Page History

...

Conversion from int or long to float, or long to double can lead to loss of precision (loss of least significant bits). No runtime exception occurs despite this loss. Also, see EXP05-J. Be aware of integer promotions in binary operators.

Noncompliant Code Example

In this noncompliant code example, a value of type int is converted to the type float. Because a floating point number cannot be precise to 9 digits, the result of subtracting the original from this value is non-zero.

class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
    float approx = big;
    System.out.println(big - (int)approx);  // This is expected to be zero but it prints -46
  }
}

Compliant Solution

The significand part of a floating point number can hold at most 23 bit values. Anything above this threshold is discarded because of precision loss, as demonstrated in this compliant solution.

class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
                  
    // The significand can store at most 23 bits
    if(Integer.highestOneBit(big) > Math.pow(2, 23)) { 
      throw new ArithmeticException("Insufficient precision");	
    }

    float approx = big;
    System.out.println(big - (int)approx);  // Prints zero when no precision is lost
  }
}

Risk Assessment

Casting numeric types to wider floating-point types may lose information.

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Secure Coding Standard as FLP36-C. Beware of precision loss when converting integral types to floating point.

This rule appears in the C++ Secure Coding Standard as FLP36-CPP. Beware of precision loss when converting integral types to floating point.

References

\[[JLS 05|AA. Java References#JLS 05]\] Section [5.1.2, Widening Primitive Conversion|http://java.sun.com/docs/books/jls/third_edition/html/conversions.html#5.1.2]

...