Java supports the use of various types of literals, such as integers (5, 2), floating point numbers (2.5, 6.022e+23), characters ('a', '\n'), Booleans (true, false), and strings ("Hello\n"). Extensive use of literals within a program can lead to two problems: first, the meaning of the literal is often obscured or unclear from the context (magic numbers); second, changing a frequently-used literal requires both searching the entire program source for occurrences of that literal, and also distinguishing the uses that must be modified from those that should remain unmodified.
Avoid these problems by declaring meaningfully-named constants as class variables, setting their values to the desired literals, and referencing the constants in place of the literals throughout the program. This approach allows naming that clearly indicates the meaning or intended use of the literal. Further, should the constant require modification, the change is limited to the declaration; searching the code is unnecessary.
Constants should be declared as static and final, for example:
private static final int SIZE = 25;
Although final can be used to specify immutable constants, there is a caveat when dealing with composite objects. See guideline OBJ01-J. Do not assume that declaring a reference to be final causes the referenced object to be immutable for more details.
Noncompliant Code Example
This noncompliant code example calculates approximate dimensions of a sphere, given its radius.
double area(double radius) {
return 12.56 * radius * radius;
}
double volume(double radius) {
return 4.19 * radius * radius * radius;
}
double greatCircleCircumference(double radius) {
return 6.28 * radius;
}
The methods use the seemingly-random literals 12.56, 4.19, and 6.28 to represent various scaling factors used to calculate these dimensions. A developer or maintainer reading this code would have little idea about how they were generated or what they mean, and consequently would be unable to understand the function of this code.
Noncompliant Code Example
This noncompliant code example attempts to avoid the above issues by explicitly calculating the required constants.
double area(double radius) {
return 4.0 * 3.14 * radius * radius;
}
double volume(double radius) {
return 4.0 / 3.0 * 3.14 * radius * radius * radius;
}
double greatCircleCircumference(double radius) {
return 2 * 3.14 * radius;
}
The code uses the literal 3.14 to represent the value ?. Although this removes some of the ambiguity from the literals, it complicates code maintenance. If the programmer were to decide that a more precise value of ? is desired, all occurrences of 3.14 in the code would have to be found and replaced.
Compliant Solution (Constants)
In this compliant solution, a constant PI is declared and initialized to 3.14. Thereafter, it is referenced in the code whenever the value of ? is needed.
private static final double PI = 3.14;
double area(double radius) {
return 4.0 * PI * radius * radius;
}
double volume(double radius) {
return 4.0/3.0 * PI * radius * radius * radius;
}
double greatCircleCircumference(double radius) {
return 2 * PI * radius;
}
This reduces clutter and promotes maintainability. If a more precise value of ? is required, the programmer can simply redefine the constant.
Compliant Solution (Predefined Constants)
The class java.lang.Math defines a large group of numeric constants, including PI and the exponential constant E. Prefer the use of predefined constants when they are available.
double area(double radius) {
return 4.0 * Math.PI * radius * radius;
}
double volume(double radius) {
return 4.0/3.0 * Math.PI * radius * radius * radius;
}
double greatCircleCircumference(double radius) {
return 2 * Math.PI * radius;
}
Exceptions
DCL02-EX1: The use of symbolic constants should be restricted to cases where they improve the readability and maintainability of the code. When the intent of the literal is obvious, or where the literal is not likely to change, use of symbolic constants can impair code readability. The following noncompliant code example obscures the meaning of the code by using too many symbolic constants.
private static final double AREA_FACTOR = 4.0 * Math.PI;
private static final double VOLUME_FACTOR = 4.0 / 3.0 * Math.PI;
private static final double CIRCUMFERENCE_FACTOR = 2.0 * Math.PI;
double area(double radius) {
return AREA_FACTOR * radius * radius;
}
double volume(double radius) {
return VOLUME_FACTOR * radius * radius * radius;
}
double greatCircleCircumference(double radius) {
return CIRCUMFERENCE_FACTOR * radius;
}
The values 4.0 and 3.0 in the volume calculation are clearly scaling factors used to calculate the sphere's volume and are not subject to change (unlike the approximate value for ?), so they can be represented exactly; there is no reason to change them to increase precision. Therefore, replacing them with symbolic constants impairs the readability of the code.
Risk Assessment
Using numeric literals makes code more difficult to read, understand, and edit.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL02-J |
low |
unlikely |
high |
P1 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
C++ Secure Coding Standard: DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic
C Secure Coding Standard: DCL06-C. Use meaningful symbolic constants to represent literal values
Bibliography
[[API 2006]]
[[Core Java 2004]]
DCL01-J. Do not declare more than one variable or field per declaration 03. Declarations and Initialization (DCL) DCL03-J. Properly encode relationships in constant definitions