<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>FindBugs Change Log</title>
<link rel="stylesheet" type="text/css" href="findbugs.css">

</head>

<body>

	<table width="100%">
		<tr>

			
<td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> 
<table width="100%" cellspacing="0" border="0"> 
<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><b>Docs and Info</b></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="findbugs2.html">FindBugs 2.0</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/&#26085;&#26412;&#35486;)</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>

<tr><td>&nbsp;</td></tr>

<tr><td><b>Development</b></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> 
</table> 
</td>

			<td align="left" valign="top">


				<h1>FindBugs Change Log, Version 2.0.3</h1>
				<ul>
					<li>New Bug patterns: <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_BOXED_PRIMITIVE_FOR_PARSING">DM_BOXED_PRIMITIVE_FOR_PARSING</a>,
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_RETURN_RELAXING_ANNOTATION">NP_METHOD_RETURN_RELAXING_ANNOTATION</a>,
						and 
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION">NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION</a>
					</li>
					<li>Add the ability in the GUI to save the currently viewable/filtered bugs to HTML output.
					<li>When dataflow does't terminate, make sure we continue with
						analysis.
					
					<li>Fix some problems that resulting in dataflow analysis not
						terminating
					
					<li>Get parameter annotations from default parameters
						annotations applied to the method.
					<li>Add subversion change number to eclipse plugin qualifier.
					
					<li>Disabled detector for <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM_CREATES_EMPTY_JAR_FILE_ENTRY</a>;
						it complaints inappropriately about code that creates directory
						entries.
					
					<li>Add warnings about incompatible types passed to
						org.testng.Assert.assertEquals</li>
					<li>Add logic that understands more of the Google Guava APIs.
					<li>Disable type qualifier validator execution within Eclipse plugin; 
						too many problems with class loading and security manager (see #1154 Random obscure Eclipse failures)
					<li>Consistently check both access flags and attributes to see if something is synthetic. Compiler is 
					inconsistent about where synthetic elements are marked. 
					
				<li>Fixed false positives for the following bug patterns (17
						occurrences in findbugsTestCases):
						<ul>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC">BC</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_INSTANCEOF">BC_IMPOSSIBLE_INSTANCEOF</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE">INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#IS2_INCONSISTENT_SYNC">IS2_INCONSISTENT_SYNC</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS">NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#OBL_UNSATISFIED_OBLIGATION">OBL_UNSATISFIED_OBLIGATION</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
							</li>
						</ul>
					<li>Fixed false negatives for the following bug patterns (45
						occurrences in findbugsTestCases):
						<ul>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_NUMBER_CTOR">DM_NUMBER_CTOR</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_ARRAY_AND_NONARRAY">EC_ARRAY_AND_NONARRAY</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE">EC_INCOMPATIBLE_ARRAY_COMPARE</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#IS_FIELD_NOT_GUARDED">IS_FIELD_NOT_GUARDED</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#IT_NO_SUCH_ELEMENT">IT_NO_SUCH_ELEMENT</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS">JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH">NP_NULL_ON_SOME_PATH</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_PARAM_VIOLATION">NP_NONNULL_PARAM_VIOLATION</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_STORE_INTO_NONNULL_FIELD">NP_STORE_INTO_NONNULL_FIELD</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RE_POSSIBLE_UNINTENDED_PATTERN">RE_POSSIBLE_UNINTENDED_PATTERN</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#SA_FIELD_SELF_COMPARISON">SA_FIELD_SELF_COMPARISON</a>
						</ul>
				</ul>
				<h1>FindBugs Change Log, Version 2.0.2</h1>
				
				<ul>
					<li>Fix false positions for <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a>
						- fixing <a
						href="https://sourceforge.net/tracker/?func=detail&aid=3547559&group_id=96405&atid=614693">Bug3547559</a>,
						<a
						href="https://sourceforge.net/tracker/?func=detail&aid=3555408&group_id=96405&atid=614693">Bug3555408</a>,
						<a
						href="https://sourceforge.net/tracker/?func=detail&aid=3580266&group_id=96405&atid=614693">Bug3580266</a>
						and <a
						href="https://sourceforge.net/tracker/?func=detail&aid=3587164&group_id=96405&atid=614693">Bug3587164</a>.


					</li>
					<li>Fix false positives for <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#SF_SWITCH_NO_DEFAULT">SF_SWITCH_NO_DEFAULT</a>
					<li>Inline access methods for private fields,
                    fixing false positive in  <a
                        href="https://sourceforge.net/tracker/?func=detail&aid=3484713&group_id=96405&atid=614693">Bug3484713</a>.
            
                    <li>Type qualifier annotations, including nullness
						annotations, are now ignored on vararg parameters (including
						default and inherited annotations), awaiting JSR308.
					<li>Defined new bug pattern to give better explanations of
						issues involving strict type qualifiers <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED">TQ_UNKNOWN_VALUE_USED_WHERE_ALWAYS_STRICTLY_REQUIRED</a>
					<li>Adjusted analysis of type qualifiers, now giving warnings
						where a computed value is used in a place where a value with a
						strict type qualifier is required.
					<li>Complain about missing classes only if they are
						encountered while analyzing application classes; ignore missing
						classes that are encounted while analyzing classes loaded from the
						auxclasspath. Fix for <a
						href="https://sourceforge.net/tracker/?func=detail&aid=3588379&group_id=96405&atid=614693">Bug3588379</a>
					<li>Fixed false positive null pointer warning coming from
						synthetic bridge methods, fixing <a
						href="https://sourceforge.net/tracker/?func=detail&aid=3589328&group_id=96405&atid=614693">Bug3589328</a>
					<li>In general, suppress warnings in synthetic methods.
					<li>Fix some false positives involving <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>
						on classes that extend generic collection classes.
                       
					</li>
                    <li>Combine multiple identical warnings about 
                     <a
                        href="http://findbugs.sourceforge.net/bugDescriptions.html#DM_DEFAULT_ENCODING">DM_DEFAULT_ENCODING</a>
                         that occur in the same method,
                    simplifying issue triage.
                    
					<li>Changes by Andrey Loskutov
						<ul>
							<li>fixed job scheduling errors in 3.8/4.2 Eclipse <a
								href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=393748">bug
									report</a>
							<li>more realistic progress bar updates for jobs
							<li>added nullness annotations for some common Eclipse API
								methods known to usually return null values
							<li>Added support for org.eclipse.jdt.annotation.Nullable,
								NonNull and NonNullByDefault annotations (introduced with
								Eclipse 3.8/4.2)</li>
						</ul>
					<li>Documentation improvements
					<li><a href="http://code.google.com/p/findbugs/source/list">lots
							of other small changes</a>
				</ul>
				<h1>FindBugs Change Log, Version 2.0.1</h1>

				<ul>
					<li>New bug patterns; in some cases, bugs previous reported as
						other bug patterns are reported as instances of these new bug
						patterns in order to make it easier for developers to understand
						the bug reports
						<ul>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_RELATIVE_PATH_TRAVERSAL">PT_RELATIVE_PATH_TRAVERSAL</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_REFACTORED_TO_BE_FINAL">MS_SHOULD_BE_REFACTORED_TO_BE_FINAL</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST_OF_RETURN_VALUE">BC_UNCONFIRMED_CAST_OF_RETURN_VALUE</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#PT_ABSOLUTE_PATH_TRAVERSAL">PT_ABSOLUTE_PATH_TRAVERSAL</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS">TQ_COMPARING_VALUES_WITH_INCOMPATIBLE_TYPE_QUALIFIERS</a></li>
						</ul>
					</li>

					<li>Changes to fix false negatives for the following bug
						patterns: <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_UNCONFIRMED_CAST">BC_UNCONFIRMED_CAST</a>,
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_BAD_ARRAY_COMPARE">EC_BAD_ARRAY_COMPARE</a>,
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_UNUSUAL">EQ_UNUSUAL</a>,
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#GC_UNRELATED_TYPES">GC_UNRELATED_TYPES</a>,
						and <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE</a>.
					</li>

					<li>Changes to fix false positions for the following bug
						patterns: <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_DOH">DMI_DOH</a>,
						<a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_UNRELATED_TYPES">EC_UNRELATED_TYPES</a>,
						and <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#SE_BAD_FIELD">SE_BAD_FIELD</a>.
					</li>
				</ul>

				<h1>FindBugs Change Log, Version 2.0.0</h1>

				<h2>Changes since version 1.3.8</h2>
				<ul>
					<li>New bug patterns; in some cases, bugs previous reported as
						other bug patterns are reported as instances of these new bug
						patterns in order to make it easier for developers to understand
						the bug reports
						<ul>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
							</a></li>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
							</a></li>
						</ul>
					</li>
					<li>Providing a bug rank (1-20), and the ability to filter by
						bug rank. Eventually, it will be possible to specify your own
						rules for ranking bugs, but the procedure for doing so hasn't been
						specified yet.</li>
					<li>Fixed about <a
						href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
							bugs filed</a> through SourceForge
					</li>
					<li>Various reclassifications and priority tweaks</li>
					<li>Added more bug annotations to a variety of bug reports.
						This provides more context for understanding bug reports (e.g., if
						the value in question was is the return value of a method, the
						method is described as the source of the value in a bug
						annotation). This also provide more accurate tracking of issues
						across versions of the code being analyzed, but has the downside
						that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
						on the same version of code being analyzed, FindBugs may think
						that mistakenly believe that the issue reported by 1.3.8 was fixed
						and a new issue was introduced that was reported by FindBugs
						1.3.9. While annoying, it would be unusual for more than a dozen
						issues per million lines of codes to be mistracked.</li>
					<li>Lots of internal changes moving towards FindBugs 2.0, but
						these features are undocumented, not yet officially supported, and
						subject to radical changes before FindBugs 2.0 is released.</li>
				</ul>

				<p>Changes since version 1.3.8</p>
				<ul>
					<li>New bug patterns; in some cases, bugs previous reported as
						other bug patterns are reported as instances of these new bug
						patterns in order to make it easier for developers to understand
						the bug reports
						<ul>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST ">BC_IMPOSSIBLE_DOWNCAST
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY ">BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#EC_INCOMPATIBLE_ARRAY_COMPARE ">EC_INCOMPATIBLE_ARRAY_COMPARE
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#JLM_JSR166_UTILCONCURRENT_MONITORENTER ">JLM_JSR166_UTILCONCURRENT_MONITORENTER
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE ">LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#NP_CLOSING_NULL ">NP_CLOSING_NULL
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE ">RC_REF_COMPARISON_BAD_PRACTICE
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN ">RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED ">RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#SIC_THREADLOCAL_DEADLY_EMBRACE ">SIC_THREADLOCAL_DEADLY_EMBRACE
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR ">UR_UNINIT_READ_CALLED_FROM_SUPER_CONSTRUCTOR
							</a>
							<li><a
								href="http://findbugs.sourceforge.net/bugDescriptions.html#VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED ">VA_FORMAT_STRING_EXPECTED_MESSAGE_FORMAT_SUPPLIED
							</a>
						</ul>
					</li>
					<li>Providing a bug rank (1-20), and the ability to filter by
						bug rank. Eventually, it will be possible to specify your own
						rules for ranking bugs, but the procedure for doing so hasn't been
						specified yet.</li>
					<li>Fixed about <a
						href="https://sourceforge.net/search/index.php?group_id=96405&search_summary=1&search_details=1&type_of_search=artifact&group_artifact_id%5B%5D=614693&open_date_start=2009-03-16&open_date_end=2009-08-20&form_submit=Search">45
							bugs filed</a> through SourceForge
					</li>
					<li>Various reclassifications and priority tweaks</li>
					<li>Added more bug annotations to a variety of bug reports.
						This provides more context for understanding bug reports (e.g., if
						the value in question was is the return value of a method, the
						method is described as the source of the value in a bug
						annotation). This also provide more accurate tracking of issues
						across versions of the code being analyzed, but has the downside
						that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9
						on the same version of code being analyzed, FindBugs may think
						that mistakenly believe that the issue reported by 1.3.8 was fixed
						and a new issue was introduced that was reported by FindBugs
						1.3.9. While annoying, it would be unusual for more than a dozen
						issues per million lines of codes to be mistracked.</li>
					<li>Lots of internal changes moving towards FindBugs 2.0, but
						these features are undocumented, not yet officially supported, and
						subject to radical changes before FindBugs 2.0 is released.</li>
				</ul>

