SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 39

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example (initialization)

This noncompliant code example might lead a programmer or reviewer to mistakenly believe that both i and j are initialized to 1. In fact, only j is initialized; i remains uninitialized.

Code Block
bgColor#FFcccc
int i, j = 1;

Compliant Solution (initialization)

In this compliant solution, it is readily apparent that both i and j are initialized to 1.

Code Block
bgColor#ccccff
int i = 1;  // purpose of i...
int j = 1;  // purpose of j...

Noncompliant Code Example (variables or fields and functions)

This noncompliant code example is easily misunderstood by a programmer.

Code Block
bgColor#FFcccc
long dbaddr, getDbaddr();

compliant Solution (variables or fields and functions)

The purpose of each identifier is readily apparent in this compliant solution.

Code Block
bgColor#FFcccc
long dbaddr;       // db address
long getDbaddr();  // function to access db address

Noncompliant Code Example (different types)

Wiki Markup
In this noncompliant code example, a programmer or code reviewer could mistakenly believe that the variables {{src}} and {{c}} are both declared to be type {{int}}. In fact, {{src}} is of type {{int\[\]}}, while {{c}} has a type of {{int}}.

...

Note: this example declares the array in an antiquated and unpopular style, with the brackets appearing after the variable name. Arrays should be declared type[] name for improved clarity.

Compliant Solution (different types)

In this compliant solution, each variable is declared on a separate line, using the preferred style for declaring arrays.

...

Although this change has no effect on compilation, it clarifies the programmer's intent.

Noncompliant Code Example

In this noncompliant code example, the programmer declared multiple variables, including an array, on the same line. All instances of the type T have access to methods of the class Object. However, it is easy to forget that arrays require special treatment when some of these methods are overridden.

...

Code Block
// Correct functional implementation
public String toString(){
  String s = a.toString() + b.toString();
  for(int i = 0; i < c.length; i++){
    s += c[i].toString();
  }
  s += d.toString();
  return s;
}

Compliant Solution

This compliant solution places each declaration on its own line, as well as using the preferred notation for array declaration.

Code Block
bgColor#ccccFF
public class Example {
  private T a;   // purpose of a...
  private T b;   // purpose of b...
  private T[] c; // purpose of c[]...
  private T d;   // purpose of d...

  public Example(T in){
    a = in;
    b = in;
    c = (T[]) new Object[10];
    d = in;
  }
}

Exceptions

DCL01-EX1: Note that the declaration of a loop counter in a for statement is in violation of this recommendation because the declaration is not on its own line with an explanatory comment about the role of the variable. However, declaration of loop indices in for statements is not only a common idiom; it also provides the benefit of restricting the scope of the loop index to that of the for loop itself. These are sufficient reasons to relax this guideline in this specific case.

...

Code Block
bgColor#ccccff
for (int i = 0; i < mx; ++i ) {
  /* ... */
}

Risk Assessment

Declaration of multiple variables per line can reduce code readability and lead to programmer confusion.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

DCL01-J

low

unlikely

low

P3

L3

Related Guidelines

C Secure Coding Standard: DCL04-C. Do not declare more than one variable per declaration

C++ Secure Coding Standard: DCL04-CPP. Do not declare more than one variable per declaration

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

Wiki Markup
\[[Conventions 2009|AA. Bibliography#Conventions 09]\] Section 6.1, "Number Per Line"
\[[ESA 2005|AA. Bibliography#ESA 05]\] Rule 9: Put single variable definitions in separate lines.
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 8.3, "Field Declarations"|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3], [Section 9.3, "Field (Constant) Declarations"|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#9.3][Section 14.4, "Local Variable Declaration Statements"|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4] Section 6.1, "Declarations", Section 4.3.2, "The class Object"

...