SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 8

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

String representations of floating point values may lead to incorrect conclusions about the precision of the values. For example, consider converting a value of type float to the type double, a widening primitive conversion. Refer to the guideline INT33-J. Do not cast numeric types to wider floating-point types without range checking for more details about such conversions. If the value of the float variable must be represented exactly using the double type, an explicit assignment is more appropriate than first converting the floating point value to a String and then to a double.

Noncompliant Code Example

This noncompliant code example converts a value of type float to a value of type double. The float variable contains the equivalent of 1/3 (0.3333333432674408). However, the default string representation can mislead a programmer into thinking that the correct value is 0.33333334. Consequently, the double variable may acquire an imprecise value. The imprecise value arises from the default precision used for converting floating point numbers to a string.

Code Block
bgColor#FFCCCC
double d;
float f = 1/3f; // Contains the value 0.33333334
d = Double.valueOf(String.valueOf(f)); // Now contains the value 0.33333334

Compliant Solution

This compliant solution assigns the value of type float to the double variable directly.

Code Block
bgColor#ccccff
double d;
float f = 1/3f; // Contains the value 0.3333333432674408 
d = f; // Assigned the value 0.3333333432674408

Noncompliant Code Example

This noncompliant code example obtains the result of 1/1000.0 and represents it as a String. However, even though the resulting value is precise, an extra zero digit is appended at the end. Any operations on the string, such as comparisons, may yield incorrect results.

Code Block
bgColor#FFCCCC
int i = 1;
String s = Double.valueOf (i / 1000.0).toString(); // s contains 0.0010
if(s.equals(0.001)) { // Fails
  // Do something
}

Compliant Solution

This compliant solution uses the BigDecimal class and strips the trailing zeros so that future operations do not fail.

Code Block
bgColor#ccccff
int i = 1;
BigDecimal d = new BigDecimal(Double.valueOf (i / 1000.0).toString()).stripTrailingZeros();
if(s.equals(0.001)) { // Passes
  // Do something
}

Risk Assessment

Relying on the string representation of floating point types can result in imprecise values.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP05- J

low

likely

medium

P6

L2

Automated Detection

TODO

Related Vulnerabilities

HV-192

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] 
\[[JLS 05|AA. Java References#JLS 05]\]

...