				<p>Changes since version 1.3.7</p>
				<ul>
					<li>Primarily another small bugfix release.</li>
					<li>FindBugs base:
						<ul>
							<li>New Reports:
								<ul>
									<li>SF_SWITCH_NO_DEFAULT: missing default case in switch
										statement.</li>
									<li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW:
										value ignored when switch fallthrough leads to thrown
										exception.</li>
									<li>INT_VACUOUS_BIT_OPERATION: bit operations that don't
										do any meaningful work.</li>
									<li>FB_UNEXPECTED_WARNING: warning generated that
										conflicts with @NoWarning FindBugs annotation.</li>
									<li>FB_MISSING_EXPECTED_WARNING: warning not generated
										despite presence of @ExpectedWarning FindBugs annotation.</li>
									<li>NOISE category: intended for use in data mining
										experiments.
										<ul>
											<li>NOISE_NULL_DEREFERENCE: fake null point dereference
												warning.</li>
											<li>NOISE_METHOD_CALL: fake method call warning.</li>
											<li>NOISE_FIELD_REFERENCE: fake field dereference
												warning.</li>
											<li>NOISE_OPERATION: fake operation warning.</li>
										</ul>
									</li>
								</ul>
							</li>
							<li>Other:
								<ul>
									<li>Garvin Leclaire has created a new Apache Maven
										repository for FindBugs at <a
										href="http://code.google.com/p/findbugs/">the Google Code
											FindBugs SVN repository</a>. (Thanks Garvin!)
									</li>
								</ul>
							</li>
							<li>Fixes:
								<ul>
									<li>[ 2317842 ] Highlighting broken in Windows</li>
									<li>[ 2515908 ] check for oddness should track sign of
										argument</li>
									<li>[ 2487936 ] &quot;L B GC&quot; false pos cast from
										Map.Entry.getKey() to Map.get()</li>
									<li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li>
									<li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message
										reported</li>
									<li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is
										incorrect</li>
									<li>[ 2545098 ] Invalid character in analysis results file</li>
									<li>[ 2492673 ] Plugin sites should specify &quot;requires
										Eclipse 3.3 or newer&quot;</li>
									<li>[ 2588044 ] a tiny typing error</li>
									<li>[ 2589048 ] Documentation for convertXmlToText
										insufficient</li>
									<li>[ 2638739 ] NullPointerException when building</li>
								</ul>
							</li>
							<li>Patches:
								<ul>
									<li>[ 2538184 ] Make BugCollection implement
										Iterable&lt;BugInstance&gt; (thanks to Tomas Pollak)</li>
									<li>[ 2249771 ] Add Maven2 Findbugs plugin link to the
										Links page (thanks to Garvin Leclaire)</li>
									<li>[ 2609526 ] Japanese manual update (thanks to K.
										Hashimoto)</li>
									<li>[ 2119482 ] CheckBcel checks for nonexistent classes
										(thanks to Jerry James)</li>
								</ul>
							</li>
						</ul>
					</li>
					<li>FindBugs Eclipse plugin:
						<ul>
							<li>Major feature enhancements (thanks to Andrey Loskutov).
								See <a href="http://andrei.gmxhome.de/findbugs/index.html">this
									overview</a> for more information.
							</li>
							<li>Major test improvements (thanks to Tomas Pollak).</li>
							<li>Fixes:
								<ul>
									<li>[ 2532365 ] Compiler warning</li>
									<li>[ 2522989 ] Fix filter files selection</li>
									<li>[ 2504068 ] NullPointerException</li>
									<li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse
										3.5 M5</li>
								</ul>
							</li>
							<li>Patches:
								<ul>
									<li>[ 2143140 ] Unchecked conversion fixes for Eclipse
										plugin (thanks to Jerry James)
								</ul>
							</li>
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.3.6</p>
				<ul>
					<li>Overall, a small bugfix release.
					<li>New detection of accidental vacuous/useless calls to
						EasyMock methods, and of generic signatures that proclaim the use
						of unhashable classes in ways that require that they be hashed.
					<li>Eliminate some false positives where we were warning about
						a useless call (e.g., comparing two incompatible types for
						equality), but the only thing the code was doing with the result
						was passing it to assertFalse.
					<li>Japanese localization and manual by K.Hashimoto. (Thanks!)
					
					<li>Added -exclude and -outputDir command line options to
						rejarForAnalysis
					<li>Extended -adjustPriorities option to FindBugs analysis
						textui so that you can modify the priorities of individual bug
						patterns as well as visitors, and also completely suppress
						individual bug patterns or visitors.
						<ul>
							<li>e.g., -adjustPriority
								MS_SHOULD_BE_FINAL=suppress,MS_PKGPROTECT=suppress,EI_EXPOSE_REP=suppress,EI_EXPOSE_REP2=suppress,PZLA_PREFER_ZERO_LENGTH_ARRAYS=raise
							
						</ul>
				</ul>


				<p>Changes since version 1.3.5</p>
				<ul>
					<li>Added fairly exhaustive static analysis of uses of format
						strings, checking for missing or extra arguements, invalid format
						specifiers, or mismatched format specifiers and arguments (e.g,
						passing a String value for a %d format specifier). The logic for
						doing so is derived from Sun's java.util.Formatter class, and
						available separately from FindBugs as part of the <a
						href="https://jformatstring.dev.java.net/">jFormatString</a>
						project.
					<li>More tuning of the unsatisfied obligation detector. Since
						this detector is still rather noisy and an unfinished research
						project, I've moved the generated issues to a new category:
						EXPERIMENTAL.
					<li>Added check for <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_ADD_OF_SIGNED_BYTE">BIT_ADD_OF_SIGNED_BYTE</a>;
						similar to <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE">BIT_IOR_OF_SIGNED_BYTE</a>,
						except that addition is being used to combine shifted signed
						bytes.
					<li>Changed detection of EI_EXPOSE_REP2, so we only report it
						if the value stored is guaranteed to be the same value that was
						passed in as a parameter.
					<li>Added <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS">EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS</a>,
						a warning when an equals method checks to see if an operand is an
						instance of a class not compatible with itself. For example, if
						the Foo class checks to see if the argument is an instance of
						String. This is either a questionable design decision or a coding
						mistake.
					<li>Added <a
						href="http://findbugs.sourceforge.net/bugDescriptions.html#DMI_INVOKING_HASHCODE_ON_ARRAY">DMI_INVOKING_HASHCODE_ON_ARRAY</a>,
						which checks for invoking <code>hashCode()</code> on an array,
						which returns a hash code that ignores the contents of the array.
					
					<li>Added checks for using <code>x.removeAll(x)</code> to
						rather than <code>x.clear()</code> to clear an array.
					<li>Add checks for calls such as <code>x.contains(x)</code>, <code>x.remove(x)</code>
						and <code>x.containsAll(x)</code>.
					<li>Improvements to Eclipse plugin (thanks to Andrey
						Loskutov):
						<ul>
							<li>Report separate markers for each occurrence of an issue
								that appears multiple times in a method
							<li>fine tuning for reported markers: add only one marker
								for fields, add marker on right position
							<li>link bugs selected in bug explorer view to the opened
								editor and vice versa
							<li>select bugs selected in editor ruler in the opened bug
								explorer view
							<li>consistent abbreviations used in both bug explorer and
								bug details view
							<li>added "Expand All" button to the bug explorer view
							<li>added "Go Into/Go Up" buttons to the bug explorer view
							<li>added "Copy to clipboard" menu/functionality to the
								details view list widget
							<li>fix for CNF exception if loading the backup solution for
								broken browser widget
						</ul>
				</ul>



				<p>Changes since version 1.3.4</p>
				<ul>
					<li>Analysis about 15% faster
					<li><a
						href="http://sourceforge.net/tracker/?atid=614693&group_id=96405&func=browse&status=closed">38
							bugs closed</a></li>
					<li>New defect warnings:
						<ul>
							<li>calls to methods that always throw
								UnsupportedOperationException (DMI_UNSUPPORTED_METHOD)
							<li>repeated conditional tests (e.g., <code>if (x
									&lt; 0 || x &lt; 0) ...</code>) (RpC_REPEATED_CONDITIONAL_TEST)
							<li>Complete rewrite of detector for format string problems.
								More accurate, finds more problems, generates more descriptive
								reports, several different bug pattern
								(VA_FORMAT_STRING_EXTRA_ARGUMENTS_PASSED,
								VA_FORMAT_STRING_ILLEGAL, VA_FORMAT_STRING_MISSING_ARGUMENT,
								VA_FORMAT_STRING_BAD_ARGUMENT,
								VA_FORMAT_STRING_NO_PREVIOUS_ARGUMENT)
							<li>Fairly complete implementation of JSR-305 custom type
								qualifier analysis (no support for custom validators yet).
								(TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK
								TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_ALWAYS_SINK
								TQ_EXPLICIT_UNKNOWN_SOURCE_VALUE_REACHES_NEVER_SINK)
							<li>New detector for unsatisfied obligations such forgetting
								to close a file (OBL_UNSATISFIED_OBLIGATION).
							<li>Warning when a parameter is marked as nullable, but is
								always dereferenced.
								(NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE)
							<lI>Separate warning for dereference the result of readLine
								(NP_DEREFERENCE_OF_READLINE_VALUE)
						</ul>
					<li>When XML is generated with messages, the project stats now
						include &lt;FileStat&gt; elements. For each source file, this
						gives the path for the file, the total number of warnings for that
						file, and a bugHash for the file. While the instanceHash for a bug
						is intended to be version invariant (ignoring line numbers, etc),
						the bugHash for a file is intended to reflect all the information
						about the warnings in that file. The intended use case is that if
						the bugHash for a file is the same in two analysis runs, then <em>nothing</em>
						has changed about any of the warnings reported for that file
						between the two analysis runs.
					<li>More merging of similar issues within a method. For
						example, if the result of readLine() is dereferences multiple
						times within a method, it will be reported as a single warning
						with occurrences at multiple source lines.
				</ul>
				<p>Changes since version 1.3.3</p>

				<ul>
					<li>FindBugs base
						<ul>
							<li>New Reports:
								<ul>
									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method
										overrides equals in superclass and may not be symmetric</li>
									<li>EQ_ALWAYS_TRUE: equals method always returns true</li>
									<li>EQ_ALWAYS_FALSE: equals method always returns false</li>
									<li>EQ_COMPARING_CLASS_NAMES: equals method compares class
										names rather than class objects</li>
									<li>EQ_UNUSUAL: Unusual equals method</li>
									<li>EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails
										for subtypes</li>
									<li>SE_READ_RESOLVE_IS_STATIC: The readResolve method must
										not be declared as a static method.</li>
									<li>SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private
										readResolve method not inherited by subclasses</li>
									<li>MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field</li>
									<li>XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected
										cross site scripting vulnerability</li>
									<li>SKIPPED_CLASS_TOO_BIG: Class too big for analysis</li>
								</ul>
							</li>
							<li>Other:
								<ul>
									<li>Value-number analysis now more space-efficient</li>
									<li>Enhancements to reduce memory overhead when analyzing
										very large classes</li>
									<li>Now skips very large classes that would otherwise take
										too much time and memory to analyze</li>
									<li>Infrastructure for tracking effectively-constant/
										effectively-final fields</li>
									<li>Added more cweids</li>
									<li>Enhanced taint tracking for taint-based detectors</li>
									<li>Ignore doomed calls to equals if result is used as an
										argument to assertFalse</li>
									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC handles compareTo</li>
									<li>Priority tweak for ICAST_INTEGER_MULTIPLY_CAST_TO_LONG
										(only low priority if multiplying by 1000)</li>
									<li>Improved tracking of fields across method calls</li>
								</ul>
							</li>
							<li>Fixes:
								<ul>
									<li>[ 1941450 ] DLS_DEAD_LOCAL_STORE not reported</li>
									<li>[ 1953323 ] Omitted break statement in
										SynchronizeAndNullCheckField</li>
									<li>[ 1942620 ] Source Directories selection dialog
										interface confusion (partial)</li>
									<li>[ 1948275 ] Unhelpful "Load of known null"</li>
									<li>[ 1933922 ] MWM error in findbugs</li>
									<li>[ 1934772 ] 1.3.3 appears to rely on JDK 1.6, JNLP
										still specifies 1.5</li>
									<li>[ 1933945 ] -loadbugs doesn't work</li>
									<li>Fixed problems for class names starting with '$'</li>
									<li>Fixed bugs and incomplete handling of annotations in
										VersionInsensitiveBugComparator</li>
								</ul>
							</li>
							<li>Patches:
								<ul>
									<li>[ 1955106 ] Javadoc fixes</li>
									<li>[ 1951930 ] Superfluous import statements (thanks to
										Jerry James)</li>
									<li>[ 1951907 ] Missing @Deprecated annotations (thanks to
										Jerry James)</li>
									<li>[ 1951876 ] Infonode Docking Windows compile fix
										(thanks to Jerry James)</li>
									<li>[ 1936055 ] bugfix for findbugs.de.comment not working
										(thanks to Peter Fokkinga)
								</ul>
							</li>
						</ul>
					<li>FindBugs BlueJ plugin
						<ul>
							<li>Updated to use FindBugs 1.3.4 (first new release since
								1.1.3)</li>
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.3.2</p>

