SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 2

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: new rule!

Reuse of names leads to obscuration or shadowing; that is, the names in the current scope mask those defined elsewhere. Name reuse creates ambiguity and burdens code maintenance, especially when code requires access to both the original named entity and the entity with the reused name. The problem is aggravated when the reused name is defined in a different package.

Wiki Markup
According to the Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], [Section 6.3.2|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.2], "Obscured Declarations"

A simple name may occur in contexts where it may potentially be interpreted as the name of a variable, a type, or a package. In these situations, the rules of §6.5 specify that a variable will be chosen in preference to a type, and that a type will be chosen in preference to a package.

This implies that a variable can obscure a type or a package, and a type can obscure a package name. Shadowing, on the other hand, refers to masking variables, fields, types, method parameters, labels, and exception handler parameters in a subscope. Both these differ from hiding wherein an accessible member (typically non-private) that should have been inherited by a subclass is replaced by a locally declared subclass member that assumes the same name.

In general, do not reuse the name of

...

The Java standard library provides many useful utility classes, interfaces, and packages. Do not use the identifiers representing these items to refer to some distinct item.

Noncompliant Code Example (Class Name)

...

Wiki Markup
Note: When the developer and organization control the original hidden class, in addition to the code being written, it may be preferable to change the design strategy of the original in accordance with Bloch's _Effective Java_ \[[Bloch 2008|AA. Bibliography#Bloch 08]\] "Item 16: Prefer interfaces to abstract classes." Changing the original class into an interface would permit class {{MyVector}} to declare that it implements the hypothetical {{Vector}} interface. This would permit client code that intended to use {{MyVector}} to remain compatible with code that uses the original implementation of {{Vector}}.

Noncompliant Code Example (Field Shadowing)

This noncompliant code example reuses the name of the val instance field in the scope of an instance method. This behavior can be classified as shadowing.

Code Block
bgColor#FFcccc

class MyVector {
  private int val = 1;
  private void doLogic() {
    int val;
    //...   
  }
}

Compliant Solution (Field Shadowing)

This compliant solution eliminates shadowing by changing the name of the variable defined in method scope.

Code Block
bgColor#ccccff

class MyVector {
  private int val = 1;
  private void doLogic() {
    int newValue;
    //...   
  }
}

Exceptions

SCP02-EX1: Reuse of names is permitted for trivial loop counter declarations in the same scope:

Code Block
bgColor#ccccff

for (int i = 0; i < 10; i++) { }
for (int i = 0; i < 20; i++) { }

Risk Assessment

Name reuse makes code more difficult to read and maintain. This can result in security weaknesses.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

EXP16-J

low

unlikely

medium

P2

L3

Automated Detection

...

An automated tool can easily detect reuse of the set of names whose earlier definition appears somewhere in the Java include path. FindBugs, for example, detects at least four sub-instances of this guideline \[[FindBugs 2008|AA. Bibliography#FindBugs 08]\]:

  • Nm: Class names shouldn't shadow simple name of implemented interface
  • Nm: Class names shouldn't shadow simple name of superclass
  • MF: Class defines field that masks a superclass field
  • MF: Method defines a variable that obscures a field

names representing public classes or interfaces from the Java Standard Library.

Related Guidelines

C Secure Coding Standard: PRE04-C. Do not reuse a standard header file name

C++ Secure Coding Standard: PRE04-CCPP. Do not reuse a standard header file name

...

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 6.3.2|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.2] "Obscured Declarations", [Section 6.3.1|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.1] "Shadowing Declarations", [Section 7.5.2|http://java.sun.com/docs/books/jls/third_edition/html/packages.html#7.5.2] "Type-Import-On_Demand Declaration", [Section 14.4.3|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.3] "Shadowing of Names by Local Variables"
\[[FindBugs 2008|AA. Bibliography#FindBugs 08]\]
\[[Bloch 2005|AA. Bibliography#Bloch 05]\] Puzzle 67: All Strung Out
\[[Bloch 2008|AA. Bibliography#Bloch 08]\] Item 16: Prefer interfaces to abstract classes
\[[Kabanov 2009|AA. Bibliography#Kabanov 09]\]
\[[Conventions 2009|AA. Bibliography#Conventions 09]\] 6.3 Placement
\[[FindBugs 2008|AA. Bibliography#FindBugs 08]\]

...

MET17-J. Do not increase the accessibility of overridden or hidden methods            OBJ17-J. Do not expose sensitive private members of an outer class from within a nested class