Final field semantics

Semantics of final fields in java
Vladimir Sitnikov, Valentin Kovalenko
sitnikov@netcracker.com, @VladimirSitnikv
NetCracker
September 2014

Introduction
Examples
2 / 104 (c) Copyright 2014, NetCracker Technology Corp. All rights reserved

Why final is required in
JMM?

String safety
String s = ...
if ( checkAccess (s)) {
return readFile (s);
}
Is this a valid security check?

String unsafety in 1.4
String s = ...
}
The answer depends on the java version, and in java 1.4 the code is
insecure

String s = GLOBAL ;
}
HackThread
GLOBAL =
"/tmp/ etc / passwd "
. substring (4);
For instance: HackThread executes .substring(4) and transfers it
via data race to the checker thread

String s = GLOBAL ;
}
HackThread
GLOBAL =
. substring (4);
In java 1.4 result of substring references the same char array, and
the value depends on String#offset and String#size

String s = GLOBAL ;
}
HackThread
GLOBAL =
. substring (4);
race
race
Since no synchronization is in place, reader might observe
not-fully-initialized String

String s = GLOBAL ;
}
HackThread
GLOBAL =
. substring (4);
race
race
checkAccess might observe "/tmp/etc/passwd", and even then
readFile might observe "/etc/passwd"

String s = GLOBAL ;
}
HackThread
GLOBAL =
. substring (4);
race
race
checkAccess might observe "/tmp/etc/passwd", and even then
readFile might observe "/etc/passwd"
Even synchronization on s and volatile will not help!

String safety in java 1.5+
String s = GLOBAL ;
}
HackThread
GLOBAL =
. substring (4);
hb
hb
In java 1.5+ final protects from such non-initialized objects from
HackThread

Çà÷åì íàì JMM?

Quiz
int x = 1;
public int neverTryThisAtHome () {
int i = this .x; // it is 1, isn ’t it?
this . setX (2); // just updates x to 2
return this .x - i; // 2 - 1 == ...?
}
What is the result? 1? 0? -1?

Quiz
int x = 1;
return this .x - i; // 2 - 1 == ...?
}
OK, the result is 1

Quiz
final int x = 1;
return this .x - i; // 2 - 1 == ...?
}
Let’s add some final

Quiz
final int x = 1;
return this .x - i; // 2 - 1 == ...?
}
The specification allows all the cases: 1, 0, and even -1! (see also
example 17.5.3-1)

A bit of theory

Program order
I Program order is a total order among inter-thread actions of
each thread in source code order

Program order
I Compiler is forbidden to reorder/alter/ignore operations if
observable behavior violates program order

Program order
I It does not mean the program is executed in program order

Program order
I It does not mean the program is executed in program order
I For instance: program order is not defined for operations on
local variables

Partial order
I In section 17 JLS "partial order" is mentioned 8 times

Partial order
I In section 17 JLS "partial order" is mentioned 8 times
I Partial order is hb
! a binary relation that is:

Partial order
I In section 17 JLS partial order is mentioned 8 times
I Reflexive: for each element x, x
hb
! x

Partial order
hb
! x
I Antisymmetric: if x
hb
! y and y
hb
! x, then x and y are the same
element

Partial order
hb
! x
I Antisymmetric: if x
hb
! y and y
hb
! x, then x and y are the same
element
I Transitive: if x
hb
! y and y
hb
! z, then x
hb
! z

Happens-before
I General idea of JMM: let’s consider all the executions and forbid
bad ones

Happens-before
bad ones
I Happens-before is a partial order that selects allowable reads

Happens-before
bad ones
I A read either sees the latest write (in hb order)

Happens-before
bad ones
I Or any write via data race when multiple writes are
hb -unordered with the read

Happens-before
bad ones
I Or any write via data race when multiple writes are
hb -unordered with the read
I It must still obey other rules, especially: 17.4.8 executions and
causality requirements