				<ul>
					<li>FindBugs base
						<ul>
							<li>New Detectors:
								<ul>
									<li>FieldItemSummary: Produces summary information for
										what is stored into fields</li>
									<li>SynchronizeOnClassLiteralNotGetClass: Look for code
										that synchronizes on the results of getClass rather than on
										class literals</li>
									<li>SynchronizingOnContentsOfFieldToProtectField: This
										detector looks for code that seems to be synchronizing on a
										field in order to guard updates of that field</li>
								</ul>
							</li>
							<li>New BugCode:
								<ul>
									<li>HRS: HTTP Response splitting vulnerability</li>
									<li>WL: Possible locking on wrong object</li>
								</ul>
							</li>
							<li>New Reports:
								<ul>
									<li>DMI_CONSTANT_DB_PASSWORD: This code creates a database
										connect using a hard coded, constant password</li>
									<li>HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed
										from untrusted input</li>
									<li>HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter
										directly written to HTTP header output</li>
									<li>CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines
										clone() but doesn't implement Cloneable</li>
									<li>DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization
										on boxed primitive could lead to deadlock</li>
									<li>DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on
										Boolean could lead to deadlock</li>
									<li>ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD:
										Synchronization on field in futile attempt to guard that field
									</li>
									<li>DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in
										return statement</li>
									<li>WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL:
										Synchronization on getClass rather than class literal</li>
								</ul>
							</li>
							<li>Other:
								<ul>
									<li>Many enhancements to cross-site scripting detector and
										its documentation</li>
									<li>Enhanced switch fall through handling</li>
									<li>Enhanced unread field handling (look for IF_ACMPEQ and
										IF_ACMPNE)</li>
									<li>Clarified documentation for @Nullable in manual</li>
									<li>Fewer DeadLocalStore false positives</li>
									<li>Fewer UnreadField false positives</li>
									<li>Fewer StaticCalendarDetector false positives</li>
									<li>Performance fix for slow file system IO e.g. Clearcase
										repositories (thanks, Andrei!)</li>
									<li>Other, general performance enhancements (thanks,
										Andrei!)</li>
									<li>Enhancements for using FindBugs scripts with MKS on
										Windows (thanks, Kelly O'Hair!)</li>
									<li>Noted in the manual that jsr305.jar must be present
										for annotations to compile</li>
									<li>Added and fine-tuned default-nullness annotations</li>
									<li>More CWE IDs added</li>
									<li>Check and warning for unexpected BCEL version in
										classpath</li>
								</ul>
							</li>
							<li>Fixes:
								<ul>
									<li>Bug fix to handling of local variable tables in BCEL</li>
									<li>Refined documentation for
										MTIA_SUSPECT_STRUTS_INSTANCE_FIELD</li>
									<li>[ 1927295 ] NPE when called on project root</li>
									<li>[ 1926405 ] Incorrect dead store warning</li>
									<li>[ 1926409 ] Incorrect redundant nullcheck warning</li>
									<li>[ 1926389 ] Wrong line number printed/highlighted in
										bug</li>
									<li>[ 1927040 ] typo in bug description</li>
									<li>[ 1926263 ] Minor glitch in HTML output</li>
									<li>[ 1926240 ] Minor error in standard options in manual</li>
									<li>[ 1926236 ] Minor bug in installation section of
										manual</li>
									<li>[ 1925539 ] ZIP is default file system code base</li>
									<li>[ 1894701 ] Livelock / memory leak in
										ObjectTypeFactory (thanks, Andrei!)</li>
									<li>[ 1867491 ] Doesn't reload annotations after code
										changes in IDE (thanks, Andrei!)</li>
									<li>[ 1921399 ] -project option not supported</li>
									<li>[ 1913834 ] "Dead" store to variable with method call</li>
									<li>[ 1917352 ] H B se:...field in serializable class</li>
									<li>[ 1911617 ] CloneIdiom relies on
										getNameConstantOperand for INSTANCEOF</li>
									<li>[ 1911620 ] False +: DLS predecrement before return</li>
									<li>[ 1871376 ] False negative: non-serializable Map field</li>
									<li>[ 1871051 ] non standard clone() method</li>
									<li>[ 1908854 ] Error in TestASM</li>
									<li>[ 1907539 ] 22 minor errors in bug checker
										documentation</li>
									<li>[ 1897323 ] EJB implementation class false positives</li>
									<li>[ 1899648 ] Crash on startup on Vista with Java
										1.6.0_04</li>
								</ul>
							</li>
						</ul>
					</li>
					<li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
						<ul>
							<li>new feature: export basic FindBugs numbers for projects
								via File-&gt;Export-&gt;Java-&gt;BugCounts (Andrey Loskutov)</li>
							<li>new feature: jobs for different projects will be run in
								parallel per default if running on a multi-core PC
								("fb.allowParallelBuild" system property not used anymore)
								(Andrey Loskutov)</li>
							<li>fixed performance slowdown in the multi-threaded build,
								caused by workspace operation locks during assigning marker
								attributes (Andrey Loskutov)</li>
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.3.1</p>

				<ul>
					<li>FindBugs base
						<ul>
							<li>New Bug Category:
								<ul>
									<li>SECURITY (Abbrev: S), A use of untrusted input in a
										way that could create a remotely exploitable security
										vulnerability</li>
								</ul>
							</li>
							<li>New Detectors:
								<ul>
									<li>CrossSiteScripting: This detector looks for
										obvious/blatant cases of cross site scripting vulnerabilities</li>
								</ul>
							</li>
							<li>New BugCode:
								<ul>
									<li>XSS: Cross site scripting</li>
								</ul>
							</li>
							<li>New Reports:
								<ul>
									<li>XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER: HTTP
										parameter directly written to Servlet output, giving XSS
										vulnerability</li>
									<li>XSS_REQUEST_PARAMETER_TO_JSP_WRITER: HTTP parameter
										directly written to JSP output, giving XSS vulnerability</li>
									<li>EQ_OTHER_USE_OBJECT: equals() method defined that
										doesn't override Object.equals(Object)</li>
									<li>EQ_OTHER_NO_OBJECT: equals() method inherits rather
										than overrides equals(Object)</li>
									<li>NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE: Possible
										null pointer dereference on path that might be infeasible</li>
								</ul>
							</li>
							<li>Other:
								<ul>
									<li>Added -noClassOk command-line parameter to
										command-line and ant interfaces; when -noClassOk is specified
										and no classfiles are given, FindBugs will print a warning
										message and output a well- formed file with no warnings</li>
									<li>Fewer false positives for null pointer bugs</li>
									<li>Suppress dead-local-store false positives in .jsp code</li>
									<li>Type fixes in warning messages</li>
									<li>Better warning message for NP_NULL_ON_SOME_PATH</li>
									<li>"WMI" bug code description renamed from "Wrong Map
										Iterator" to "Inefficient Map Iterator"</li>
								</ul>
							</li>
							<li>Fixes:
								<ul>
									<li>[ 1893048 ] FindBugs confused by a findbugs.xml file</li>
									<li>[ 1878528 ] XSL xforms don't support history features</li>
									<li>[ 1876584 ] two default.xsl flaws</li>
									<li>[ 1874856 ] Format string bug detector doesn't handle
										special operators</li>
									<li>[ 1872645 ] computeBugHistory -
										java.lang.IllegalArgumentException</li>
									<li>[ 1872237 ] Ant task fails when no .class files</li>
									<li>[ 1868670 ] Filters: include AND exclude don't allowed</li>
									<li>[ 1868666 ] check-for-oddness reported, but array
										length can never be negative</li>
									<li>[ 1866108 ] SetBugDatabaseInfoTask strips dir from
										output filename</li>
									<li>[ 1866021 ] MineBugHistoryTask strips dir of output
										filename</li>
									<li>[ 1865265 ] code doesn't handle
										StringBuffer.append([CII) right</li>
									<li>[ 1864793 ] Warning when casting a null reference
										compared to a String</li>
									<li>[ 1863376 ] Typo in manual chap 8: Filter Files</li>
									<li>[ 1862705 ] Transient fields that default to null</li>
									<li>[ 1842545 ] DLS on catch variable (with priority
										tweaking)</li>
									<li>[ 1816258 ] false positive BC_IMPOSSIBLE_CAST</li>
									<li>[ 1551732 ] Get erroneous DLS with while loop</li>
								</ul>
							</li>
						</ul>
					</li>
					<li>FindBugs Eclipse plugin (change log by Andrey Loskutov)
						<ul>
							<li>new feature: added Bug explorer view (replacing Bug tree
								view), based on Common Navigator framework (Andrey Loskutov)</li>
							<li>bug 1873860 fixed: empty projects are no longer shown in
								Bug tree view (Andrey Loskutov)</li>
							<li>new feature: bug counts decorators for projects, folders
								and files (has to be activated via Preferences -&gt; general
								-&gt; appearance -&gt; label decorations)(Andrey Loskutov)</li>
							<li>patch 1746499: better icons (Alessandro Nistico)</li>
							<li>patch 1893685: Find bug actions on change sets bug
								(Alessandro Nistico)</li>
							<li>fixed bug 1855384: Bug configuration is broken in
								Eclipse (Andrey Loskutov)</li>
							<li>refactored FindBugs properties page (Andrey Loskutov)</li>
							<li>refactored FindBugs worker/builder/run action (Andrey
								Loskutov)</li>
							<li>FB detects now only bugs from classes on project's
								classpath (no double work on duplicated class files) (Andrey
								Loskutov)</li>
							<li>fixed bug introduced by the bad patch for 1867951: FB
								cannot be executed incrementally on a folder of file (Andrey
								Loskutov)</li>
							<li>fixed job rule: now jobs for different projects may run
								in parallel if running on a multi-core PC and
								"fb.allowParallelBuild" system property is set to true (Andrey
								Loskutov)</li>
							<li>fixed FB auto-build not started if .fbprefs or
								.classpath was changed (Andrey Loskutov)</li>
							<li>fixed not reporting bugs on secondary types (classes
								defined in java files with different name) (Andrey Loskutov)</li>
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.3.0</p>
				<ul>
					<li>New Reports
						<ul>
							<li>VA_FORMAT_STRING_ARG_MISMATCH: A format-string method
								with a variable number of arguments is called, but the number of
								arguments passed does not match with the number of %
								placeholders in the format string. This is probably not what the
								author intended.
							<li>IO_APPENDING_TO_OBJECT_OUTPUT_STREAM: This code opens a
								file in append mode and that wraps the result in an object
								output stream. This won't allow you to append to an existing
								object output stream stored in a file. If you want to be able to
								append to an object output stream, you need to keep the object
								output stream open. The only situation in which opening a file
								in append mode and the writing an object output stream could
								work is if on reading the file you plan to open it in random
								access mode and seek to the byte offset where the append
								started.
							<li>NP_BOOLEAN_RETURN_NULL: A method that returns either
								Boolean.TRUE, Boolean.FALSE or null is an accident waiting to
								happen. This method can be invoked as though it returned a value
								of type boolean, and the compiler will insert automatic unboxing
								of the Boolean value. If a null value is returned, this will
								result in a NullPointerException.
						</ul>
					</li>
					<li>Changes to Existing Reports
						<ul>
							<li>RV_DONT_JUST_NULL_CHECK_READLINE: CORRECTNESS -&gt;
								STYLE</li>
							<li>DMI_INVOKING_TOSTRING_ON_ARRAY: Long description
								mentions array name whenever possible</li>
						</ul>
					</li>
					<li>Fixes:
						<ul>
							<li>Updated manual to mention that Java 1.5 is now a
								requirement for running FindBugs
							<li>Applied patch 1840206 fixing issue "Ant task does not
								work when presetdef is used" - thanks to phejl
							<li>Applied patch 1778690 fixing issue "Ant task: tolerate
								but complain about invalid auxClasspath" - thanks to David
								Schmidt
							<li>Applied patch 1852125 adding a Chinese-language GUI
								bundle props file - thanks to fifi
							<li>Applied patch 1845903 adding ability to load XML results
								with the Eclipse plugin - thanks to Alex Mont
							<li>Fixed issue 1844671 - "FP for "reversed" null check in
								catch for stream close"
							<li>Fixed issue 1836050 - "-onlyAnalyze broken"
							<li>Fixed issue 1853011 - "Typo: Field names should start
								with aN lower case letter"
							<li>Fixed issue 1844181 - "JNLP file does not contain all
								necessary JARs"
							<li>Fixed issue 1840245 - "xxxException class does not
								derive from Exception"
							<li>Fixed issue 1840277 - "[M D EC] Typo in bug
								documentation"
							<li>Fixed issue 1782447 - "OutOfMemoryError if i activate
								Findbugs on my project"
							<li>Fixed issue 1830576 - "[regression] keySet/entrySet
								false positive"
						</ul>
					</li>
					<li>Other:
						<ul>
							<li>New bug code: "IO" (for
								IO_APPENDING_TO_OBJECT_OUTPUT_STREAM)</li>
							<li>Added "-onlyMostRecent" option for computeBugHistory
								script/ant task
							<li>More explicit language in
								RV_RETURN_VALUE_IGNORED_BAD_PRACTICE messages
							<li>Modified ResourceValueAnalysis to correctly identify
								null == X or null != X as a null check (for issue 1844671)
							<li>Modified DMI_HARDCODED_ABSOLUTE_FILENAME logic in
								DumbMethodInvocations to ignore files from /etc or /dev and
								increase priority of files from /home
							<li>Better bug details for infinite loop warnings
							<li>Modified unread-fields detector to reduce false
								positives from reflective fields
							<li>build.xml "classes" target now builds all sources in one
								step
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.2.1</p>
				<ul>
					<li>New Detectors and Reports
						<ul>
							<li>SynchronizationOnSharedBuiltinConstant
								<ul>
									<li>DL_SYNCHRONIZATION_ON_SHARED_CONSTANT: The code
										synchronizes on a shared primitive constant, such as an
										interned String. Such constants are interned and shared across
										all other classes loaded by the JVM. Thus, this could be
										locking on something that other code might also be locking.
										This could result in very strange and hard to diagnose
										blocking and deadlock behavior. See <a
										href="http://www.javalobby.org/java/forums/t96352.html">http://www.javalobby.org/java/forums/t96352.html</a>
										and <a href="http://jira.codehaus.org/browse/JETTY-352">http://jira.codehaus.org/browse/JETTY-352</a>.
									
