Coding v5.2.0

These checks address coding problems.

IllegalMethodCall

Flags calls to methods with certain names. Occurrences are flagged based on the name alone; the type of the object to which the method belongs is not taken into account.

This is a low-tech mechanism for certain types of code governance, such as preventing use of reflection through Class.forName() or Constructor.newInstance(). The scattergun approach used by this check may get you some false positives, which may have to be suppressed.

Properties

This check must be configured explicitly for certain method names; it does nothing by default.

illegalMethodNames StringSet
Comma-separated list of plain method names, no parameters, no parentheses none
excludedQualifiers StringSet
Comma-separated list of method call qualifiers which indicate that a call should be excluded. For example, if the call was JAXBContext.newInstance();, then JAXBContext is the qualifier (the part of the full identifier that comes before the dot). In other words, method calls with one of the qualifiers listed here are not illegal. Note that only identifiers can be used here, not expressions. Also, type arguments are ignored: For example, Foo.<String>legalMethod(arg) has the qualifier Foo. none

Custom Messages

In addition to the properties, optionally adding a message element may benefit this check to make the warning easier to understand. The message key is illegal.method.call, and it features one optional placeholder ({0}), which is the name of the flagged method. The placeholder is useful when the list of illegal method names contains more than 1 entry.

Examples

Configure the check like this:

<module name="IllegalMethodCall">
<property name="illegalMethodNames" value="forName, newInstance"/>
<property name="excludedQualifiers" value="JAXBContext, Charset"/>
</module>

Example using a custom message:

<module name="IllegalMethodCall">
<property name="illegalMethodNames" value="finalize"/>
<message key="illegal.method.call" value="Finalizer called explicitly"/>
</module>

Parent Module

TreeWalker

LostInstance

Checks that object instances created explicitly with new are actually used for something. Just being assigned to a variable or passed as a parameter is enough. A full data flow analysis is not performed.

This helps discover cases like the following:

if (x < 0)
new IllegalArgumentException("x must be nonnegative");

It was probably the intent of the programmer to throw the created exception:

if (x < 0)
throw new IllegalArgumentException("x must be nonnegative");

The instance might have been created in order to make use of a constructor side effect, but such a case would be a bug in its own right.

This check was inspired by the FindBugs detector RV_EXCEPTION_NOT_THROWN. However, this check is not restricted to exceptions.

Properties

None.

Examples

Configure the check like this:

<module name="LostInstance"/>

Parent Module

TreeWalker