SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 208

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 209

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Because the ranges of Java types are not symmetric (the negation of each minimum value is one more than each maximum value), even operations like unary negation can overflow if applied to a minimum value. Because the java.lang.math.abs() method returns the absolute value of any number, it can also overflow if given the minimum int or long as an argument.

Wiki MarkupWhen a mathematical operation cannot be represented using the supplied integer types, Java's built-in integer operators silently wrap the result without indicating overflow. This can result in incorrect computations and unanticipated outcomes. Failure to account for integer overflow has resulted in failures of real systems, for example, when implementing the {{compareTo()}} method. The meaning of the return value of the {{compareTo()}} method is defined only in terms of its sign and whether it is zero; the magnitude of the return value is irrelevant. Consequently, an apparent but incorrect optimization would be to subtract the operands and return the result. For operands of opposite signs, this can result in integer overflow, consequently violating the {{compareTo()}} contract \ [[Bloch 2008|AA. References#Bloch 08], Item 12\].

Comparison of Compliant Techniques

...

Code Block
bgColor#ccccff
class InventoryManager {
  private final AtomicInteger itemsInInventory =
      new AtomicInteger(100);

  public final void nextItem() {
    while (true) {
      int old = itemsInInventory.get();
      if (old == Integer.MAX_VALUE) {
        throw new ArithmeticException("Integer overflow");
      }
      int next = old + 1; // Increment
      if (itemsInInventory.compareAndSet(old, next)) {
        break;
      }
    } // end while
  } // end nextItem()
}

...

The   two   arguments   to   the  {{compareAndSet()}}  method   are   the   expected   value   of   the   variable   when   the   method   is   invoked   and   the   intended   new   value.   The   variable's   value   is   updated   only   when   the   current   value   and   the   expected   value   are   equal  \[ [API   2006|AA. References#API 06]\]. Refer to rule []. Refer to rule VNA02-J.   Ensure   that   compound   operations   on   shared   variables   are   atomic]  for   more   details.
Exceptions
NUM00-EX0: Depending on circumstances, integer overflow could be benign. For example, many algorithms for computing hash codes use modular arithmetic, intentionally allowing overflow to occur. Such benign uses must be carefully documented.
...
 The CERT C Secure Coding Standard 
 INT32-C. Ensure that operations on signed integers do not result in overflow 
 The CERT C++ Secure Coding Standard 
 INT32-CPP. Ensure that operations on signed integers do not result in overflow 
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ba9b6eb8-e18a-4c7b-ab0f-a55a35e113d9"><ac:plain-text-body><![CDATA[
 [ISO/IEC TR 24772:2010
http://www.aitcnet.org/isai/] 
 Wrap-around Error [XYY] 
]]></ac:plain-text-body></ac:structured-macro>
 MITRE CWE 
 CWE-682. Incorrect calculation
 
 CWE-190. Integer overflow or wraparound
 
 CWE-191. Integer underflow (wrap or wraparound)
Bibliography
 ISO/IEC TR 24772:2010 
 Wrap-around Error [XYY] 
 MITRE CWE 
 CWE-682. Incorrect calculation
 
 CWE-190. Integer overflow or wraparound
 
 CWE-191. Integer underflow (wrap or wraparound)
Bibliography
[API 2006]
 Class AtomicInteger
[Bloch 2005]
 Puzzle 27. Shifty i's
[JLS 2005]
 §4.2.2, Integer Operations
 
§15.22, Bitwise and Logical Operators
[Seacord 2005] 
Chapter 5, Integers
[Tutorials 2008] 
Primitive Data Types
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="25dc7276-e76f-49f1-8404-a0b368ea89bf"><ac:plain-text-body><![CDATA[
[[API 2006
AA. References#API 06]]
 Class [AtomicInteger
http://download.oracle.com/javase/6/docs/api/java/util/concurrent/atomic/AtomicInteger.html]
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="308a24ad-0477-4a43-91c0-f49f1a6691e1"><ac:plain-text-body><![CDATA[
[[Bloch 2005
AA. References#Bloch 05]]
 Puzzle 27. Shifty i's
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9bea2a87-3b82-455f-a7b4-f54fb1129438"><ac:plain-text-body><![CDATA[
[[JLS 2005
AA. References#JLS 05]]
 [§4.2.2, Integer Operations
http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.2]
]]></ac:plain-text-body></ac:structured-macro>
 
§15.22, Bitwise and Logical Operators
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1783316f-7d92-4d12-a755-cd4e48331849"><ac:plain-text-body><![CDATA[
[[Seacord 2005
AA. References#Seacord 05]] 
Chapter 5, Integers
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ad2cdeeb-2e24-4389-b5b0-98cae443f50a"><ac:plain-text-body><![CDATA[
[[Tutorials 2008
AA. References#Tutorials 08]] 
Primitive Data Types
]]></ac:plain-text-body></ac:structured-macro>
...
03. Numeric Types and Operations (NUM)      03. Numeric Types and Operations (NUM)