								</ul>
							</li>
							<li>OverridingEqualsNotSymmetrical
								<ul>
									<li>EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: Looks for equals
										methods that override equals methods in a superclass where the
										equivalence relationship might not be symmetrical.
								</ul>
							</li>
							<li>CheckTypeQualifiers
								<ul>
									<li>TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED: A value
										specified as carrying a type qualifier annotation is consumed
										in a location or locations requiring that the value not carry
										that annotation. More precisely, a value annotated with a type
										qualifier specifying when=ALWAYS is guaranteed to reach a use
										or uses where the same type qualifier specifies when=NEVER.</li>
									<li>TQ_NEVER_VALUE_USED_WHERE_ALWAYS_REQUIRED: A value
										specified as not carrying a type qualifier annotation is
										guaranteed to be consumed in a location or locations requiring
										that the value does carry that annotation. More precisely, a
										value annotated with a type qualifier specifying when=NEVER is
										guaranteed to reach a use or uses where the same type
										qualifier specifies when=ALWAYS.</li>
									<li>TQ_MAYBE_SOURCE_VALUE_REACHES_ALWAYS_SINK: A value
										that might not carry a type qualifier annotation reaches a use
										which requires that annotation.</li>
									<li>TQ_MAYBE_SOURCE_VALUE_REACHES_NEVER_SINK: A value
										which might carry a type qualifier annotation reaches a use
										which forbids values carrying that annotation.</li>
								</ul>
							</li>
						</ul>
					</li>
					<li>New Reports (existing detectors)
						<ul>
							<li>FindHEmismatch
								<ul>
									<li>EQ_DOESNT_OVERRIDE_EQUALS: This class extends a class
										that defines an equals method and adds fields, but doesn't
										define an equals method itself. Thus, equality on instances of
										this class will ignore the identity of the subclass and the
										added fields. Be sure this is what is intended, and that you
										don't need to override the equals method. Even if you don't
										need to override the equals method, consider overriding it
										anyway to document the fact that the equals method for the
										subclass just return the result of invoking super.equals(o).</li>
								</ul>
							</li>
							<li>Naming
								<ul>
									<li>NM_WRONG_PACKAGE, NM_WRONG_PACKAGE_INTENTIONAL: The
										method in the subclass doesn't override a similar method in a
										superclass because the type of a parameter doesn't exactly
										match the type of the corresponding parameter in the
										superclass.</li>
									<li>NM_SAME_SIMPLE_NAME_AS_SUPERCLASS: This class has a
										simple name that is identical to that of its superclass,
										except that its superclass is in a different package (e.g., <code>alpha.Foo</code>
										extends <code>beta.Foo</code>). This can be exceptionally
										confusing, create lots of situations in which you have to look
										at import statements to resolve references and creates many
										opportunities to accidently define methods that do not
										override methods in their superclasses.
									</li>
									<li>NM_SAME_SIMPLE_NAME_AS_INTERFACE: This class/interface
										has a simple name that is identical to that of an
										implemented/extended interface, except that the interface is
										in a different package (e.g., <code>alpha.Foo</code> extends <code>beta.Foo</code>).
										This can be exceptionally confusing, create lots of situations
										in which you have to look at import statements to resolve
										references and creates many opportunities to accidently define
										methods that do not override methods in their superclasses.
									</li>
								</ul>
							<li>FindRefComparison
								<ul>
									<li>EC_UNRELATED_TYPES_USING_POINTER_EQUALITY: This method
										uses using pointer equality to compare two references that
										seem to be of different types. The result of this comparison
										will always be false at runtime.</li>
								</ul>
							</li>
							<li>IncompatMask
								<ul>
									<li>BIT_SIGNED_CHECK, BIT_SIGNED_CHECK_HIGH_BIT: This
										method compares an expression such as <tt>((event.detail
											&amp; SWT.SELECTED) &gt; 0)</tt>. Using bit arithmetic and then
										comparing with the greater than operator can lead to
										unexpected results (of course depending on the value of
										SWT.SELECTED). If SWT.SELECTED is a negative number, this is a
										candidate for a bug. Even when SWT.SELECTED is not negative,
										it seems good practice to use '!= 0' instead of '&gt; 0'.
									</li>
								</ul>
							</li>
							<li>LazyInit
								<ul>
									<li>LI_LAZY_INIT_UPDATE_STATIC: This method contains an
										unsynchronized lazy initialization of a static field. After
										the field is set, the object stored into that location is
										further accessed. The setting of the field is visible to other
										threads as soon as it is set. If the further accesses in the
										method that set the field serve to initialize the object, then
										you have a <em>very serious</em> multithreading bug, unless
										something else prevents any other thread from accessing the
										stored object until it is fully initialized.
									</li>
								</ul>
							</li>
							<li>FindDeadLocalStores
								<ul>
									<li>DLS_DEAD_STORE_OF_CLASS_LITERAL: This instruction
										assigns a class literal to a variable and then never uses it.
										<a href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">The
											behavior of this differs in Java 1.4 and in Java 5.</a> In Java
										1.4 and earlier, a reference to <code>Foo.class</code> would
										force the static initializer for <code>Foo</code> to be
										executed, if it has not been executed already. In Java 5 and
										later, it does not. See Sun's <a
										href="//java.sun.com/j2se/1.5.0/compatibility.html#literal">article
											on Java SE compatibility</a> for more details and examples, and
										suggestions on how to force class initialization in Java 5.
									</li>
								</ul>
							</li>
							<li>MethodReturnCheck
								<ul>
									<li>RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: This method
										returns a value that is not checked. The return value should
										be checked since it can indication an unusual or unexpected
										function execution. For example, the <code>File.delete()</code>
										method returns false if the file could not be successfully
										deleted (rather than throwing an Exception). If you don't
										check the result, you won't notice if the method invocation
										signals unexpected behavior by returning an atypical return
										value.
									</li>
									<li>RV_EXCEPTION_NOT_THROWN: This code creates an
										exception (or error) object, but doesn't do anything with it.
									</li>
								</ul>
							</li>
						</ul>
					</li>
					<li>Changes to Existing Reports
						<ul>
							<li>NS_NON_SHORT_CIRCUIT: BAD_PRACTICE -&gt; STYLE</li>
							<li>NS_DANGEROUS_NON_SHORT_CIRCUIT: CORRECTNESS -&gt; STYLE</li>
							<li>RC_REF_COMPARISON: CORRECTNESS -&gt; BAD_PRACTICE</li>
						</ul>
					</li>
					<li>GUI Changes
						<ul>
							<li>Added importing and exporting of bug filters</li>
							<li>Better handling of failed analysis runs</li>
							<li>Added "-look" parameter for selecting look-and-feel</li>
							<li>Fixed incorrect package filtering</li>
							<li>Fixed issue where "synchronized" was not
								syntax-highlighted</li>
						</ul>
					</li>
					<li>Ant-task Changes
						<ul>
							<li>Refactored common ant-task code to AbstractFindBugsTask</li>
							<li>Added tasks for computeBugHistory, convertXmlToText,
								filterBugs, mineBugHistory, setBugDatabaseInfo</li>
						</ul>
					</li>
					<li>Manual
						<ul>
							<li>Updates to GUI section, including new screenshots</li>
							<li>Added description of rejarForAnalysis</li>
							<li>Revamp of data-mining section</li>
						</ul>
					</li>
					<li>Other Major
						<ul>
							<li>Internal restructuring for lower memory overhead</li>
						</ul>
					</li>
					<li>Other Minor
						<ul>
							<li>Fixed typo: was STCAL_STATIC_SIMPLE_DATA_FORMAT_INSTANCE
								now STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE</li>
							<li>-outputFile parameter became -output</li>
							<li>More sensitivity and specificity inLazyInit detector</li>
							<li>More sensitivity and specificity in Naming detector</li>
							<li>More sensitivity and specificity in UnreadFields
								detector</li>
							<li>More sensitivity in FindNullDeref detector</li>
							<li>More sensitivity in FindBadCast2 detector</li>
							<li>More specificity in FindReturnRef detector</li>
							<li>Many other tweaks and bug fixes</li>
						</ul>
					</li>
				</ul>

				<p>Changes since version 1.2.0</p>
				<ul>
					<li>Bug fixes:
						<ul>
							<li><a
								href="http://fisheye2.cenqua.com/changelog/findbugs/?cs=8219">Fix</a>
								<a
								href="http://sourceforge.net/tracker/index.php?func=detail&aid=1726946&group_id=96405&atid=614693">bug</a>
								with detectors that were requested to be disabled but were
								enabled due to requirements of other detectors.</li>
							<li>Fix bugs in incremental analysis within Eclipse plugin</li>
							<li>Fix some analysis errors</li>
							<li>Fix some threading bugs in GUI2</li>
							<li>Report version as version when it was compiled, not when
								it was run</li>
							<li>Copy analysis time stamp when filtering or transforming
								analysis files.</li>
						</ul>
					<li>Enabled StaticCalendarDetector</li>
					<li>Reworked GUI2 to use standard FindBugs filters
						<ul>
							<li>Allow a suppression filter to be stored in a project and
								persisted to the XML representation of a project.</li>
						</ul>
					</li>

					<li>Move away from old GUI2 save format (a directory
						containing an xml file and another file containing serialized
						filters).</li>
					<li>Support/recommend use of two new file extensions/formats:
						<dl>
							<dt>.fba - FindBugs Analysis File</dt>
							<dd>Exactly the same as an existing bug collection file
								stored in XML format, but using a distinct file extension to
								make it easier to figure out which xml files contain FindBugs
								results.</dd>
							<dt>.fbp - FindBugs Project File</dt>
							<dd>Contains just the information needed to run FindBugs and
								display the results (e.g., the files to be analyzed, the
								auxiliary class path and the location of source files)
						</dl>
					</li>
				</ul>
				<p>Changes since version 1.1.3</p>
				<ul>
					<li>Added -xml:withAbridgedMessages option to generate xml
						containing shorter messages. The messages will be shorted by doing
						things like eliding package names, and leaving off the source line
						from the LongMessage. These messages are appropriate if being used
						in a context where the non-message components of the bug
						annotations will be used to provide more information (e.g.,
						clicking on the message for a MethodAnnotation will display the
						source for the method).
						<ul>
							<li>FindBugsDisplayFeatures.setAbridgedMessages(true) can be
								used to generate abridged messages when FindBugs is being
								accessed directly (not via generated XML) from a GUI or IDE.</li>
						</ul>
					<li>In null pointer analysis, try to be better about always
						showing two locations: where it is known null and where it is
						dereferenced.
					<li>Interprocedural analysis of which methods return nonnull
						values
					<li>Use method calls to select order in which classes are
						analyzed, and order in which methods are analyzed, to improve
						interprocedural analysis results.
					<li>Significant improvements in memory footprint, memory
						allocation and CPU utilization (20-30% reduction in all three)
					<li>Added a project name, to provide better descriptions in
						the HTML output.
					<li>Added new bug pattern: Casting to char, or bit masking
						with nonnegative value, and then checking to see if the result is
						negative.
					<li>Stopped reporting transient fields of classes not marked
						as serializable. Transient is used by other persistence
						frameworks.
					<li>Improvements to detector for SQL injection (Thanks to <a
						href="http://www.clock.org/~matt">Matt Hargett</a> for his
						contributions
					<li>Changed open/save options in GUI2 to not distinguish
						between FindBugs projects and saved FindBugs analysis results.
					<li>Improvements to detection of serious non-short-circuit
						evaluation.
					<li>Updated Japanese localization (thanks to Ruimo Uno)
					<li>Eclipse plugin changes:
						<ul>
							<li>Created Bug User Annotations and Bug Tree Views
							<li>Use different icons for different bug priorities
							<li>Provide more information in Bug Details view
						</ul>
				</ul>

				<p>Changes since version 1.1.2:</p>
				<ul>
					<li>Fixed broken Ant task
					<li>Added running ant task to smoke test
					<li>Added validating xml and html output to smoke test
					<li>Fixed some (but not all) issues with html output
						validation
					<li>Added check for x.equals(x) and x.compareTo(x)
					<li>Various bug fixes
				</ul>
				<p>Changes since version 1.1.1:</p>
				<ul>
					<li>Added check for infinite iterative loops</li>
					<li>Added check for use of incompatible types in a collection
						(e.g., checking to see if a Set&lt;String&gt; contains a
						StringBuffer).</li>
					<li>Added check for invocations of equals or hashCode on a
						URL, which, <a
						href="http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html">surprising
							many people</a>, requires DNS resolution.
					</li>
					<li>Added check for classes that define compareTo but not
						equals; such classes can exhibit some anomalous behavior (e.g.,
						they are treated differently by PriorityQueues in Java 5 and Java
						6).</li>
					<li>Added a check for useless self operations (e.g., x &lt; x
						or x ^ x).</li>
					<li>Fixed a data race that could cause the GUI to fail on
						startup</li>
					<li>Partial internationalization of the new GUI</li>
					<li>Fix bug in "Redo analysis" option of new GUI</li>
					<li>Tuning to reduce false positives</li>
					<li>Fixed a bug in null pointer analysis that was generating
						false positive null pointer warnings on exception paths. Fixing
						this bug eliminates about 1/4 of the warnings on null pointer
						exceptions on exception paths.</li>
					<li>Fixed a bug in the processing of phi nodes for fields in
						the null pointer analysis</li>
					<li>Applied contributed patch that provides more quick fixes
						in Eclipse plugin.</li>
					<li>Fixed a number of bugs in the Eclipse auto update sites,
						and in the way date qualifiers were being used in the Eclipse
						plugin. You may need to manually disable your existing version of
						the plugin and download the 1.1.2 from the update site to get the
						automatic update function working correctly. The Eclipse update
						sites are described at <a
						href="http://findbugs.cs.umd.edu/eclipse/">http://findbugs.cs.umd.edu/eclipse/</a>.

