Unlike method overriding, in method overloading the choice of which method to invoke is determined at compile time. Even if the runtime type differs for each invocation, in overloading, the method invocations depend on the type of the object at compile time.
Noncompliant Code Example
This noncompliant example shows how the programmer can confuse overloading with overriding. At compile time, the type of the object array is List
. The expected output is ArrayList
, LinkedList
and List is not recognized
(java.util.Vector
does not inherit from java.util.List
). However, in all three instances List is not recognized
gets displayed. This happens because in overloading, the method invocations are not affected by the runtime types but only the compile time type (List
). It is dangerous to implement overloading to tally with overriding, more so, because the latter is characterized by inheritance unlike the former. [[Bloch 08]]
public class Overloader { private static String display(ArrayList<Integer> a) { return "ArrayList"; } private static String display(LinkedList<String> l) { return "LinkedList"; } private static String display(List<?> l) { return "List is not recognized"; } public static void main(String[] args) { List<?>[] invokeAll = new List<?>[] {new ArrayList<Integer>(), new LinkedList<String>(), new Vector<Integer>()}; for(List<?> i : invokeAll) { System.out.println(display(i)); } } }
Compliant Solution
This compliant solution uses a single display
method and instanceof
to distinguish between different types. The output is ArrayList, LinkedList, List is not recognized
, as expected. As a general rule, do not introduce ambiguity while using overloading so that the code is clean and easy to understand. [[Bloch 08]]
class Overloader { public class Overloader { private static String display(List<?> l) { return (l instanceof ArrayList ? "Arraylist" : (l instanceof LinkedList ? "LinkedList" : "List is not recognized")); } public static void main(String[] args) { List<?>[] invokeAll = new List<?>[] {new ArrayList<Integer>(), new LinkedList<String>(), new Vector<Integer>()}; for(List<?> i : invokeAll) { System.out.println(display(i)); } } }
Risk Assessment
Ambiguous uses of overloading can lead to unexpected results.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET33- J |
low |
unlikely |
high |
P1 |
L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[API 06]] Interface Collection
[[Bloch 08]] Item 41: Use overloading judiciously
MET32-J. Ensure that constructors do not call overridable methods 12. Methods (MET) MET34-J. Follow the general contract when implementing the compareTo method