SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 19

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Wiki Markup
Assertions should not be used to validate parameters of {{public}} methods. According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], section 14.10 ""The {{assert}} Statement"":

Along similar lines, assertions should not be used for argument-checking in public methods. Argument-checking is typically part of the contract of a method, and this contract must be upheld whether assertions are enabled or disabled.

Another problem with using assertions for argument checking is that erroneous arguments should result in an appropriate runtime exception (such as IllegalArgumentException, IndexOutOfBoundsException or NullPointerException). An assertion failure will not throw an appropriate exception. Again, it is not illegal to use assertions for argument checking on public methods, but it is generally inappropriate.

...

Code Block
bgColor#FFcccc
public static int AbsAdd(int x, int y) {
  assert x != Integer.MIN_VALUE;
  assert y != Integer.MIN_VALUE;
  assert ((x <&lt;= Integer.MAX_VALUE - y));
  assert ((x >&gt;= Integer.MIN_VALUE - y));
  return Math.abs(x) + Math.abs(y);
}

...

Code Block
bgColor#ccccff
public static int AbsAdd(int x, int y) {
  if((x == Integer.MIN_VALUE || y == Integer.MIN_VALUE) ||
    (x>0x&gt;0 &amp;& y>0amp; y&gt;0 &amp;&amp; (x >&gt; Integer.MAX_VALUE - y)) || 
    (x<0x&lt;0 &amp;& y<0amp; y&lt;0 &amp;&amp; (x <&lt; Integer.MIN_VALUE - y)))
      throw new IllegalArgumentException();
  return Math.abs(x) + Math.abs(y);
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] 14.10 The assert Statement
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 38: Check parameters for validity
\[[ESA 05|AA. Java References#ESA 05]\] Rule 68: Explicitly check method parameters for validity, and throw an adequate exception in case they are not valid. Do not use the assert statement for this purpose
\[[Daconta 03|AA. Java References#Daconta 03]\] Item 7: My Assertions Are Not Gratuitous

...

MET04-J. Always provide feedback about the resulting value of a method      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;12. Methods (MET)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MET30-J. Follow the general contract while overriding the equals method