Scope minimization helps developers to avoid common programming errors, improves code readability by connecting the declaration and actual use of a variable, and improves maintainability because unused variables are more easily detected and removed. It may also allow objects to be recovered by the garbage collector more quickly, and it prevents violations of DCL51-J. Do not shadow or obscure identifiers in subscopes.
Noncompliant Code Example
This noncompliant code example shows a variable that is declared outside the for
loop. This reduces reusability because the value of the loop index i
is modified by the for
statement. Consider, for example, the case when this code snippet is copied and pasted with the intent to use a different index j
. If the index variable change were omitted, the new loop would then attempt to iterate over index i
. Unexpected behavior can follow because i
remains in scope.
Code Block | ||
---|---|---|
| ||
public class Scope {
public static void main(String[] args) {
int i = 0;
for (i = 0; i < 10; i++) {
// Do operations
}
}
}
|
It should be noted that this This code is noncompliant because, even though variable i
is not intentionally used outside the for
loop. The , it is declared in method scope. One of the few scenarios where variable i
would need to be declared local to the method if, for example, in method scope is when the loop contained contains a break statement and the value of i
was inspected outside must be inspected after conclusion of the loop.
Compliant Solution
Minimize the scope of variables where possible, for . For example, by declaring declare loop indices within the for
statement. :
Code Block | ||
---|---|---|
| ||
public class Scope { public static void main(String[] args) { for (int i = 0; i < 10; i++) { //contains Contains declaration // Do operations } } } |
Noncompliant Code Example
This noncompliant code example shows a variable count
that is declared outside the counter
method, although the variable is not used outside the counter
method. This reduces the reusability of the method because count
variable would need to be redefined in the new context.
Code Block | ||
---|---|---|
| ||
public class Foo { private int count; private static private final int MAX_COUNT = 10; public void counter() { count = 0; while (condition()) { /* ... */ if (count++ > MAX_COUNT) { return; } } } private boolean condition() {/* ... *} // No other method references count */ /*/ but several other methods reference MAX_COUNT */ } |
Compliant Solution
In this compliant solution, the count
field is declared local to the counter()
method.:
Code Block | ||
---|---|---|
| ||
public class Foo { private static private final int MAX_COUNT = 10; public void counter() { int count = 0; while (condition()) { /* ... */ if (count++ > MAX_COUNT) { return; } } } private boolean condition() {/* ... */} // No other method references count */ /*/ but several other methods reference MAX_COUNT */ } |
Risk Assessment
Do not use a larger scope than necessary because it will result in less reliable code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL14-J | low | unlikely | medium | P2 | L3 |
Automated Detection
Applicability
Detecting local variables that are declared in a larger scope than is required by the code as - written code is straightforward and can avoid any eliminate the possibility of false positives.
Detecting multiple for
statements that use the same index variable is straightforward; it will produce produces false positives in the unusual case where this was intended by the programmer.
Related Guidelines
C Secure Coding Standard: "DCL19-C. Minimize the scope of variables and functions"
C++ Secure Coding Standard: "DCL07-CPP. Minimize the scope of variables and methods"
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e87c6080-4d17-472c-9a5a-61dc84b78e1b"><ac:plain-text-body><![CDATA[ | [[Bloch 2001 | AA. References#Bloch 01]] | Item 29, Minimize the scope of local variables | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="df3e2f39-a492-437d-8cce-127268ef6a7d"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. References#JLS 05]] | [§14.4.2, "Scope of Local Variable Declarations" | http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.2] | ]]></ac:plain-text-body></ac:structured-macro> |
the value of the index variable is intended to persist between loops.
Bibliography
Item 29, "Minimize the Scope of Local Variables" | |
[JLS 2013] |
...
DCL61-J. Avoid cyclic dependencies between packages 01. Declarations and Initialization (DCL) DCL63-J. Do not shadow or obscure identifiers in subscopes