CWE-369¶

Divide By Zero. [Numeric-Errors, Incorrect-Calculation]

Required inputs: IR, StaticSemanticAnalysis

The product divides a value by zero. This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.

Demonstrative Examples

Example 1

The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.

Example Language:Java (Unsupported language for documentation only)
    public int computeAverageResponseTime (int totalTime, int numRequests) {
        return totalTime / numRequests;
    }

By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception.

Example Language:Java (Unsupported language for documentation only)
    public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException {
        if (numRequests == 0) {
            System.out.println("Division by zero attempted!");
            throw ArithmeticException;
        }
        return totalTime / numRequests;
    }

Example 2

The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.

Example Language:C
    double divide(double x, double y){
        return x/y;
    }

By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error.

Example Language:C
    const int DivideByZero = 10;
    double divide(double x, double y){
        if ( 0 == y ){
            throw DivideByZero;
        }
        return x/y;
    }
    ...
    try{
        divide(10, 0);
    }
    catch( int i ){
        if(i==DivideByZero) {
            cerr<<"Divide by zero error";
        }
    }

Example 2 References:

[REF-371] Alex Allain. "Handling Errors Exceptionally Well in C++". <https://www.cprogramming.com/tutorial/exceptions.html>. URL validated: 2023-04-07.

Example 3

The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.

Example Language:C# (Unsupported language for documentation only)
    int Division(int x, int y){
        return (x / y);
    }

The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero.

Example Language:C# (Unsupported language for documentation only)
    int SafeDivision(int x, int y){
        try{
            return (x / y);
        }
        catch (System.DivideByZeroException dbz){
            System.Console.WriteLine("Division by zero attempted!");
            return 0;
        }
    }

Example 3 References:

[REF-372] Microsoft. "Exceptions and Exception Handling (C# Programming Guide)". <https://msdn.microsoft.com/pl-pl/library/ms173160(v=vs.100).aspx>.

Possible Messages

Key	Text	Severity	Disabled
division_by_zero	Division by zero	None	False
modulo_by_zero	Modulo by zero	None	False
possible_division_by_zero	Possible division by zero	None	False
possible_modulo_by_zero	Possible modulo by zero	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

abstract_interpretation_div_by_zero¶

abstract_interpretation_div_by_zero : bool = False

Use additional "symbolic expression analysis" as postprocessing step. This can remove false positives, but might require more time. Option is automatically active if StaticSemanticAnalysis/performance.general.enhanced_analysis is active.

abstract_interpretation_maximal_tracked_array_index¶

abstract_interpretation_maximal_tracked_array_index : int = 10

The number of explicit indices in array expressions per routine tracked by the "symbolic expression analysis". For example, consider the following program.

extern signed char a[6];
extern signed char x;
int main()
{
    if (a[2] < 0)
    {
        x = x / a[2];
    }
    if (a[3] < 0)
    {
        x = x / a[3];
    }
    if (a[4] < 0)
    {
        x = x / a[4];
    }
    return 0;
}

If the value of this option is set to 2, the first two array index expressions encountered in the routine are tracked. Hence, the analysis can use the facts a[2] < 0 and a[3] < 0 to infer that the respective divisions do not divide by zero, but it will not track the third array access in this routine.

A higher value of the option can cause more consumption of memory and time for the analysis.

abstract_interpretation_overflow_unrolling_level¶

abstract_interpretation_overflow_unrolling_level : int = 0

How many levels of conditions are traversed to compute additional constraints for the "symbolic expression analysis".

Axivion Suite 7.12.0

Navigation