Why is String immutable in Java

Question

I was asked in an interview why String is immutable  I answered like this      When we create a string in java like String s1  hello   then an   object will be created in string pool hello  and s1 will be   pointing to hello Now if again we do String s2  hello   then   another object will not be created but s2 will point to hello   because JVM will first check if the same object is present in   string pool or not If not present then only a new one is created else not    Now if suppose java allows string mutable then if we change s1 to hello world then s2 value will also be hello world so java String is immutable   Can any body please tell me if my answer is right or wrong

User · Answer

The most important reason of a String being made immutable in Java is Security consideration. Next would be Caching.

I believe other reasons given here, such as efficiency, concurrency, design and string pool follows from the fact that String in made immutable. For eg. String Pool could be created because String was immutable and not the other way around.

Check Gosling interview transcript here

From a strategic point of view, they tend to more often be trouble free. And there are usually things you can do with immutables that you can't do with mutable things, such as cache the result. If you pass a string to a file open method, or if you pass a string to a constructor for a label in a user interface, in some APIs (like in lots of the Windows APIs) you pass in an array of characters. The receiver of that object really has to copy it, because they don't know anything about the storage lifetime of it. And they don't know what's happening to the object, whether it is being changed under their feet.

You end up getting almost forced to replicate the object because you don't know whether or not you get to own it. And one of the nice things about immutable objects is that the answer is, "Yeah, of course you do." Because the question of ownership, who has the right to change it, doesn't exist.

One of the things that forced Strings to be immutable was security. You have a file open method. You pass a String to it. And then it's doing all kind of authentication checks before it gets around to doing the OS call. If you manage to do something that effectively mutated the String, after the security check and before the OS call, then boom, you're in. But Strings are immutable, so that kind of attack doesn't work. That precise example is what really demanded that Strings be immutable

User · Answer

We can not be sure of what was Java designers actually thinking while designing String but we can only conclude these reasons based on the advantages we get out of string immutability  Some of which are 1  Existence of String Constant Pool As discussed in Why String is Stored in String Constant Pool article  every application creates too many string objects and in order to save JVM from first creating lots of string objects and then garbage collecting them  JVM stores all string objects in a separate memory area called String constant pool and reuses objects from that cached pool  Whenever we create a string literal JVM first sees if that literal is already present in constant pool or not and if it is there  new reference will start pointing to the same object in SCP  String a    quot Naresh quot   String b    quot Naresh quot   String c    quot Naresh quot    In above example string object with value Naresh will get created in SCP only once and all reference a  b  c will point to the same object but what if we try to make change in a e g  a replace  quot a quot    quot  quot    Ideally  a should have value Nresh but b  c should remain unchanged because as an end user we are making the change in a only  And we know a  b  c all are pointing the same object so if we make a change in a  others should also reflect the change  But string immutability saves us from this scenario and due to the immutability of string object string object Naresh will never change  So when we make any change in a instead of change in string object Naresh JVM creates a new object assign it to a and then make change in that object  So String pool is only possible because of String s immutability and if String would not have been immutable  then caching string objects and reusing them would not have a possibility because any variable woulds have changed the value and corrupted others  And That s why it is handled by JVM very specially and have been given a special memory area  2  Thread Safety An object is called thread-safe when multiple threads are operating on it but none of them is able to corrupt its state and object hold the same state for every thread at any point in time  As we an immutable object cannot be modified by anyone after its creation which makes every immutable object is thread safe by default  We do not need to apply any thread safety measures to it such as creating synchronized methods  So due to its immutable nature string object can be shared by multiple threads and even if it is getting manipulated by many threads it will not change its value  3  Security In every application  we need to pass several secrets e g  user s user-name passwords  connection URLs and in general  all of this information is passed as the string object  Now suppose if String would not have been immutable in nature then it would cause a serious security threat to the application because these values are allowed to get changed and if it is allowed then these might get changed due to wrongly written code or any other person who have access to our variable references  4  Class Loading As discussed in Creating objects through Reflection in Java with Example  we can use Class forName  quot class name quot   method to load a class in memory which again calls other methods to do so  And even JVM uses these methods to load classes  But if you see clearly all of these methods accepts the class name as a string object so Strings are used in java class loading and immutability provides security that correct class is getting loaded by ClassLoader  Suppose if String would not have been immutable and we are trying to load java lang Object which get changed to org theft OurObject in between and now all of our objects have a behavior which someone can use to unwanted things  5  HashCode Caching If we are going to perform any hashing related operations on any object we must override the hashCode   method and try to generate an accurate hashcode by using the state of the object  If an object s state is getting changed which means its hashcode should also change  Because String is immutable so the value one string object is holding will never get changed which means its hashcode will also not change which gives String class an opportunity to cache its hashcode during object creation  Yes  String object caches its hashcode at the time of object creation which makes it the great candidate for hashing related operations because hashcode doesn t need to be calculated again which save us some time  This is why String is mostly used as HashMap keys  Read More on Why String is Immutable and Final in Java

User · Answer

String is given as immutable by Sun micro systems because string can used to store as key in map collection  StringBuffer is mutable  That is the reason It cannot be used as key in map object

