Java analysis improvements: new rules and many false positives fixed thanks to our community

Hi all,

We value every feedback from our community, be it feature requests or bug reports. This summer we released a new version of our Java analysis engine which includes rules suggested by our users, and fixed 19 cases of false positives.

In total we added 10 new rules:

  • S3064: Assignment of lazy-initialized members should be the last step with double-checked locking. (Bug)
  • S3039: “String” calls should not go beyond their bounds. (Bug)
  • S2121: Silly String operations should not be made. (Bug)
  • S5164: “ThreadLocal” variables should be cleaned up when no longer used. (Bug)
  • S3012: Arrays should not be copied using loops. (Code Smell)
  • S5361: “String#replace” should be preferred to “String#replaceAll”. (Code Smell)
  • S5261: “else” statements should be clearly matched with an “if”. (Code Smell)
  • S5411: Boxed “Boolean” should be avoided in boolean expressions. (Code Smell)
  • S3252: “static” base class members should not be accessed via derived types. (Code Smell)
  • S5413: ‘List.remove()’ should not be used in ascending ‘for’ loops. (Code Smell)

Here are examples of these rules in action:

We want to thank again Franck Arnulfo (@farnulfo), Andreas Schnapp (@snap) and Werner Thumann (@thw) for having suggested some of these rules.

For more information you can read the changelog.

You can already enjoy these new features on SonarCloud. As for SonarQube, this will be built-in the next version (8.0), and meanwhile you can get it by installing v5.14 of the Java analysis engine

All feedback is welcome.