Merge branch 'master' into unsaferesfnfix

CHANGELOG.md

@@ -8,6 +8,8 @@ Currently the versioning policy of this project follows [Semantic Versioning v2.
 ## Unreleased - 2025-??-??
 
 ### Fixed
+- Fixed html bug descriptions for AT_STALE_THREAD_WRITE_OF_PRIMITIVE and AT_NONATOMIC_64BIT_PRIMITIVE ([#3303](https://github.com/spotbugs/spotbugs/issues/3303))
+- Fixed an `HSM_HIDING_METHOD` false positive when ECJ generates a synthetic method for an enum switch ([#3305](https://github.com/spotbugs/spotbugs/issues/3305))
 - Fix `AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD` false negatives, detector depending on method order.
 
 ## 4.9.1 - 2025-02-02

spotbugs-tests/src/test/java/edu/umd/cs/findbugs/detect/Issue3305Test.java

@@ -0,0 +1,17 @@
+package edu.umd.cs.findbugs.detect;
+
+import edu.umd.cs.findbugs.AbstractIntegrationTest;
+import org.junit.jupiter.api.Test;
+
+class Issue3305Test extends AbstractIntegrationTest {
+
+    @Test
+    void testIssue() {
+        performAnalysis("../../../../src/classSamples/ecjSwitchTable/SwitchTableBug.class",
+                "../../../../src/classSamples/ecjSwitchTable/SwitchTableBug$A.class",
+                "../../../../src/classSamples/ecjSwitchTable/SwitchTableBug$B.class",
+                "../../../../src/classSamples/ecjSwitchTable/SwitchTableBug$X.class");
+
+        assertNoBugType("HSM_HIDING_METHOD");
+    }
+}

spotbugs/etc/messages.xml

@@ -746,7 +746,7 @@ classes using singleton design pattern. </p>
   <Detector class="edu.umd.cs.findbugs.detect.ThrowingExceptions">
     <Details>
 <![CDATA[
-<p> This detector looks for methods throwing RuntimeException and methods 
+<p> This detector looks for methods throwing RuntimeException and methods
 that have Exception or Throwable in their throws clause. </p>
 ]]>
     </Details>
@@ -1723,7 +1723,7 @@ factory pattern to create these objects.</p>
                cause of the error than a "false is not true" message which would
                result from asserting the result of the instanceof operator.
             </p>
-			<p>It is a fast detector</p>
+            <p>It is a fast detector</p>
             ]]>
     </Details>
   </Detector>
@@ -7537,9 +7537,9 @@ If the object is, indeed, non-serializable, an error will result.
 <p>
 This format string includes a newline character (\n). In format strings, it is generally
  preferable to use %n, which will produce the platform-specific line separator.
- 
+
  When using text blocks introduced in Java 15, use the <code>\</code> escape sequence:
-	 
+
 <code>String value = """
                 first line%n\
                 second line%n\
@@ -8939,7 +8939,7 @@ object explicitly.</p>
     <Details>
       <![CDATA[
         <p>
-        This class is using singleton design pattern and does not implement the Cloneable interface, but implements the clone() method without being an unconditional CloneNotSupportedException-thrower. 
+        This class is using singleton design pattern and does not implement the Cloneable interface, but implements the clone() method without being an unconditional CloneNotSupportedException-thrower.
         With that, it is possible to create a copy of the object, thus violating the singleton pattern.<br>
         Therefore, implementing the clone method should be avoided, otherwise the solution would be overriding the clone method to unconditionally throw CloneNotSupportedException.<br><br>
 
@@ -8979,9 +8979,9 @@ object explicitly.</p>
     <Details>
       <![CDATA[
         <p>
-        Instance-getter method of class using singleton design pattern is not synchronized. When this method is invoked by two or more threads simultaneously, 
+        Instance-getter method of class using singleton design pattern is not synchronized. When this method is invoked by two or more threads simultaneously,
         multiple instantiation of a singleton class becomes possible.<br><br>
-        
+
         <a href="https://wiki.sei.cmu.edu/confluence/display/java/MSC07-J.+Prevent+multiple+instantiations+of+singleton+objects">SEI CERT MSC07-J</a> rule
         </p>]]>
     </Details>
@@ -9020,13 +9020,13 @@ Using floating-point variables should not be used as loop counters, as they are
       <![CDATA[
         <p>
         Method intentionally throws RuntimeException.<br>
-        
-        According to the <a href="https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable">SEI CERT ERR07-J rule</a>, 
+
+        According to the <a href="https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable">SEI CERT ERR07-J rule</a>,
         throwing a RuntimeException may cause errors, like the caller not being able to examine the exception and therefore cannot properly recover from it.<br>
 