Semantics of final fields
w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2
I w and r2 – the read and the write in question

w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2
I w and r2 – the read and the write in question
I f – freeze of a final field, that is read in r1

w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2
I If the only path from write to read follows all this arrows, then
we must not see earlier writes

w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2
I If multiple paths exist, you need to go deeper

w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2
I If multiple paths exist, you need to go deeper
I We use hb notation to distinguish it from hb and since this
happens-before ordering does not transitively close with other
happens-before orderings 36 / 104 (c) Copyright 2014, NetCracker Technology Corp. All rights reserved

Freeze action w hb
! f hb
! a mc
! r1 dr
! r2

Freeze action w hb
! f hb
! a mc
! r1 dr
! r2
Freeze action

Freeze action w hb
! f hb
! a mc
! r1 dr
! r2
Freeze action
Field
Freezes of a final field occur both at the end of the constructor, and
immediately after each modification

Dereference chain: what is that? w hb
! f hb
! a mc
! r1 dr
! r2
T local = GLOBAL ; r1
int localX = local .x; r2
I r2 reads a field of an object

! f hb
! a mc
! r1 dr
! r2
I Current thread did not create the object

! f hb
! a mc
! r1 dr
! r2
I Hence, we must read an address of the object somewhere

! f hb
! a mc
! r1 dr
! r2
dr
I Hence, we must read an address of the object somewhere
I This is called r1 dr
! r2

Dereference chain in two threads w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T localA = new T();
GLOBAL = localA ;
Thread 2
T localB = GLOBAL ; r1
if ( localB != null ) {
int localX = localB .x; r2
}
dr
r1 dr
! r2 (thread 2 reads a field of object created in a foreign thread)

! f hb
! a mc
! r1 dr
! r2
Thread 1
T localA = new T(); a
GLOBAL = localA ;
Thread 2
}
dr
dr?
Is there a dr
! r2?

! f hb
! a mc
! r1 dr
! r2
Thread 1
T localA = new T(); a
GLOBAL = localA ;
Thread 2
}
dr
dr?
dr does not appear between actions of different threads!

Dereference chain: double-check w hb
! f hb
! a mc
! r1 dr
! r2
T local = GLOBAL ; ra
local = GLOBAL ; rb
Is there a dr ?

Dereference chain: double-check w hb
! f hb
! a mc
! r1 dr
! r2
T local = GLOBAL ; ra
local = GLOBAL ; rb
dr?
dr?
One of ra dr
! r2 or rb dr
! r2 must exist, however no one can tell
which one

Memory chain: what is that? w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o;
Thread 3
T o = GL2;
int r = o.x;
mc
If a read sees write, then w1 mc
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o; w2
Thread 3
T o = GL2;
int r = o.x;
mc
mc
If a thread writes the address of an object that was initialized in
another thread, then r1 mc
! w2

! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o; w2
Thread 3
T o = GL2; r3
int r = o.x;
mc
mc
mc
r3 sees w2 ) w2 mc
! r3

! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o; w2
Thread 3
T o = GL2; r3
int r = o.x; r4
mc
mc
mc dr
r3 dr
! r4 (read of a object’s field)

! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o; w2
Thread 3
T o = GL2; r3
int r = o.x; r4
mc
mc
mc dr
mc
r3 dr
! r4 (read of a object’s field) ) r3 mc
! r4

! f hb
! a mc
! r1 dr
! r2
Thread 1
T o = new T ();
GL = o; w1
Thread 2
T o = GL; r1
GL2 = o; w2
Thread 3
T o = GL2; r3
int r = o.x; r4
mc
mc
mc dr
mc
mc
mc is transitive (it is a partial order) ) w1 mc
! r4

Introduction
Examples

Disclaimer
I All the examples contain data races (why bother otherwise?)

Disclaimer
I We do not consider cases when null is observed (those cases are
not interesting)

Disclaimer
I We do not consider cases when null is observed (those cases are
not interesting)
I Lots of brains were hurt when preparing the slides

Trivial final (1) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}};
GLOBAL = l;
Thread 2
T o = GLOBAL ;
if (o != null ) {
int result = o.fx; r2
}
Can result become 0?