					</li>
					<li>Fixed progress bar in Eclipse plugin</li>
					<li>A number of other bug fixes.</li>
				</ul>

				<p>Changes since version 1.1.0:</p>
				<ul>
					<li>less scanning of classes not on the analysis path (This
						was causing some performance problems.)</li>
					<li>no unread field warnings for fields annotated with
						javax.persistent or javax.ejb3</li>
					<li>Eclipse plugin
						<ul>
							<li>bug annotation info displayed in Bug Details tab</li>
							<li>.fbwarnings data file now stored in .metadata (not in
								the project itself)</li>
						</ul>
					</li>
					<li>new SE_BAD_FIELD_INNER_CLASS pattern</li>
					<li>updates to Japanese translation (ruimo)</li>
					<li>fix some internal slashed/dotted path confusion</li>
					<li>other minor improvements</li>
				</ul>

				<p>Changes since version 1.0.0:</p>

				<ul>
					<li>Overall, the change from FindBugs 1.0.0 to FindBugs 1.1.0
						has been a big change. We've done a lot of work in a lot of areas,
						and aren't even going to try to enumerate all the changes.</li>
					<li>We spent a lot of time reviewing the results generated by
						FindBugs for open source and commercial code bases, and made a
						number of changes, small and large, to minimize the number of
						false positives. Our primary focus for this was warnings reported
						as high and medium priority correctness warnings. Our internal
						evaluation is that we produce very few high/medium priority
						correctness warnings where the analysis is actually wrong, and
						that more than 75% of the high/medium priority correctness
						warnings correspond to real coding defects that need addressing in
						the source code. The remaining 25% are largely cases such as a
						branch or statement that if taken would lead to an error, but in
						fact is a dead branch or statement that can never be taken. Such
						coding is confusing and hard to maintain, so it should arguably be
						fixed, but it is unlikely to actually result in an error during
						execution. Thus, some might classify those warnings as false
						positives.</li>
					<li>We've substantially improved the analysis for errors that
						could result in null pointer dereferences. Overall, our experience
						has been that these changes have roughly doubled the number of
						null pointer errors we detect, without increasing the number of
						false positives (in fact, our false positive rate has gone down).
						The improvements are due to four factors:
						<ul>
							<li>By default, we now do some interprocedural analysis to
								determine methods that unconditionally dereference their
								parameters.</li>
							<li>FindBugs also comes with a model of which JDK methods
								unconditionally dereference their parameters.</li>
							<li>We do limited tracking of fields, so that we can detect
								null values stored in fields that lead to exceptions.</li>
							<li>We implemented a new analysis technique to find
								guaranteed dereferences. Consider the following example: <pre>public int f(Object x, boolean b) {
  int result = 0;
  if (x == null) result++;
  else result--;
  // at this point, we know x is null on a simple path
  if (b) {
    // at this point, x is only null on a complex path
    // we don't know if the path in which x is null and b is true is feasible
    return result + x.hashCode();
    }
  else {
    // at this point, x is only null on a complex path
    // we don't know if the path in which x is null and b is false is feasible
    return result - x.hashCode();
    }
</pre>

								<p>
									FindBugs 1.0 used forward dataflow analysis to determine
									whether each value is definitely null, null on a simple path,
									possible null on a complex path, or definitely nonnull. Thus,
									at the statement where
									<code> result </code>
									is decremented, we know that
									<code> x </code>
									is definitely null, and at the point before
									<code> if (b) </code>
									, we know that
									<code> x </code>
									is null on a simple path. If
									<code> x </code>
									were to be dereferenced here, we would generate a warning,
									because if the else branch of the
									<code> if (x == null) </code>
									were ever taken, a null pointer exception would result.
								</p>

								<p>
									However, in both the then and else branches of the
									<code> if (b) </code>
									statement,
									<code> x </code>
									is only null on a complex path that may be infeasible. It might
									be that the program logic is such that if
									<code> x </code>
									is null, then
									<code> b </code>
									is never true, so generating a warning about the dereference in
									the then clause might be a false positive. We could try to
									analyze the program to determine whether it is possible for
									<code> x </code>
									to be null and
									<code> b </code>
									to be true, but that can be a hard analysis problem.
								</p>

								<p>
									However,
									<code> x </code>
									is dereferenced in both the then <em>and</em> else branches of
									the
									<code> if (b) </code>
									statement. So at the point immediately before
									<code> if (b) </code>
									, we know that
									<code> x </code>
									is null on a simple path <em>and</em> that
									<code> x </code>
									is guaranteed to be dereferenced on all paths from this point
									forward. FindBugs 1.1 performs a backwards data flow analysis
									to determine the values that are guaranteed to be dereferenced,
									and will generate a warning in this case.
								</p>
							</li>
						</ul>
						<p>
							The following screen shot of our new GUI shows an example of this
							analysis, as well as showing off our new GUI and points out a
							limitation of our current plugins for Eclipse and NetBeans. The
							screen shot shows a null pointer bug in HelpDisplay.java. The
							test for
							<code> href!=null </code>
							on line 78 suggests that
							<code> href </code>
							could be null. If it is, then
							<code> href </code>
							will be dereferenced on either line 87 or on line 90, generating
							a NPE. Note that our analysis here also understands that passing
							<code> href </code>
							to
							<code> URLEncoder.encode </code>
							will deference it, and thus treats line 87 as a dereference, even
							though
							<code> href </code>
							is not actually dereferenced at that line. Within our new GUI,
							all of these locations are highlighted and listed in the summary
							panel. In the original GUI (and in HTML output) we list all of
							the locations, but only the primary location is highlighted by
							the original GUI. In the Eclipse and NetBeans plugins, only the
							primary location is displayed; fixing this is on our todo list
							(contributions welcome).
						</p>
						<p>
							<img src="guaranteedDereference.png" alt="">


						</p>

					</li>
					<li>Preliminary support for detectors using the frameworks
						other than BCEL, such as the <a href="http://asm.objectweb.org/">ASM</a>
						bytecode framework. You may experiment with writing ASM-based
						detectors, but beware the API may still change (which could
						possibly also affect BCEL-based detectors). In general, we've
						started trying to move away from a deep dependence on BCEL, but
						that change is only partially complete. Probably best to just
						avoid this until we complete more work on this. This change is
						only visible to FindBugs plugin developers, and shouldn't be
						visible to FindBugs users.
					</li>
					<li>
						<p>Bug categories (CORRECTNESS, MT_CORRECTNESS, etc.) are no
							longer hard-coded, but rather defined in xml files associated
							with plugins, including the core plugin which defines the
							standard categories. Third-party plugins can define their own
							categories.</p>
					</li>
					<li>
						<p>Several bug patterns have been moved from CORRECTNESS and
							STYLE into a new category, BAD_PRACTICE. The English localization
							of STYLE has changed from "Style" to "Dodgy."</p>
						<p>In general, we've worked very hard to limit CORRECTNESS
							bugs to be real programming errors and sins of commission. We
							have reclassified as BAD_PRACTICE a number of bad design
							practices that result in overly fragile code, such as defining an
							equals method that doesn't accept null or defining class with a
							equals method that inherits hashCode from class Object.</p>
						<p>In general, our guidelines for deciding whether a bug
							should be classified as CORRECTNESS, BAD_PRACTICE or STYLE are:</p>
						<dl>
							<dt>CORRECTNESS</dt>
							<dd>A problem that we can recognize with high confidence and
								is an issue that we believe almost all developers would want to
								examine and address. We recommend that software teams review all
								high and medium priority warnings in their entire code base.</dd>
							<dt>BAD_PRACTICE</dt>
							<dd>A problem that we can recognize with high confidence and
								represents a clear violation of recommended and standard coding
								practice. We believe each software team should decide which bad
								practices identified by FindBugs it wants to prohibit in the
								team's coding standard, and take action to remedy violations of
								those coding standards.</dd>
							<dt>STYLE</dt>
							<dd>These are places where something strange or dodgy is
								going on, such as a dead store to a local variable. Typically,
								less than half of these represent actionable programming
								defects. Reviewing these warnings in any code under active
								development is probably a good idea, but reviewing all such
								warnings in your entire code base might be appropriate only in
								some situations. Individual or team programming styles can
								substantially influence the effectiveness of each of these
								warnings (e.g., you might have a coding practice or style in
								your group that confuses one of the detectors into generating a
								lot of STYLE warnings); you will likely want to selectively
								suppress or report the STYLE warnings that are effective for
								your group.</dd>
						</dl>
					</li>
					<li>Released a preliminary version of a new GUI (known
						internally as GUI2 -- not very creative, huh?)</li>
					<li>Provided standard ways to mark user designations of bug
						warnings (e.g., as NOT_A_BUG or SHOULD_FIX). The internal logic
						now records this, it is represented in the XML file, and GUI2
						allows the designations to be applied (along with free-form user
						annotations about each warning). The user designations and
						annotations are not yet supported by the Eclipse plugin, but we
						clearly want to support it in Eclipse shortly.</li>
					<li>Added a check for a bad comparison with a signed byte with
						a value not in the range -128..127. For example: <pre>boolean find200(byte b[]) {
  for(int i = 0; i &lt; b.length; i++) if (b[i] == 200) return i;
  return -1;
}
</pre>
					</li>
					<li>Added a checking for testing if a value is equal to
						Double.NaN (no value is equal to NaN, not even NaN).</li>
					<li>Added a check for using a class with an equals method but
						no hashCode method in a hashed data structure.</li>
					<li>Added check for uncallable method of an anonymous inner
						class. For example, in the following code, it is impossible to
						invoke the initalValue method (because the name is misspelled and
						as a result is doesn't override a method in ThreadLocal). <pre>private static ThreadLocal serialNum = new ThreadLocal() {
         protected synchronized Object initalValue() {
             return new Integer(nextSerialNum++);
         }
     };
</pre>
					</li>
					<li>Added check for a dead local store caused by a switch
						statement fall through</li>
					<li>Added check for computing the absolute value of a random
						32 bit integer or of a hashcode. This is broken because <code>
							Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE </code> , and thus
						result of calling Math.abs, which is expected to be nonnegative,
						will in fact be negative one time out of 2 <sup> 32 </sup> , which
						will invariably be the time your boss is demoing the software to
						your customers.

					</li>
					<li>More careful resolution of inherited methods and fields.
						Some of the shortcuts we were taking in FindBugs 1.0.0 were
						leading to inaccurate results, and it was fairly easy to address
						this by making the analysis more accurate.</li>
					<li>Overall, analysis times are about 1.6 times longer in
						FindBugs 1.1.0 than in FindBugs 1.0.0. This is because we have
						enabled substantial additional analysis at the default effort
						level (the actual analysis engine is significantly faster than in
						FindBugs 1.0). On a recent AMD Athlon processor, analyzing
						JDK1.6.0 (about 1 million lines of code) requires about 15 minutes
						of wall clock time.</li>
					<li>Provided class and script (printClass) to print classfile
						in the human readable format produced by BCEL</li>
					<li>Provided -findSource option to setBugDatabaseInfo</li>
				</ul>


				<p>Changes since version 0.9.7:</p>

				<ul>
					<li>fix ObjectTypeFactory bug that was suppressing some bugs</li>
					<li>opcode stack may determine definite zeros on some paths</li>
					<li>opcode stack can track some constant string concatenations
						(dbrosius)</li>
					<li>default effort performs iterative opcode analysis (but min
						effort does not)</li>
					<li>default heap size upped to 384m</li>
					<li>schema for XML output available: bugcollection.xsd</li>
					<li>fixed some internal confusion between dotted and slashed
						class names</li>
					<li>New detectors
						<ul>
							<li>CheckImmutableAnnotation.java: checks JCIP annotations</li>
						</ul>
					</li>
					<li>Updated detectors
						<ul>
							<li>BadRegEx.java: understands Pattern.LITERAL, warns about
								"."</li>
							<li>FindUnreleasedLock.java: fewer false positives</li>
							<li>DumbMethods.java: check for vacuous comparisons to
								MAX_INTEGER or MIN_INTEGER, fix bugs detecting
								DM_NEXTINT_VIA_NEXTDOUBLE</li>
							<li>FindPuzzlers.java: detect <tt>n%2==1</tt>, detect
								toString() on array types
							</li>
							<li>FindInconsistentSync2.java: detects IS_FIELD_NOT_GUARDED
							</li>
							<li>MethodReturnCheck.java: add check for discarded newly
								constructed values, increase priority of some ignored
								constructed exceptions, better handling of bytecode compiled by
								Eclipse</li>
							<li>FindEmptySynchronizedBlock.java: better handling of
								bytecode compiled by Eclipse</li>
							<li>DoInsideDoPrivileged.java: warn if call to setAccessible
								isn't in doPriviledged, don't report private methods</li>
							<li>LoadOfKnownNullValue.java: fix bug that was reporting
								false positives on <code> finally </code> blocks
							</li>
							<li>CheckReturnAnnotationDatabase.java: better checks for
								unstarted threads</li>
							<li>ConfusionBetweenInheritedAndOuterMethod.java: fewer
								false positives, fixed a package-handling bug</li>
							<li>BadResultSetAccess.java: separate bug pattern for
								PreparedStatements, <code> BRZA </code> category folded into <code>
									SQL </code> category
							</li>
							<li>FindDeadLocalStores.java, FindBadCast2.java,
								DumbMethods.java, RuntimeExceptionCapture.java: coalesce similar
								bugs within a method into a single bug instance with multiple
								source lines</li>
						</ul>
					</li>
					<li>Eclipse plugin
						<ul>
							<li>plugin ID changed from <tt>de.tobject.findbugs</tt> to <tt>edu.umd.cs.findbugs.plugin.eclipse</tt>
							</li>
							<li>support for findbugs eclipse auto-update site</li>
						</ul>
					</li>
					<li>Updated test case files
						<ul>
							<li>BadRegEx.java</li>
							<li>JSR166.java</li>
							<li>ConcurrentModificationBug.java</li>
							<li>DeadStore.java</li>
							<li>InstanceOf.java</li>
							<li>LoadKnownNull.java</li>
							<li>NeedsToCheckReturnValue.java</li>
							<li>BadResultSetAccessTest.java</li>
							<li>DeadStore.java</li>
							<li>TestNonNull2.java</li>
							<li>TestImmutable.java</li>
							<li>TestGuardedBy.java</li>
							<li>BadRandomInt.java</li>
							<li>six test cases added to new <code> TigerTraps </code>
								directory
							</li>
						</ul>
					</li>
					<li>fix bug that was generating duplicate uids</li>
					<li>fix bug with <code> -onlyAnalyze some.package.* </code> on
						jdk1.4
					</li>
					<li>fix regression bug in
						DismantleByteCode.getRefConstantOperand()</li>
					<li>fix some minor bugs with the Swing GUI</li>
					<li>reordered some bugInstances so that source line
						annotations come last</li>
					<li>removed references to unused java system properties</li>
					<li>French translation updates (David Cotton)</li>
					<li>Japanese translation updates (Hanai Shisei)</li>
					<li>content cleanup for findbugs.xml and messages.xml</li>
					<li>references to cvs hostname updated to
						findbugs.cvs.sourceforge.net</li>
					<li>documented xdoc output options, new
						mineBugHistory/computeBugHistory options</li>
				</ul>

