4
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

C Secure Coding Rules(11) 5.25. Integer division errors [diverr]

Last updated at Posted at 2018-04-04

ISO/IEC TS 17961:2013
Information Technology — Programming languages, their environments and system software interfaces — C Secure Coding Rules
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1624.pdf

n1624は、ISO/IEC JTC1 SC22 WG14の作業文書(Working Draft)です。
公式のISO/IEC TS 17961:2013原本ではありません。

ISO/IEC JTC1 SC22 WG14では、可能な限り作業文書を公開し、幅広い意見を求めています。技術内容を検討し、ISO/IEC JTC1 SC22 WG14にフィードバックするために用います。

ISO/IEC TS 17961:2013 C Secure Coding Rules(1)一覧

ISO/IEC TS 17961:2013 C Secure Coding Rules(1) All list(to be confirmed) - kaizen_nagoya @ Qiita
https://qiita.com/kaizen_nagoya/items/54e056195c4f11b850a1

一つの規則で複数回のコンパイルが必要な場合、別記事にしています。

例と作り込んだ部分と資料の断片とを一つのファイルとしている。
作り込んだところは///を記載するように変更中である。

作業予定

規則に記載のある例(断片等)をコンパイル、実行する予定です。
1: コンパイルエラーが出ないようにする。
 一accfree.cがこの段階です。
2: 実行時エラーが出ないようにする。
 ptrcomp.cがこの段階です。
3: 意味のある出力が出るようにする。
 検討中。

現状では、変な代入、奇異な操作が頻出します。コンパイルエラーが出ないようにするなるべく短い記述で済まそうという趣旨で、他意はありません。
意味のある出力があるよりよい記述に変更する予定です。

利用コンパイラ

Apple LLVM version 9.1.0 (clang-902.0.39.1)
Target: x86_64-apple-darwin17.4.0
または
clang version 6.0.0 (tags/RELEASE_600/final)
Target: x86_64-apple-darwin17.4.0

gcc-7 (Homebrew GCC 7.3.0_1) 7.3.0
Copyright (C) 2017 Free Software Foundation, Inc.

##環境(Environment)
hosted Environment macOS 10.13.3 or 10.12.9

コンパイル用shell script

C版(clangとgcc)とC++版(clang++とg++)
https://qiita.com/kaizen_nagoya/items/74220c0577a512c2d7da

5.25. Integer division errors [diverr]

Example 1, 2

EXAMPLE 1 In this noncompliant example, a diagnostic is required because the expression x / y can result in a divide-by-zero error or in a quotient that is not representable.
EXAMPLE 2 In this noncompliant example, a diagnostic is required because the expression x % y can result in a divide-by-zero error or a quotient of the two operands that is not representable.

diver.c
// ISO/IEC JTC 1/SC 22/WG 14 N 1624 Date: 2012-06-26 ISO/IEC TS 17961, p.44
// http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1624.pdf
/// lines are added by Dr. Kiyoshi Ogawa, 2018
/// Compiled on 
///  Clang(LLVM) clang version 6.0.0 (tags/RELEASE_600/final) 
///  GCC(GNU) gcc-7 (Homebrew GCC 7.3.0_1) 7.3.0
/// hosted Environment macOS 10.13.3 or 10.12.9
//EXAMPLE 1 In this noncompliant example, a diagnostic is required because the expression x / y can result in a divide-by-zero error or in a quotient that is not representable.

#include <stdio.h> /// for printf
#include <stdlib.h> /// for EXIT_SUCCESS
#include <errno.h> /// for errno
#include <limits.h> /// for 'ULONG_MAX'
#include "get.h" /// for GET_TAINTED_INTEGER

int divide(int x) {
  int y;
  GET_TAINTED_INTEGER(int, y);
  printf("divide:y:%d\n",y);
  return x / y; // diagnostic required
}
//EXAMPLE 2 In this noncompliant example, a diagnostic is required because the expression x % y can result in a divide-by-zero error or a quotient of the two operands that is not representable.

