Checker AbsOfRandom

belongs to group Basic
Identify computations of absolute values of random integers

Frameworks supported by this checker

  • java up to 11
  • android up to API level 28
  • dotnet

Warnings generated by this checker

  • AbsOfRandomWarning: the absolute value of a random number might actually be negative [ CWE682 ]

Options accepted by this checker

  • none

Annotations understood by this checker

  • @com.juliasoft.julia.checkers.absOfRandom.IntegralRandom
  • @com.juliasoft.julia.checkers.absOfRandom.YieldsAbsoluteValueOfItsArgument


Description

By computing the absolute value of a random integral number, one might actually yield a negative number, if Math.abs() is used. For instance, System.out.println(Math.abs(Integer.MIN_VALUE)) would actually print the negative value -2147483648. As a consequence, this might result in unexpected or erroneous computations.

Action: Check, explicitly, for the minimal integral value, before computing the absolute value.

By computing the absolute value of a random integral number, one might actually yield a negative number, if Math.Abs() is used. For instance, Math.Abs(Int32.MinValue) would actually print the negative value -2147483648. As a consequence, this might result in unexpected or erroneous computations.

Action: Check, explicitly, for the minimal integral value, before computing the absolute value.

Examples

Consider the following program:

import java.util.Random;

public class AbsOfRandom {

  public static void main(String[] args) {
    Random r = new Random();
    int i = r.nextInt();
    i = Math.abs(i);

    System.out.println(i);
  }
}

This checker issues the following warning:

AbsOfRandom.java:8: [AbsOfRandom: AbsOfRandomWarning] The absolute value of a random integral value might actually be negative

since i might actually contain a negative value when it is print, at line 10, which is probably not the intent of the programmer.

In this example, the programmer should check for the minimum integral value explicitly and behave accordingly, as in the following example:

    Random r = new Random();
    int i = r.nextInt();
    if (i == Integer.MIN_VALUE)
      i = 0; // any non-negative value would do
    else if (i < 0)
      i = -i;

    System.out.println(i);

Consider the following program:

using System;

namespace DocumentationExamples
{

    public class AbsOfRandom
    {

        public static void Main(string[] args)
        {
            System.Random r = new System.Random();
            int i = r.Next();
            i = Math.Abs(i);
            Console.WriteLine(i);
        }
    }

}

This checker issues the following warning:

DocumentationExamples.cs:13: [AbsOfRandom: AbsOfRandomWarning] The absolute value of a random integral value might actually be negative

since i might actually contain a negative value when it is print, at line 14, which is probably not the intent of the programmer.

In this example, the programmer should check for the minimum integral value explicitly and behave accordingly, as in the following example:

System.Random r = new System.Random();
int i = r.Next();
if (i == Int32.MinValue)
	i = 0; // any non-negative value would do
else if (i < 0)
	i = -i;

Console.WriteLine(i);