| Wiki Markup |
|---|
The Java compiler type checks the arguments to each varargs method to ensure that the arguments are of the same type or object reference. However, the compile-time checking is ineffective when {{Object}} or generic {{T}} parameter types are used \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. Another requirement for providing strong compile-time type checking of variable argument methods is to be as specific as possible when declaring the type of the method parameter. |
Noncompliant Code Example (Object)
This noncompliant code example declares a vararg method using Object. It accepts an arbitrary mix of parameters of any object type. Legitimate uses of such declarations are rare. (See exception below).
| Code Block | ||
|---|---|---|
| ||
ReturnType method(Object... args) { }
|
Noncompliant Code Example (Generic Type)
This noncompliant code example declares a vararg method using a generic type parameter. It accepts a variable number of parameters that are all of the same object type. Again, legitimate uses of such declarations are rare.
| Code Block | ||
|---|---|---|
| ||
<T> ReturnType method(T... args) { }
|
Compliant Solution
Be as specific as possible when declaring parameter types; avoid Object and imprecise generic types in varargs.
...
Also, note that autoboxing does not allow strong compile-time type checking of primitive types and their corresponding wrapper classes.
Exceptions
DCL09DCL02-EX1: Varargs signatures using Object and imprecise generic types are acceptable when the body of the method does not use casts or auto-boxing and compiles without error. Consider the following example, which operates correctly for all object types and type checks successfully.
| Code Block | ||
|---|---|---|
| ||
Collection<T> assembleCollection(T... args) {
Collection<T> result = new HashSet<T>();
// add each argument to the result collection
return result;
}
|
Risk Assessment
Unmindful use of the varargs feature prevents strong compile-time type checking, creates ambiguity, and diminishes code readability.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL09 DCL02-J | low | unlikely | medium | P2 | L3 |
Automated Detection
Automated detection appears to be straightforward.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8707dfe9e3a80e03-8b596e33-417a4306-92819b88-0a6332d569724f3e21f8d85b"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 42: "Use Varargs Judiciously" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9e658fff1b59ef09-0ccbba31-4eca474f-90cb8db5-404c6ae3d025f1cdd6e4ff5a"><ac:plain-text-body><![CDATA[ | [[Steinberg 2005 | AA. Bibliography#Steinberg 05]] | "Using the Varargs Language Feature" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="35d2cf3dec21045b-94bc4bf7-48e44ddc-b57893a9-6143c0a4a5a4e61314403ecc"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | [varargs | http://java.sun.com/j2se/1.5.0/docs/guide/language/varargs.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...