The operation of the remainder operator in Java is defined in the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], Section 15 (JLS), §15.17.3:, "Remainder Operator %" [JLS 2013], states, Wiki Markup
The remainder operation for operands that are integers after binary numeric promotion (§5§5.6.2) produces a result value such that
(a/b)*b+(a%b)
is equal toa
. This identity holds even in the special case that the dividend is the negative integer of largest possible magnitude for its type and the divisor is-1
(the remainder is0
). It follows from this rule that the result of the remainder operation can be negative only if the dividend is negative, and can be positive only if the dividend is positive; moreover, the magnitude of the result is always less than the magnitude of the divisor.
Although clearly defined in the Java specification, the behavior is undefined in several early C implementations and it is represented by the same symbol as the modulus operator, which always returns a positive value. Therefore, it is possible to have unintended behavior from use of this operator.
The result of the remainder operator implies the following behaviorThe result of the remainder operator has the same sign as the dividend (the first operand in the expression):
Code Block |
---|
5 % 3 produces 2 5 % (-3) produces 2 (-5) % 3 produces -2 (-5) % (-3) produces -2 |
The result has the same sign as the dividend (the first operand in the expression)As a result, code that depends on the remainder operation to always return a positive result is erroneous.
Noncompliant Code Example
In this This noncompliant code example , uses the integer hashKey
references as an element of index into the hash
array. However, since the hash key is not guaranteed to be positive, the lookup function may fail, producing a java.lang.ArrayIndexOutOfBoundsException
on all negative inputs.
Code Block | ||
---|---|---|
| ||
private int SIZE = 16;
public int[] hash = new int[SIZE];
public int lookup(int hashKey) {
return hash[hashKey % SIZE];
}
|
A negative hash key produces a negative result from the remainder operator, causing the lookup()
method to throw java.lang.ArrayIndexOutOfBoundsException
.
Compliant Solution
One compliant implementation is to call a function that returns a true (always positive) modulus.This compliant solution calls the imod()
method, which always returns a positive remainder:
Code Block | ||
---|---|---|
| ||
//* remainderMethod functionimod() givinggives non-negativenonnegative result */ private int SIZE = 16; public int[] hash = new int[SIZE]; private int imod(int i, int j) { int temp = i % j; return (itemp < 0) ? ((-i) % j) : (i % j); } public int lookup(int hashKey) { return hash[imod(hashKey, size)]; } |
Alternatively, an explicit range check must be performed on the numerator at every susceptible point.
Code Block | ||
---|---|---|
| ||
-temp : temp; // Unary minus will succeed without overflow // because temp cannot be Integer.MIN_VALUE } public int lookup(int hashKey) { if (hashKey < 0) return hash[imod(-hashKey) % size]; return hash[hashKey % size, SIZE)]; } |
Note that providing a well documented imod
method is a better choice as it improves readability and makes it clear that its sole purpose is to return positive values when required and not to "fix" the unintuitive behavior of the remainder operator, as defined by the specification.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
INT02-J | low | unlikely | high | P1 | L3 |
Other Languages
This rule appears in the C Secure Coding Standard as INT10-C. Do not assume a positive remainder when using the % operator.
This rule appears in the C++ Secure Coding Standard as INT10-CPP. Do not assume a positive remainder when using the % operator,
References
Applicability
Incorrectly assuming a positive remainder from a remainder operation can result in erroneous code.
Automated Detection
Bibliography
...
\[[JLS 05|AA. Java References#JLS 05]\] [§15.17.3 Remainder Operators|http://java.sun.com/docs/books/jls/third_edition/html/expressions.html#15.17.3] Wiki Markup