mapping instructions and input values to the output values they
produce.
An entry in the cache.
Analysis engine to produce ValueNumberDataflow objects for analyzed methods.
Factory for ValueNumbers.
A dataflow value representing a Java stack frame with value number
information.
Visitor which models the effects of bytecode instructions on value numbers of
values in the operand stack frames.
Helper methods to find out information about the source of the value
represented by a given ValueNumber.
a class holding common constants used throughout FindBugs
A Variable is either a LocalVariable or a FieldVariable.
Version number and release date information.
Compare bug instances by only those criteria which we would expect to remain
constant between versions.
VertexChooser specifies an interface for objects that determine whether or
not a vertex is chosen for some purpose.
Interface for an object which combines a set of vertices into a single
composite vertex; for example, after finding strongly connected components.
Comparator to compare GraphVertex objects by their visitation times in a
search; for example, it could compare the finishing times produced by
DepthFirstSearch.
Interface that all warning property enumerations are expected to implement.
A Set of WarningProperty objects, each with an optional attribute Object.
Utility methods for creating general warning properties.
A weakness represents a single weakness of the Common Weakness Enumeration (CWE).
The weakness catalog contains a number of weaknesses
Common Weakness Enumeration weakness severity
A wildcard PatternElement, which matches any kind of instruction
indiscriminately.
Interface for object representing information about a class.
BugReporter to output warnings in xdocs format for Maven.
Factory methods for creating XMethod objects.
Abstract representation of a field.
An XMethod represents symbolic information about a particular method.
Helper class to format attributes in an XML tag.
Report warnings as an XML document.
Interface to generate an XML document in some form.
Utility routines for writing to XMLOutput.
Interface indicating that an object can write itself to an XML document.
Write an object to XMLOutput while optionally adding descriptive messages.
Find nodes in a dom4j tree that match a particular XPath expression.
Implementation of ICodeBase to read from a zip file or jar file.
Implementation of ICodeBaseEntry for resources in zipfile codebases.
Implementation of ICodeBase to read from a zip file or jar file.
Implementation of ICodeBaseEntry for resources in zipfile codebases.
A source file data source for source files residing in Zip or Jar archives.