SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

Wiki MarkupWhen a class declares a static method _m_, the declaration of _m_ hides any method _ m'_, where the signature of _m_ is a subsignature of the signature of _ m' _ and the declaration of _ m' _ is both in the superclasses and superinterfaces of the declaring class and also would otherwise be accessible to code in the declaring class \[[JLS 2005|AA. Bibliography#JLS 05]\] ["8.class (The Java Language Specification, §8.4.8.2 "Hiding (by Class Methods)"|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.4.8.2] [JLS 2015]).

An instance method defined in a subclass overrides another instance method in the superclass when both have the same name, number and type of parameters, and return type.

Hiding and overriding differ in the determination of which method is invoked from a call site. For overriding, the method invoked is determined at runtime based on the basis of the specific object instance in hand. For hiding, the method invoked is determined at compile time based on the basis of the specific qualified name or method invocation expression used at the call site. Although the Java language provides unambiguous rules for determining which method is invoked, the results of these rules are often unexpected. Additionally, programmers sometimes expect method overriding in cases where the language provides method hiding. Consequently, programs must never declare a class method that hides a method declared in a superclass or superinterface.

Noncompliant Code Example

In this noncompliant code example, the programmer hides the static method instead of rather than overriding it. Consequently, the code invokes the displayAccountStatus() method of the superclass at two different call sites instead of invoking the superclass method at one call site and the subclass method at the other, causing it to print  Account details for admin despite being instructed to choose user rather than admin.

Code Block
bgColor#FFCCCC

class GrantAccess {
  public static void displayAccountStatus() {
    System.out.println("Account details for admin: XX");
  }
}

class GrantUserAccess extends GrantAccess {
  public static void displayAccountStatus() {
    System.out.println("Account details for user: XX");
  }
}

public class StatMethod {
  public static void choose(String username) {
    GrantAccess admin = new GrantAccess();
    GrantAccess user = new GrantUserAccess();
    if (username.equals("admin")) {
      admin.displayAccountStatus();
    } else {
      user.displayAccountStatus();
    }
  }

  public static void main(String[] args) {
    choose("user");	
  }
}

Compliant Solution

In this compliant solution, the programmer declares the displayAccountStatus() methods as instance methods , by removing the static keyword. Consequently, the dynamic dispatch at the call sites produces the expected result. The @Override annotation indicates intentional overriding of the parent method.

Code Block
bgColor#ccccff

class GrantAccess {
  public void displayAccountStatus() {
    System.out.print("Account details for admin: XX");
  }
}

class GrantUserAccess extends GrantAccess {
  @Override  
  public void displayAccountStatus() {
    System.out.print("Account details for user: XX");
  }
}

public class StatMethod {
  public static void choose(String username) {
    GrantAccess admin = new GrantAccess();
    GrantAccess user = new GrantUserAccess();

    if (username.equals("admin")) {
      admin.displayAccountStatus();
    } else {
      user.displayAccountStatus();
    }
  }

  public static void main(String[] args) {
    choose("user");	
  }
}

Wiki MarkupThe methods inherited from the superclass can also be overloaded in a subclass. Overloaded methods are new methods , unique to the subclass and neither hide nor override the superclass method \ [[Tutorials 2008|AA. Bibliography#Tutorials 08]\Java Tutorials].

Wiki MarkupTechnically, a private method cannot be hidden or overridden. There is no requirement that private methods with the same signature in the subclass and the superclass , bear any relationship in terms of having the same return type or {{throws}} clause, the necessary conditions for hiding \ [[JLS 2005|AA. Bibliography#JLS 05]\]. Consequently, hiding cannot occur when the methods have different return types or {{throws}} JLS 2015]. Consequently, hiding cannot occur when private methods have different return types or throws clauses.

Exceptions

MET11MET07-J-EX0: Occasionally, an API will be provided that violates this rule...that is, it provides hidden methods. Invoking those methods is not a violation of this rule , provided that all invocations of hiding or hidden methods use qualified names or method invocation expressions that explicitly indicate which specific method is invoked. If the above example had been such a case, modification displayAccountStatus() were a hidden method, for example, the following implementation of the choose() method as shown below would have been be an acceptable alternative:

Code Block
bgColor#ccccff

  public static void choose(String username) {
    if (username.equals("admin")) {
      GrantAccess.displayAccountStatus();
    } else {
      GrantUserAccess.displayAccountStatus();
    }
  }

Risk Assessment

Confusing overriding and hiding can produce unexpected results.

Guideline

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET11

MET07-J

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Automated detection of violations of this guideline rule is straightforward. Automated determination of cases where in which method hiding is unavoidable is infeasible. However, determining whether all invocations of hiding or hidden methods explicitly indicate which specific method is invoked is straightforward.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

...

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.MET07.AHSMDo not hide inherited "static" member methods

Bibliography

[Bloch 2005]

Puzzle 48, "All I Get Is Static"

[Java Tutorials]

Overriding and Hiding Methods

[JLS 2015]

§8.4.8.2

...

, "Hiding

...

(by

...

Class

...

Methods)"


...

Image Added Image Added Image Added|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.4.8.2] \[[Tutorials 2008|AA. Bibliography#Tutorials 08]\] [Overriding and Hiding Methods|http://java.sun.com/docs/books/tutorial/java/IandI/override.html]MET10-J. For methods that return an array or collection prefer returning an empty array or collection over a null value      05. Methods (MET)      MET12-J. Ensure objects that are equated are equatable