User · Answer

I read this post Why String is Immutable or Final in Java and suppose that following may be the most important reason      String is Immutable in Java because String objects are cached in   String pool  Since cached String literals are shared between multiple   clients there is always a risk  where one client s action would affect   all another client

User · Answer

If HELLO is your String then you can t change HELLO to HILLO  This property is called immutability property    You can have multiple pointer String variable to point HELLO String    But if HELLO is char Array then you can change HELLO to HILLO  Eg    char   charArr    HELLO   char 1     I     you can do this   Answer    Programming languages have immutable data variables so that it can be used as keys in key  value pair  String variables are used as keys indices  so they are immutable

User · Answer

String is immutable for several reasons  here is a summary    Security  parameters are typically represented as String in network connections  database connection urls  usernames passwords etc  If it were mutable  these parameters could be easily changed  Synchronization and concurrency   making String immutable automatically makes them thread safe thereby solving the synchronization issues  Caching  when compiler optimizes your String objects  it sees that if two objects have same value  a  test   and b  test   and thus you need only one string object  for both a and b  these two will point to the same object   Class loading  String is used as arguments for class loading  If mutable  it could result in wrong class being loaded  because mutable objects change their state     That being said  immutability of String only means you cannot change it using its public API  You can in fact bypass the normal API using reflection  See the answer here   In your example  if String was mutable  then consider the following example     String a  stack     System out println a    prints stack   a setValue  overflow      System out println a    if mutable it would print overflow

User · Answer

Most important reason according to this article on DZone      String Constant Pool         If string is mutable  changing the string with one reference will lead to the wrong value for the other references       Security      String is widely used as parameter for many java classes  e g  network connection  opening files  etc  Were String not immutable  a connection or file would be changed and lead to serious security threat          Hope it will help you

User · Answer

In addition to the great answers  I wanted to add a few points  Like Strings  Array holds a reference to the starting of the array so if you create two arrays arr1 and arr2 and did something like arr2   arr1 this will make the reference of arr2 same as arr1 hence changing value in one of them will result in change of the other one for example  public class Main       public static void main String   args            int   a    1  2  3  4           int   b   a          a 0    8          b 1    7          System out println  A      a 0       B      b 0            System out println  A      a 1       B      b 1              outputs           A  8  B  8           A  7  B  7           Not only that it would cause bugs in the code it also can and will  be exploited by malicious user  Suppose if you have a system that changes the admin password  The user have to first enter the newPassword and then the oldPassword if the oldPassword is same as the adminPass the program change the password by adminPass   newPassword  let s say that the new password has the same reference as the admin password so a bad programmer may create a temp variable to hold the admin password before the users inputs data if the oldPassword is equal to temp it changes the password otherwise adminPass   temp  Someone knowing that could easily enter the new password and never enter the old password and abracadabra he has admin access  Another thing I didn t understand when learning about Strings why doesn t JVM create a new string for every object and have a unique place in memory for it and you can just do that using new String  str    The reason you wouldn t want to always use new is because it s not memory efficient and it is slower in most cases read more

User · Answer

From the Security point of view we can use this practical example   DBCursor makeConnection String IP String PORT String USER String PASS String TABLE            if strings were mutable IP PORT USER PASS can be changed by validate function     Boolean validated   validate IP PORT USER PASS           here we are not sure if IP  PORT  USER  PASS changed or not        if  validated             DBConnection conn   doConnection IP PORT USER PASS                 rest of the code goes here

User · Answer

You are right  String in java uses concept of String Pool literal  When a string is created and if the string already exists in the pool  the reference of the existing string will be returned  instead of creating a new object and returning its reference If a string is not immutable  changing the string with one reference will lead to the wrong value for the other references   I would add one more thing  since String is immutable  it is safe for multi threading and a single String instance can be shared across different threads  This avoid the usage of synchronization for thread safety  Strings are implicitly thread safe

User · Answer

Java Developers decide Strings are immutable due to the following aspect design  efficiency  and security   Design Strings are created in a special memory area in java heap known as  String Intern pool   While you creating new String  Not in the case of using String   constructor or any other String functions which internally use the String   constructor for creating a new String object  String   constructor always create new string constant in the pool unless we call the method intern    variable it searches the pool to check whether is it already exist  If it is exist  then return reference of the existing String object  If the String is not immutable  changing the String with one reference will lead to the wrong value for the other references   According to this article on DZone      Security   String is widely used as parameter for many java classes  e g  network connection  opening files  etc  Were String not immutable  a connection or file would be changed and lead to serious security threat    Mutable strings could cause security problem in Reflection too  as the parameters are strings       Efficiency   The hashcode of string is frequently used in Java  For example  in a HashMap  Being immutable guarantees that hashcode will always the same  so that it can be cached without worrying the changes That means  there is no need to calculate hashcode every time it is used

User · Answer

String class is FINAL it mean you can t create any class to inherit it and change the basic structure and make the Sting mutable   Another thing instance variable and methods of String class that are provided are such that you can t change String object once created   The reason what you have added doesn t make the String immutable at all This all says how the String is stored in heap Also string pool make the huge difference in performance

[java] Why is String immutable in Java?

Examples related to java

Examples related to string