SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 45 Next »

According to the Java Language Specification [[JLS 2005]], Section 12.4, "Initialization of Classes and Interfaces"

Initialization of a class consists of executing its static initializers and the initializers for static fields (class variables) declared in the class.

This statement asserts that the presence of a static field triggers the initialization of a class. However, a static field might depend on the initialization of a class, and might create an initialization cycle. The Java Language Specification also states: ([[JLS 2005]], Section 8.3.2.1, "Initializers for Class Variables")

...at run time, static variables that are final and that are initialized with compile-time constant values are initialized first.

While this statement typically holds, it can be misleading as it does not account for instances that use values of static final fields initialized at a later stage. Even if a field is static final, it is not necessarily initialized before being read.

Noncompliant Code Example

In this noncompliant code example, a recursive attempt is being made to initialize the class, creating an initialization cycle. Because such recursive attempts are ignored by the JVM, the default value of deposit is 0 during the initialization [[Bloch 2005]]. The code tries to calculate the account balance by subtracting the processing fee from the deposited amount, but fails to do so. The Cycle class object c is instantiated before the deposit field gets initialized. 

public class Cycle {
  private static final Cycle c = new Cycle();
  private final int balance;
  private static final int deposit =  (int) (Math.random() * 100); // Random deposit

  public Cycle() {
    balance = deposit - 10; // Subtract processing fee
  }

  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}

As a result, the constructor Cycle() is invoked which computes the balance based on the initial value of deposit (0) rather than the random value. As a result, the balance always remains -10.

Compliant Solution

This compliant solution changes the initialization order of the class Cycle so that the fields meant to be used in computations get duly initialized without creating any dependency cycles.

public class Cycle {
  private final int balance;
  private static final int deposit =  (int) (Math.random() * 100); // Random deposit
  private static final Cycle c = new Cycle();  // Inserted after initialization of required fields
  public Cycle() {
    balance = deposit - 10; // Subtract processing fee
  }

  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}

As initialization cycles can become insidious when many classes are involved, proper care must be taken to inspect the control flow.

Noncompliant Code Example

This noncompliant code example uses an inner class that extends the outer class. The outer class in turn, uses the static instance of the inner class. This results in a circular initialization issue [[Findbugs 2008]].

public class CircularClassInit {
  static class InnerClassSingleton extends CircularClassInit {
    static final InnerClassSingleton singleton = new InnerClassSingleton();
  }
  static final CircularClassInit foo = InnerClassSingleton.singleton;
}

Compliant Solution

This compliant solution removes the instance of the inner class from the outer class.

public class CircularClassInit {
  static class InnerClassSingleton extends CircularClassInit {
    static final InnerClassSingleton singleton = new InnerClassSingleton();
  }
}

Notably, class initialization cycles can also occur because of circularity in the code present within the static initializers of two or more classes [[Findbugs 2008]]. Also see the related guideline [DCL14-J. Avoid cyclic dependencies between packages].

Risk Assessment

Initialization cycles may lead to unexpected results.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

DCL12-J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Other Languages

This guideline appears in the C++ Secure Coding Standard as DCL14-CPP. Avoid assumptions about the initialization order between translation units.

Bibliography

[[JLS 2005]] Sections 8.3.2.1, Initializers for Class Variables; 12.4, Initialization of Classes and Interfaces
Puzzle 49: Larger Than Life
[[MITRE 2009]] CWE ID 665 "Improper Initialization"

MSC06-J. Avoid memory leaks      49. Miscellaneous (MSC)      DCL14-J. Avoid cyclic dependencies between packages

  • No labels