The assert() statement is a convenient mechanism for incorporating diagnostic tests in code. Expressions used with the standard assert statement must avoid side - effects. Typically, the behavior of the assert statement depends on the status of a runtime property. When enabled, the assert statement is designed to evaluate its expression argument and throw an AssertionError if the result of the expression is false. When disabled, assert is defined to be a no-operation. Consequently, any side - effects resulting from evaluation of the expression in the assertion are lost when assertions are disabled.
...
Avoid the possibility of side - effects in assertions. This can be achieved by decoupling the boolean expression from the assertion.
| Code Block | ||
|---|---|---|
| ||
void process(int index) {
boolean nullsRemoved = names.remove(null);
assert nullsRemoved; // no side-effect
// ...
}
|
Risk Assessment
Side - effects in assertions results in program behavior that depends on whether assertions are enabled or disabled.
...
Automated detection of assertion operands that contain locally-visible side - effects is straightforward. Some analyses could require programmer assistance to determine which method invocations could contain side - effects.
Related
...
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
C Coding Standard: "EXP31-C. Avoid side effects in assertions"
C++ Coding Standard: "EXP31-CPP. Avoid side effects in assertions"
Bibliography
[Tutorials 2008] Programming With Assertions
...