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ;
if (o != null ) {
int result = o.fx;
}
hb
hb
Actions in a thread form happens-before:
w hb
! f , f hb
! a

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ; r0
if (o != null ) {
int result = o.fx;
}
hb
hb
mc
r0 sees write a :
a mc
! r0

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ; r0
if (o != null ) {
}
hb
hb
mc
dr
Thread 2 did not create the object, r1 reads its field, and r is the
only read of the address, thus we have dereference chain:
r0 dr
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ; r0
if (o != null ) {
}
hb
hb
mc
dr
mc
r0 dr
! r1 ) r0 mc
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ; r0
if (o != null ) {
}
hb
hb
mc
mc
mc
a mc
! r1 ( mc is transitive)

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ;
if (o != null ) {
int result = o.fx; r1 r2
}
hb
hb
mc
dr
Let’s pick r2 = r 1, then r1 dr
! r2 ( dr is reflexive)

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb*
Here all the requirements for HB:
w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
}}; f
GLOBAL = l; a
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb*
(w hb
! r2) ) result 2 f42g

Array in a final field (2) w hb
! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
int [] u = new int [1];
u [0] = 42; w
fx = u;
}};
GLOBAL = l;
T o = GLOBAL ;
if (o != null ) {
int [] lfx = o.fx;
int result = lfx [0]; r2
}

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
u [0] = 42; w
fx = u;
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
int [] lfx = o.fx;
}
hb
hb
w hb
! f , f hb
! a

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
u [0] = 42; w
fx = u;
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
int [] lfx = o.fx; r1
}
hb
hb
mc
r1 sees write a (it reads a regular final field):
a mc
! r1

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
u [0] = 42; w
fx = u;
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
Thread 2 did not create array, r2 reads an element of the array, r1 is
the only read of the address of the array, thus dereference chain:
r1 dr
! r2

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
u [0] = 42; w
fx = u;
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb*
Here are all the requirements for HB:
w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
u [0] = 42; w
fx = u;
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb*
(w hb

Array reversed (2.1) w hb
! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
fx = u; // (!)
u [0] = 42; w
}};
GLOBAL = l;
T o = GLOBAL ;
if (o != null ) {
int [] lfx = o.fx;
int result = lfx [0];
}

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
fx = u; // (!)
u [0] = 42; w
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb
We compose hb exactly as in the previous example

! f hb
! a mc
! r1 dr
! r2
T l = new T() {{
fx = u; // (!)
u [0] = 42; w
}}; f
GLOBAL = l; a
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
mc
dr
hb
(w hb
The result does not depend on the order of assignment to final fields!

this leaks (3) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLOBAL = this ;
}};
Thread 2
T o = GLOBAL ;
if (o != null ) {
}

this leaks (3) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLOBAL = this ; a
}}; f
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb
Actions in thread form happens-before:
w hb
! f , a hb
! f

this leaks (3) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLOBAL = this ; a
}}; f
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb?
hb
For hb we need f hb
! a!

this leaks (3) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLOBAL = this ; a
}}; f
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb?
hb
If a hb
! f and f hb
! a, thus a = f (anti-symmetry of hb )
However a is cannot be a freeze action!

this leaks (3) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLOBAL = this ; a
}}; f
Thread 2
T o = GLOBAL ;
if (o != null ) {
}
hb
hb?
hb
There is no hb , thus all the cases are possible: result 2 f0; 42g

Unintentional this leak (4) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ;
}};
GLa = l;
Thread 2
T u = GLb;
T o = GLa;
if (o != null ) {
}

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ; b
}}; f
GLa = l; a
Thread 2
T u = GLb;
T o = GLa;
if (o != null ) {
int result = o.fx;
}
hb
hb
hb?
w hb
! f , f hb
! a

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ; b
}}; f
GLa = l; a
Thread 2
T u = GLb;
T o = GLa; ra
if (o != null ) {
int result = o.fx;
}
hb
hb
hb?
mc
Suppose thread 2 sees GLa, thus a mc
! ra!

