SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Java

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

  • All rules 733
  • Vulnerability60
  • Bug175
  • Security Hotspot40
  • Code Smell458

  • Quick Fix 65
Filtered: 1 rule found
overflow
    Impact
      Clean code attribute
        1. Math operands should be cast before assignment

           Bug

        Math operands should be cast before assignment

        intentionality - clear
        reliability
        Bug
        • cwe
        • overflow
        • cert

        Why is this an issue?

        More Info

        When arithmetic is performed on integers, the result will always be an integer. You can assign that result to a long, double, or float with automatic type conversion, but having started as an int or long, the result will likely not be what you expect.

        For instance, if the result of int division is assigned to a floating-point variable, precision will have been lost before the assignment. Likewise, if the result of multiplication is assigned to a long, it may have already overflowed before the assignment.

        In either case, the result will not be what was expected. Instead, at least one operand should be cast or promoted to the final type before the operation takes place.

        Noncompliant code example

        float twoThirds = 2/3; // Noncompliant; int division. Yields 0.0
        long millisInYear = 1_000*3_600*24*365; // Noncompliant; int multiplication. Yields 1471228928
        long bigNum = Integer.MAX_VALUE + 2; // Noncompliant. Yields -2147483647
        long bigNegNum =  Integer.MIN_VALUE-1; //Noncompliant, gives a positive result instead of a negative one.
        Date myDate = new Date(seconds * 1_000); //Noncompliant, won't produce the expected result if seconds > 2_147_483
        ...
        public long compute(int factor){
          return factor * 10_000;  //Noncompliant, won't produce the expected result if factor > 214_748
        }
        
        public float compute2(long factor){
          return factor / 123;  //Noncompliant, will be rounded to closest long integer
        }
        

        Compliant solution

        float twoThirds = 2f/3; // 2 promoted to float. Yields 0.6666667
        long millisInYear = 1_000L*3_600*24*365; // 1000 promoted to long. Yields 31_536_000_000
        long bigNum = Integer.MAX_VALUE + 2L; // 2 promoted to long. Yields 2_147_483_649
        long bigNegNum =  Integer.MIN_VALUE-1L; // Yields -2_147_483_649
        Date myDate = new Date(seconds * 1_000L);
        ...
        public long compute(int factor){
          return factor * 10_000L;
        }
        
        public float compute2(long factor){
          return factor / 123f;
        }
        

        or

        float twoThirds = (float)2/3; // 2 cast to float
        long millisInYear = (long)1_000*3_600*24*365; // 1_000 cast to long
        long bigNum = (long)Integer.MAX_VALUE + 2;
        long bigNegNum =  (long)Integer.MIN_VALUE-1;
        Date myDate = new Date((long)seconds * 1_000);
        ...
        public long compute(long factor){
          return factor * 10_000;
        }
        
        public float compute2(float factor){
          return factor / 123;
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use