 
                                        According to §12.4, "Initialization of Classes and Interfaces"  of the Java Language Specification [[JLS 2005]]
 of the Java Language Specification [[JLS 2005]]
Initialization of a class consists of executing its
staticinitializers and the initializers forstaticfields (class variables) declared in the class.
In other words, the presence of a static field triggers the initialization of a class. However, a static field could depend on the initialization of a class, possibly creating an initialization cycle. The Java Language Specification also states in §8.3.2.1, "Initializers for Class Variables"  [[JLS 2005]]
 [[JLS 2005]]
...at run time,
staticvariables that arefinaland that are initialized with compile-time constant values are initialized first.
This statement can be misleading because it is inapplicable to instances that use values of static final fields that are initialized at a later stage. Declaring a field to be static final is insufficient to guarantee that it is fully initialized before being read.
Noncompliant Code Example (Intra-Class Cycle)
This noncompliant code example contains an intra-class initialization cycle.
public class Cycle {
  private final int balance;
  private static final Cycle c = new Cycle(); 
  private static final int deposit = (int) (Math.random() * 100); // Random deposit
  public Cycle() {
    balance = deposit - 10; // Subtract processing fee
  }
  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}
The Cycle class declares a private static final class variable which is initialized to a new instance of the Cycle class. Static initializers are guaranteed to be invoked once before the first use of a static class member or the first invocation of a constructor.  
The programmer's intent is to calculate the account balance by subtracting the processing fee from the deposited amount. However, the initialization of the c class variable happens before the deposit field is initialized because it appears lexically before the initialization of the deposit field.  Consequently, the value of deposit seen by the constructor, when invoked during the static initialization of c, is the initial value of deposit (0) rather than the random value. As a result, the balance is always computed to be -10.  
The Java Language Specification permits implementations to ignore the possibility of such recursive attempts [[Bloch 2005]].
Compliant Solution (Intra-Class Cycle)
This compliant solution changes the initialization order of the class Cycle so that the fields are initialized without creating any dependency cycles.  Specifically, the initialization of c is placed lexically after the initialization of deposit so that it occurs temporally after deposit is fully initialized.
public class Cycle {
  private final int balance;
  private static final int deposit = (int) (Math.random() * 100); // Random deposit
  private static final Cycle c = new Cycle();  // Inserted after initialization of required fields
  public Cycle() {
    balance = deposit - 10; // Subtract processing fee
  }
  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}
Such initialization cycles become insidious when many fields are involved; ensure that the control flow lacks such cycles.
Noncompliant Code Example (Inter-Class Cycle)
This noncompliant code example declares two classes with static variables whose values depend on each other. The cycle is obvious when the classes are seen together (like they are here), but this can easily be missed when the classes are viewed separately.
class A {
    public static final int a = B.b + 1;
    // ...
}
class B {
    public static final int b = A.a + 1;
    // ...
}
The initialization order of the classes can vary and, consequently, cause computation of different values for A.a and B.b.  When class A is initialized first, A.a will have the value 2, and B.b will have the value 1. These values will be reversed when class B is initialized first.
Compliant Solution (Inter-Class Cycle)
This compliant solution breaks the inter-class cycle by eliminating one of the dependencies.
class A {
    public static final int a = 2;
    // ...
}
// class B unchanged: b = A.a + 1
With the cycle broken, the initial values will always be A.a = 2 and B.b = 3, regardless of initialization order.
Risk Assessment
Initialization cycles may lead to unexpected results.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| DCL04-J | low | unlikely | medium | P2 | L3 | 
Automated Detection
TODO
Related Guidelines
| C++ Secure Coding Standard | "DCL14-CPP. Avoid assumptions about the initialization order between translation units" | 
Bibliography
| <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="be7c2fae-e4fb-440d-99a1-67fc4a51dc96"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [§8.3.2.1, "Initializers for Class Variables" | http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3.2.1] | ]]></ac:plain-text-body></ac:structured-macro> | 
| 
 | |||||
| <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="38a314af-e370-4ec3-ad1f-60b26d33f092"><ac:plain-text-body><![CDATA[ | [[Bloch 2005 | AA. Bibliography#Bloch 05]] | Puzzle 49: Larger Than Life | ]]></ac:plain-text-body></ac:structured-macro> | |
| <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f5935879-c1d0-4b3b-8541-59b4c6b9f2bd"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 665 | http://cwe.mitre.org/data/definitions/665.html] "Improper Initialization" | ]]></ac:plain-text-body></ac:structured-macro> | 
01. Declarations and Initialization (DCL) 01. Declarations and Initialization (DCL)