Java defines the equality operators == and != and relational operators such as <=,>=,>,<. When it comes to String object reference comparisons, these manifest as traps that an amateur programmer may unintentionally fall victim to.
Noncompliant Code Example
for testing reference equality but uses the equals() method defined in Object and its subclasses for testing abstract object equality. Naïve programmers often confuse the intent of the == operation with that of the Object.equals() method. This confusion is frequently evident in the context of processing String objects.
As a general rule, use the Object.equals() method to check whether two objects have equivalent contents and use the equality operators == and != to test whether two references specifically refer to the same object. This latter test is referred to as referential equality. For classes that require overriding the default equals() implementation, care must be taken to also override the hashCode() method (see MET09-J. Classes that define an equals() method must also define a hashCode() method).
Numeric boxed types (for example, Byte, Character, Short, Integer, Long, Float, and Double) should also be compared using Object.equals() rather than the == operator. While reference equality may appear to work for Integer values between the range −128 and 127, it may fail if either of the operands in the comparison are outside that range. Numeric relational operators other than equality (such as <, <=, >, and >=) can be safely used to compare boxed primitive types (see EXP03-J. Do not use the equality operators when comparing values of boxed primitives for more information).
Noncompliant Code Example
This noncompliant code example declares two distinct String objects that contain the same value:For == to return true for two String references, they must point to the same underlying object. This noncompliant example declares two different String objects with the same values, however, they compare unequal because they constitute different object references.
| Code Block | ||
|---|---|---|
| ||
public class BadComparisonStringComparison { public static void main(String[] args) { String onestr1 = new String("one""one"); String twostr2 = new String("one"); if(one == two) "one"); System.out.println("Equal"str1 == str2); //not printed Prints "false" } } |
The reference equality operator == evaluates to true only when the values it compares refer to the same underlying object. The references in this example are unequal because they refer to distinct objects.
Compliant Solution
...
(Object.equals())
This compliant solution uses the ObjectTo be compliant, use the object1.equals(object2) method when comparing string values.:
| Code Block | ||
|---|---|---|
| ||
public class GoodComparisonStringComparison { public static void main(String[] args) { String onestr1 = new String("one""one"); String twostr2 = new String("one""one"); boolean result; if (one == null){ result = two == null; } else{ result = one == two || one.equals(two); } System.out.println(result);System.out.println(str1.equals( str2)); // Prints "true" } } |
NOte that the mentioned operators work when dealing with string literals that have constant values (such as in String one = "one" and String two = "two". or when the intern method has been used on both strings to compare pointer references. (See Compliant Solution 2)
Compliant Solution
Compliant Solution (String.intern())
Reference equality behaves like abstract object equality when it is used to compare two strings that are results of the String.intern() method. This compliant solution uses String.intern() and can perform fast string comparisons when only one copy of the string one is required in memory.If it is desired to keep only one copy of the string in memory, perform quick repeated comparisons and ensure that string1.equals(string2) is true, the following Compliant Solution may be used.
| Code Block | ||
|---|---|---|
| ||
public class GoodComparisonStringComparison { public static void main(String[] args) { String onestr1 = new String("one""one"); String twostr2 = new String("one""one"); boolean result; ifstr1 (one != null){ one = onestr1.intern(); } if (two != null){ two = twostr2 = str2.intern(); } resultSystem.out.println(str1 = one == twostr2); // System.out.println(result);Prints "true" } } |
However, note that the performance gains achieved by doing so may be meeker than the benefits of having more robust code that also takes non-constant and non-interned values. Moreover, the use of constant and interned values encourages ambiguity that hinders selection of proper methods for comparing String objects.
Exceptions
| Wiki Markup |
|---|
*EXP03:* In general, for any two objects, it is permissible to compare their elements provided that the class is a singleton. The use of static factory methods over constructors facilitates instance control which in turn limits the effective number of instances of an immutable class to one. As a result, for two objects {{a}} and {{b}}, {{a.equals(b)}} is {{true}} when {{a == b}} \[[Bloch 08|AA. Java References#Bloch 08]\]. The {{String}} class does not meet these requirements and consequently, does not possess these characteristics. |
Risk Assessment
Using the equality or relational operators to compare objects can lead to unexpected results.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP03- J | low | probable | medium | P4 | L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] [Section 3.10.5, String Literals|http://java.sun.com/docs/books/jls/third_edition/html/lexical.html#3.10.5]
\[[FindBugs 08|AA. Java References#FindBugs 08]\] ES: Comparison of String objects using == or \!=
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 595|http://cwe.mitre.org/data/definitions/595.html] "Incorrect Syntactic Object Comparison", [CWE ID 597|http://cwe.mitre.org/data/definitions/597.html] "Use of Wrong Operator in String Comparison" |
Use of String.intern() should be reserved for cases in which the tokenization of strings either yields an important performance enhancement or dramatically simplifies code. Examples include programs engaged in natural language processing and compiler-like tools that tokenize program input. For most other programs, performance and readability are often improved by the use of code that applies the Object.equals() approach and that lacks any dependence on reference equality.
The Java Language Specification (JLS) [JLS 2013] provides very limited guarantees about the implementation of String.intern(). For example,
- The cost of
String.intern()grows as the number of intern strings grows. Performance should be no worse than O(n log n), but the JLS lacks a specific performance guarantee. - In early Java Virtual Machine (JVM) implementations, interned strings became immortal: they were exempt from garbage collection. This can be problematic when large numbers of strings are interned. More recent implementations can garbage-collect the storage occupied by interned strings that are no longer referenced. However, the JLS lacks any specification of this behavior.
- In JVM implementations prior to Java 1.7, interned strings are allocated in the
permgenstorage region, which is typically much smaller than the rest of the heap. Consequently, interning large numbers of strings can lead to an out-of-memory condition. In many Java 1.7 implementations, interned strings are allocated on the heap, relieving this restriction. Once again, the details of allocation are unspecified by the JLS; consequently, implementations may vary.
String interning may also be used in programs that accept repetitively occurring strings. Its use boosts the performance of comparisons and minimizes memory consumption.
When canonicalization of objects is required, it may be wiser to use a custom canonicalizer built on top of ConcurrentHashMap; see Joshua Bloch's Effective Java, second edition, Item 69 [Bloch 2008], for details.
Applicability
Confusing reference equality and object equality can lead to unexpected results.
Using reference equality in place of object equality is permitted only when the defining classes guarantee the existence of at most one object instance for each possible object value. The use of static factory methods, rather than public constructors, facilitates instance control; this is a key enabling technique. Another technique is to use an enum type.
Use reference equality to determine whether two references point to the same object.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Interning Checker | Check for errors in equality testing and interning (see Chapter 5) | ||||||
| Parasoft Jtest |
| CERT.EXP50.UEIC | Do not use '==' or '!=' to compare objects | ||||||
| SonarQube |
| S1698 |
Bibliography
| [Bloch 2008] | Item 69, "Prefer Concurrency Utilities to wait and notify" |
ES, "Comparison of String Objects Using | |
[JLS 2013] | §3.10.5, "String Literals" |
...
EXP02-J. Do not ignore values returned by methods 04. Expressions (EXP) EXP04-J. Be wary of invisible implicit casts when using compound assignment operators