-        Moreover, throwing a RuntimeException would force the caller to catch RuntimeException and therefore violate the 
+        Moreover, throwing a RuntimeException would force the caller to catch RuntimeException and therefore violate the
         <a href="https://wiki.sei.cmu.edu/confluence/display/java/ERR08-J.+Do+not+catch+NullPointerException+or+any+of+its+ancestors">SEI CERT ERR08-J rule</a>.<br>
-        
+
         Please note that you can derive from Exception or RuntimeException and may throw a new instance of that exception.
         </p>]]>
     </Details>
@@ -9041,9 +9041,9 @@ Using floating-point variables should not be used as loop counters, as they are
 
 
         When declaring a method, the types of exceptions in the throws clause should be the most specific.
-        Therefore, using Exception in the throws clause would force the caller to either use it in its own throws clause, or use it in a try-catch block (when it does not necessarily 
+        Therefore, using Exception in the throws clause would force the caller to either use it in its own throws clause, or use it in a try-catch block (when it does not necessarily
         contain any meaningful information about the thrown exception).<br><br>
-        
+
         For more information, see the <a href="https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable">SEI CERT ERR07-J rule</a>.
         </p>]]>
     </Details>
@@ -9057,11 +9057,11 @@ Using floating-point variables should not be used as loop counters, as they are
         Method lists Throwable in its throws clause.<br>
 
         When declaring a method, the types of exceptions in the throws clause should be the most specific.
-        Therefore, using Throwable in the throws clause would force the caller to either use it in its own throws clause, or use it in a try-catch block (when it does not necessarily 
+        Therefore, using Throwable in the throws clause would force the caller to either use it in its own throws clause, or use it in a try-catch block (when it does not necessarily
         contain any meaningful information about the thrown exception).<br>
-        
+
         Furthermore, using Throwable like that is semantically a bad practice, considered that Throwables include Errors as well, but by definition they occur in unrecoverable scenarios.<br><br>
-        
+
         For more information, see the <a href="https://wiki.sei.cmu.edu/confluence/display/java/ERR07-J.+Do+not+throw+RuntimeException%2C+Exception%2C+or+Throwable">SEI CERT ERR07-J rule</a>.
         </p>]]>
     </Details>
@@ -9399,7 +9399,7 @@ Using floating-point variables should not be used as loop counters, as they are
           This bug can be ignored in platforms which guarantee that 64-bit long and double type read and write operations are atomic.
         </p>
         <p>
-          To fix it, declare the variable volatile, change the type of the field to the corresponding atomic type from <code>java.lang.concurrent.atomic<\code> or correctly synchronize the code.
+          To fix it, declare the variable volatile, change the type of the field to the corresponding atomic type from <code>java.lang.concurrent.atomic</code> or correctly synchronize the code.
           Declaring the variable volatile may not be enough in some cases: e.g. when the variable is assigned a value which depends on the current value or on the result of nonatomic compound operations.
         </p>
      ]]>
@@ -9416,7 +9416,7 @@ Using floating-point variables should not be used as loop counters, as they are
           Consequently, the thread may observe a stale value of the shared variable.
         </p>
         <p>
-          To fix it, declare the variable volatile, change the type of the field to the corresponding atomic type from <code>java.lang.concurrent.atomic<\code> or correctly synchronize the code.
+          To fix it, declare the variable volatile, change the type of the field to the corresponding atomic type from <code>java.lang.concurrent.atomic</code> or correctly synchronize the code.
           Declaring the variable volatile may not be enough in some cases: e.g. when the variable is assigned a value which depends on the current value or on the result of nonatomic compound operations.
           This guarantees that 64-bit primitive long and double variables are accessed atomically.
         </p>

spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindHiddenMethod.java

@@ -74,8 +74,13 @@ public void visitClassContext(ClassContext classContext) {
             // Careful!!! regarding the order of the conditions applied here
             // Taking advantage of short circuit evaluation here by placing !method.isStatic() first.
             // I check for the exceptional cases of inner class using three auxiliary private methods.
-            if (!method.isStatic() || method.isPrivate() || isMainMethod(method) || isConstructor(method)
-                    || isHidingInnerClass(method) || isAutoGeneratedMethod(method)) {
+            if (!method.isStatic()
+                    || method.isPrivate()
+                    || method.isSynthetic()
+                    || isMainMethod(method)
+                    || isConstructor(method)
+                    || isHidingInnerClass(method)
+                    || isAutoGeneratedMethod(method)) {
                 continue;
             }
 

spotbugsTestCases/build.gradle

@@ -26,7 +26,7 @@ dependencies {
   api 'com.github.stephenc.jcip:jcip-annotations:1.0-1'
   implementation 'org.springframework:spring-core:5.3.39'
   compileOnly 'jakarta.annotation:jakarta.annotation-api:1.3.5'
-  implementation 'org.checkerframework:checker-qual:3.48.4'
+  implementation 'org.checkerframework:checker-qual:3.49.0'
   implementation 'com.sun.xml.bind:jaxb-impl:4.0.5'
 
   implementation 'org.junit.jupiter:junit-jupiter-engine:5.11.4'