SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Dean Sutherland

Saved on

compared with

New Version 44

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Narrower primitive types can be cast to wider types without affecting the magnitude of numeric values. However, when the expressions are not strictfp (guideline FLP04-J. Use the strictfp modifier for floating point calculation consistency), conversions from float to double may lose information about the overall magnitude of the converted value. See JLS Section 5.1.2, "Widening Primitive Conversion" for more information.

Conversion from int or long to float, or long to double can lead to loss of precision (loss of least significant bits). No runtime exception occurs despite this loss. Also, see guideline EXP05-J. Be aware of integer promotions in binary operators.

Noncompliant Code Example

In this noncompliant code example, a value of type int is converted to the type float. Because a floating point number cannot be precise to 9 digitstype float has only 23 mantissa bits, the result of subtracting the original from this value is non-zero.

Code Block
bgColor#FFcccc
class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
    float approx = big;
    System.out.println(big - (int)approx);  // This is expected to be zero but it prints -46
  }
}

Compliant Solution

The significand part of a floating point number can hold at most 23 bit values. Anything above this threshold is discarded because of precision loss, as demonstrated in this compliant solutionNumbers of type float have 23 mantissa bits, a sign bit, and an 8 bit exponent. The exponent allows type float to represent a larger range than that of type int. Nevertheless, integers whose representation requires more than 23 bits can only be represented approximately by a float.

Code Block
bgColor#ccccff
class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
                  
    // The significand can store at most 23 bits
    if (Integer.highestOneBit(big > 0x007fffff) >|| Math.pow(2, 23(big < -0x800000)) { 
      throw new ArithmeticException("Insufficient precision");	
    }

    float approx = big;
    System.out.println(big - (int)approx);  // Prints zero when no precision is lost
  }
}

Risk Assessment

Casting numeric types integer values to wider floating-point types whose mantissa has fewer bits than does the original integer value will lose precision. In the absence of strictfp, casts from type float to type double may also lose informationprecision.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

INT03-J

low

unlikely

medium

P2

L3

Automated Detection

TODOAutomatic detection of casts that may lose precision is straightforward.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Other Languages

This guideline appears in the C Secure Coding Standard as FLP36-C. Beware of precision loss when converting integral types to floating point.

This guideline appears in the C++ Secure Coding Standard as FLP36-CPP. Beware of precision loss when converting integral types to floating point.

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] Section [5.1.2, Widening Primitive Conversion|http://java.sun.com/docs/books/jls/third_edition/html/conversions.html#5.1.2]

...