The values of boxed primitives cannot be compared using the == and != operators by default. This is because these are interpreted as reference comparison operators.
This noncompliant example (adopted from \[[Bloch 09|AA. Java References#Bloch 09]\]), defines a {{Comparator}} with a {{compare()}} method. The {{compare()}} method accepts two boxed primitives as arguments. Note that primitive integers are also accepted by this declaration as they are appropriately autoboxed. The main issue is that the {{==}} operator is being used to compare the two boxed primitives. This however, compares their references and not the actual values. |
static Comparator<Integer> cmp = new Comparator<Integer>() {
public int compare(Integer i, Integer j) {
return i < j ? -1 : (i == j ? 0 : 1);
}
};
|
To be compliant, use any of the four comparison operators <, >, <= and >=. The == and != operators should not be used to compare boxed primitives.
public int compare(Integer i, Integer j) {
return i < j ? -1 : (i > j ? 1 : 0) ;
}
|
Using the equal and not equal operators to compare boxed primitives can lead to erroneous comparisons.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP32-J |
low |
likely |
medium |
P4 |
L3 |
TODO
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[Bloch 09|AA. Java References#Bloch 09]\] 4. "Searching for the One" |
EXP31-J. Avoid side effects in assertions 02. Expressions (EXP) 02. Expressions (EXP)