...
In this noncompliant example, the programmer has combined two expressions in the if statement. The first checks whether the 'd' object is null and the second checks if the default security manager exists depending on which the security check will be performed. A conditional '&&' is used as using a conditional '||' would mean that whenever 'd' is null, the complete expression can still succeed depending on the value of sm (see the next noncompliant example). This would violate the invariants of d since it is desired that operations on it be prohibited if it is null.
Unfortunately, when 'd' is equal to null as shown, the current if expression evaluates to false and the security check is not carried out as desired.
...