Page History

...

According to the Java Language Specification, Section 4.2.1, "Integral Types and Values," the values of the integral types are integers in the inclusive ranges shown in the following rangestable:

...

...

...

...

...

...

...

...

...

...

...

...

...

...

The table below shows the integer overflow behavior of the integral operators.

...

• Pre-condition testing of the inputs. Check the inputs to each arithmetic operator to ensure that overflow cannot occur. Throw an ArithmeticException when the operation would overflow if it were performed; otherwise, perform the operation. We call this technique This technique is referred to as "Pre-condition the inputs" hereafter, for conveniencein the remainder of this guideline.
• Use a larger type and downcast. Cast the inputs to the next larger primitive integer type and perform the arithmetic in the larger size. Check each intermediate result for overflow of the original smaller type, and throw an ArithmeticException if the range check fails. Note that the range check must be performed after each arithmetic operation. Downcast the final result to the original smaller type before assigning to the result variable. This approach cannot be used for type long because long is already the largest primitive integer type.
• Use BigInteger. Convert the inputs into objects of type BigInteger and perform all arithmetic using BigInteger methods. Throw an ArithmeticException if the final result is outside the range of the original smaller type; otherwise, convert back to the intended result type.

...

The "Use BigInteger" technique is conceptually the simplest of the three techniques. However, it requires the use of method calls for each operation in place of primitive arithmetic operators; this may obscure the intended meaning of the code. This technique will take consumes more time and memory than the other techniques.

...

For all integral types other than long, the next larger integral type can represent the result of any single integral operation. For example, operations on values of type int can be safely performed using type long. ThereforeAs a result, we can perform an operation using the larger type and range-check before downcasting to the original type. Note, however, that this guarantee holds only for a single arithmetic operation; larger expressions without per-operation bounds checking may overflow the larger type.

...

This compliant solution shows the implementation of a method for checking whether a long value falls within the representable range of an int. The implementations of range checks for the smaller primitive integer types are similar.

...

This compliant solution uses the get() and compareAndSet() methods provided by AtomicInteger to guarantee successful manipulation of the shared value of itemsInInventory. Note This solution has the following characteristics:

• The number and order of accesses to itemsInInventory remains unchanged from the noncompliant code example.
• All operations on the value of itemsInInventory are performed on a temporary local copy of its value.
• The overflow check in this example is performed in inline code, rather than encapsulated in a method call. This is an acceptable alternative implementation. The choice of method call vs. inline code should be made according to your organization's standards and needs.

class InventoryManager {
  private final AtomicInteger itemsInInventory = new AtomicInteger(100);

  public final void nextItem() {
    while (true) {
      int old = itemsInInventory.get();
      if (old == Integer.MAX_VALUE) {
        throw new ArithmeticException("Integer overflow");
      }
      int next = old + 1; // Increment
      if (itemsInInventory.compareAndSet(old, next)) {
        break;
      }
    } // end while
  } // end removeItem()
}

...

MITRE CWE: CWE-682 "Incorrect Calculation," MITRE CWE: CWE-190 "Integer Overflow or Wraparound," MITRE CWE: and CWE-191 "Integer Underflow (Wrap or Wraparound)"

...