SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 20

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

Unlike method overriding, in method overloading the choice of which method to invoke is determined at compile time. Even if the runtime type differs for each invocation, in overloading, the method invocations depend on the type of the object at compile time.

Noncompliant Code Example

Wiki Markup
This noncompliant code example shows how the programmer can confuse overloading with overriding. At compile time, the type of the object array is {{List}}. The expected output is {{ArrayList}}, {{LinkedList}} and {{List is not recognized}} ({{java.util.Vector}} does not inherit from {{java.util.List}}). However, in all three instances {{List is not recognized}} is displayed. This happens because in overloading, the method invocations are not affected by the runtime types but only the compile time type ({{List}}). It is dangerous to implement overloading to tally with overriding, more so, because the latter is characterized by inheritance unlike the former. \[[Bloch 2008|AA. Java References#Bloch 08]\]

Code Block
bgColor#FFCCCC
public class Overloader {
  private static String display(ArrayList<Integer> a) {
    return "ArrayList";
  }

  private static String display(LinkedList<String> l) {
    return "LinkedList";
  }

  private static String display(List<?> l) {
    return "List is not recognized";
  }

  public static void main(String[] args) {
    // Array of lists
    List<?>[] invokeAll = new List<?>[] {new ArrayList<Integer>(), 
    new LinkedList<String>(), new Vector<Integer>()};

    for(List<?> i : invokeAll) {
      System.out.println(display(i));
    }
  }
}

Compliant Solution

Wiki Markup
This compliant solution uses a single {{display}} method and {{instanceof}} to distinguish between different types. As expected, the output is {{ArrayList, LinkedList, List is not recognized}}. As a general rule, do not introduce ambiguity while overloading so that the code is clean and easy to understand. \[[Bloch 2008|AA. Java References#Bloch 08]\]

Code Block
bgColor#ccccff
class Overloader {
public class Overloader {
  private static String display(List<?> l) {
    return (l instanceof ArrayList ? "Arraylist" : (l instanceof LinkedList ? "LinkedList"
    : "List is not recognized"));
  }

  public static void main(String[] args) {
    List<?>[] invokeAll = new List<?>[] {new ArrayList<Integer>(), 
    new LinkedList<String>(), new Vector<Integer>()};

    for(List<?> i : invokeAll) {
      System.out.println(display(i));
    }
  }
}

Risk Assessment

Ambiguous uses of overloading can lead to unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET05- J

low

unlikely

high

P1

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 2006|AA. Java References#API 06]\] [Interface Collection|http://java.sun.com/j2se/1.4.2/docs/api/java/util/Collection.html]
\[[Bloch 2008|AA. Java References#Bloch 08]\] Item 41: Use overloading judiciously

MET04-J. Ensure that constructors do not call overridable methods      16. Methods (MET)      MET06-J. Do not call overridable methods from a privileged block