JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
The value of a public final static field can be modified, for example through a method call.
Use annotation @Immutable to identify classes that should be ignored by this check because they only undergo mutations that do not change observable behavior.
| Class Name | Mutable Constant Field (Java) | |||
|---|---|---|---|---|
| Significance | reliability | |||
| Mnemonic | JAVA.TYPE.MCF | |||
| Categories |
|
|||
| Availability | Available for Java and Kotlin. |
|||
| Enabling | Checks for this warning class are
disabled by default. To enable them, add the following WARNING_FILTER
rule to the project configuration file.
WARNING_FILTER += allow class="Mutable Constant Field (Java)" |
// Constants.java // class Constants defines a set of constants public class Constants { public final static int LUCK = 13; public final static Object O1 = new Object(); public final static Object O2 = new String(); public final static C FIRST = new Mutable(17); /* "Mutable Constant Field (Java)" warning issued here * - can mutate with Mutable.setG() */ public final static C SECOND = new Wrapper(13); public final static C THIRD = new Mutable(19); /* "Mutable Constant Field (Java)" warning issued here * - can mutate with Mutable.setG() */ public final static Wrapper FOURTH = new Wrapper(13); public final static C FIFTH = new Cached(19); /* "Mutable Constant Field (Java)" warning issued here * - can mutate with Cached.getTwiceF() */ }
Japanese (ja)
// C.java
public abstract class C {}
// Wrapper.java // class Wrapper is a concrete subclass of C whose values cannot be modified public class Wrapper extends C { private int f; public Wrapper(int f) { this.f = f; } public int getF() { return f; } }
// Mutable.java // class Mutable is a mutable subclass of Wrapper public class Mutable extends Wrapper { private int g; public Mutable(int f) { super(f); } public int getG() { return g; } public void setG(int g) { this.g = g; } }
// Cached.java // class Cached is a mutable subclass of Wrapper public class Cached extends Wrapper { private int cached; public Cached(int f) { super(f); } public int getTwiceF() { if (cached == 0) cached = getF() * 2; return cached; } }
In this example, the programmer should hide fields FIRST, THIRD, for example by reducing their visibility to package protected. In the case of field FIFTH, the Cached type is technically mutable, since the cached field can be modified by calling method getTwiceF(). However, this behavior can be seen as code optimization, that caches the result of a method without changing the observable behavior of the class. In this case, the programmer might want to consider class FIFTH as actually immutable, which can be expressed through a code annotation.
// Cached.java, after modification public @Immutable class Cached extends Wrapper { ... } // now no warning issued here
The following configuration file parameters affect checks for this warning class.
To report problems with this documentation, please visit https://support.codesecure.com/.