SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 118

changes.mady.by.user Paul Ruggiero

Saved on

compared with

New Version 119

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
According to Sun's Secure Coding Guidelines document \[[SCG 072007|AA. Java References#SCG 07]\]:

...

Wiki Markup
According to the Java Language Specification \[[JLS 052005|AA. Java References#JLS 05]\], section 4.2.2 Integer Operations:

...

Wiki Markup
According to the Java Language Specification \[[JLS 052005|AA. Java References#JLS 05]\], section 4.2.1 "Integral Types and Values", the values of the integral types are integers in the following ranges:

...

Wiki Markup
Failing to account for integer overflow has resulted in failures in real systems, for instance, when implementing the {{compareTo()}} method. The {{compareTo()}} method does not care about the magnitude of the operands but only about the sign. Consequently, an optimization is to simply subtract the operands and return the result. For nonpositive operands, this can result in integer overflow and violation of the {{compareTo()}} contract. \[[Bloch 082008, item 12|AA. Java References#Bloch 08]\]

...

  • Wiki Markup
    When the value to be shifted (left-operand) is of type {{long}}, only the last 6 bits of the right-hand operand are used to perform the shift. The shift distance is the value of the right-hand operand masked by 63 (0x3D) \[[JLS 032003|AA. Java References#JLS 03]\], i.e., it is always between 0 and 63. (If the shift value is greater than 64, then the shift is {{value % 64}}.)

...

Wiki Markup
This noncompliant code example attempts to shift the value {{i}} of type {{int}} until, after 32 iterations, the value becomes 0. Unfortunately, this loop never terminates because an attempt to shift a value of type {{int}} by 32 bits results in the original value rather than the value 0. \[[Bloch 052005|AA. Java References#Bloch 05]\]

...

Wiki Markup
The {{compareAndSet()}} method takes two arguments, the expected value of a variable when the method is invoked and the updated value. This compliant solution uses this method to atomically set the value of {{itemsInInventory}} to the updated value if and only if the current value equals the expected value \[[API 062006|AA. Java References#API 06]\]. The while loop ensures that the {{removeItem()}} method succeeds in decrementing the most recent value of {{itemsInInventory}} as long as the inventory count is greater than {{MIN_INVENTORY}}. Refer to [VNA02-J. Ensure that compound operations on shared variables are atomic] for more details.

...

References

Wiki Markup
\[[SCG 072007|AA. Java References#SCG 07]\] Introduction
\[[JLS 032003|AA. Java References#JLS 03]\] 4.2.2 Integer Operations and 15.22 Bitwise and Logical Operators
\[[Tutorials 082008|AA. Java References#Tutorials 08]\] Primitive Data Types
\[[Seacord 052005|AA. Java References#Seacord 05]\] Chapter 5. Integers
\[[Bloch 052005|AA. Java References#Bloch 05]\] Puzzle 27: Shifty i's
\[[MITRE 092009|AA. Java References#MITRE 09]\] [CWE ID 682|http://cwe.mitre.org/data/definitions/682.html] "Incorrect Calculation", [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html] "Integer Overflow or Wraparound", [CWE ID 191|http://cwe.mitre.org/data/definitions/191.html]  "Integer Underflow (Wrap or Wraparound)"

...