SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The assert() statement is a convenient mechanism for incorporating diagnostic tests in code. Expressions used with the standard assert statement should not contain side effects. Typically, the The behavior of the assert statement depends on the status of a runtime property. If When enabled, the assert statement is designed to evaluate evaluates its expression argument and throw throws an AssertionError if the result of the expression is convertible to false. If When disabled, assert is defined to be a no-operation. Consequently, op; any side effects resulting from evaluation of the expression in the assertion are lost in production quality code. Consequently, expressions used with the standard assert statement must not produce side effects.

Noncompliant Code Example

This noncompliant code example demonstrates an action being carried out in an assertion. The idea is attempts to delete all the null names from the list in an assertion. However, however, the boolean Boolean expression is unexpectedly not evaluated when assertions are disabled.

Code Block
bgColor#ffcccc
private ArrayList<String> names;

void process(int index) {
  assert names.remove(null); // sideSide effect 
  // ...
}

Compliant Solution

Avoid the The possibility of side effects in assertions . This can be achieved avoided by decoupling the boolean Boolean expression from the assertion.:

Code Block
bgColor#ccccff
private ArrayList<String> names;

void process(int index) {
  boolean nullsRemoved = names.remove(null);
  assert nullsRemoved; // noNo side effect 
  // ... 
}

Risk Assessment

Side effects in assertions can lead to unexpected and erroneous behaviorresult in program behavior that depends on whether assertions are enabled or disabled.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP31

EXP06-J

low

Low

unlikely

Unlikely

low

Low

P3

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

...

Automated Detection

Automated detection of assertion operands that contain locally visible side effects is straightforward. Some analyses could require programmer assistance to determine which method invocations lack side effects.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.STRUCT.SE.ASSERT

Assertion Contains Side Effects (Java)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6055
SonarQube

Include Page
SonarQube_V
SonarQube_V

S3346Expressions used in "assert" should not produce side effects


Related Guidelines

SEI CERT C Coding Standard

PRE31

...

-C. Avoid side effects in

...

arguments to unsafe macros

Android Implementation Details

The assert statement is supported on the Dalvik VM but is ignored under the default configuration. Assertions may be enabled by setting the system property debug.assert via: adb shell setprop debug.assert 1 or by sending the command-line argument --enable-assert to the Dalvik VM.

Bibliography

[Java Tutorials]

Programming With Assertions

[Seacord 2015]
Image result for video iconImage Added IDS17-J. Prevent XML External Entity Attacks LiveLesson


...

Image Added Image Added Image Added

...

This rule appears in the C++ Coding Standard as EXP31-CPP. Avoid side effects in assertions.

References

[Tutorials 08] Programming With Assertions

EXP30-J. Do not depend on operator precedence while using expressions containing side-effects&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;04. Expressions (EXP)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EXP32-J. Do not use the equal and not equal operators to compare boxed primitives