				<p>Changes since version 0.9.6:</p>

				<ul>
					<li>performance improvements</li>
					<li>ObjectType instances are cached to reduce memory footprint
					</li>
					<li>for performance and memory reasons stateless detectors are
						no longer cloned, must clear their own state between .class files
					</li>
					<li>fixed bug in bytecode-set lookup for methods (was causing
						bad results for IS2, perhaps others)</li>
					<li>fix some OpcodeStack bugs with integer and long
						operations, perform iterative analysis when effort is <tt>max</tt>
					</li>
					<li>HTML output includes LongMessage text again (regression in
						0.95 - 0.96)</li>
					<li>New detectors
						<ul>
							<li>CalledMethods.java: builds a list of invoked methods for
								other detectors to consult (non-reporting)</li>
							<li>UncallableMethodOfAnonymousClass.java: detect anonymous
								inner classes that define methods that are probably intended to
								but do not override methods in a superclass.</li>
						</ul>
					</li>
					<li>Updated detectors
						<ul>
							<li>FindFieldSelfAssignment.java: recognize separate fields
								with the same name (one from superclass)</li>
							<li>FindLocalSelfAssignment2.java: handles backward branches
								better (Dave Brosius)</li>
							<li>FindBadCast2.java: BC_NULL_INSTANCEOF changed to
								NP_NULL_INSTANCEOF</li>
							<li>FindPuzzlers.java: eliminate false positive on setDate()
								(Dave Brosius)</li>
						</ul>
					</li>
					<li>Eclipse plugin
						<ul>
							<li>fix serious threading bug</li>
							<li>preferences for Filters and effort (Peter Hendriks)</li>
							<li>French localization (David Cotton)</li>
							<li>fix bug when reporting inner classes (Peter Friese)</li>
						</ul>
					</li>
					<li>Updated test case files
						<ul>
							<li>Mwn.java (Carl Burke/Dave Brosius)</li>
							<li>DumbMethodInvocations.java (Anto paul/Dave Brosius)</li>
							<!--sic-->
						</ul>
					</li>
					<li>XML output includes garbage collection duration</li>
					<li>French messages updated (David Cotton)</li>
					<li>Swing GUI shows file name after Load Bugs command</li>
					<li>Ant task to launch the findbugs frame (Mark McKay)</li>
					<li>miscellaneous code cleanup</li>
				</ul>

				<p>Changes since version 0.9.5:</p>

				<ul>
					<li>Updated detectors
						<ul>
							<li>FindNullDeref.java: respect NonNull and CheckForNull
								field annotations</li>
							<li>SerializableIdiom.java: detect non-private readObject
								and writeObject methods</li>
							<li>FindRefComparison.java: smarter array comparison
								detection</li>
							<li>IsNullValueAnalysis.java: detect <tt>null
									instanceof</tt>
							</li>
							<li>FindLocalSelfAssignment2.java: suppress some false
								positives (Dave Brosius)</li>
							<li>FindUnreleasedLock.java: don't waste time processing
								classes that don't refer to java.util.concurrent.locks</li>
							<li>MutableStaticFields.java: report the source line (Dave
								Brosius)</li>
							<li>SwitchFallthrough.java: better handling of System.exit()
								(Dave Brosius)</li>
							<li>MultithreadedInstanceAccess.java: better handling of
								Servlet.init() (Dave Brosius)</li>
							<li>ConfusionBetweenInheritedAndOuterMethod.java: now
								enabled</li>
						</ul>
					</li>
					<li>Eclipse plugin
						<ul>
							<li>background processing (Peter Friese)</li>
							<li>internationalization, Japanese localization (Takashi
								Okamoto)</li>
						</ul>
					</li>
					<li>findbugs <tt>-onlyAnalyze</tt> option now works on windows
						platforms
					</li>
					<li>mineBugHistory <tt>-noTabs</tt> option for better
						alignment of output columns
					</li>
					<li>filterBugs <tt>-fixed</tt> option (also: will now
						recognize the most recent version string)
					</li>
					<li>XML output includes running time and memory usage data</li>
					<li>miscellaneous minor corrections to the manual</li>
					<li>better bytecode analysis of the <tt>iinc</tt> instruction
					</li>
					<li>fix bug in null pointer analysis</li>
					<li>improved catch block heuristics</li>
					<li>some type analysis tweaks</li>
					<li>Bug priority changes
						<ul>
							<li>DumbMethodInvocations.java: decrease priority of
								hard-coded <tt>/tmp</tt> filenames
							</li>
							<li>ComparatorIdiom.java: decrease priority of
								non-serializable anonymous comparators</li>
							<li>FindSqlInjection.java: decrease priority of appending a
								constant or a static</li>
						</ul>
					</li>
					<li>Updated bug explanations
						<ul>
							<li>NM_VERY_CONFUSING (Dave Brosius)</li>
						</ul>
					</li>
					<li>Updated test case files
						<ul>
							<li>BadStoreOfNonSerializableObject.java</li>
							<li>BadRandomInt.java</li>
							<li>TestFieldAnnotations.java</li>
							<li>UseInitCause.java</li>
							<li>SqlInjection.java</li>
							<li>ArrayEquality.java</li>
							<li>BadIntegerOperations.java</li>
							<li>Pilhuhn.java</li>
							<li>InstanceOf.java</li>
							<li>SwitchFallthrough.java (Dave Brosius)</li>
						</ul>
					</li>
					<li>fix URL decoding bug when running under Java Web Start
						(Dave Brosius)</li>
					<li>distribution includes <tt>project.xml</tt> file for
						NetBeans
					</li>
				</ul>

				<p>Changes since version 0.9.4:</p>
				<ul>
					<li>New detectors
						<ul>
							<li>VarArgsProblems.java</li>
							<li>FindSqlInjection.java: now enabled</li>
							<li>ComparatorIdiom.java: comparators usually implement
								serializable</li>
							<li>Naming.java: detect methods not overridden due to
								eponymously typed args from different packages</li>
						</ul>
					</li>
					<li>Updated detectors
						<ul>
							<li>SwitchFallthrough.java: surpress some false positives</li>
							<li>DuplicateBranches.java: surpress some false positives</li>
							<li>IteratorIdioms.java: surpress some false positives</li>
							<li>FindHEmismatch.java: surpress some false positives</li>
							<li>QuestionableBooleanAssignment.java: finds more cases of
								<tt>if (b=true)</tt> ilk
							</li>
							<li>DumbMethods.java: detect int remainder by 1, delayed gc
								errors</li>
							<li>SerializableIdiom.java: detect store of nonserializable
								object into field of serializable class</li>
							<li>FindNullDeref.java: fix potential exception</li>
							<li>IsNullValue.java: fix potential exception</li>
							<li>MultithreadedInstanceAccess.java: fix potential
								exception</li>
							<li>PreferZeroLengthArrays.java: flag the method, not the
								line</li>
						</ul>
					</li>
					<li>Remove some inadvertent dependencies on JDK 1.5</li>
					<li>Sort order should be more consistent</li>
					<li>XML output changes
						<ul>
							<li>Option to sort XML bug output</li>
							<li>Now contains instance IDs</li>
							<li>uid no longer missing (was causing problems with fancy
								HTML output)</li>
							<li>Typo fixed</li>
						</ul>
					</li>
					<li>Internal changes to track source files, <tt>-sourceInfo</tt>
						option
					</li>
					<li>Bug matching: first try exact bug pattern matching, option
						to compare priorities, option to disable package moves</li>
					<li>Architecture documentation in <tt>design/architecture</tt>
					</li>
					<li>Test cases move into their own CVS project</li>
					<li>Don't report warnings that occur outside the analyzed
						classes</li>
					<li>Fixes to the build.xml files</li>
					<li>Better handling of @CheckReturnValue and @CheckForNull
						annotations (also, some additional methods searched for check
						return value and check for null)</li>
					<li>Fixed some stream-closing bugs (one by <tt>z-fb-user</tt>/Dave
						Brosius)
					</li>
					<li>Bug priority changes
						<ul>
							<li>increase priority of ignoring return value of
								java.sql.Connection methods</li>
							<li>increase priority of comparing classes like Integer
								using <tt>==</tt>
							</li>
							<li>decrease priority of IT_NO_SUCH_ELEMENT if we see any
								call to <tt>next()</tt>
							</li>
							<li>tweak priority of NM_METHOD_CONSTRUCTOR_CONFUSION</li>
							<li>decrease priority of RV_RETURN_VALUE_IGNORED for an
								inherited annotation that doesn't return same type as class</li>
						</ul>
					</li>
					<li>Updated bug explanations
						<ul>
							<li>RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE</li>
							<li>DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED</li>
							<li>IMA_INEFFICIENT_MEMBER_ACCESS (Dave Brosius)</li>
							<li>some Japanese improvements to messages_ja.xml ( <tt>ruimo</tt>)
							</li>
							<li>some German improvements to findbugs_de.properties (Dave
								Brosius, <tt>dvholten</tt>)
							</li>
						</ul>
					</li>
					<li>Updated test case files
						<ul>
							<li>BadIntegerOperations.java</li>
							<li>SecondKaboom.java</li>
							<li>OpenDatabase.java (Dave Brosius)</li>
							<li>FindOpenStream.java (Dave Brosius)</li>
							<li>BadRandomInt.java</li>
						</ul>
					</li>
					<li>Source-lines info maintained for methods (handy for
						abstract and native methods)</li>
					<li>Remove surrounding opcodes from source line annotations</li>
					<li>Better error when can't read file</li>
					<li>Swing GUI: removed console pane from FindBugsFrame, fix
						missing classes bug</li>
					<li>Fixes to OpcodeStack.java</li>
					<li>Detectors may attach a custom value to an OpcodeStack.Item
						(Dave Brosius)</li>
					<li>Filter.java: ability to add text messages to XML output,
						fix bug with <tt>-withMessages</tt>
					</li>
					<li>SourceInfoMap supports ranges of source lines</li>
					<li>Ant task supports the <tt>timestampNow</tt> attribute
					</li>
				</ul>

				<p>Changes since version 0.9.3:</p>
				<ul>
					<li>Substantial rework of datamining code</li>
					<li>Removed bogus warnings about await on things other than
						Condition not being in a loop</li>
					<li>Fixed bug in OpcodeStack handling of dup2 of long/double
						values</li>
					<li>Don't report array types as missing classes</li>
					<li>Adjustment of some warnings on ignored return values</li>
					<li>Added thread safety annotations from Java Concurrency in
						Practice (no detectors written for these yet)</li>
					<li>Added annotation for methods that, if overridden, should
						be invoked by overriding methods via a call to super</li>
					<li>Updated -html:fancy.xsl (Etienne Giraudy)</li>
				</ul>

				<p>Note: there was no version 0.9.2</p>

				<p>Changes since version 0.9.1:</p>
				<ul>
					<!-- New detectors -->
					<li>Embellish USM to find abstract methods that implement an
						interface method (Dave Brosius)</li>
					<li>New detector to find stores of literal booleans inside if
						or while expressions (Dave Brosius)</li>
					<li>New style detector to find final classes that declare
						protected fields (Dave Brosius)</li>
					<li>New detector to find subclass methods that simply forward,
						verbatim, to the super class (Dave Brosius)</li>
					<li>Detector to find instances where code is attempting to
						write an object out via an implementation of DataOutput, but the
						object is not guaranteed to be Serializable (Jon Christiansen,
						Bill Pugh)</li>

					<!-- Feature enhancements -->
					<li>Large (35%) analysis speedup (Bill Pugh)</li>
					<li>Add line numbers to Swing GUI code panel (Dave Brosius)</li>
					<li>Added effort options to Swing GUI (Dave Brosius)</li>
					<li>Add ability to specify bugs file to open from command line
						for GUI version, through -loadbugs (Phillip Martin)</li>
					<li>New stylesheet for generating HTML: use option <tt>-html:plain.xsl</tt>
						(Chris Nappin)
					</li>
					<li>New stylesheet for generating HTML: use option <tt>-html:fancy.xsl</tt>
						(Etienne Giraudy)
					</li>
					<li>Updated Japanese bug message translations (Shisei Hanai)</li>

					<!-- Bug fixes -->
					<li>XHTML compliance fixes for bug details (Etienne Giraudy)</li>
					<li>Various detector fixes (Shisei Hanai)</li>
					<li>Fixed bugs in the project preferences dialog int the
						Eclipse plugin (Takashi Okamoto, Thomas Einwaller)</li>
					<li>Lowered priority of analysis thread in Swing GUI (David
						Hovemeyer, suggested by Shisei Hanai and Jeffrey W. Badorek)</li>
					<li>Fixed EclipsePlugin to correctly pick up auxclasspath
						entries (Jon Christiansen)</li>
				</ul>

				<p>Changes since version 0.9.0:</p>
				<ul>
					<li>Fixed dependence on JRE 1.5: all features should work on
						JRE 1.4 again</li>
					<li>Fixed -effort command line option handling for Swing GUI</li>
					<li>Fixed conserveSpace and workHard attributes int Ant task</li>
					<li>Added support for effort attribute in Ant task</li>
				</ul>

				<p>Changes since version 0.8.8:</p>
				<ul>
					<!-- New detectors and bug patterns -->
					<li>XMLFactoryBypass detector to find direct allocation of xml
						class implementations (Dave Brosius)</li>
					<li>InefficientMemberAccess detector to find accesses to
						owning class private members (Dave Brosius)</li>
					<li>DuplicateBranches detector checks switch statements too
						(Dave Brosius)</li>

