#0 DONE
src/main/java/org/apache/commons/lang3/AnnotationUtils.java:72: error: Null Dereference
  object returned by `getAllInterfaces(cls)` could be null and is dereferenced at line 72.
  70.           @Override
  71.           protected String getShortClassName(final Class<?> cls) {
  72. >             for (final Class<?> iface : ClassUtils.getAllInterfaces(cls)) {
  73.                   if (Annotation.class.isAssignableFrom(iface)) {
  74.                       return "@" + iface.getName();

#1 DONE
src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java:126: error: Null Dereference
  object returned by `getAllInterfaces(cls)` could be null and is dereferenced at line 126.
  124.           // superclass field.
  125.           Field match = null;
  126. >         for (final Class<?> class1 : ClassUtils.getAllInterfaces(cls)) {
  127.               try {
  128.                   final Field test = class1.getField(fieldName);

#2
src/main/java/org/apache/commons/lang3/builder/ReflectionToStringBuilder.java:131: error: Null Dereference
  object `null` is dereferenced by call to `toString(...)` at line 131.
  129.        */
  130.       public static String toString(final Object object) {
  131. >         return toString(object, null, false, false, null);
  132.       }
  133.   

#3 false positive, LONG_TO_INT_RANGE.fit never returns null (may throw NPE when param is null, never the case though as actual param is boxed primitive long)
src/main/java/org/apache/commons/lang3/time/DurationUtils.java:142: error: Null Dereference
  object returned by `org.apache.commons.lang3.time.DurationUtils.LONG_TO_INT_RANGE.fit(valueOf(duration.toMillis()))` could be null and is dereferenced at line 142.
  140.           Objects.requireNonNull(duration, "duration");
  141.           // intValue() does not do a narrowing conversion here
  142. >         return LONG_TO_INT_RANGE.fit(Long.valueOf(duration.toMillis())).intValue();
  143.       }
  144.   

#4 false positive, java.lang.String.toCharArray() always returns a non-null char[] object
src/main/java/org/apache/commons/lang3/CharSetUtils.java:181: error: Null Dereference
  object `chars` last assigned on line 177 could be null and is dereferenced at line 181.
  179.           final char[] chrs = str.toCharArray();
  180.           for (final char chr : chrs) {
  181. >             if (chars.contains(chr) == expect) {
  182.                   buffer.append(chr);
  183.               }

#5
src/main/java/org/apache/commons/lang3/builder/ToStringBuilder.java:223: error: Null Dereference
  object `null` is dereferenced by call to `ToStringBuilder(...)` at line 223.
  221.        */
  222.       public ToStringBuilder(final Object object) {
  223. >         this(object, null, null);
  224.       }
  225.   

#6 false positive, Validate.notNull(field, ...) throws NPE if field is null thus if the method is call field is non-null
src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java:341: error: Null Dereference
  object `field` last assigned on line 338 could be null and is dereferenced by call to `readStaticField(...)` at line 341.
  339.           Validate.notNull(field, "Cannot locate field '%s' on %s", fieldName, cls);
  340.           // already forced access above, don't repeat it here:
  341. >         return readStaticField(field, false);
  342.       }
  343.   

#7 false positive, Validate.notNull(field, ...) throws NPE if field is null thus if the method is call field is non-null
src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java:385: error: Null Dereference
  object `field` last assigned on line 382 could be null and is dereferenced by call to `readStaticField(...)` at line 385.
  383.           Validate.notNull(field, "Cannot locate declared field %s.%s", cls.getName(), fieldName);
  384.           // already forced access above, don't repeat it here:
  385. >         return readStaticField(field, false);
  386.       }
  387.   

#8 DONE
src/main/java/org/apache/commons/lang3/reflect/MethodUtils.java:486: error: Null Dereference
  object returned by `primitiveToWrapper(varArgComponentType)` could be null and is dereferenced by call to `newInstance(...)` at line 486.
  484.           final int varArgLength = args.length - methodParameterTypes.length + 1;
  485.   
  486. >         Object varArgsArray = Array.newInstance(ClassUtils.primitiveToWrapper(varArgComponentType), varArgLength);
  487.           // Copy the variadic arguments into the varargs array.
  488.           System.arraycopy(args, methodParameterTypes.length - 1, varArgsArray, 0, varArgLength);

#9 false positive, Validate.notNull(field, ...) throws NPE if field is null thus if the method is call field is non-null
src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java:599: error: Null Dereference
  object `field` last assigned on line 596 could be null and is dereferenced by call to `writeStaticField(...)` at line 599.
  597.           Validate.notNull(field, "Cannot locate field %s on %s", fieldName, cls);
  598.           // already forced access above, don't repeat it here:
  599. >         writeStaticField(field, value, false);
  600.       }
  601.   

#10 false positive, Validate.notNull(field, ...) throws NPE if field is null thus if the method is call field is non-null
src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java:644: error: Null Dereference
  object `field` last assigned on line 641 could be null and is dereferenced by call to `writeField(...)` at line 644.
  642.           Validate.notNull(field, "Cannot locate declared field %s.%s", cls.getName(), fieldName);
  643.           // already forced access above, don't repeat it here:
  644. >         writeField(field, (Object) null, value, false);
  645.       }
  646.   

#11 false positive, getAllSuperclassesAndInterfaces(mcls) is non-null if mcls is non-null, mcls is non-null as java.lang.reflect.Method.getDeclaringClass() is always non-null
src/main/java/org/apache/commons/lang3/reflect/MethodUtils.java:987: error: Null Dereference
  object `classes` last assigned on line 986 could be null and is dereferenced at line 987.
  985.               final Class<?> mcls = method.getDeclaringClass();
  986.               final List<Class<?>> classes = getAllSuperclassesAndInterfaces(mcls);
  987. >             for (final Class<?> acls : classes) {
  988.                   final Method equivalentMethod = (ignoreAccess ? MethodUtils.getMatchingMethod(acls, method.getName(), method.getParameterTypes())
  989.                       : MethodUtils.getMatchingAccessibleMethod(acls, method.getName(), method.getParameterTypes()));

#12
src/main/java/org/apache/commons/lang3/concurrent/MultiBackgroundInitializer.java:160: warning: Thread Safety Violation
  Read/Write race. Non-private method `MultiBackgroundInitializer.getTaskCount()` reads without synchronization from container `this.childInitializers` via call to `Map.values()`. Potentially races with write in method `MultiBackgroundInitializer.addInitializer(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.
  158.           int result = 1;
  159.   
  160. >         for (final BackgroundInitializer<?> bi : childInitializers.values()) {
  161.               result += bi.getTaskCount();
  162.           }

Found 13 issues
                        Issue Type(ISSUED_TYPE_ID): #
                Null Dereference(NULL_DEREFERENCE): 12
  Thread Safety Violation(THREAD_SAFETY_VIOLATION): 1