SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user bocong liu

Saved on

compared with

New Version 4

changes.mady.by.user bocong liu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In

...

many

...

times,

...

you

...

may

...

want

...

to

...

create

...

a

...

dynamic

...

array

...

of

...

integers.

...

Unfortunately,

...

the

...

type

...

parameter

...

inside

...

the

...

angle

...

brackets

...

cannot

...

be

...

a

...

primitive

...

type.

...

It

...

is

...

not

...

possible

...

to

...

form

...

an

...

ArrayList<int>.

...

Thanks

...

to

...

the

...

wrapper

...

class,

...

now

...

you

...

can

...

use

...

ArrayList<Integer>

...

to

...

achieve

...

this

...

goal.

...

  And

...

the

...

process

...

from

...

int

...

to

...

Integer

...

is

...

called

...

autoboxing.

...

However,

...

you

...

should

...

always

...

be

...

careful

...

about

...

doing

...

this.

...

Take

...

the

...

code

...

below

...

as

...

an

...

example:

...

Code

...

Example


Code Block
\\ public class TestWrapper1TestWrapper2 {
        public public static void main(String[] args) {
               
            Integer Integer i1 = 100;
               Integer i2 = 100;
               Integer i3 = 1000;
               Integer i4 = 1000;
               System.out.println(i1==i2);
               System.out.println(i3==i4);
          
           
 }
}


h2.

Output

...

of

...

this code 

Code Block

 code&nbsp;

&nbsp;true
false

It

...

is

...

because

...

that

...

in

...

JDK

...

5.0,

...

if

...

the

...

value

...

p

...

being

...

boxed

...

is

...

true,

...

false,

...

a

...

byte,

...

an

...

ASCII

...

character,

...

or

...

an

...

integer

...

or

...

short

...

number

...

between

...

-127

...

and

...

128,

...

then

...

let

...

r1

...

and

...

r2

...

be

...

the

...

results

...

of

...

any

...

two

...

boxing

...

conversions

...

of

...

p.

...

It

...

is

...

always

...

the

...

case

...

that

...

r1

...

==

...

r2.

...

And

...

the

...

reason

...

for

...

this

...

rule

...

explained

...

in

...

criterion

...

for

...

autoboxing:

...

 "Ideally,

...

 boxing a

...

given

...

primitive

...

value

...

p,

...

would

...

always

...

yield

...

an

...

identical

...

reference.

...

In

...

practice,

...

this

...

may

...

not

...

be

...

feasible

...

using

...

existing

...

implementation

...

techniques.

...

The

...

rules

...

above

...

are

...

a

...

pragmatic

...

compromise.

...

The

...

final

...

clause

...

above

...

requires

...

that

...

certain

...

common

...

values

...

always

...

be

...

boxed

...

into

...

indistinguishable

...

objects.

...

The

...

implementation

...

may

...

cache

...

these,

...

lazily

...

or

...

eagerly."

...

 It means that if we have enough memory, we could caches all the integer value(-32K-32K),

...

which

...

means

...

that

...

all

...

the

...

int

...

value

...

could

...

be

...

autoboxing

...

to

...

the

...

same

...

Integer

...

object.

...

But

...

actually

...

it

...

is

...

impractical,

...

so

...

we

...

should

...

be

...

careful

...

about

...

using

...

the

...

following

...

code:

...

Code

...

Example



Code Block
\\ import java.util.ArrayList;
 publicpublic class TestWrapper2TestWrapper1 {
        public public static void main(String[] args) {
                //create an array list of integers, which each element
                //is more than 127
               ArrayList<Integer> list1 = new ArrayList<Integer>();
               for(int i=0;i<10;i++)
                  list1      list1.add(i+200);
                //create another array list of integers, which each element
                //is the same with the first one
               ArrayList<Integer> list2 = new ArrayList<Integer>();
               for(int i=0;i<10;i++)
                  list2      list2.add(i+200);        
        
               int counter = 0;
               for(int i=0;i<10;i++)
                  if      if(list1.get(i) == list2.get(i)) counter++;
               //output the total equal number
               System.out.println(counter);
         }
} 
&nbsp;

JDK

...

5.0,

...

the

...

output

...

of

...

this

...

code

...

is

...

0.

...

But

...

it

...

is

...

an

...

undefined

...

behavior,

...

which

...

depends

...

on

...

how

...

many

...

caches

...

we

...

could

...

use.

...


Risk Assessment

The result is an undefined behavior, so it will exert  a potential security risk.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

 

medium

likely

low

 

 

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Chapter 5, Core Java™ 2 Volume I - Fundamentals, Seventh Edition