Page History

Java silently wraps, providing no indication of overflow conditionsbuilt-in integer operators silently wrap without indicating overflow. This can result in incorrect computations and unanticipated outcomes.

...

The integral types in Java are byte, shortrepresentation, int, and long, whose values are 8-bit, 16-bit, 32-bit and 64and inclusive ranges are shown in the following table JLS §4.2.1, "Integral Types and Values":

...

According to the JLS, §4.2.1, "Integral Types and Values" the values of the integral types are integers in the inclusive ranges, shown in the following table:

...

Because the ranges of Java types are not symmetrical (the negation of minimum value is one more than each maximum value), even operations like unary negation can overflow, if applied to a minimum value. Because the java.lang.math.abs() function returns the absolute value on any number, it can also overflow if given the minimum int or long as an argument.

...

The pre-condition testing technique requires different pre-condition tests for each arithmetic operation. This can be somewhat more difficult to implement and to understand audit than either of the other two approaches.

...

The BigInteger technique is conceptually the simplest of the three techniques because arithmetic operations cannot overflow. However, it requires the use of method calls for each operation in place of primitive arithmetic operators; this can obscure the intended meaning of the code. Operations on objects of type BigInteger can also be significantly less efficient than operations on the original primitive integer type.

...

Operations on objects of type AtomicInteger suffer from the same overflow issues as other integer types. The solutions are generally similar to those shown abovethe solutions already presented; however, concurrency issues add additional complications. First, potential issues with time-of-check-time-of-use must be avoided. (See guideline "VNA02-J. Ensure that compound operations on shared variables are atomic" for more information). SecondlySecond, use of an AtomicInteger creates happens-before relationships between the various threads that access it. Consequently, changes to the number or order of accesses can alter the execution of the overall program. In such cases, you must either choose to accept the altered execution or carefully craft the implementation of your compliant technique to preserve the exact number and order of accesses to the AtomicInteger.

...

Consequently, itemsInInventory can wrap around to Integer.MIN_VALUE after the increment operation when itemInInventory == Integer.MAX_VALUE.

Compliant Solution (AtomicInteger)

...

The arguments to the {{compareAndSet()}} method are the expected value of the variable when the method is invoked and the intended new value. The variable's value is updated if, and only if, the current value and the expected value are equal. (See \[[API 2006|AA. Bibliography#API 06]\] class [{{AtomicInteger}}|http://download.oracle.com/javase/6/docs/api/java/util/concurrent/atomic/AtomicInteger.html].) Refer to guideline "[VNA02-J. Ensure that compound operations on shared variables are atomic]" for more details.

Exceptions

NUM00-EX1EX0: Depending on circumstances, integer overflow could be benign. For instance, the Object.hashcode() method could return all representable values of type int. Furthermore, many algorithms for computing hashcodes intentionally allow overflow to occur.

NUM00-EX2EX1: The added complexity and cost of programmer-written overflow checks could exceed their value for all but the most critical code. In such cases, consider the alternative of treating integral values as though they are tainted data, and using appropriate range checks as to sanitize the sanitizing codevalues. These range checks should ensure that incoming values cannot cause integer overflow. Note that sound determination of allowable ranges could require deep understanding of the details of the code protected by the range checks; correct determination of the allowable ranges could be extremely difficult.

...

...