SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 200

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 201

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because the ranges of Java types are not symmetric (the negation of each minimum value is one more than each maximum value), even operations like unary negation can overflow if applied to a minimum value. Because the java.lang.math.abs() method returns the absolute value on of any number, it can also overflow if given the minimum int or long as an argument.

...

The upcast technique is the preferred approach when applicable. The checks it requires are simpler than those of the previous technique; it is substantially more efficient than using BigInteger. Unfortunately, it cannot be applied to operations involving the biggest type long, as there is no bigger type to upcast to.

The BigInteger technique is conceptually the simplest of the three techniques because arithmetic operations on BigInteger cannot overflow. However, it requires the use of method calls for each operation in place of primitive arithmetic operators; this , which can obscure the intended meaning of the code. Operations on objects of type BigInteger can also be significantly less efficient than operations on the original primitive integer type.

...

Either operation in this noncompliant code example could produce a result that overflows the range of intresult in an overflow. When overflow occurs, the result will be incorrect.

...

This compliant solution shows the implementation of a method for checking whether a value of type long value falls within the representable range of an int using the upcasting technique. The implementations of range checks for the smaller primitive integer types are similar.

...

Note that this approach cannot be applied to values of type long because long is the largest primitive integral type. Use the BigInteger technique instead when the original variables are of type long.

...

Operations on objects of type AtomicInteger suffer from the same overflow issues as other integer types. The solutions are generally similar to the solutions already presented; however, concurrency issues add additional complications. First, potential issues with time-of-check, time-of-use (TOCTOU) must be avoided; see rule VNA02-J for more information. Second, use of an AtomicInteger creates happens-before relationships between the various threads that access it. Consequently, changes to the number of accesses or order of accesses can alter the execution of the overall program. In such cases, you must either choose to accept the altered execution or carefully craft the your implementation of your compliant technique to preserve the exact number of accesses and order of accesses to the AtomicInteger.

...

Code Block
bgColor#FFcccc
class InventoryManager {
  private final AtomicInteger itemsInInventory = new AtomicInteger(100);

  //...
  public final void nextItem() {
    itemsInInventory++.getAndIncrement();
  }
}

Consequently, itemsInInventory can wrap around to Integer.MIN_VALUE when the nextItem() method is invoked at the instant when itemsInInventory == Integer.MAX_VALUE.

...

The CERT C Secure Coding Standard

INT32-C. Ensure that operations on signed integers do not result in overflow

The CERT C++ Secure Coding Standard

INT32-CPP. Ensure that operations on signed integers do not result in overflow

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a105e9d9be9aaf91-ee9e3768-41c14b5d-b7678c54-7a373209b7d7997fc501dca6"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

Wrap-around Error [XYY]

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-682. Incorrect Calculation

 

CWE-190. Integer Overflow or Wraparound

 

CWE-191. Integer Underflow (Wrap or Wraparound)

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="68bea822ac356d8d-1ad5e922-470e4cc5-925dbc7f-b93d99efc3197d1503fe5fe8"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class [AtomicInteger

http://download.oracle.com/javase/6/docs/api/java/util/concurrent/atomic/AtomicInteger.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c7bb745de381bccd-2f976f75-48a9470a-b128aafd-dd97b6ed9861012023679451"><ac:plain-text-body><![CDATA[

[[Bloch 2005

AA. Bibliography#Bloch 05]]

Puzzle 27, Shifty i's

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="52b168509c3965cc-512cc2e8-4e834deb-8aa9ace7-57c19c05b23a684906e0bd0d"><ac:plain-text-body><![CDATA[

[[JLS 2005

AA. Bibliography#JLS 05]]

[§4.2.2, Integer Operations

http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.2]

]]></ac:plain-text-body></ac:structured-macro>

 

§15.22, Bitwise and Logical Operators

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="038936bdbf4c9b5f-a49568f7-4daf4a9d-8396944d-0b1b5f73a2cde64f424efaa1"><ac:plain-text-body><![CDATA[

[[Seacord 2005

AA. Bibliography#Seacord 05]]

Chapter 5. Integers

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e0f287cc8014bdc5-ae15ba47-4d8247b1-890ca0b2-7ec8245ec2a20251587c6985"><ac:plain-text-body><![CDATA[

[[Tutorials 2008

AA. Bibliography#Tutorials 08]]

Primitive Data Types

]]></ac:plain-text-body></ac:structured-macro>

...