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ; b
}}; f
GLa = l; a
Thread 2
T u = GLb; rb
T o = GLa; ra
if (o != null ) {
}
hb
hb
hb?
mc
dr?
dr?
There should be dr somewhere: rb dr
! r1 or ra dr
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ; b
}}; f
GLa = l; a
Thread 2
T u = GLb; rb
T o = GLa; ra
if (o != null ) {
}
hb
hb
hb?
mc
dr?
dr
! r 1, then we fail, since w hb
If rb dr
! r1 can not be completed

! f hb
! a mc
! r1 dr
! r2
Thread 1
T l = new T() {{
fx = 42; w
GLb = this ; b
}}; f
GLa = l; a
Thread 2
T u = GLb; rb
T o = GLa; ra
if (o != null ) {
}
hb
hb
hb?
mc
dr?
dr
Conclusion: if a thread had ever seen object with unfrozen fields,
then there is no final semantics for that object!

Reflection in action (5) w hb
! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1; w1
}};
GLOBAL = t;
U w = new U ();
w.x = 42; w2
reflectSet (t.fu , w);
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
int result = u.x; r2
}

! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}};
GLOBAL = t;
U w = new U ();
w.x = 42; w2
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
}
hb*?
We’d better have w2 hb
! r2 (otherwise we must not see the write
of 0 in w.x)

! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}};
GLOBAL = t;
U w = new U ();
w.x = 42; w2
reflectSet (t.fu , w); f2
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
}
hb*?
f2 does not work for hb : there is no suitable f 2 hb
! a

! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}}; f1
GLOBAL = t;
U w = new U ();
w.x = 42; w2
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
}
hb*?
hb?
f1 does not work for hb as well: it must be w2 hb
! f 1

! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}}; f1
GLOBAL = t;
U w = new U ();
w.x = 42; w2
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
}
hb*?
hb?
It turns out r2 is not denied to observe 0

! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}}; f1
GLOBAL = t; a
U w = new U();
w.x = 42; w2
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
}
hb*?
hb?
Conclusion: do not alter the final field after you publish its contents
result 2 f0; 1; 42g

Let’s fix reflection (5.1) w hb
! f hb
! a mc
! r1 dr
! r2
T t = new T() {{
fu = new U ();
fu.x = 1;
}};
U w = new U ();
w.x = 42;
GLOBAL = t; a
Thread 2
T t = GLOBAL ;
if (t != null ) {
U u = t.fu;
int result = u.x;
}
If we publish the object after all modifications of final fields, the
publication is safe: result 2 f1; 42g

Final wrapper (6) w hb
! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a;
Thread 2
A a = GL;
B = new B() {{
fb = o;
}};
GL2 = b;
Thread 3
B B = GL2;
A a = b.fb;
int r = a.fx; r2

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
mc
A a = b.fb; rb
int r = a.fx; r1
mc
rb sees wb ) wb mc
! rb
ra sees wa : wa mc
! ra

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
mc
A a = b.fb; rb
int r = a.fx; r1
mc
mc
Thread 2 writes an address of a foreign-created object, thus
ra mc
! wb

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
mc
A a = b.fb; rb
int r = a.fx; r1
mc
mc
dr
Therad 3 did not create object A, r reads its field, and rb is the
only read of A’s address, thus dereference chain:
rb dr
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
mc
A a = b.fb; rb
int r = a.fx; r1
mc
mc
dr
mc
rb dr
! r1 ) rb mc
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}};
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
mc
A a = b.fb; rb
int r = a.fx; r1
mc
mc
mc
mc
mc is transitive (since it is a partial order) ) wa mc
! r1

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}}; f
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
A a = b.fb; rb
int r = a.fx; r1 r2
mc
dr
Let’s pick r2 = r 1, thus r1 dr
! r2 ( dr is reflexive)

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}}; f
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
A a = b.fb; rb
int r = a.fx; r1 r2
mc
dr
hb
hb
hb*
Here are all the requirements for HB:
w hb
! f hb
! a mc
! r2 ) w hb
! r1 dr
! r2

! f hb
! a mc
! r1 dr
! r2
Thread 1
A a = new O() {{
fx = 42; w
}}; f
GL = a; wa
Thread 2
A a = GL; ra
B = new B() {{
fb = o; wb
}};
GL2 = b;
Thread 3
B B = GL2;
A a = b.fb; rb
int r = a.fx; r1 r2
mc
dr
hb
hb
hb*
(w hb

Questions?

Final field semantics

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (18)

Similaire à Final field semantics

Similaire à Final field semantics (20)

Final field semantics