SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 52

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Programmers frequently make errors regarding the precedence guidelines of operators due to the unintuitive low-precedence levels of {{&}}, {{\|}}, {{\^}}, {{<<}}, and {{>>}}. Avoid Mistakesmistakes regarding precedence guidelines can be avoided by through the suitable use of parentheses.; Defensivethis usealso ofimproves parentheses,code ifreadability notunless taken to excess, also improves code readability. The precedence of operations by the order of the subclauses are defined in the Java Tutorials \[[Tutorials 2008|AA. Bibliography#Tutorials 08]\].

The Although the guideline EXP09-J. Do not depend on operator precedence while using expressions containing side-effects advises against depending on parentheses for specifying the evaluation order; however this advice is applicable , it applies only to expressions that contain side-effects.

...

The intent of the expression in this noncompliant code example is to add the variable OFFSET with to the result of the bitwise AND between x and MASK.

...

Code Block
x & (1337 - 1337)

Compliant Solution

In this This compliant solution , uses parentheses are used to ensure that the expression evaluates as expectedintended.

Code Block
bgColor#ccccff
public static final int MASK = 1337;
public static final int OFFSET = -1337;

public static int computeCode(int x) {
  return (x & MASK) + OFFSET;
}

Exceptions

EXP00-EX1: Mathematical Parentheses may be omitted from mathematical expressions that follow algebraic order do not require parentheses. For instance, consider the expression:

...

By mathematical convention, multiplication is performed before addition. Consequently, parentheses may prove to be ; parentheses are redundant in this case.

Code Block
bgColor#FFCCCC
x + (y * z)

...

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

EXP06-J

low

probable

medium

P4

L3

Automated Detection

Detection of all expressions using low-precedence operators without parentheses is straightforward. Determining the correctness of such uses is infeasible in the general case; heuristic warnings may be useful.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...

This guideline appears in the C++ Secure Coding Standard as EXP00-CPP. Use parentheses for precedence of operation.

Bibliography

Wiki Markup
\[[ESA 2005|AA. Bibliography#ESA 05]\] Rule 65: Use parentheses to explicitly indicate the order of execution of numerical operators
\[[Tutorials 2008|AA. Bibliography#Tutorials 08]\] [Expressions, Statements, and Blocks|http://java.sun.com/docs/books/tutorial/java/nutsandbolts/expressions.html], [Operators|http://java.sun.com/docs/books/tutorial/java/nutsandbolts/operators.html]
\[[ESA 2005|AA. Bibliography#ESA 05]\] Rule 65: Use parentheses to explicitly indicate the order of execution of numerical operators

...

EXP05-J. Be aware of integer promotions in binary operators      04. Expressions (EXP)      EXP07-J. Be aware of the short-circuit behavior of the conditional AND and OR operators