SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 101

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following table presents the rules for narrowing primitive conversions of integer types. In the table, for an integer type T, n represents the number of bits used to represent the resulting type T (precision).

From

To

Description

Possible Resulting Errors

Signed integer

Integral type T

Keeps only n lower-order bits

Lost or misinterpreted data

char

Integral type T

Keeps only n lower-order bits

Magnitude error; negative number even though char is 16-bit unsigned

When integers are cast to narrower data types, the magnitude of the numeric value and the corresponding sign can be affected. Consequently, data can be lost or misinterpreted.

...

The minimum and maximum float values are converted to minimum 0 and maximum int values (0x80000000 and 0x7fffffff respectively). The resulting short values are 0 and the lower 16 bits of these values this value (0x0000 and 0xffff). The resulting final values (0 and −1) might be unexpected.

...

This compliant solution range-checks both the i and j variables before converting to the resulting integer type. Because both values are the maximum value is out of the valid range for a short, this code will always throw an ArithmeticException.

...

Casting a numeric value to a narrower type can result in information loss related to the sign and magnitude of the numeric value. As a result, data can be misrepresented or interpreted incorrectly.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM12-J

Low

Unlikely

Medium

P2

L3

Automated Detection

Automated detection of narrowing conversions on integral types is straightforward. Determining whether such conversions correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings could be useful.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.MATH.APPROX.E
JAVA.MATH.APPROX.PI
JAVA.CAST.FTRUNC
JAVA.ARITH.FPEQUAL

Approximate e Constant (Java)
Approximate pi Constant (Java)
Cast: Integer to Floating Point (Java)
Floating Point Equality (Java)

Parasoft Jtest
9.5PB.NUM.CLPImplemented
Include Page
Parasoft_V
Parasoft_V
CERT.NUM12.CLPDo not cast primitive data types to lower precision

Related Guidelines

SEI CERT C Coding Standard

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
FLP34-C. Ensure that floating-point conversions are within range of the new type

ISO/IEC TR 24772:2010

Numeric Conversion Errors [FLC]

MITRE CWE

CWE-681, Incorrect Conversion between Numeric Types
CWE-197, Numeric Truncation Error

Bibliography

[Harold 1999]

 


[JLS 2005]

§4.2.1, "Integral Types and Values"
§5.1.3, "Narrowing Primitive Conversions"

[Seacord 2015]
Image result for video iconImage Modified NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data LiveLesson

...


...