Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Scope minimization helps to capture developers avoid common programming errors, improves code readability by tying together connecting the declaration and actual use of a variable, and eases improves maintainability since because unused variables are more easily caught detected and removed. It may also allow objects to be recovered by the garbage collector more quickly, and it prevents violations of DCL51-J. Do not shadow or obscure identifiers in subscopes.

Noncompliant Code Example

This noncompliant code example shows a variable that is declared outside the for loop. This can harm reusability since the loop index i will change after the for statement. Consider for instance, if this code snippet is copy pasted with the intent of using a different index j but the statement mistakenly still iterates over index i. Since i is still in scope, this will lead to a rather obtuse outcome. 

Code Block
bgColor#FFcccc

public class Scope {
  public static void main(String[] args) {
    int i = 0;
    for (i = 0;i<10; i < 10; i++) {
    	  //do Do operations
    }
  }
}

This code is noncompliant because, even though variable i is not intentionally used outside the for loop, it is declared in method scope. One of the few scenarios where variable i would need to be declared in method scope is when the loop contains a break statement and the value of i must be inspected after conclusion of the loop.

Compliant Solution

To be compliant, minimize scope Minimize the scope of variables where possible, such as by declaring loop indexes . For example, declare loop indices within the for statement. :

Code Block
bgColor#ccccff

public class Scope {
  public static void main(String[] args) {
    for (int i = 0;i<10; i < 10; i++) { //contains Contains declaration
      	//do Do operations
    }
  }
}

Additionally, methods should be designed for only one operation if possible. This simplicity avoids variables from existing in overlapping scopes.

Risk Assessment

Using a larger scope than necessary results in less reliable code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SCP00-J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] [Section 14.4.2, Scope of Local Variable Declarations|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.2]
\[[Bloch 01|AA. Java References#Bloch 01]\] Item 29, Minimize the scope of local variables

Noncompliant Code Example

This noncompliant code example shows a variable count that is declared outside the counter method, although the variable is not used outside the counter method.

Code Block
bgColor#FFcccc
public class Foo {
  private int count;
  private static final int MAX_COUNT = 10;

  public void counter() {
    count = 0;
    while (condition()) {
      /* ... */
      if (count++ > MAX_COUNT) {
	    return;
      } 
    }
  }

  private boolean condition() {/* ... *}
  // No other method references count 
  // but several other methods reference MAX_COUNT 
}

Compliant Solution

In this compliant solution, the count field is declared local to the counter() method:

Code Block
bgColor#ccccff
public class Foo {
  private static final int MAX_COUNT = 10;

  public void counter() {
    int count = 0;
    while (condition()) {
      /* ... */
      if (count++ > MAX_COUNT) { 
	    return;
      }
    }
  }
  private boolean condition() {/* ... */}
  // No other method references count 
  // but several other methods reference MAX_COUNT 
}

Applicability

Detecting local variables that are declared in a larger scope than is required by the code as written is straightforward and can eliminate the possibility of false positives.

Detecting multiple for statements that use the same index variable is straightforward; it produces false positives in the unusual case where the value of the index variable is intended to persist between loops.

Bibliography

[Bloch 2001]

Item 29, "Minimize the Scope of Local Variables"

[JLS 2013]

§14.4, "Local Variable Declaration Statements"

 

...

Image Added Image Added Image Added04. Scope (SCP)      04. Scope (SCP)      SCP01-J. Declare sensitive methods private or final, fields private and final, and classes to be final