SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 39

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Java supports overloading methods and can distinguish between methods with different method signatures, which means that, with some qualifications, methods within a class can have the same name if they have different parameter lists. In method overloading, the method to be invoked at runtime is determined at compile time. Consequently, the overloaded method associated with the static type of the object is invoked even when the runtime type differs for each invocation.

Wiki MarkupDo not introduce ambiguity while overloading (see [MET50-J. Avoid ambiguous uses of overloading]), and use overloaded methods sparingly \ [[Tutorials 2010|AA. References#Tutorials 10]\], because they can make code much less readable.

Noncompliant Code Example

...

Code Block
bgColor#FFCCCC
public class Overloader {
  private static String display(ArrayList<Integer> a) {
    return "ArrayList";
  }

  private static String display(LinkedList<String> l) {
    return "LinkedList";
  }

  private static String display(List<?> l) {
    return "List is not recognized";
  }

  public static void main(String[] args) {
    // Single ArrayList
    System.out.println(display(new ArrayList<Integer>()));
    // Array of lists
    List<?>[] invokeAll = new List<?>[] {new ArrayList<Integer>(), 
    new LinkedList<String>(), new Vector<Integer>()};

    for (List<?> i : invokeAll) {
      System.out.println(display(i));
    }
  }
}

Wiki MarkupAt compile time, the type of the object array is {{List}}. The expected output is {{ArrayList}}, {{ArrayList}}, {{LinkedList}}, and {{List is not recognized}} (because {{java.util.Vector}} does not inherit from {{java.util.List}}). The actual output is {{ArrayList}} followed by three instances of {{List is not recognized}}. The cause of this unexpected behavior is that overloaded method invocations are affected _only_ by the compile-time type of their arguments: {{ArrayList}} for the first invocation and {{List}} for the others. Do not use overloading where overriding would be natural \ [[Bloch 2008|AA. References#Bloch 08]\].

Compliant Solution

This compliant solution uses a single display method and instanceof to distinguish between different types. As expected, the output is ArrayList, ArrayList, LinkedList, List is not recognized.

...

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

...

\[[API 2006|AA. References#API 06]\] [Interface Collection|http://java.sun.com/j2se/1.4.2/docs/api/java/util/Collection.html] \[[Bloch 2008|AA. References#Bloch 08]\] Item 41: Use overloading judiciously \[[Tutorials 2010|AA. References#Tutorials 10]\] [Defining Methods|http://download.oracle.com/javase/tutorial/java/javaOO/methods.html]Collection
[Bloch 2008] Item 41: Use overloading judiciously
[Tutorials 2010] Defining Methods

...

MET04-J. Ensure that constructors do not call overridable methods      05. Methods (MET)