SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 40

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The assert() statement is a convenient mechanism for incorporating diagnostic tests in code. Expressions used with the standard assert statement should avoid side-effects. Typically, the The behavior of the assert statement depends on the status of a runtime property. When enabled, the assert statement is designed to evaluate evaluates its expression argument and throw throws an AssertionError if the result of the expression is false. When disabled, assert is defined to be a no-operation. Consequently, op; any side - effects resulting from evaluation of the expression in the assertion are lost when assertions are disabled. Consequently, expressions used with the standard assert statement must not produce side effects.

Noncompliant Code Example

This noncompliant code example demonstrates an action being carried out in an assertion. The idea is attempts to delete all the null names from the list ; howeverin an assertion. However, the boolean Boolean expression is unexpectedly not evaluated when assertions are disabled.

Code Block
bgColor#ffcccc
private ArrayList<String> names;

void process(int index) {
  assert names.remove(null); // side-Side effect 
  // ...
}

Compliant Solution

Avoid the The possibility of side - effects in assertions . This can be achieved avoided by decoupling the boolean Boolean expression from the assertion.:

Code Block
bgColor#ccccff
private ArrayList<String> names;

void process(int index) {
  boolean nullsRemoved = names.remove(null);
  assert nullsRemoved; // noNo side- effect 
  // ... 
}

Risk Assessment

Side - effects in assertions can lead to differences result in program behavior that depend depends on whether assertions are enabled or disabled.

Guideline

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP10

EXP06-J

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

Automated detection of assertion operands that contain locally - visible side - effects is straightforward. Some analyses could require programmer assistance to determine which method invocations could contain lack side - effects.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

...

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.STRUCT.SE.ASSERT

Assertion Contains Side Effects (Java)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6055
SonarQube

Include Page
SonarQube_V
SonarQube_V

S3346Expressions used in "assert" should not produce side effects


Related Guidelines

SEI CERT C Coding Standard

PRE31-C. Avoid side effects in arguments to unsafe macros

Android Implementation Details

The assert statement is supported on the Dalvik VM but is ignored under the default configuration. Assertions may be enabled by setting the system property debug.assert via: adb shell setprop debug.assert 1 or by sending the command-line argument --enable-assert to the Dalvik VM. assertionsC++ Coding Standard: EXP31-CPP. Avoid side effects in assertions

Bibliography

[Java Tutorials

...

]

Programming With Assertions

[Seacord 2015]
Image result for video iconImage Added IDS17-J. Prevent XML External Entity Attacks LiveLesson


...

Image Added Image Added Image AddedEXP09-J. Do not allow an expression to write more than once to the same variable      04. Expressions (EXP)      EXP11-J. Be careful of autoboxing when removing elements from a Collection