几乎每条规则都有例外:

using System;
using System.Runtime.InteropServices;

namespace Guess
{
    class Program
    {
        static void Main(string[] args)
        {
            const string str = "ABC";

            Console.WriteLine(str);
            Console.WriteLine(str.GetHashCode());

            var handle = GCHandle.Alloc(str, GCHandleType.Pinned);

            try
            {
                Marshal.WriteInt16(handle.AddrOfPinnedObject(), 4, 'Z');

                Console.WriteLine(str);
                Console.WriteLine(str.GetHashCode());
            }
            finally
            {
                handle.Free();
            }
        }
    }
}

这主要是出于安全考虑。如果您不能相信您的字符串是防篡改的，那么保护系统就困难得多。

哇!我不敢相信这里的错误信息。不可变的字符串与安全性无关。如果某人已经可以访问正在运行的应用程序中的对象(如果你试图防止某人在你的应用程序中“入侵”字符串，就必须假设这一点)，那么他们肯定有很多其他可用的黑客机会。

String的不可变性解决了线程问题，这是一个相当新颖的想法。嗯…我有一个被两个不同线程改变的对象。我如何解决这个问题?同步对对象的访问?Naawww……让我们不要让任何人改变对象——这将解决我们所有混乱的并发问题!事实上，让我们让所有对象都是不可变的，然后我们就可以从Java语言中删除synchronized结构。

The real reason (pointed out by others above) is memory optimization. It is quite common in any application for the same string literal to be used repeatedly. It is so common, in fact, that decades ago, many compilers made the optimization of storing only a single instance of a String literal. The drawback of this optimization is that runtime code that modifies a String literal introduces a problem because it is modifying the instance for all other code that shares it. For example, it would be not good for a function somewhere in an application to change the String literal "dog" to "cat". A printf("dog") would result in "cat" being written to stdout. For that reason, there needed to be a way of guarding against code that attempts to change String literals (i. e., make them immutable). Some compilers (with support from the OS) would accomplish this by placing String literal into a special readonly memory segment that would cause a memory fault if a write attempt was made.

在Java中，这被称为实习。这里的Java编译器只是遵循了编译器几十年来所做的标准内存优化。为了解决这些String字面值在运行时被修改的相同问题，Java简单地使String类不可变(即，不提供允许您更改String内容的setter)。如果字符串字面量没有发生转换，字符串就不必是不可变的。

在大多数情况下，“字符串”(被用作/视为/认为/假定)是一个有意义的原子单位，就像一个数字一样。

因此，问为什么字符串的单个字符是不可变的，就像问为什么整数的单个比特是不可变的一样。

你应该知道原因。想想看。

我不想这么说，但不幸的是，我们正在讨论这个问题，因为我们的语言很糟糕，我们试图使用一个单一的词，字符串，来描述一个复杂的，上下文定位的概念或对象类。

我们对“字符串”执行计算和比较，类似于对数字的操作。如果字符串(或整数)是可变的，我们必须编写特殊的代码来将它们的值锁定为不可变的局部形式，以便可靠地执行任何类型的计算。因此，最好将字符串视为数字标识符，但它可能是数百位，而不是16位、32位或64位。

When someone says "string", we all think of different things. Those who think of it simply as a set of characters, with no particular purpose in mind, will of course be appalled that someone just decided that they should not be able to manipulate those characters. But the "string" class isn't just an array of characters. It's a STRING, not a char[]. There are some basic assumptions about the concept we refer to as a "string", and it generally can be described as meaningful, atomic unit of coded data like a number. When people talk about "manipulating strings", perhaps they're really talking about manipulating characters to build strings, and a StringBuilder is great for that. Just think a bit about what the word "string" truly means.

考虑一下如果字符串是可变的会是什么样子。如果可变用户名字符串在此函数使用时被另一个线程有意或无意地修改，则以下API函数可能被欺骗返回不同用户的信息:

string GetPersonalInfo( string username, string password )
{
    string stored_password = DBQuery.GetPasswordFor( username );
    if (password == stored_password)
    {
        //another thread modifies the mutable 'username' string
        return DBQuery.GetPersonalInfoFor( username );
    }
}

安全不仅仅是“访问控制”，它还涉及“安全性”和“保证正确性”。如果一个方法不容易编写，也不能可靠地依靠它来执行简单的计算或比较，那么调用它是不安全的，但是对编程语言本身提出质疑是安全的。

不可变性与安全性并没有那么紧密的联系。为此，至少在。net中，你得到了SecureString类。

稍后编辑:在Java中，你会发现GuardedString，一个类似的实现。

几乎每条规则都有例外:

using System;
using System.Runtime.InteropServices;

namespace Guess
{
    class Program
    {
        static void Main(string[] args)
        {
            const string str = "ABC";

            Console.WriteLine(str);
            Console.WriteLine(str.GetHashCode());

            var handle = GCHandle.Alloc(str, GCHandleType.Pinned);

            try
            {
                Marshal.WriteInt16(handle.AddrOfPinnedObject(), 4, 'Z');

                Console.WriteLine(str);
                Console.WriteLine(str.GetHashCode());
            }
            finally
            {
                handle.Free();
            }
        }
    }
}