SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 27

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Reuse of names leads to obscuration or shadowing, that is, the names in the current scope mask those defined elsewhere. This creates ambiguity especially when the originals original names need to be used and also leaves the code hard to maintainburdens code maintenance. The problem gets further is aggravated when the reused name is required to be defined in a different package.

Wiki Markup
According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\] section 6.3.2 "Obscured Declarations":

A simple name may occur in contexts where it may potentially be interpreted as the name of a variable, a type or a package. In these situations, the rules of §6.5 specify that a variable will be chosen in preference to a type, and that a type will be chosen in preference to a package.

As a result This implies that a variable can obscure a type or a package, and a type can obscure a package name. Shadowing on the other hand refers to masking of variables, fields, types, method parameters, labels and exception handler parameters in a subscope. Both these differ from hiding wherein a member that should have been inherited by a subclass is forgone in lieu of a locally declared subclass member , that assumes the same name.

...

Noncompliant Code Example

This noncompliant code example implements a class that reuses the name of the class java.util.Vector. It attempts to introduce a different condition for the isEmpty() method for interfacing with native legacy code, by overriding the corresponding method in java.util.Vector.

A future programmer may not know about this extension and may incorrectly use the Vector idiom intending to use the original java.util.Vector class, by adding an import statement. Because a type (Vector class) . The custom type Vector can obscure a package name (java.util.Vector), the custom class Vector defined in the same package as VectorUser, takes precedence. This causes can cause undesirable effects by violating the programmer's assumptions.

Well defined import statements do resolve these issues but may get confusing when the reused name is defined in a different package. Moreover, a common (and misleading) tendency is to include the import statements after writing the code (many IDEs allow automatic inclusion of import statements as per the requirements). This can create even more ambiguity with respect to the names because if a custom type is found in the same package, no further searches are conducted for the package names that must be imported.

Code Block
bgColor#FFcccc
class Vector {
  private int val = 1;

  public boolean isEmpty() {
    if(val == 1) {   //compares with 1 instead of 0
      return true;
    } else {
      return false;
    }
  }
  //other functionality is same as java.util.Vector
}

// import java.util.Vector; // desired functionality (line added later)omitted

public class VectorUser {
  public static void main(String[] args) {
    Vector v = new Vector();
    if(v.isEmpty()) {
      System.out.println("Vector is empty");
    }
  }
}

Compliant Solution

This compliant solution declares the class Vector with a different name.

...

Noncompliant Code Example

This noncompliant code specimen example reuses the name of the val instance field in the scope of an instance method. This behavior can be classified as shadowing.

...

Method shadowing in different scopes becomes possible when two or more packages are used. Method shadowing is distinct from method overloading as in that, subclasses are allowed to inherit overloadings defined in the base class. It differs from hiding in that the methods do not have to be declared static. It is also distinct from method overriding as exemplified in the following this noncompliant code segmentexample.

Code Block
bgColor#FFcccc
package x;
public class A {
  void doLogic() { // default accessibility
    //* print 'A' */ }
  //} default accessibility
  public static void main(String[] args) {
    A a = new y.C();
    a.doLogic(); // invokes doLogic() of class x.B and prints 'B'
  }
}

package x;
public class B extends A {
  void doLogic() { /*// default accessibility
    // print 'B' */ }
  //} default accessibility
}

package y; // different package
public class C extends x.B { // public accessibility 
  public void doLogic() { 
    //* print 'C'
 */ } // public
}

Note that class y.C is accessible from the package x and so is its doLogic() method. If howeverHowever, if the main() method defined in class A tries to polymorphically invoke y.doLogic() as shown, the override corresponding to class B in package x will take takes precedence. This is because the doLogic() methods in classes x.A and x.B are not visible from class y.C due to the default access specifier. As a result, the class x.C is not considered a part of the overriding hierarchy. Notably, the code behaves as expected if the access specifiers of all the methods are changed to public.

...

Code Block
bgColor#ccccff
package x;
public class A {
  void doLogic() { 
    /*/ print 'A'  
 */ }  

  public static void main(String[] args) {
    // explicitly invokes doSequence() of class y.C and prints 'C'
    y.C.doSequence(); 
  }
}

package x;
public class B { /* ... */ }

package y; // different package
public class C extends x.B {  
  public void doSequence() { /*// now renamed
    // print 'C' 
 */ } // now renamed
}

Risk Assessment

Reusing names leads to code that is harder to read and maintain and may result in security weaknesses.

...