SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

The enhanced for statement introduced in Java 1.5, commonly referred to as the for-each idiom, is primarily used for iterating over collections of objects. While similar to the for statement, assignments to the loop variable do not modify the collection of objects over which the loop iterates. Assignments to the loop variable may not have the effect intended by the developer and should be avoided.is designed for iteration through Collections and arrays

The Java Language Specification (JLS) provides the following example of the enhanced for statement in §14 Wiki MarkupAs detailed in the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\] section 14.14.2, "The enhanced {{for}} statement", an enhanced {{for}} statement of the form:

Code Block

for (ObjType obj : someIterableItem) { 
  // ...
}

Enhanced for Statement" [JLS 2014]:

The enhanced for statement is equivalent to a

...

basic for

...

statement of the form:

Code Block

...

for (

...

I

...

#i =

...

Expression.iterator();

...

#i.hasNext(); ) {
    {VariableModifier}

...

TargetType

...

Identifier =

...


        (TargetType) #i.next();

...

 Statement
}

#i is an automatically generated identifier that is distinct from any other identifiers (automatically generated or otherwise) that are in scope...at the point where the enhanced for statement occurs.

Unlike the basic for statement, assignments to the loop variable fail to affect the loop's iteration order over the underlying set of objects. Consequently, an assignment to the loop variable is equivalent to modifying a variable local to the loop body , whose initial value is the object that referenced by the loop iterator refers to. While this This modification is not necessarily erroneous , it may but can obscure the loop functionality or indicate a misunderstanding of the underlying implementation of the enhanced for statement.

It is recommended that Declare all enhanced for statement loop variables be declared final. The final declaration causes Java compilers to flag and reject any assignments made to the loop variable, from within the loop body.

Noncompliant Code Example

This noncompliant code example attempts to initialize a Character array process a collection of integers using an enhanced for loop. However, because assignments to the loop variable do not modify the array over which the loop iterates, the array is not suitably initialized.It further intends to modify one item in the collection for processing:

Code Block
bgColor#ffcccc
lang#FFCCCCjava
List<Integer> list
Character[] array = Arrays.asList(new CharacterInteger[10]] {13, 14, 15});
boolean first = true;

System.out.println("Processing list...");
for (CharacterInteger ci: array list) {
  if (first) {
    cfirst = 'x'false;
 // initialization attempt

for(int i=0;i<array.length;i++)  = new Integer(99);
  }
  System.out.print(array[i]);println(" New item: " + i);
  // prints 10 "null" values

...

 Process i
}

System.out.println("Modified list?");
for (Integer i: list) {
  System.out.println("List item: " + i);
}

However, this code does not actually modify the list, as shown by the program's output:

Processing list...
New item: 99
New item: 14
New item: 15
Modified list?
List item: 13
List item: 14
List item: 15

Compliant Solution

Declaring i to be final mitigates this problem by causing the compiler to fail to permit i to be assigned a new value:

Code Block
bgColor#ffcccc
langjava
// ...
for (final Integer i: list) {

// ...

Compliant Solution

This compliant solution correctly initializes the array using a for loop.processes the "modified" list but leaves the actual list unchanged:

Code Block
bgColor#ccccff
langjava
// ...
 
for (final Integer i: list) {
  Integer item = i;
  if (first) {
    first = false;
    item = new Integer(99);
  }
Character[] array = new Character[10];
for(int i = 0; i < array.length; i++) 
  array[i] = 'x';

for(final Character c: array) 
  System.out.print(cprintln(" New item: " + item);
  // prints 10 "x" values
Process item
}

// ...

Risk Assessment

Attempts to assign Assignments to the loop variable from within the of an enhanced for loop (for-each idiom) are futile and may leave the class fail to affect the overall iteration order, lead to programmer confusion, and can leave data in a fragile , or inconsistent state.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL05

DCL02-J

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

TODO

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] Section [14.14.2|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.14.2] "The enhanced for statement"

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.DCL02.ITMODDo not modify collection while iterating over it

Bibliography

[JLS 2014]

§14.14.2, "The Enhanced for Statement"


...

Image Added Image Added Image AddedDCL04-J. Declare mathematical constants as static and final      03. Declarations and Initialization (DCL)      DCL06-J. Use 'L', not 'l', to indicate a long value