search

mebigfatguy / fb-contrib

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
http://fb-contrib.sf.net
GNU Lesser General Public License v2.1
157 stars 45 forks source link

False-positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR for method reference #461

Closed nmatt closed 10 months ago

nmatt commented 10 months ago

MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR is reported for mere method references, without them being invoked. This happens with sb-contrib version 7.6.4 (current release).

Example code:

public class Example
{
    public String s;

    public boolean overridable(String s) { return this.s.equals(s); }

    public final Predicate<String> predicate1 = this::overridable;

    public final Predicate<String> predicate2 = Predicate.not(this::overridable);
}

Both predicate1 and predicate2 produce the bug. In case of predicate1, the method is clearly not called. In the case of predicate2, it might of course theoretically be called, but there are also a lot of use cases (like here) where the method reference is just passed to be stored for later use. (One of the actual use cases I have is a memoization wrapper for the overridable method, stored as a field.)

One issue is that this also cannot be worked around by adding @SuppressFBWarnings("MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR") to the field declaration.

Maybe, if the analysis cannot determine that the overridable method is being passed for immediate invocation (like when passed to well-known methods like Map::compute), this should instead map to a separate bug code.

mebigfatguy commented 10 months ago

This is part of SpotBugs itself, please post the issue here

https://github.com/spotbugs/spotbugs/issues

nmatt commented 10 months ago

Resubmitted as SpotBugs issue: https://github.com/spotbugs/spotbugs/issues/2837