SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 260

changes.mady.by.user Valery

Saved on

compared with

New Version Current

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Localize CodeSonar crossreferences to Java scope

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM00-J

Medium

Unlikely

Medium

P4

L3

Automated Detection

Automated detection of integer operations that can potentially overflow is straightforward. Automatic determination of which potential overflows are true errors and which are intended by the programmer is infeasible. Heuristic warnings might be helpful.

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.MATH.ABSRAND
JAVA.ARITH.OFLOW

Abs on random (Java)
Cast: int Computation computation to long (Java)

Coverity7.5

BAD_SHIFT
OVERFLOW_BEFORE_WIDEN

Implemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.NUM00.ICO
CERT.NUM00.BSA
CERT.NUM00.CACO		Avoid calculations which result in overflow or NaN
Do not use an integer outside the range of [0, 31] as the amount of a shift
Avoid using compound assignment operators in cases which may cause overflow
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V5308, V6117

...

SEI CERT C Coding Standard

INT32-C. Ensure that operations on signed integers do not result in overflow

ISO/IEC TR 24772:2010

Wrap-around Error [XYY]

MITRE CWE

CWE-682, Incorrect Calculation
CWE-190, Integer Overflow or Wraparound
CWE-191, Integer Underflow (Wrap or Wraparound)

...