					<!-- Feature enhancements -->
					<li>FindBugs available from findbugs.sourceforge.net as Java
						Web Start application (Dave Brosius)</li>
					<li>Updated Japanese bug message translations (Shisei Hanai)</li>
					<li>Improved bug detail message for covariant equals() (Shisei
						Hanai)</li>
					<li>Modeling of instanceof checks is now enabled by default,
						making the bad cast detector much more useful (Bill Pugh, David
						Hovemeyer)</li>
					<li>Support for detector ordering constraints in plugin
						descriptor (David Hovemeyer)</li>
					<li>Simpler option to control analysis effort: -effort: <i>value</i>,
						where <i>value</i> is one of <code> min </code> , <code>
							default </code> , or <code> max </code> (David Hovemeyer)
					</li>
					<li>Using -effort:max, FindNullDeref checks for null arguments
						passed to methods which dereference them unconditionally (David
						Hovemeyer)</li>
					<li>FindNullDeref checks @Null and @NonNull annotations for
						parameters and return values (David Hovemeyer)</li>

					<!-- Bug fixes -->
				</ul>

				<p>Changes since version 0.8.7:</p>

				<ul>
					<!-- New detectors and bug patterns -->
					<li>New detector to find duplicate code in if/else statements
						(Dave Brosius)</li>
					<li>Look for calls to wait() on Condition objects (David
						Hovemeyer)</li>
					<li>Look for java.util.concurrent.Lock objects not released on
						every path out of method (David Hovemeyer)</li>
					<li>Look for calls to Thread.sleep() with a lock held (David
						Hovemeyer)</li>
					<li>More accurate detection of impossible casts (Bill Pugh,
						David Hovemeyer)</li>

					<!-- Feature enhancements -->
					<li>Saved XML now contains project statistics (Jay Dunning)</li>
					<li>Filter files can select by bug pattern type and warning
						priority (David Hovemeyer)</li>

					<!-- Bug fixes -->
					<li>Restored some files inadvertently omitted from previous
						release (Rohan Lloyd, David Hovemeyer)</li>
					<li>Make sure detectors requiring JDK 1.5 runtime classes are
						only executed if those classes are available (David Hovemeyer)</li>
					<li>Don't display analysis error dialog unless there is really
						an error (David Hovemeyer)</li>
					<li>Updated and expanded French translations of bug patterns
						and Swing GUI (Olivier Parent)</li>
					<li>Fixed invalid character encoding in German Swing GUI
						translation (Olivier Parent)</li>
					<li>Fix locale used for date format in project stats (K.
						Hashimoto)</li>
					<li>Fixed LongDescription elements in xml:withMessages output
						format (K. Hashimoto)</li>
				</ul>

				<p>Changes since version 0.8.6:</p>

				<ul>
					<!-- new detectors -->
					<li>Extend Naming detector to look for classes that are named
						XXXException but that are not Exceptions (Dave Brosius)</li>
					<li>New detector to find classes that expose semaphores in the
						public implementation through the 'this' reference. (Dave Brosius)
					</li>
					<li>New Style detector to find Struts Action/Servlet derived
						classes that reference instance member variable not in
						synchronized blocks. (Dave Brosius)</li>
					<li>New Style detector to find classes that declare
						implementation of interfaces that are already implemented by super
						classes (Dave Brosius)</li>
					<li>New Style detector to find circular dependencies between
						classes (Dave Brosius)</li>
					<li>New Style detector to find unnecessary math on constants
						(Dave Brosius)</li>
					<li>New detector to find equality comparisons using floating
						point math (Jay Dunning)</li>
					<li>New faster detector to find local self assignments (Bill
						Pugh)</li>
					<li>New detector to find infinite recursive loops (Bill Pugh)
					</li>
					<li>New detector to find for loops with an incorrect increment
						(Bill Pugh)</li>
					<li>New detector to find suspicious uses of
						BufferedReader.readLine() and String.indexOf() (Bill Pugh)</li>
					<li>New detector to find suspicious integer to double casts
						(David Hovemeyer, Bill Pugh)</li>
					<li>New detector to find invalid regular expression patterns
						(Bill Pugh)</li>
					<li>New detector to find Bloch/Gafter Java puzzlers (Bill
						Pugh)</li>

					<!-- feature enhancements -->
					<li>New system property to suppress reporting of DLS based on
						local variable name (Glenn Boysko)</li>
					<li>Enhancements to configuration dialog in Eclipse plugin,
						allow for saving enabled detectors in Eclipse projects (Phil
						Crosby)</li>
					<li>Sortable columns in detector dialog (Dave Brosius)</li>
					<li>New tab in gui for showing bugs grouped by category (Dave
						Brosius)</li>
					<li>Improved German translation of Swing GUI (Thomas Kuehne)</li>
					<li>Improved source file reporting in Emacs output format (Len
						Trigg)</li>
					<li>Improvements to redundant null comparison detector (Bill
						Pugh)</li>
					<li>Localization of run analysis and analysis error dialogs in
						Swing GUI (K. Hashimoto)</li>

					<!-- Bug fixes -->
					<li>Don't scan equals methods in FindHEMismatch if code is
						native (Greg Bentz)</li>
					<li>French translation fixes (David Cotton)</li>
					<li>Internationalization report fixes (K. Hashimoto)</li>
					<li>Japanese translations updates (SHISEI Hanai)</li>
				</ul>

				<p>Changes since version 0.8.5:</p>
				<ul>
					<!-- new detectors -->
					<li>New detector to find catch blocks that may inadvertently
						catch runtime exceptions (Brian Goetz)</li>
					<li>New detector to find objects that are instantiated based
						on classes that only have static methods and fields, using the
						synthesized constructor (Dave Brosius)</li>
					<li>New detector to find calls to Thread.interrupted() in a
						non static context, and especially with non currentThread()
						threads (Dave Brosius)</li>
					<li>New detector to find calls to equals() methods that use
						Object's version. (Dave Brosius)</li>
					<li>New detector to find Applets that call methods in the
						constructor refering to the AppletStub (Dave Brosius)</li>
					<li>New detector to find some cases of infinite recursion
						(Bill Pugh)</li>
					<li>New detector to find dead stores to local variables (David
						Hovemeyer, Bill Pugh)</li>
					<li>Extend Dumb Method detector for toUpperCase(),
						toLowerCase() without a locale, new Integer(1).toString(), new
						XXX().getClass(), and new Thread() without a run implementation
						(Dave Brosius) <!-- feature enhancements -->
					</li>
					<li>Ant task supports "errorProperty" attribute, which sets an
						Ant property to "true" if an error occurs running FindBugs
						(Michael Tamm)</li>
					<li>Eclipse plugin allows filtering of warnings by bug
						category, priority (David Hovemeyer)</li>
					<li>Swing GUI allows filtering of warnings by bug category
						(David Hovemeyer)</li>
					<li>Ability to annotate methods using Java 1.5 annotations
						that suppress FindBugs warnings (Bill Pugh)</li>
					<li>New -adjustExperimental for lowering priority of
						BugPatterns that are experimental (Dave Brosius)</li>
					<li>Allow for command line options 'files' using the @ symbol
						(David Hovemeyer)</li>
					<li>New -adjustPriority command line option to for adjusting
						bug priorites (David Hovemeyer)</li>
					<li>Added an Edit menu (cut/copy/paste) to Swing GUI (Dave
						Brosius)</li>
					<li>French translation supplied (David Cotton) <!-- Bug fixes -->
					</li>
				</ul>

				<p>Changes since version 0.8.4:</p>
				<ul>
					<!-- new detectors -->
					<li>New detector for volatile references to arrays (Bill Pugh)
					</li>
					<li>New detector to find instanceof usage where inheritance
						can be determined statically (Dave Brosius)</li>
					<li>New detector to find ResultSet.getXXX updateXXX calls
						using index 0 (Dave Brosius)</li>
					<li>New detector to find empty zip or jar entries (Bill Pugh)

						<!-- feature enhancements -->
					</li>
					<li>HTML output generation using built-in XSLT stylesheet or
						user-defined stylesheet (David Hovemeyer)</li>
					<li>Allow URLs to be specified to analyze zip/jar files, local
						directories, and single classfiles (David Hovemeyer)</li>
					<li>New command line option -onlyAnalyze restricts analysis to
						selected classes and packages without reducing accuracy (David
						Hovemeyer)</li>
					<li>Allow Swing GUI to show source code in jar files on
						Windows systems (Dave Brosius) <!-- Bug fixes -->
					</li>
					<li>Fix the Switch Fall Thru detector (Dave Brosius, David
						Hovemeyer, Bill Pugh)</li>
					<li>MacOS GUI fixes (Rohan Lloyd)</li>
					<li>Fix false positive in BOA in case where method is
						correctly and 'incorrectly' overridden (Dave Brosius)</li>
					<li>Fixed memory blowup when analyzing methods which access a
						large number of fields (David Hovemeyer)</li>
				</ul>

				<p>Changes since version 0.8.3:</p>
				<ul>
					<li>Initial and preliminary localization of the Swing
						GUI.&nbsp; Translations by:
						<ul>
							<li>German - Peter D. Stout, Holger Stenzhorn</li>
							<li>Finnish - Juha Knuutila</li>
							<li>Estonian - Tanel Lebedev</li>
							<li>Japanese - Hanai Shisei</li>
						</ul>
					</li>
					<li>Eliminated debug print statements inadvertently left
						enabled</li>
					<li>Reverted some changes in the open stream detector: this
						should fix some false positives that were introduced in the
						previous release</li>
					<li>Fixed a couple missing class reports</li>
				</ul>

				<p>Changes since version 0.8.2:</p>
				<ul>

					<!-- New detectors -->
					<li>New detector to find improperly overridden GUI Adapter
						classes (Dave Brosius)</li>
					<li>New detector to find improperly setup JUnit TestCases
						(Dave Brosius)</li>
					<li>New detector to find variables that mask class level
						fields (Dave Brosius)</li>
					<li>New detector to find comparisons of values computed with
						bitwise operators that always yield the same result (Tom Truscott)
					</li>
					<li>New detector to find unsafe getClass().getResource() calls
						(Bill Pugh)</li>
					<li>New detector to find GUI changes not in GUI thread but in
						static main (Bill Pugh)</li>
					<li>New detector to find calls to Collection.toArray() with
						zero-length array argument; it is more efficient to pass an array
						the size of the collection, which can be populated and returned as
						the result (Dave Brosius) <!-- Analysis improvements -->
					</li>
					<li>Better suppression of false warnings in various detectors
						(Bill Pugh, David Hovemeyer)</li>
					<li>Enhancement to ReadReturnShouldBeChecked detector for
						skip() (Dave Brosius)</li>
					<li>Enhancement to DumbMethods detector (Dave Brosius)</li>
					<li>Open stream detector does not report wrappers of streams
						passed as method parameters (David Hovemeyer) <!-- Feature enhancements -->
					</li>
					<li>Cancel confirmation dialog in Swing GUI (Pete Angstadt)</li>
					<li>Better relative path saving in Project file (Dave Brosius)
					</li>
					<li>Detector Priority in GUI is now saved in prefs file (Dave
						Brosius)</li>
					<li>Controls in GUI to reorder source and classpath entries,
						and ability to flip between Project details and bugs pages (Dave
						Brosius)</li>
					<li>In Swing GUI, analysis error dialog supports "Select All"
						and "Copy" operations for easy generation of error reports (Dave
						Brosius)</li>
					<li>Complete translation of bug descriptions and messages into
						Japanese (Hanai Shisei) <!-- Bug fixes -->
					</li>
					<li>Fixed bug in DroppedException detector (Dave Brosius) <!-- Development stuff -->
					</li>
					<li>The source distribution defaults to using JDK 1.5 javac to
						compile, but support for compiling with JSR-14 prototype is still
						supported</li>
				</ul>

				<p>Changes since version 0.8.1:</p>
				<ul>
					<li>Fixed a critical ClassCastException bug (triggered if the
						-workHard option was used, and an exception type was merged with
						an array type during type inference)</li>
				</ul>

				<p>Changes since version 0.8.0:</p>
				<ul>
					<li>Disabled SwitchFallthrough detector to work around
						NullPointerExceptions</li>
					<li>Added some additional false positive suppression
						heuristics</li>
				</ul>

				<p>Also, two contributors to the 0.8.0 release were
					inadvertently left out of the credits:</p>
				<ul>
					<li>Pete Angstadt fixed several problems in the Swing GUI</li>
					<li>Francis Lalonde provided a task resource file for the
						FindBugs Ant task</li>
				</ul>

				<p>Changes since version 0.7.4:</p>
				<ul>
					<li>New detector to look for uses of "+" operator to
						concatenate String objects in a loop (Dave Brosius)</li>
					<li>Reference comparison detector looks for places where the
						argument passed to the equals(Object) method isn't the same type
						as the receiver object</li>
					<li>Better suppression of false warnings in many detectors</li>
					<li>Many improvements to Eclipse plugin (Andrey Loskutov,
						Peter Friese)</li>
					<li>Fixed problem with building Eclipse plugin on Windows
						(Thomas Klaeger)</li>
					<li>Open stream detector looks for unclosed PreparedStatement
						objects (Thomas Klaeger, Rohan Lloyd)</li>
					<li>Fix for open stream detector: it wasn't detecting close()
						methods called through an invokeinterface instruction (Thomas
						Klaeger)</li>
					<li>Refactoring of visitor classes to enforce use of accessors
						for visited class features (Brian Goetz)</li>
				</ul>

				<p>Changes since version 0.7.3:</p>
				<ul>
					<li>Experimental modification of open stream detector to look
						for non-escaping JDBC resources (connections and statements) that
						aren't closed on all paths out of method</li>
					<li>Eclipse plugin fixed so it compiles and runs on Eclipse
						2.1.x (Peter Friese)</li>
					<li>Option to Swing GUI and command line to generate project
						file using relative paths for archives, source directories, and
						aux classpath entries (Dave Brosius)</li>
					<li>Improvements to findbugs.bat script for launching FindBugs
						on Windows (Dave Brosius)</li>
					<li>Updated Japanese message translations (Hiroshi Okugawa)</li>
					<li>Uncalled private methods are now reported as low priority,
						unless they have the same name as another method in the class
						(which is more likely to indicate an actual bug)</li>
					<li>Added some missing data in the bug messages XML files</li>
					<li>Fixed some problems building from source on Windows
						systems</li>
					<li>Various minor bug fixes</li>
				</ul>

