The Java Language Specification (JLS), §15.17.3, "Remainder Operator %" states
The remainder operation for operands that are integers after binary numeric promotion (§5.6.2) produces a result value such that (a/b)*b+(a%b) is equal to a. This identity holds even in the special case that the dividend is the negative integer of largest possible magnitude for its type and the divisor is -1 (the remainder is 0). It follows from this rule that the result of the remainder operation can be negative only if the dividend is negative, and can be positive only if the dividend is positive; moreover, the magnitude of the result is always less than the magnitude of the divisor.
The result of the remainder operator has the same sign as the dividend (the first operand in the expression).
5 % 3 produces 2 5 % (-3) produces 2 (-5) % 3 produces -2 (-5) % (-3) produces -2
As a result, code that depends upon the remainder operation to always return a positive result is erroneous.
Noncompliant Code Example
This noncompliant code example uses the integer hashKey
as an index into the hash
array. A negative hash key produces a negative result from the remainder operator causing the lookup()
method to throw java.lang.ArrayIndexOutOfBoundsException
.
private int SIZE = 16; public int[] hash = new int[SIZE]; public int lookup(int hashKey) { return hash[hashKey % SIZE]; }
Compliant Solution
This compliant solution calls the imod()
method that always returns a positive remainder.
// method imod() gives non-negative result private int SIZE = 16; public int[] hash = new int[SIZE]; private int imod(int i, int j) { int temp = i % j; return (temp < 0) ? -temp : temp; // unary - will succeed without overflow // because temp cannot be Integer.MIN_VALUE } public int lookup(int hashKey) { return hash[imod(hashKey, SIZE)]; }
Risk Assessment
Incorrectly assuming a positive remainder from a remainder operation can result in erroneous code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
NUM00-J |
low |
unlikely |
high |
P1 |
L3 |
Automated Detection
Automated detection of uses of the %
operator is straightforward. Sound determination of whether those uses correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings could be useful.
Related Guidelines
C Secure Coding Standard |
"INT10-C. Do not assume a positive remainder when using the % operator" |
C++ Secure Coding Standard |
"INT10-CPP. Do not assume a positive remainder when using the % operator" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9f0e97c2-cb35-4f8d-ba77-b3ae9f1c550d"><ac:plain-text-body><![CDATA[ |
[[JLS 2005 |
AA. Bibliography#JLS 05]] |
[§15.17.3, "Remainder Operators" |
http://java.sun.com/docs/books/jls/third_edition/html/expressions.html#15.17.3] |
]]></ac:plain-text-body></ac:structured-macro> |
03. Numeric Types and Operations (NUM) 03. Numeric Types and Operations (NUM) NUM01-J. Avoid performing bitwise and arithmetic operations on the same data