Reuse of identifier names in subscopes leads to obscuration or shadowing. Reused identifiers in the current scope can render those defined elsewhere inaccessible. Although the Java Language Specification (JLS) [JLS 2013] clearly resolves any syntactic ambiguity arising from obscuring or shadowing, such ambiguity burdens code maintainers and auditors, especially when code requires access to both the original named entity and the inaccessible one. The problem is exacerbated when the reused name is defined in a different package.

According to §6.4.2, "Obscuring," of the JLS [JLS 2013],

A simple name may occur in contexts where it may potentially be interpreted as the name of a variable, a type, or a package. In these situations, the rules of §6.5 specify that a variable will be chosen in preference to a type, and that a type will be chosen in preference to a package.

This implies that a variable can obscure a type or a package, and a type can obscure a package name. Shadowing, on the other hand, refers to one variable rendering another variable inaccessible in a containing scope. One type can also shadow another type.

No identifier should obscure or shadow another identifier in a containing scope. For example, a local variable should not reuse the name of a class field or method or a class name or package name. Similarly, an inner class name should not reuse the name of an outer class or package.

Both overriding and shadowing differ from hiding, in which an accessible member (typically nonprivate) that should have been inherited by a subclass is replaced by a locally declared subclass member that assumes the same name but has a different, incompatible method signature.

Noncompliant Code Example (Field Shadowing)

This noncompliant code example reuses the name of the val instance field in the scope of an instance method.

class MyVector {
  private int val = 1;
  private void doLogic() {
    int val;
    //...   
  }
}

The resulting behavior can be classified as shadowing; the method variable renders the instance variable inaccessible within the scope of the method. For example, assigning to val from within the method does not affect the value of the instance variable, although assigning to this.val from within the method does.

Compliant Solution (Field Shadowing)

This compliant solution eliminates shadowing by changing the name of the variable defined in the method scope from val to newValue:

class MyVector {
  private int val = 1;
  private void doLogic() {
    int newValue;
    //...   
  }
}

Noncompliant Code Example (Variable Shadowing)

This example is noncompliant because the variable i defined in the scope of the second for loop block shadows the definition of the instance variable i defined in the MyVector class:

class MyVector {
  private int i = 0;
  private void doLogic() {
    for (i = 0; i < 10; i++) {/* ... */}
    for (int i = 0; i < 20; i++) {/* ... */} 
  }
}

Compliant Solution (Variable Shadowing)

In this compliant solution, the loop counter i is defined in the scope of each for loop block:

class MyVector {
  private void doLogic() {
    for (int i = 0; i < 10; i++) {/* ... */}
    for (int i = 0; i < 20; i++) {/* ... */} 
  }
}

Applicability

Name reuse makes code more difficult to read and maintain, which can result in security weaknesses. An automated tool can easily detect reuse of identifiers in containing scopes.

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest

2024.1

CERT.DCL51.HMFDo not give method local variables and parameters the same name as class fields
SonarQube
9.9
HiddenFieldCheck


Bibliography

[Bloch 2005]

Puzzle 67, "All Strung Out"

[Bloch 2008]

Item 16, "Prefer Interfaces to Abstract Classes"

[Conventions 2009]

§6.3, "Placement"

[FindBugs 2008]


[JLS 2013]

§6.4.1, "Shadowing"
§6.4.2, "Obscuring"

§7.5.2, "Type-Import-on-Demand Declarations"



10 Comments

  1. I think the second NCE does not compile.

    1. You're right, it didn't. I've fixed that sample (using Java7 now (smile)

  2. The text after the first NCE isn't clear to me:

    the method variable renders the class variable inaccessible within the scope of the method.

    In this context the term 'class variable' is confusing to me. I think 'instance variable' would be more appropriate, since val is not declared static.

    For example, assigning to this.val from within the method does not affect the value of the call variable.

    Is 'call variable' a typo actually meaning 'class variable'? If so, again I would prefer the term 'instance variable'. Furthermore, an assignment to this.val would certainly affect the value of the field val while leaving the local variable unchanged.

    1. Agreed, i is an instance variable, not a class variable. Reworded. I also changed 'call variable' to 'instance variable', and elaborated about assignment. You're right...assigning to 'this.val' changes the instance variable, but assigning to 'val' changes the method variable.

  3. The difference between the first and second NCE's is not clear to me.

    Should the second one, perhaps, have been 

    class MyVector {
      private void doLogic() {
        int i;
        for (i = 0; i < 10; i++) {/* ... */}
        for (int i = 0; i < 20; i++) {/* ... */}
      }
    }

     

    Also, are the following covered by this recommendation?:

    • child class field vs parent class field
    • inner class member (field?) vs outer class member

     

    1. In the first NCCE, a local variable shadows an instance variable.

      In the second NCCE, a variable declared in the scope of the for loop shadows an instance variable. This is in contrast to the first for loop in the NCCE, which uses the instance variable as a counter.

      Your code sample also violates the rule, because the 2nd for loop shadows the local variable i.

       

      1. Thanks for clarifying.

    2. WRT your other questions:

      OBJ01-J. Limit accessibility of fields pretty much forbids the possibility of one field hiding a parent class field.

      This guideline would apply to an inner class field or method obscuring an outer class field/method.

  4. I stumbled over this one in a situation that occurs extremely often in Java code:

    public class Foo {
    	@Inject
    	private SomeClass someClass;
    
    	protected getSomeClass() {
    		if(someClass == null) {
    			throw new IllegalStateException("SomeClass was not injected");
    		}
    
    		return someClass;
    	}
    
    	public someLogic() {
    		SomeClass someClass = getSomeClass();
    		// do something with someClass
    	}
    }

    The coding guidelines in our company state that accessors should be used even for members that are accessible in the current instance, which makes sense if additional initialization for an injected entity or some kind of validation is required. The naming pattern here is quite common, too, and until we deployed SonarQube nobody ever thought it was bad.

    What would be the canonical resolution in cases like this? I suppose you could call injected instances "someClassInjected" or something similar, but I personally find that almost as weird as calling it mSomeClass.

    1. That's a good question. Clearly your someClass variable obscures the this.someClass field and violates this guideline.

      There is no simple solution here, because you wish to enforce the OO encapsulation that separates someLogic() from the this.someClass field. (conceivably you could remove the this.someClass field and have getSomeClass() return something useful without changing someLogic()). But you also wish to have someLogic() in the same scope as this.someClass.

      First, this is a guideline, and it is possible to violate it while still having secure code.

      Your convention can still have problems. For example, someLogic() could reassign someClass, causing maintenance confusion when someone assumes that it reassigns this.someClass, but it really doesn't. That would be a maintainability problem. However, you could bypass that by declaring the variable final.

      I don't think we have a rule about this, but I personally prefer prefixing fields with 'this', which helps to resolve the ambiguity. (Then again, maybe I've been programming too much Python lately :)

      On the other paw, if we assume that getSomeClass() is more than a simple getter (as in your example), it is possible for it to return a value other than this.someClass, and you can be in trouble again.