Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
void clean_up()
{
char tmp[256];
...
free(tmp);
return;
}
System.Object.Equals()
:
public boolean Equals(string obj) {
...
}
System.Object.Equals()
takes an argument of type object
, the method is never called.Object.equals()
:
public boolean equals(Object obj1, Object obj2) {
...
}
Object.equals()
only takes a single argument, the method in Example 1
is never called.ISerializable
interface but do not declare the [Serializable]
attribute will not be serialized.[Serializable]
attribute. If the class can be serialized using the default serialization methods defined by the .NET framework, this is both necessary and sufficient for the object to be correctly serialized. If the class requires custom serialization methods, it must also implement the ISerializable
interface. However, the class must still declare the [Serializable]
attribute.CustomStorage
class implements the ISerializable
interface. However, because it fails to declare the [Serializable]
attribute, it will not be serialized.
public class CustomStorage: ISerializable {
...
}
java.io.Serializable
may cause problems and leak information from the outer class.
...
class User implements Serializable {
private int accessLevel;
class Registrator implements Serializable {
...
}
}
Example 1
, when the inner class Registrator
is serialized, it will also serialize the field accessLevel
from the outer class User
.synchronized
, guaranteeing correct behavior when multiple threads access the same instance. All overriding methods should also be declared synchronized
, otherwise unexpected behavior may occur.Foo
overrides the class Bar
but does not declare the method synchronizedMethod
to be synchronized
:
public class Bar {
public synchronized void synchronizedMethod() {
for (int i=0; i<10; i++) System.out.print(i);
System.out.println();
}
}
public class Foo extends Bar {
public void synchronizedMethod() {
for (int i=0; i<10; i++) System.out.print(i);
System.out.println();
}
}
Foo
could be cast to type Bar
. If the same instance is given to two separate threads and synchronizedMethod
is executed repeatedly, the behavior will be unpredictable.obj.Equals(null)
should always be false.Equals()
method to compare an object with null
. The contract of the Equals()
method requires this comparison to always return false.obj.equals(null)
will always be false.equals()
method to compare an object with null
. This comparison will always return false, since the object is not null
. (If the object is null
, the program will throw a NullPointerException
).pthread_create()
from the main()
function of the parent process will be terminated prematurely if the parent process finishes execution before any the threads it has spawned without calling pthread_exit()
. Calling pthread_exit()
guarantees that the parent process will be kept alive until all of its threads have finished execution. Alternatively, the parent process can call pthread_join
on all of the child threads and ensure they will complete before the process concludes.pthread_create()
to create a thread and then exits normally. If the child thread has not completed its execution by the time the main()
function returns, then it will be terminated prematurely.
void *Simple(void *threadid)
{
...
pthread_exit(NULL);
}
int main(int argc, char *argv[]) {
int rc;
pthread_t pt;
rc = pthread_create(&pt, NULL, Simple, (void *)t);
if (rc){
exit(-1);
}
}