这可能与安全性没有多大关系，因为安全实践建议使用字符数组作为密码，而不是字符串。这是因为当不再需要数组时，可以立即删除数组。不同的是，字符串不能被擦除，因为它是不可变的。在垃圾收集之前可能需要很长时间，在内容被覆盖之前可能需要更长的时间。

我认为选择不变性是为了允许共享字符串，它们很容易分裂。字符串赋值，选择子字符串变成了一个常数时间的操作，字符串比较也是，因为可重用的哈希码是字符串数据结构的一部分，可以首先进行比较。

从另一方面来说，如果原始字符串很大(比如大型XML文档)，那么从中选取少量符号可能会防止整个文档被垃圾收集。因此，后来的Java版本似乎远离了这种不变性。现代c++既有可变(std::string)版本，从c++ 17开始也有不可变(std::string_view)版本。

在Java中使字符串不可变的最重要的原因是安全考虑。下一个是缓存。

我相信这里给出的其他原因，比如效率、并发性、设计和字符串池，都源于字符串不可变的事实。如。可以创建字符串池，因为字符串是不可变的，而不是相反。

点击这里查看高斯林的采访记录

From a strategic point of view, they tend to more often be trouble free. And there are usually things you can do with immutables that you can't do with mutable things, such as cache the result. If you pass a string to a file open method, or if you pass a string to a constructor for a label in a user interface, in some APIs (like in lots of the Windows APIs) you pass in an array of characters. The receiver of that object really has to copy it, because they don't know anything about the storage lifetime of it. And they don't know what's happening to the object, whether it is being changed under their feet. You end up getting almost forced to replicate the object because you don't know whether or not you get to own it. And one of the nice things about immutable objects is that the answer is, "Yeah, of course you do." Because the question of ownership, who has the right to change it, doesn't exist. One of the things that forced Strings to be immutable was security. You have a file open method. You pass a String to it. And then it's doing all kind of authentication checks before it gets around to doing the OS call. If you manage to do something that effectively mutated the String, after the security check and before the OS call, then boom, you're in. But Strings are immutable, so that kind of attack doesn't work. That precise example is what really demanded that Strings be immutable

字符串是不可变的Sun微系统，因为字符串可以用来存储在地图集合的关键。 StringBuffer是可变的，这就是它不能在map对象中用作键的原因

String类是FINAL，这意味着你不能创建任何类来继承它，改变基本结构，使Sting可变。

另一件事，实例变量和String类的方法是这样的，你不能改变String对象一旦创建。

您所添加的内容并没有使字符串成为不可变的。这些都说明了字符串是如何存储在堆中的。字符串池在性能上也有巨大的差异

如果HELLO是你的字符串，那么你不能把HELLO改成HILLO。这个性质叫做不可变性。

你可以有多个指针字符串变量指向HELLO字符串。

但是如果HELLO是char Array，那么你可以将HELLO改为HILLO。例如,

char[] charArr = 'HELLO';
char[1] = 'I'; //you can do this

答:

编程语言具有不可变的数据变量，因此可以作为键、值对中的键使用。字符串变量用作键/索引，因此它们是不可变的。

由于以下方面的设计、效率和安全性，Java开发人员决定字符串是不可变的。

Design Strings are created in a special memory area in java heap known as "String Intern pool". While you creating new String (Not in the case of using String() constructor or any other String functions which internally use the String() constructor for creating a new String object; String() constructor always create new string constant in the pool unless we call the method intern()) variable it searches the pool to check whether is it already exist. If it is exist, then return reference of the existing String object. If the String is not immutable, changing the String with one reference will lead to the wrong value for the other references.

根据DZone上的这篇文章:

Security String is widely used as parameter for many java classes, e.g. network connection, opening files, etc. Were String not immutable, a connection or file would be changed and lead to serious security threat. Mutable strings could cause security problem in Reflection too, as the parameters are strings. Efficiency The hashcode of string is frequently used in Java. For example, in a HashMap. Being immutable guarantees that hashcode will always the same, so that it can be cached without worrying the changes.That means, there is no need to calculate hashcode every time it is used.