| According to \[[JLS Section 8.3.2.1, Initializers for Class Variables|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3.2.1]\]: | 
"...at run time, static variables that are final and that are initialized with compile-time constant values are initialized first."
While this statement typically holds true, it can be misleading since it does not account for instances that use values of static final fields initialized at a later stage. Even if a field is static final, it is not necessarily initialized at first go.
This noncompliant example contrives to calculate the account balance by subtracting the processing fee from the deposited amount, but fails miserably. The Cycle class object c is instantiated before the deposit field gets initialized. As a result, the constructor Cycle is invoked which computes the balance based on the initial value of deposit (0) rather than the random value. As a result, the balance always remains -10.  
| According to \[[JLS Section 12.4, Initialization of Classes and Interfaces|http://java.sun.com/docs/books/jls/third_edition/html/execution.html#12.4]\]: | 
"Initialization of a class consists of executing its static initializers and the initializers for static fields (class variables) declared in the class."
| This statement asserts that the presence of a static field triggers the initialization of a class, however, in this example, a recursive attempt is being made to initialize the class already. Since such recursive attempts are ignored by the JVM, the default value of {{deposit}} is {{0}} during the initialization. \[[Bloch 05|AA. Java References#Bloch 05]\] | 
| 
public class Cycle {
  private static final Cycle c = new Cycle();
  private final int balance;
  private static final int deposit =  (int) (Math.random() * 100); //random deposit
  public Cycle(){
    balance = deposit - 10; //subtract processing fee
  }
  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}
 | 
This compliant solution changes the initialization order of the class Cycle so that the fields meant to be used in computations get duly initialized. As initialization cycles can become insidious when many classes are involved, proper care must be taken to inspect the control flow.
| 
public class Cycle {
  private final int balance;
  private static final int deposit =  (int) (Math.random() * 100); //random deposit
  private static final Cycle c = new Cycle();  //inserted after initialization of required fields
  public Cycle(){
    balance = deposit - 10; //subtract processing fee
  }
  public static void main(String[] args) {
    System.out.println("The account balance is: " + c.balance);	
  }
}
 | 
Initialization cycles may lead to unexpected results.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| MSC00-J | low | unlikely | medium | P2 | L3 | 
TODO
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
| \[[JLS 05|AA. Java References#JLS 05]\] Sections [8.3.2.1, Initializers for Class Variables|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3.2.1]; [12.4, Initialization of Classes and Interfaces|http://java.sun.com/docs/books/jls/third_edition/html/execution.html#12.4] \[[Bloch 05|AA. Java References#Bloch 05]\] Puzzle 49: Larger Than Life \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 665|http://cwe.mitre.org/data/definitions/665.html] "Improper Initialization" | 
11. Miscellaneous (MSC) 11. Miscellaneous (MSC) MSC01-J. Avoid memory leaks