SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2022.2

A switch block comprises several case labels and an optional but highly recommended default label. By convention, statements Statements that follow each case label must end with a break statement, which is responsible for transferring the control to the end of the switch block. When omitted, the statements in the subsequent case label are executed. Because the break statement is optional, its omission omitting it produces no compiler warnings. If When this behavior is unintentional, it can cause unexpected control flow.

Noncompliant Code Example

In this noncompliant code example, the case wherein where the card is 11, does not have lacks a break statement. As a result, execution continues with the statements for card = 12 are also executed.

Code Block
bgColor#FFCCCC

int card = 11;

switch (card) {
  /* ... */
  case 11: 
    System.out.println("Jack");
  case 12: 
    System.out.println("Queen"); 
    break;
  case 13: 
    System.out.println("King"); 
    break;
  default: 
    System.out.println("Invalid Card"); 
    break;
}

Compliant Solution

This compliant solution terminates each case (including the default case) with a break statement.:

Code Block
bgColor#CCCCFF

int card = 11;

switch (card) {
  /* ... */
  case 11: 
    System.out.println("Jack");
    break;
  case 12: 
    System.out.println("Queen"); 
    break;
  case 13: 
    System.out.println("King"); 
    break;
  default: 
    System.out.println("Invalid Card"); 
    break;
}

Exceptions

Applicability

Failure to include break statements can cause unexpected control flow.

The break statement at the end of the final case in a switch statement may be omitted. By convention, this is the default labelEX1: The last label in a switch statement does not require a break statement. The break statement serves to skip to to transfer control to the end of the switch block. Fall-through behavior also causes control to arrive at the end of the switch block. Consequently, so control transfers to the statements following the switch block irrespective of its presence. Conventionally, the last label is the default label.without regard to the presence or absence of the break statement. Nevertheless, the final case in a switch statement should end with a break statement in accordance with good programming style [Vermeulen 2000].

Exceptionally, when multiple cases require execution of identical code, break statements may be omitted from all cases except the last one. Similarly, when processing for one case is a proper prefix of processing for one or more other cases, the break statement may be omitted from the prefix case. This should be clearly indicated with a comment. For example:EX2: When it is required to execute the same code for multiple cases, it is permissible to omit the break statement. However, these instances must be explicitly documented.

Code Block
bgColor#CCCCFF

int card = 11;
int value;

// Cases 11,12,13 fall through to the same case 
switch (card) {
  // MSC13-J:EX2: theseProcessing for this case requires a prefix
  // of the actions for the following three
  case 10:
    do_something(card);
    // Intentional fall-through
    // These three cases are treated identically 
  case 11:        // Break not required
  case 12:        // Break not required
  case 13: 
    value = 10; 
    break;        // Break required
  default: 
    // Handle Errorerror Conditioncondition 
}

EX3: A case needs no break statement if its last statement is Also, when a case ends with a return or throw.

Risk Assessment

Failure to include break statements may cause unexpected control flow.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC14- J

medium

unlikely

low

P6

L2

Other Languages

This rule appears in the C Secure Coding Standard as MSC17-C. Finish every set of statements associated with a case label with a break statement.

This rule appears in the C++ Secure Coding Standard as MSC18-CPP. Finish every set of statements associated with a case label with a break statement.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 2005|AA. Java References#JLS 05]\] [Section 14.11 The switch Statement|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.11]

statement, the break statement may be omitted.

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.MSC52.SBCDo not use a "switch" statement with a bad "case"
SonarQube
Include Page
SonarQube_V
SonarQube_V
S128


Bibliography

[JLS 2013]

§14.11, "The switch Statement"


...

Image Added Image Added Image AddedMSC13-J. Do not modify the underlying collection when an iteration is in progress      49. Miscellaneous (MSC)      MSC15-J. Use numerical comparison operators to terminate a loop whose counter changes by more than one