...
This noncompliant code example attempts to concatenate the string elements of the array values, storing the result as the first element.:
| Code Block | ||
|---|---|---|
| ||
String values[] = new String[3]; values[0] = "value1"; values[1] = "value2"; values[2] = "value3"; int i; values[1] = null; // getsGets null value try { i = 0; while(true) { values[0] = values[0].concat(values[i + 1]); // Concatenate and store in values[0] i++; } } catch (ArrayIndexOutOfBoundsException e) { i = 0; // Attempts to initialize i to 0 } catch (NullPointerException npe) { // Ignores } |
It uses an ArrayIndexOutOfBoundsException to detect the end of the array and reinitialize the value of variable i to 0 in the catch block. However, when some element of the array is null, a NullPointerException results. This exception is caught and ignored, a violation of guideline ERR08-J. Do not catch NullPointerException or any of its ancestors. Consequently, the variable i fails to be reinitialized.
...
This compliant solution uses a standard for loop to concatenate the strings.:
| Code Block | ||
|---|---|---|
| ||
String values[] = new String[3];
values[0] = "value1";
values[1] = "value2";
values[2] = "value3";
int i;
for (i = 1; i < values.length; i++) {
values[0] = values[0].concat(values[i]);
}
i = 0; // Initialize i to 0 after operation
|
...
Use of exceptions for any purpose other than detecting and handling exceptional conditions complicates both security analysis and debugging and can cause performance degradation.
Bibliography
| [Bloch 2001] | Item 39 |
...
| , "Use |
...
| Exceptions Only for Exceptional Conditions" | |
| [JLS 2011] | Chapter 11, "Exceptions" |
...