The enhanced for statement introduced in Java 1V1.5 (a.k.a. also known as the for-each idiom) is primarily used for iterating over collections of objects. Unlike the original for statement, assignments to the loop variable fail to affect the loop's iteration order over the underlying set of objects. ThusConsequently, assignments to the loop variable can have an effect other than what is intended by the developer. This provides yet another reason to avoid assigning to the loop variable in a for loop.
| Wiki Markup |
|---|
As detailed in [§14.14.2|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.14.2] "The Enhanced For Statement" of the _Java Language Specification_ \[[JLS 2005|AA. Bibliography#JLS 05]\], Section 14.14.2, "The Enhanced For Statement" |
an enhanced
forstatement of the form
Code Block for (ObjType obj : someIterableItem) { // ... }is equivalent to a standard
forloop of the form
Code Block for (Iterator myIterator = someIterableItem.iterator(); iterator.hasNext();) { ObjType obj = myIterator.next(); // ... }
Consequently, an assignment to the loop variable is equivalent to modifying a variable local to the loop body whose initial value is the object referenced by the loop iterator. This modification is not necessarily erroneous, but it can obscure the loop functionality or indicate a misunderstanding of the underlying implementation of the enhanced for statement.
Declare all enhanced for statement loop variables to be final. The final declaration causes Java compilers to flag and reject any assignments made to the loop variable.
...
This noncompliant code example attempts to process a collection of objects using an enhanced for loop. It further intends to skip processing one item in the collection.
...
The attempt to skip to the next item is "successful" in because the sense that the assignment succeeds assignment is successful, and the value of processMe is updated. Unlike an original for loop, however, the assignment leaves the overall iteration order of the loop unchanged. ThusAs a result, the object following the skipped object is processed twice; this is unlikely to be what the programmer intended.
...
This compliant solution correctly processes the objects in the collection at most oncenot more than one time.
| Code Block | ||
|---|---|---|
| ||
Collection<ProcessObj> processThese = // ...
for (final ProcessObj processMe: processThese) {
if (someCondition) { // found the item to skip
someCondition = false;
continue; // skip by continuing to next iteration
}
processMe.doTheProcessing(); // process the object
}
|
...
Assignments to the loop variable of an enhanced for loop (for-each idiom) fail to affect the overall iteration order, lead to programmer confusion, and can leave data in a fragile or inconsistent state.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL05-J | low | unlikely | low | P3 | L3 |
Automated Detection
Easily This guideline is easily enforced with static analysis.
...
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
| Wiki Markup |
|---|
\[[JLS 2005|AA. Bibliography#JLS 05]\] Section [14§14.14.2|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.14.2] "The enhanced for statement" |
...