The varargs feature was introduced in the JDK v1.5.0 to support methods that accept a variable numbers of arguments.
According to the Java SE 6 documentation [[Sun 2006]]:
As an API designer, you should use [varargs methods] sparingly, only when the benefit is truly compelling. Generally speaking, you should not overload a varargs method, or it will be difficult for programmers to figure out which overloading gets called.
Noncompliant Code Example
In this noncompliant code example, overloading varargs methods makes it unclear which definition of the doSomething() method is invoked.
class Varargs {
private static void doSomething(boolean... bool) {
System.out.print("Number of arguments: " + bool.length + ", Contents: ");
for (boolean b : bool)
System.out.print("[" + b + "]");
}
private static void doSomething(boolean bool1, boolean bool2) {
System.out.println("Overloaded method invoked");
}
public static void main(String[] args) {
doSomething(true, false);
}
}
When run, this program outputs:
Overloaded method invoked
because the non-varargs definition is more specific and, consequently, a better fit for the arguments given. However, this complexity is best avoided.
Compliant Solution
To avoid overloading varargs methods, use distinct method names to ensure that the intended method is invoked, as shown in this compliant solution.
class Varargs {
private static void doSomething1(boolean... bool) {
System.out.print("Number of arguments: " + bool.length + ", Contents: ");
for (boolean b : bool)
System.out.print("[" + b + "]");
}
private static void doSomething2(boolean bool1, boolean bool2) {
System.out.println("Overloaded method invoked");
}
public static void main(String[] args) {
doSomething1(true, false);
}
}
Exceptions
DCL01-EX1: It may be desirable to violate this rule for performance reasons. One such reason would be to avoid the cost of creating an array instance and initializing it on every invocation of a method [[Bloch 2008]].
public void foo() { }
public void foo(int a1) { }
public void foo(int a1, int a2, int... rest) { }
When overloading varargs methods, it is important to avoid any ambiguity regarding which method would be invoked. This code sample avoids the possibility of incorrect method selection by using unambiguous method signatures.
Risk Assessment
Unmindful use of the varargs feature may create ambiguity and diminish code readability.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL01-J |
low |
unlikely |
medium |
P2 |
L3 |
Automated Detection
Automated detection is straightforward.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="815824cc-a21f-4ac4-9c77-26c1529c2d2b"><ac:plain-text-body><![CDATA[ |
[[Bloch 2008 |
AA. Bibliography#Bloch 08]] |
Item 42: "Use Varargs Judiciously" |
]]></ac:plain-text-body></ac:structured-macro> |
|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="08ecedc3-78ef-440d-9779-26aece30a3d4"><ac:plain-text-body><![CDATA[ |
[[Steinberg 2005 |
AA. Bibliography#Steinberg 05]] |
"Using the Varargs Language Feature" |
]]></ac:plain-text-body></ac:structured-macro> |
|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="67a3ab09-7404-417c-91de-e1fa3ccecde7"><ac:plain-text-body><![CDATA[ |
[[Sun 2006 |
AA. Bibliography#Sun 06]] |
[varargs |
http://java.sun.com/j2se/1.5.0/docs/guide/language/varargs.html] |
]]></ac:plain-text-body></ac:structured-macro> |
DCL00-J. Declare all enhanced for statement loop variables to be final 01. Declarations and Initialization (DCL) DCL02-J. Enable compile-time type checking of varargs types