Java Reference
In-Depth Information
abstract class Client implements User {
public abstract void freeService();
// Delegate implementation of new method to subclasses
// Other concrete implementations
}
Applicability
Failing to publish stable, flaw-free interfaces can break the contracts of the implementing
classes, pollute the client API, and possibly introduce security weaknesses in the imple-
menting classes.
Bibliography
[Bloch 2008]
Item 18, “Prefer Interfaces to Abstract Classes”
[Long 2012]
THI01-J. Do not invoke
ThreadGroup
methods
36. Write garbage collection-friendly code
Java'sgarbage-collection featureprovidessignificantbenefitsovernon-garbage-collected
languages. The garbage collector (GC) is designed to automatically reclaim unreachable
memory, and to avoid memory leaks. Although the GC is quite adept at performing this
task,amalicious attacker cannevertheless launchadenial-of-service (DoS)attack against
the GC, such as by inducing abnormal heap memory allocation or abnormally prolonged
object retention. For example, some versions of the GC could need to halt all executing
threads to keep up with incoming allocation requests that trigger increased heap manage-
ment activity. System throughput rapidly diminishes in this scenario.
Real-time systems, in particular, are vulnerable to a more subtle slow-heap-exhaustion
DoS attack, perpetrated by stealing CPU cycles. An attacker can perform memory al-
locations in a way that increases the consumption of resources (such as CPU, battery
power, and memory) without triggering an
OutOfMemoryError
. Writing garbage collec-
tion-friendly code restricts many attack avenues.
