SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 14

changes.mady.by.user Pennie Walters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Notably, the strict behavior cannot be inherited by a subclass that extends a strictfp superclass. An overriding method may independently choose to be strictfp when the overridden method is not or vice versa.

Noncompliant Code Example

This noncompliant code example does not enforce the strictfp constraints. Double.MAX_VALUE is being multiplied by 1.1 and reduced back by dividing by 1.1 according to the evaluation order. JVM implementations are not required to report an overflow resulting from the initial multiplication, although they may choose to treat this case as strictfp. The ability to use extended exponent ranges to represent intermediate values is implementation defined.

Code Block
bgColor#FFcccc
class Strictfp {
  public static void main(String[] args) {
    double d = Double.MAX_VALUE;
    System.out.println("This value \"" + ((d * 1.1) / 1.1) + "\" cannot be represented as double.");
  }
}

Compliant Solution

To be compliant, use the strictfp modifier within an expression (class, method or interface) to guarantee that intermediate results do not vary because of implementation defined compiler optimizations or by design. This code snippet is guaranteed to return positive INFINITY because of the intermediate overflow condition.

Code Block
bgColor#ccccff
strictfp class Strictfp {
  public static void main(String[] args) {
    double d = Double.MAX_VALUE;
    System.out.println("This value \"" + ((d * 1.1) / 1.1) + "\" cannot be represented as double.");
  }
}

Risk Assessment

Not using the strictfp modifier can result in platform defined behavior with respect to the accuracy of floating point operations.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP03- J

low

unlikely

high

P1

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] 15.4 FP-strict Expressions
\[[JPL 05|AA. Java References#JPL 05]\] 9.1.3. Strict and Non-Strict Floating-Point Arithmetic
\[[McCluskey 01|AA. Java References#McCluskey 01]\] Making Deep Copies of Objects, Using strictfp, and Optimizing String Performance
\[[Darwin 04|AA. Java References#Darwin 04]\] Ensuring the Accuracy of Floating-Point Numbers

...