				<p>Changes since version 0.7.2:</p>
				<ul>
					<li>Enhanced Eclipse plugin, which displays the detailed bug
						description in a view (Phil Crosby)</li>
					<li>Various tweaks to existing detectors to reduce false
						warnings</li>
					<li>New command line option <code> -workHard </code> enables
						pruning of infeasible or unlikely exception edges, which results
						in better accuracy in the open stream detector, at the expense of
						a 30%-100% slowdown
					</li>
					<li>New website and HTML documentation design</li>
					<li>Documentation includes an HTML document with descriptions
						of all bug patterns reported by FindBugs</li>
					<li>Web page has a link to a <a
						href="http://www.simeji.com/findbugs/doc/manual_ja/index.html">Japanese
							translation</a> of the FindBugs manual, contributed by Hiroshi
						Okugawa
					</li>
					<li>Changed the Inconsistent Synchronization detector so that
						fields synchronized 50% of the time (or more) are reported as
						medium priority bugs (previously they were reported as low)</li>
					<li>New detector to find code that catches
						IllegalMonitorStateException</li>
					<li>New detector to find private methods that are never called
					</li>
					<li>New detector to find suspicious uses of
						non-short-circuiting boolean operators ( <code> &amp; </code> and
						<code> | </code> , rather than <code> &amp;&amp; </code> and <code>
							|| </code> )
					</li>
				</ul>

				<p>Changes since version 0.7.1:</p>
				<ul>
					<li>Incorporated patched version of BCEL, which allows classes
						compiled with JDK 1.5.0 beta to be analyzed</li>
					<li>Fixed some bugs related to lookups of array classes</li>
					<li>Fixed bug that prevented GUI from loading XML result files
						when running under JDK 1.5.0 beta</li>
					<li>Added new experimental bug detector, LazyInit, which looks
						for potentially buggy lazy initializations of static fields</li>
					<li>Because of long filenames, switched to distributing the
						source archive as a zip file rather than a tar file</li>
					<li>The 0.7.1 source tarfile was botched - 0.7.2 has a valid
						source archive</li>
					<li>Fixed some problems in the Ant build script</li>
					<li>Fixed NullPointerException when checking Class-Path
						attribute for Jar files without manifests</li>
					<li>Generate version numbers for the core and UI Eclipse
						plugins using the Version class; all version numbers are now in a
						common location</li>
				</ul>

				<p>Changes since version 0.7.0:</p>
				<ul>
					<li>Eclipse plugin (contributed by Peter Friese)</li>
					<li>Source package structure rearranged: all source (other
						than Eclipse plugin UI) is in the edu.umd.cs.findbugs package, or
						a subpackage</li>
					<li>Class-Path attributes of manifests of analyzed jar files
						are used to set the aux classpath automatically (Peter D. Stout)</li>
					<li>GUI starts in directory specified by user.home property
						(Peter D. Stout)</li>
					<li>Added -project option to GUI (Mikko T.)</li>
					<li>Added -look:{plastic,gtk,native} option to GUI, for
						setting look and feel (Mikko T.)</li>
					<li>Fixed DataflowAnalysisException in inconsistent
						synchronization detector</li>
					<li>Ant task supports failOnError parameter (Rohan Lloyd)</li>
					<li>Serializable class warnings are downgraded to low priority
						for GUI classes</li>
					<li>MWN detector will only report calls to wait(), notify(),
						and notifyAll() methods that have the correct signature</li>
					<li>FindBugs works with latest CVS version of BCEL</li>
					<li>Zip and Jar files may be added to the source path</li>
					<li>The GUI will automatically find source files residing in
						analyzed Zip or Jar files</li>
				</ul>

				<p>Note that the version number jumped from 0.6.6 to 0.6.9;
					there were no 0.6.7 or 0.6.8 releases.</p>
				<p>Changes since version 0.6.9:</p>
				<ul>
					<li>Added -conserveSpace option to reduce memory use at the
						expense of analysis precision</li>
					<li>Bug fixes in findbugs.bat script: JAVA_HOME handling,
						autodetection of FINDBUGS_HOME, missing output with -textui</li>
					<li>Fixed NullPointerException when a missing class is
						encountered</li>
				</ul>

				<p>Changes since version 0.6.6:</p>
				<ul>
					<li>The null pointer dereference detector is more powerful</li>
					<li>Significantly improved heuristics and bug fixes in
						inconsistent synchronization detector</li>
					<li>Improved heuristics in open stream and dropped exception
						detectors; fewer false positives should be reported</li>
					<li>Save HTML summary in XML results files, rather than
						recomputing; this makes loading results in GUI much faster</li>
					<li>Report at most one String comparison using == or != per
						method</li>
					<li>The findbugs.bat script on Windows autodetects
						FINDBUGS_HOME, and doesn't open a DOS window when launching the
						GUI (contributed by TJSB)</li>
					<li>Emacs reporting format (contributed by David Li)</li>
					<li>Various bug fixes</li>
				</ul>

				<p>Changes since 0.6.5:</p>
				<ul>
					<li>Rewritten inconsistent synchronization detector; accuracy
						is significantly improved, and bug reports are prioritized</li>
					<li>New detector to find self assignment (x=x) of local
						variables (suggested by Jeff Martin)</li>
					<li>New detector to find calls to wait(), notify(), and
						notifyAll() on an object which is not obviously locked</li>
					<li>Open stream detector now reports Readers and Writers</li>
					<li>Fixed bug in finalizer idioms detector which caused
						spurious warnings about failure to call super.finalize() (reported
						by Jim Menard)</li>
					<li>Fixed bug where output stream was not closed using non-XML
						output (reported by Sigiswald Madou)</li>
					<li>Fixed corrupted HTML bug detail message (reported by
						Trevor Harmon)</li>
				</ul>

				<p>Changes since version 0.6.4:</p>
				<ul>
					<li>For redundant comparison of reference values, fixed false
						positives resulting from duplication of code in finally blocks</li>
					<li>Fixed false positives resulting from wrapped byte array
						streams left open</li>
					<li>Fixed bug in Ant task preventing output file from working
						properly if a relative path was used</li>
				</ul>

				<p>Changes since version 0.6.3:</p>
				<ul>
					<li>Fixed bug in Ant task where output would be corrupted, and
						added a <code> timeout </code> attribute
					</li>
					<li>Added -outputFile option to text UI, for explicitly
						specifying an output file</li>
					<li>GUI has a summary window, for statistics about overall bug
						densities (contributed by Mike Fagan)</li>
					<li>Find redundant comparisons of reference values</li>
					<li>More accurate detection of Strings compared with == and !=
						operators</li>
					<li>Detection of other reference types which should generally
						not be compared with == and != operators; Boolean, Integer, etc.</li>
					<li>Find non-transient non-serializable instance fields in
						Serializable classes</li>
					<li>Source code may be compiled with latest early access
						generics-enabled javac (version 2.2)</li>
				</ul>

				<p>Changes since version 0.6.2:</p>
				<ul>
					<li>GUI supports filtering bugs by priority</li>
					<li>Ant task rewritten; supports all functionality offered by
						Text UI (contributed by Mike Fagan)</li>
					<li>Ant task is fully documented in the manual</li>
					<li>Classes in nested archives are analyzed; this allows full
						support for analyzing .ear and .war files (contributed by Mike
						Fagan)</li>
					<li>DepthFirstSearch changed to use non-recursive
						implementation; this should fix the StackOverflowErrors that
						several users reported</li>
					<li>Various minor bugfixes and improvements</li>
				</ul>

				<p>Changes since version 0.6.1:</p>
				<ul>
					<li>New detector to look for useless control flow (suggested
						by Richard P. King and Mike Fagan)</li>
					<li>Look for places where return value of
						java.io.File.createNewFile() is ignored (suggested by Richard P.
						King)</li>
					<li>Fixed bug in resolution of source files (only the first
						source directory was searched)</li>
					<li>Fixed a NullPointerException in the bytecode pattern
						matching code</li>
					<li>Ant task supports project files (contributed by Mike
						Fagan)</li>
					<li>Unix findbugs script honors the <code> JAVA_HOME </code>
						environment variable (contributed by Pedro Morais)
					</li>
					<li>Allow .war and .ear files to be analyzed</li>
				</ul>

				<p>Changes since version 0.6.0:</p>
				<ul>
					<li>New bug pattern detector which looks for places where a
						null pointer might be dereferenced</li>
					<li>New bug pattern detector which looks for IO streams that
						are opened, do not escape the method, and are not closed on all
						paths out of the method</li>
					<li>New bug pattern detector to find methods that can return
						null instead of a zero-length array</li>
					<li>New bug pattern detector to find places where the == or !=
						operators are used to compare String objects</li>
					<li>Command line interface can save bugs as XML</li>
					<li>GUI can save bugs to and load bugs from XML</li>
					<li>An "Annotations" window in the GUI allows the user to add
						textual annotations to bug reports; these annotations are
						preserved when bugs are saved as XML</li>
					<li>In this release, the Japanese bug summary translations by
						Germano Leichsenring are really included (they were inadvertently
						omitted in the previous release)</li>
					<li>Completely rewrote the control flow graph builder,
						hopefully for the last time</li>
					<li>Simplified implementation of control flow graphs, which
						should reduce memory use and possibly improve performance</li>
					<li>Improvements to command line interface (list bug
						priorities, filter by priority, specify aux classpath, specify
						project to analyze)</li>
					<li>Various bug fixes and enhancements</li>
				</ul>

				<p>Changes since version 0.5.4</p>
				<ul>
					<li>Added an <a href="http://ant.apache.org/">Ant</a> task for
						FindBugs, contributed by Mike Fagan.
					</li>
					<li>Added a GUI dialog which allows individual bug pattern
						detectors to be enabled or disabled.&nbsp; Disabling certain slow
						detectors can greatly speed up analysis of large programs, at the
						expense of reducing the number of potential bugs found.</li>
					<li>Added a new detector for finding improperly ignored return
						values for methods such as <code> String.trim() </code> .&nbsp;
						Suggested by Andreas Mandel.
					</li>
					<li>Japanese translations of the bug summaries, contributed by
						Germano Leichsenring.</li>
					<li>Filtering of results is supported in command line
						interface. See the <a href="manual/index.html">FindBugs manual</a>
						for details.
					</li>
					<li>Added "byte code patterns", a general pattern matching
						infrastructure for bytecode instructions.&nbsp; This feature
						significantly reduces the complexity of implementing new bug
						pattern detectors.</li>
					<li>Enabled a new general dataflow analysis to track values in
						methods.</li>
					<li>Switched to new control-flow graph builder implementation.
					</li>
				</ul>

				<p>Changes since version 0.5.3</p>
				<ul>
					<li>Fixed a bug in the script used to launch FindBugs on
						Windows platforms.</li>
					<li>Fixed crashes when analyzing class files without source
						line information.</li>
					<li>All major errors are reported using an error dialog; file
						not found errors are more informative.</li>
					<li>Minor GUI improvements.</li>
				</ul>

				<p>Changes since version 0.5.2</p>
				<ul>
					<li>All of the source code and related files are in a single
						directory tree.</li>
					<li>Updated some of the detectors to produce source line
						information.</li>
					<li><a href="http://ant.apache.org/">Ant</a> build script and
						several GUI enhancements and fixes contributed by Mike Fagan.</li>
					<li>Converted to use a <a href="AddingDetectors.txt">plugin
							architecture</a> for loading bug detectors.
					</li>
					<li>Eliminated generics-related compiler warnings.</li>
					<li>More complete documentation has been added.</li>
				</ul>

				<p>Changes since version 0.5.1:</p>
				<ul>
					<li>Fixed a large number of bugs in the BCEL Repository and
						FindBugs's use of the Repository.&nbsp; With these changes,
						FindBugs should <em>never</em> crash or otherwise misbehave
						because of Repository lookup failures.&nbsp; Because of these
						changes, you must use a modified version of <code> bcel.jar
						</code> with FindBugs.&nbsp; This jar file is included in the FindBugs
						0.5.2 binary release.&nbsp; A complete patch containing the <a
						href="http://faculty.ycp.edu/~dhovemey/bcel-30-April-2003.patch">modifications
							against the BCEL CVS main branch as of April 30, 2003</a> is also
						available.
					</li>
					<li>Implemented the "auxiliary classpath entry list".&nbsp;
						Aux classpath entries can be added to a project to provide classes
						that are referenced by the analyzed application, but should not
						themselves be analyzed.&nbsp; Having all referenced classes
						available allows FindBugs to produce more accurate results.</li>
				</ul>

				<p>Changes since version 0.5.0:</p>
				<ul>
					<li>Many user interface bugs have been fixed.</li>
					<li>Upgraded to a recent CVS version of BCEL, with some bug
						fixes.&nbsp; This should prevent FindBugs from crashing when there
						is a failure to find a class on the classpath.</li>
					<li>Added support for Plastic look and feel from <a
						href="http://www.jgoodies.com/">jgoodies.com</a>.
					</li>
					<li>Major overhaul of infrastructure for doing dataflow
						analysis.</li>
				</ul> 
<hr> <p> 
<script language="JavaScript" type="text/javascript"> 
<!---//hide script from old browsers 
document.write( "Last updated "+ document.lastModified + "." ); 
//end hiding contents ---> 
</script> 
<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a> 
<p> 
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>

			</td>

		</tr>
	</table>

</body>

</html>