SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 59

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A related error can arise when a programmer declares a static final reference to a mutable object; see guideline OBJ01-J. Do not assume that a final reference makes the referenced object immutable for additional information.

...

Noncompliant Code Example

In this noncompliant code example, class Foo declares a field whose value represents the version of the software. The field is subsequently accessed by class Bar from a separate compilation unit.

...

Although recompiling Bar.java solves this problem, a better solution is available.

...

Compliant Solution

Wiki Markup
According to \[[JLS 2005|AA. Bibliography#JLS 05]\], §13.4.9, "{{final}} Fields and Constants" of the Java Language Specification [JLS 2005],

...

As a result, the private version value cannot be copied into the Bar class when it is compiled, consequently preventing the bug. Note that most JIT code generators are capable of inlining the getVersion() method at runtime; consequently there is little or no performance penalty incurred.

...

Exceptions

Wiki Markup
*DCL04-EX0*: According to \[[JLS 2005|AA. Bibliography#JLS 05]\], §9.3 "Field (Constant) Declarations" of the Java Language Specification [JLS 2005], "Every field declaration in the body of an interface is implicitly {{public}}, {{static}}, and {{final}}. It is permitted to redundantly specify any or all of these modifiers for such fields."

...

DCL04-EX2: Constants whose value never changes throughout the entire lifetime of the software may be declared as final. For instance, the Java Language Specification recommends that mathematical constants be declared final.

...

Risk Assessment

Failing to declare mathematical constants static and final can lead to thread safety issues, as well as to inconsistent behavior.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

DCL04-J

low

probable

medium

P2

L3

...

Automated Detection

Static checking of this guideline is not feasible in the general case.

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

C Secure Coding Standard: DCL00-C. Const-qualify immutable objects

...

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] [§13.4.9|http://java.sun.com/docs/books/jls/third_edition/html/binaryComp.html#13.4.9] "final Fields and Constants", [§9.3|http://java.sun.com/docs/books/jls/third_edition/html/interfaces.html#9.3] "Field (Constant) Declarations", [§4.12.4|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.12.4] "final Variables", [§8.3.1.1|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3.1.1] static Fields"

...