The rule checks when clone is invoked against a parameter in a public method or constructor of a public type, and the type of the parameter is not final (overridable). We also consider parameterized (generic) type and array type parameters of non-final types.