Reuse of identifier names in subscopes leads to obscuration or shadowing. Reused identifiers in the current scope can render those defined elsewhere inaccessible. Although the Java Language Specification (JLS) [JLS 2013] clearly resolves any syntactic ambiguity arising from obscuring or shadowing, such ambiguity burdens code maintainers and auditors, especially when code requires access to both the original named entity and the inaccessible one. The problem is exacerbated when the reused name is defined in a different package.
According to §6.4.2, "Obscuring," of the JLS [JLS 2013],
A simple name may occur in contexts where it may potentially be interpreted as the name of a variable, a type, or a package. In these situations, the rules of §6.5 specify that a variable will be chosen in preference to a type, and that a type will be chosen in preference to a package.
This implies that a variable can obscure a type or a package, and a type can obscure a package name. Shadowing, on the other hand, refers to one variable rendering another variable inaccessible in a containing scope. One type can also shadow another type.
No identifier should obscure or shadow another identifier in a containing scope. For example, a local variable should not reuse the name of a class field or method or a class name or package name. Similarly, an inner class name should not reuse the name of an outer class or package.
Both overriding and shadowing differ from hiding, in which an accessible member (typically nonprivate) that should have been inherited by a subclass is replaced by a locally declared subclass member that assumes the same name but has a different, incompatible method signature.
Noncompliant Code Example (Field Shadowing)
This noncompliant code example reuses the name of the val instance field in the scope of an instance method.
class MyVector {
private int val = 1;
private void doLogic() {
int val;
//...
}
}
The resulting behavior can be classified as shadowing; the method variable renders the instance variable inaccessible within the scope of the method. For example, assigning to val from within the method does not affect the value of the instance variable, although assigning to this.val from within the method does.
Compliant Solution (Field Shadowing)
This compliant solution eliminates shadowing by changing the name of the variable defined in the method scope from val to newValue:
class MyVector {
private int val = 1;
private void doLogic() {
int newValue;
//...
}
}
Noncompliant Code Example (Variable Shadowing)
This example is noncompliant because the variable i defined in the scope of the second for loop block shadows the definition of the instance variable i defined in the MyVector class:
class MyVector {
private int i = 0;
private void doLogic() {
for (i = 0; i < 10; i++) {/* ... */}
for (int i = 0; i < 20; i++) {/* ... */}
}
}
Compliant Solution (Variable Shadowing)
In this compliant solution, the loop counter i is defined in the scope of each for loop block:
class MyVector {
private void doLogic() {
for (int i = 0; i < 10; i++) {/* ... */}
for (int i = 0; i < 20; i++) {/* ... */}
}
}
Applicability
Name reuse makes code more difficult to read and maintain, which can result in security weaknesses. An automated tool can easily detect reuse of identifiers in containing scopes.
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest | 2023.1 | CERT.DCL51.HMF | Do not give method local variables and parameters the same name as class fields |
| SonarQube | 9.9 | HiddenFieldCheck |
Bibliography
Puzzle 67, "All Strung Out" | |
Item 16, "Prefer Interfaces to Abstract Classes" | |
§6.3, "Placement" | |
[JLS 2013] | §6.4.1, "Shadowing" |
10 Comments
Dhruv Mohindra
I think the second NCE does not compile.
David Svoboda
You're right, it didn't. I've fixed that sample (using Java7 now
Axel Hauschulte
The text after the first NCE isn't clear to me:
In this context the term 'class variable' is confusing to me. I think 'instance variable' would be more appropriate, since val is not declared static.
Is 'call variable' a typo actually meaning 'class variable'? If so, again I would prefer the term 'instance variable'. Furthermore, an assignment to this.val would certainly affect the value of the field val while leaving the local variable unchanged.
David Svoboda
Agreed, i is an instance variable, not a class variable. Reworded. I also changed 'call variable' to 'instance variable', and elaborated about assignment. You're right...assigning to 'this.val' changes the instance variable, but assigning to 'val' changes the method variable.
G. Ann Campbell
The difference between the first and second NCE's is not clear to me.
Should the second one, perhaps, have been
class MyVector { private void doLogic() { int i; for (i = 0; i < 10; i++) {/* ... */} for (int i = 0; i < 20; i++) {/* ... */} } }Also, are the following covered by this recommendation?:
David Svoboda
In the first NCCE, a local variable shadows an instance variable.
In the second NCCE, a variable declared in the scope of the for loop shadows an instance variable. This is in contrast to the first for loop in the NCCE, which uses the instance variable as a counter.
Your code sample also violates the rule, because the 2nd for loop shadows the local variable i.
G. Ann Campbell
Thanks for clarifying.
David Svoboda
WRT your other questions:
OBJ01-J. Limit accessibility of fields pretty much forbids the possibility of one field hiding a parent class field.
This guideline would apply to an inner class field or method obscuring an outer class field/method.
Gregor Ottmann
I stumbled over this one in a situation that occurs extremely often in Java code:
public class Foo { @Inject private SomeClass someClass; protected getSomeClass() { if(someClass == null) { throw new IllegalStateException("SomeClass was not injected"); } return someClass; } public someLogic() { SomeClass someClass = getSomeClass(); // do something with someClass } }The coding guidelines in our company state that accessors should be used even for members that are accessible in the current instance, which makes sense if additional initialization for an injected entity or some kind of validation is required. The naming pattern here is quite common, too, and until we deployed SonarQube nobody ever thought it was bad.
What would be the canonical resolution in cases like this? I suppose you could call injected instances "someClassInjected" or something similar, but I personally find that almost as weird as calling it mSomeClass.
David Svoboda
That's a good question. Clearly your someClass variable obscures the this.someClass field and violates this guideline.
There is no simple solution here, because you wish to enforce the OO encapsulation that separates someLogic() from the this.someClass field. (conceivably you could remove the this.someClass field and have getSomeClass() return something useful without changing someLogic()). But you also wish to have someLogic() in the same scope as this.someClass.
First, this is a guideline, and it is possible to violate it while still having secure code.
Your convention can still have problems. For example, someLogic() could reassign someClass, causing maintenance confusion when someone assumes that it reassigns this.someClass, but it really doesn't. That would be a maintainability problem. However, you could bypass that by declaring the variable final.
I don't think we have a rule about this, but I personally prefer prefixing fields with 'this', which helps to resolve the ambiguity. (Then again, maybe I've been programming too much Python lately :)
On the other paw, if we assume that getSomeClass() is more than a simple getter (as in your example), it is possible for it to return a value other than this.someClass, and you can be in trouble again.