...
Conversion from int or long to float, or long to double can lead to loss of precision (loss of least significant bits). No run-time runtime exception occurs despite the loss.
...
From | To | Description |
|---|---|---|
int or long | integral type T | Sign extend corresponding 2's complement form |
char | integral type T | Zero extend representation of char value |
...
Noncompliant Code Example
In this non-compliant noncompliant example, an int is converted to float. Since a floating point number cannot be precise to 9 digits, the result of subtracting the original from this value is non-zero.
| Code Block | ||
|---|---|---|
| ||
class wideSample {
public static void main(String[] args) {
int big = 1234567890;
float approx = big;
System.out.println(big - (int)approx); //ideally this should be zero but it prints -46
}
}
|
Compliant Solution
The significand part of a floating point number can hold at most 23 bit values. Anything above this threshold is discarded due to precision loss, as is demonstrated in this compliant solution.
| Code Block | ||
|---|---|---|
| ||
class wideSample {
public static void main(String[] args) {
int big = 1234567890;
float approx = big;
if(Integer.highestOneBit(big) <= Math.pow(2, 23)) { //the significand can store at most 23 bits
System.out.println(big - (int)approx); //always prints zero now
}
else {
//handle error //precision error
}
}
}
|
Risk Assessment
TODO
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT33-J | ?? | ?? | ?? | P?? | L?? |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
JLS 5.1.2 Widening Primitive Conversion