int remainder(int x) {
  int y;
  GET_TAINTED_INTEGER(int, y);
  printf("remainder:y:%d\n",y);
  return x % y; // diagnostic required
}
int main(void) {///
  int x=1;///
  printf("x:%d\n ",x);///
  printf("divide:%d\n ",divide(x++));///
  printf("remainder:%d\n ",remainder(x));///
  printf("EXIT_SUCCESS\n");
  return EXIT_SUCCESS;///
}///
shell
$ ./gcc7ts.sh diverr
$ clang diverr.c
diverr.c:19:5: warning: incompatible redeclaration of library function 'remainder'
      [-Wincompatible-library-redeclaration]
int remainder(int x) {
    ^
diverr.c:19:5: note: 'remainder' is a builtin with type 'double (double, double)'
1 warning generated.
x:1
 d:1

$ gcc-7 diverr.c
diverr.c:19:5: warning: conflicting types for built-in function 'remainder' [-Wbuiltin-declaration-mismatch]
 int remainder(int x) {
     ^~~~~~~~~
x:1
 d:1

Example 3, 4

EXAMPLE 3 In this compliant solution, the expression x / y can result in a divide-by-zero error or the quotient of the two operands that is not representable.
EXAMPLE 4 In this compliant solution, the expression x % y can result in a divide-by-zero error or in a quotient that is not representable.

diver2.c
// ISO/IEC JTC 1/SC 22/WG 14 N 1624 Date: 2012-06-26 ISO/IEC TS 17961, p.44
// http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1624.pdf
/// lines are added by Dr. Kiyoshi Ogawa, 2018
/// Compiled on 
///  Clang(LLVM) clang version 6.0.0 (tags/RELEASE_600/final) 
///  GCC(GNU) gcc-7 (Homebrew GCC 7.3.0_1) 7.3.0
/// hosted Environment macOS 10.13.3 or 10.12.9
//EXAMPLE 3 In this compliant solution, the expression x / y can result in a divide-by-zero error or the quotient of the two operands that is not representable.

#include <stdio.h> /// for printf
#include <stdlib.h> /// for EXIT_SUCCESS
#include <errno.h> /// for errno
#include <limits.h> /// for 'ULONG_MAX'
#include "get.h"/// for GET_TAINTED_INTEGER

int divide(int x) {
  int y;
  GET_TAINTED_INTEGER(int, y);
  if ( (y == 0) || ( (x == INT_MIN) && (y == -1) ) ) {
     /* Handle error */
  }
  else {
    return x / y;
  }
}
//EXAMPLE 4 In this compliant solution, the expression x % y can result in a divide-by-zero error or in a quotient that is not representable.

int remainder(int x) {
  int y;
  GET_TAINTED_INTEGER(int, y);
  if ( (y == 0) || ( (x == INT_MIN) && (y == -1) ) ) {
    /* Handle error */
  }
  else {
  return x % y;
  }
}
int main(void) {///
  int x=1;///
  divide(x++);///
  remainder(x);///
  return EXIT_SUCCESS;///
}///
shell
$ ./gcc7ts.sh diverr2
$ clang diverr2.c
diverr2.c:23:5: warning: incompatible redeclaration of library function
      'remainder' [-Wincompatible-library-redeclaration]
int remainder(int x) {
    ^
diverr2.c:23:5: note: 'remainder' is a builtin with type 'double (double, double)'
diverr2.c:25:3: warning: if statement has empty body [-Wempty-body]
  GET_TAINTED_INTEGER(int, y);
  ^
./get.h:25:18: note: expanded from macro 'GET_TAINTED_INTEGER'
errno == ERANGE) \
                 ^
diverr2.c:25:3: note: put the semicolon on a separate line to silence this warning
./get.h:25:18: note: expanded from macro 'GET_TAINTED_INTEGER'
errno == ERANGE) \
                 ^
2 warnings generated.

$ gcc-7 diverr2.c
diverr2.c:23:5: warning: conflicting types for built-in function 'remainder' [-Wbuiltin-declaration-mismatch]
 int remainder(int x) {
     ^~~~~~~~~

出力がうまく出ない理由調査中。

文書履歴

ver. 0.10 初稿 20180404
ver, 0.11 区切り入力訂正 20180405
ver. 0.12 gcc追記 20180408
ver. 0.13 ありがとう追記 20230413

最後までおよみいただきありがとうございました。

いいね 💚、フォローをお願いします。

Thank you very much for reading to the last sentence.

Please press the like icon 💚 and follow me for your happy life.

4
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?