...
The equals()
method is used to determine logical equivalence between object instances. Consequently, the hashCode()
method must return the same value for all equivalent objects. Failure to follow this contract is a common source of defects.
Noncompliant Code Example
This noncompliant code example associates credit card numbers with strings using a HashMap
and subsequently attempts to retrieve the string value associated with a credit card number. The expected retrieved value is 4111111111111111
; the actual retrieved value is null
. The cause of this erroneous behavior is that the CreditCard
class overrides the equals()
method but fails to override the hashCode()
method. Consequently, the default hashCode()
method returns a different value for each object, even though the objects are logically equivalent; these differing values lead to examination of different hash buckets, which prevents the get()
method from finding the intended value.
Code Block | ||
---|---|---|
| ||
public final class CreditCard { private final int number; public CreditCard(int number) { this.number = (short) number; } public boolean equals(Object o) { if (o == this) { return true; } if (!(o instanceof CreditCard)) { return false; } CreditCard cc = (CreditCard)o; return cc.number == number; } public static void main(String[] args) { Map<CreditCard, String> m = new HashMap<CreditCard, String>(); m.put(new CreditCard(100), "4111111111111111"); System.out.println(m.get(new CreditCard(100))); } } |
Compliant Solution
Wiki Markup |
---|
This compliant solution overrides the {{hashCode()}} method so that it generates the same value for any two instances that are considered to be equal by the {{equals()}} method. Bloch discusses the recipe to generate such a hash function in detail \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. |
Code Block | ||
---|---|---|
| ||
import java.util.Map; import java.util.HashMap; public final class CreditCard { private final int number; public CreditCard(int number) { this.number = (short) number; } public boolean equals(Object o) { if (o == this) { return true; } if (!(o instanceof CreditCard)) { return false; } CreditCard cc = (CreditCard)o; return cc.number == number; } public int hashCode() { int result = 7; result = 37 * result + number; return result; } public static void main(String[] args) { Map<CreditCard, String> m = new HashMap<CreditCard, String>(); m.put(new CreditCard(100), "4111111111111111"); System.out.println(m.get(new CreditCard(100))); } } |
Risk Assessment
Overriding the equals()
method without overriding the hashCode()
method can lead to unexpected results.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MET13-J | low | unlikely | high | P1 | L3 |
Automated Detection
Automated detection of classes that override only one of equals()
and hashcode()
is straightforward. Sound static determination that the implementations of equals()
and hashcode()
are mutually consistent is not feasible in the general case, although heuristic techniques may be used.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="42e838a36a33a796-94655f52-4fd945e5-939ca92f-f604a447483f3583244871b9"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-581 | http://cwe.mitre.org/data/definitions/581.html] "Object Model Violation: Just One of Equals and Hashcode Defined" | ]]></ac:plain-text-body></ac:structured-macro> |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b889e5fb08a3ada2-e21f20e5-42104c2e-93919608-47ac4719cda052b4a5867050"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [Class Object | http://java.sun.com/javase/6/docs/api/java/lang/Object.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fa20ad3e465ee74c-56e14a5f-4dd64b5a-b1fd8331-74449d7cc40f73787ba58e8a"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 9: Always override | ]]></ac:plain-text-body></ac:structured-macro> |
...