The assert statement is a convenient mechanism for incorporating diagnostic tests in code. The behavior of the assert statement depends on the status of a runtime property. When enabled, the assert statement evaluates its expression argument and throws an AssertionError if false. When disabled, assert is a no-op; any side effects resulting from evaluation of the expression in the assertion are lost. Consequently, expressions used with the standard assert statement must not produce side effects.
Noncompliant Code Example
This noncompliant code attempts to delete all the null names from the list in an assertion. However, the boolean expression is not evaluated when assertions are disabled.
private ArrayList<String> names;
void process(int index) {
assert names.remove(null); // Side effect
// ...
}
Compliant Solution
The possibility of side effects in assertions can be avoided by decoupling the boolean expression from the assertion:
private ArrayList<String> names;
void process(int index) {
boolean nullsRemoved = names.remove(null);
assert nullsRemoved; // No side effect
// ...
}
Risk Assessment
Side effects in assertions result in program behavior that depends on whether assertions are enabled or disabled.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP06-J | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Automated detection of assertion operands that contain locally visible side effects is straightforward. Some analyses could require programmer assistance to determine which method invocations lack side effects.
Related Guidelines
Android Implementation Details
The assert statement is supported on the Dalvik VM but is ignored under the default configuration. Assertions may be enabled by setting the system property debug.assert via: adb shell setprop debug.assert 1 or by sending the command line argument --enable-assert to the Dalvik VM.
Bibliography
| [Seacord 2015] | |
