SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 29

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed to JG

...

By convention, the returned object should be obtained by calling super.clone. If a class and all of its superclasses (except Object) obey this convention, it will be the case that x.clone().getClass() == x.getClass().

Noncompliant Code Example

In this noncompliant code example, the clone() method in the class Base does not call super.clone(). Hence, the object devClone ends up being of type Base instead of Derived, with resulting incorrect application of the doLogic() method.

Code Block
bgColor#FFcccc

class Base implements Cloneable {
  public Object clone() throws CloneNotSupportedException {
    return new Base();	 
  }
  protected void doLogic() {
    System.out.println("Superclass doLogic");
  }
}

class Derived extends Base {
  public Object clone() throws CloneNotSupportedException {
    return super.clone();
  }
  protected void doLogic() {
    System.out.println("Subclass doLogic");
  }
  public static void main(String[] args) {
    Derived dev = new Derived();
    try {
      Base devClone = (Base)dev.clone(); // has type Base instead of Derived
      devClone.doLogic();  // prints "Superclass doLogic" instead of "Subclass doLogic"
    } catch (CloneNotSupportedException e) { /* ... */ }
  }
}

Compliant Solution

This compliant solution correctly calls super.clone() in the Base class's clone() method.

Code Block
bgColor#ccccff

class Base implements Cloneable {
  public Object clone() throws CloneNotSupportedException {
    return super.clone();	 
  }
  protected void doLogic() {
    System.out.println("Superclass doLogic");
  }
}

class Derived extends Base {
  public Object clone() throws CloneNotSupportedException {
    return super.clone();
  }
  protected void doLogic() {
    System.out.println("Subclass doLogic");
  }
  public static void main(String[] args) {
    Derived dev = new Derived();
    try {
      Base devClone = (Base)dev.clone(); // has type Derived, as expected
      devClone.doLogic();  // prints "Subclass doLogic", as expected
    } catch (CloneNotSupportedException e) { /* ... */ }
  }
}

Risk Assessment

Failing to call super.clone() may result in a cloned object having the wrong type, with resulting unexpected or incorrect results when it is used.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET55MET53-J JG

medium

probable

low

P12

L1

Automated Detection

Automated detection is straightforward.

Bibliography

[API 2006]

Class Object

 

MET15-J. Do not use deprecated or obsolete classes or methods      05. Methods (MET)      MET17-J. Do not increase the accessibility of overridden or hidden methods