...
Reuse
...
of
...
identifier
...
names
...
in
...
subscopes
...
leads
...
to
...
obscuration
...
or
...
shadowing.
...
That
...
is,
...
the
...
identifiers
...
in
...
the
...
current
...
scope
...
render
...
those
...
defined
...
elsewhere
...
inaccessible.
...
While
...
the
...
JLS
...
clearly
...
resolves
...
any
...
syntactic
...
ambiguity
...
arising
...
from
...
obscuring
...
or
...
shadowing,
...
such
...
ambiguity
...
burdens
...
code
...
maintainers,
...
especially
...
when
...
code
...
requires
...
access
...
to
...
both
...
the
...
original
...
named
...
entity
...
and
...
the
...
inaccessible
...
one.
...
The
...
problem
...
is
...
aggravated
...
when
...
the
...
reused
...
name
...
is
...
defined
...
in
...
a
...
different
...
package.
...
| Wiki Markup |
|---|
According to the Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], [Section 6.3.2|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.2], "Obscured Declarations" |
...
A
...
simple
...
name
...
may
...
occur
...
in
...
contexts
...
where
...
it
...
may
...
potentially
...
be
...
interpreted
...
as
...
the
...
name
...
of
...
a
...
variable,
...
a
...
type,
...
or
...
a
...
package.
...
In
...
these
...
situations,
...
the
...
rules
...
of
...
§6.5
...
specify
...
that
...
a
...
variable
...
will
...
be
...
chosen
...
in
...
preference
...
to
...
a
...
type,
...
and
...
that
...
a
...
type
...
will
...
be
...
chosen
...
in
...
preference
...
to
...
a
...
package.
This implies that a variable can obscure a type or a package, and a type can obscure a package name. Shadowing, on the other hand, refers to one variable rendering another variable inaccessible in a containing scope. One type can also shadow another type.
No identifier should obscure or shadow another identifier in a containing scope. For instance, a local variable should not reuse the name of a class field or method, or the class name or package name. Similarly, an inner class name should not reuse the name of an outer class or package.
Both overriding and shadowing differ from hiding, in which an accessible member (typically non-private) that should have been inherited by a subclass is replaced by a locally declared subclass member that assumes the same name but has a different, incompatible method signature.
Noncompliant Code Example (Field Shadowing)
This noncompliant code example reuses the name of the val instance field in the scope of an instance method. This behavior can be classified as shadowing.
| Code Block | ||
|---|---|---|
| ||
{quote} This implies that a variable can [obscure|BB. Definitions#obscure] a type or a package, and a type can obscure a package name. [Shadowing|BB. Definitions#shadow], on the other hand, refers to one variable rendering another variable inaccessible in a containing scope. One type can also shadow another type. No identifier should obscure or shadow another identifier in a containing scope. For instance, a local variable should not reuse the name of a class field or method, or the class name or package name. Similarly, an inner class name should not reuse the name of an outer class or package. Both overriding and shadowing differ from [hiding|BB. Definitions#hide], in which an accessible member (typically non-private) that should have been inherited by a subclass is replaced by a locally declared subclass member that assumes the same name but has a different, incompatible method signature. h2. Noncompliant Code Example (Field Shadowing) This noncompliant code example reuses the name of the {{val}} instance field in the scope of an instance method. This behavior can be classified as shadowing. {code:bgColor=#FFcccc} class MyVector { private int val = 1; private void doLogic() { int val; //... } } {code} h2. Compliant Solution |
Compliant Solution (Field
...
Shadowing)
...
This
...
compliant
...
solution
...
eliminates
...
shadowing
...
by
...
changing
...
the
...
name
...
of
...
the
...
variable
...
defined
...
in
...
method
...
scope.
| Code Block | ||
|---|---|---|
| ||
{code:bgColor=#ccccff} class MyVector { private int val = 1; private void doLogic() { int newValue; //... } } {code} h2. Noncompliant Code Example |
Noncompliant Code Example (Variable
...
Shadowing)
...
This
...
example
...
is
...
noncompliant
...
because
...
the
...
variable
...
i
...
defined
...
in
...
the
...
scope
...
of
...
the
...
second
...
for
...
loop
...
block
...
shadows
...
the
...
definition
...
of
...
i
...
defined
...
in
...
the
...
scope
...
of
...
the
...
doLogic()
...
method.
| Code Block | ||
|---|---|---|
| ||
class MyVector { private void doLogic() { int i = 0; for (i = 0; i < 10; i++) {/* ... */} for (int i = 0; i < 20; i++) {/* ... */} } } h2. |
Compliant
...
Solution
...
(Variable
...
Shadowing)
...
In
...
this
...
compliant
...
solution,
...
the
...
loop
...
counter
...
i
...
is
...
defined
...
in
...
the
...
scope
...
of
...
each
...
for
...
loop
...
block.
| Code Block | ||||
|---|---|---|---|---|
| =
| |||
} class MyVector { private void doLogic() { for (int i = 0; i < 10; i++) {/* ... */} for (int i = 0; i < 20; i++) {/* ... */} } } {code} h2. Risk Assessment Name reuse makes code more difficult to read and maintain. This can result in security weaknesses. || Guideline || Severity || Likelihood || Remediation Cost || Priority || Level || | EXP15-J | low | unlikely | medium | {color:green}{*}P2{*}{color} | {color:green}{*}L3{*}{color} | h3. Automated Detection An automated tool can easily detect reuse of names in containing scopes. h2. Related Guidelines C Secure Coding Standard: [seccode:DCL01-C. Do not reuse variable names in subscopes] C+\+ Secure Coding Standard: [cplusplus:DCL01-CPP. Do not reuse variable names in subscopes] h2. Bibliography |
Risk Assessment
Name reuse makes code more difficult to read and maintain. This can result in security weaknesses.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP15-J | low | unlikely | medium | P2 | L3 |
Automated Detection
An automated tool can easily detect reuse of names in containing scopes.
Related Guidelines
C Secure Coding Standard: DCL01-C. Do not reuse variable names in subscopes
C++ Secure Coding Standard: DCL01-CPP. Do not reuse variable names in subscopes
Bibliography
| Wiki Markup |
|---|
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 6.3.2|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.2] "Obscured Declarations", [Section 6.3.1|http://java.sun.com/docs/books/jls/third_edition/html/names.html#6.3.1] "Shadowing Declarations", [Section 7.5.2|http://java.sun.com/docs/books/jls/third_edition/html/packages.html#7.5.2] "Type-Import-On_Demand Declaration", [Section 14.4.3|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.3] "Shadowing of Names by Local Variables"
\[[Bloch 2005|AA. Bibliography#Bloch 05]\] Puzzle 67: All Strung Out
\[[Bloch 2008|AA. Bibliography#Bloch 08]\] Item 16: Prefer interfaces to abstract classes
\[[Kabanov 2009|AA. Bibliography#Kabanov 09]\]
\[[Conventions 2009|AA. Bibliography#Conventions 09]\] 6.3 Placement
\[[FindBugs 2008|AA. Bibliography#FindBugs 08]\] |
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...