...
If a parameterized type tries to access an object that is not of the parameterized type, heap pollution results. For instance, consider the code snippet below.
| Code Block |
|---|
List l = new ArrayList<Integer>ArrayList<Integer>(); List<String>List<String> ls = l; // Produces unchecked warning |
...
| Code Block | ||
|---|---|---|
| ||
public class MixedTypes {
@SuppressWarnings("unchecked""unchecked")
private static void addToList(List list, Object obj) {
list.add(obj); // Unchecked warning
}
private static void print() {
List<String>List<String> list = new ArrayList<String>ArrayList<String> ();
addToList(list, 1);
System.out.println(list.get(0));
}
public static void main(String[] args) {
MixedTypes.print();
}
}
|
...
| Code Block |
|---|
Exception in thread "main""main" java.lang.ClassCastException: java.lang.Integer cannot be cast to java.lang.String at Raw.print(Test.java:11) at Raw.main(Test.java:14) |
...
| Code Block | ||
|---|---|---|
| ||
class Parameterized {
private static void addToList(List<String>List<String> list, String str) {
list.add(str); // Unchecked warning
}
private static void print() {
List<String>List<String> list = new ArrayList<String>ArrayList<String> ();
addToList(list, "1""1");
System.out.println(list.get(0));
}
public static void main(String[] args) {
Parameterized.print();
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class BadListAdder {
@SuppressWarnings("unchecked""unchecked")
private static void addToList(List list, Object obj) {
list.add(obj); // Unchecked warning
}
private static <T><T> void printOne(T type) {
if (!(type instanceof Integer || type instanceof Double)) {
System.out.println(""Cannot print in the supplied type"");
}
List<T>List<T> list = new ArrayList<T>ArrayList<T>();
addToList(list, 1);
System.out.println(list.get(0));
}
public static void main(String[] args) {
double d = 1;
int i = 1;
System.out.println(d);
BadListAdder.printOne(d);
System.out.println(i);
BadListAdder.printOne(i);
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class GoodListAdder {
private static void addToList(List<Integer>List<Integer> list, Integer i) {
list.add(i);
}
private static void addToList(List<Double>List<Double> list, Double d) {
list.add(d);
}
private static <T><T> void printOne(T type) {
if (type instanceof Integer) {
List<Integer>List<Integer> list = new ArrayList<Integer>ArrayList<Integer>();
addToList(list, 1);
System.out.println(list.get(0));
}
else if (type instanceof Double) {
List<Double>List<Double> list = new ArrayList<Double>ArrayList<Double>();
// This will not compile if addToList(list, 1) is used
addToList(list, 1.0);
System.out.println(list.get(0));
}
else {
System.out.println(""Cannot print in the supplied type"");
}
}
public static void main(String[] args) {
double d = 1;
int i = 1;
System.out.println(d);
GoodListAdder.printOne(d);
System.out.println(i);
GoodListAdder.printOne(i);
}
}
|
...
| Code Block |
|---|
if(o instanceof Set) { // Raw type
Set<?>Set<?> m = (Set<?>Set<?>) o; // Wildcard type
...
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Langer 08|AA. Java References#Langer 08]\] Topic 3, ""[Coping with Legacy|http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html#Topic3]"" [[Bloch 08|AA. Java References#Bloch 08]\] Item 23: ""Don't use raw types in new code"" [[Bloch 07|AA. Java References#Bloch 07]\] Generics, 1. ""Avoid Raw Types in New Code"" \[[Naftalin 06b|AA. Java References#Naftalin 06b]\] ""Principle of Indecent Exposure"" [[JLS 05|AA. Java References#JLS 05]\] 4.8 ""Raw types"" and 5.1.9 ""Unchecked Conversion"" |
...
MSC04-J. Carefully design interfaces before releasing them 49. Miscellaneous (MSC) IDS15-J. Library methods should validate their parameters