'. '


From APIDesign

Revision as of 09:31, 13 April 2011 by JaroslavTulach (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Ostrava is 3rd largest town in Czech Republic. I visited Ostrava's JUG meeting on Mar 2nd, 2011.

I talked about paradoxes, in a shorter version of the ParadoxesVideo. Here is the video taken during the JUG presentation. It is probably only useful for Czech speakers, as I spoke Czech. I have to mention that I admire the way the slides and the view of the speaker are merged together. Good job Ostrava JUG! I am glad I could stop by.

Those who stopped by (and there was about 90 listeners) got a chance to win one copy of TheAPIBook by finding an answer to a simple quiz: Can you write a code that throws NullPointerException directly from the following Interval class?

Code from Interval.java:
See the whole file.

/** Quiz: Anyone can come up with a JUnit test to generate
 * {@link NullPointerException} directly from the code of 
 * the <code>Interval</code> class?
 * @author Jaroslav Tulach <jaroslav.tulach@apidesign.org>
public final class Interval {
    private final Date from, to;
    /** Constructs interval between two dates.
     * @param from the 'sooner' date
     * @param to the 'later' date
     * @throws IllegalArgumentException 
     *      if <code>from</code> is not less then <code>to</code>
    public Interval(Date from, Date to) {
        if (from == null) {
            throw new IllegalArgumentException("'from' cannot be null!");
        if (to == null) {
            throw new IllegalArgumentException("'to' cannot be null!");
        // shield us from Date's mutability
        this.from = (Date) from.clone();
        this.to = (Date)to.clone();
        if (from.compareTo(to) >= 0) {
            throw new IllegalArgumentException(
                "'from' must be lower than 'to'!"
    /** The length of the interval in milliseconds 
     * @return amount of milliseconds between 'from' and 'to' dates.
    public long getLength() {
        return to.getTime() - from.getTime();

When writing the code I tried to follow all the good advices of TheAPIBook. I made the class final, I check for wrong arguments. My internal state is immutable. I guard myself against mutability of Date. Is it enough to write bullet proof code?

Indeed it is not. As about five people during my Paradoxes talk in Ostrava found out (and as few of you commented online), one can subclass Date and override clone method to return null:

Code from ExploitTest.java:
See the whole file.

private static class HackedDate extends Date {
    public HackedDate() {
    public HackedDate(long date) {
    public Object clone() {
        return null;

This is an interesting way to break many solid APIs. The trick has been invented by the HP guys when they played their HPAPIFest09. I am glad Ostrava discovered the magic as well. I am glad I could visit Ostrava's JUG and talk about my two favorite topics: API design and NetBeans platform.

Personal tools