The analyzer has detected cases where a pseudo-random number generator is used. It may result in insufficient randomness or predictability of the generated number.
Case 1
A new object of the 'Random' type is created every time when a random value is required. This is inefficient and may result in creating numbers that are not random enough depending on the JDK.
Look at an example:
public void test() { Random rnd = new Random(); }
For better efficiency and a more random distribution, create an instance of the 'Random' class, save and reuse it.
static Random rnd = new Random(); public void test() { int i = rnd.nextInt(); }
Case 2
The analyzer has detected a suspicious code that initializes the pseudo-random number generator with a constant value.
public void test() { Random rnd = new Random(4040); }
Generated numbers are predictable. They are repeated every time the program runs. To avoid this, do not use a constant number. The developers may have used the current system time instead:
static Random rnd = new Random(System.currentTimeMillis()); public void test() { int i = rnd.nextInt(); }
This diagnostic is classified as: