| Wiki Markup |
|---|
The Java language provides two primitive types, {{float}} and {{double}}, which are associated with the single-precision 32-bit and double-precision 64-bit format IEEE 754 values and operations \[[IEEE 754|AA. Bibliography#IEEE 754 2006]\]. Each of the floating -point types has a fixed, limited number of mantissa bits. Consequently, it is impossible to precisely represent any irrational number (for example, pi). Further, because these types use a binary mantissa, they cannot precisely represent many finite decimal numbers, such as 1/10, because these numbers have repeating binary representations. |
| Wiki Markup |
|---|
Avoid using the primitive floating -point types when precise computation is necessary, especially when performing currency calculations. Instead, consider alternative representations that are able to completely represent the necessary values. Whatever representation you choose, you must carefully and methodically estimate the maximum cumulative error of the computations to ensure that the resulting error is within acceptable tolerances. Consider using numerical analysis to properly understand the problem. See \[[Goldberg 1991|AA. Bibliography#Goldberg 91]\] for an introduction to this topic. |
...
| Code Block | ||
|---|---|---|
| ||
double dollar = 1.00;
double dime = 0.10;
int number = 7;
System.out.println ("A dollar less " + number + " dimes is $" +
(dollar - number * dime) );
|
Because the value 1/.10 lacks an exact representation in either Java floating-point type (or any floating-point format that uses a binary mantissa) this program prints
...
Risk Assessment
Using a floating-point representation can result in a loss of precision and accuracy when precise computation is required.
...
Automated detection of floating-point arithmetic is straight-forward; determining which code suffers from insufficient precision is not feasible in the general case. Heuristic checks, such as flagging floating-point literals that cannot be represented precisely, may could be useful.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
C Secure Coding Standard: "FLP02-C. Avoid using floating point numbers when precise computation is needed"
C++ Secure Coding Standard: "FLP02-CPP. Avoid using floating point numbers when precise computation is needed"
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="cbf6ec84-dcf8-4985-89a2-351f5a39c611"><ac:plain-text-body><![CDATA[ | [[Bloch |
...
2008 |
...
AA. |
...
Bibliography#Bloch |
...
08] |
...
] |
...
Item |
...
48: |
...
Avoid |
...
|
...
and |
...
|
...
if |
...
exact |
...
answers |
...
are |
...
required | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="57816368-a906-489a-83ff-85c9501e2711"><ac:plain-text-body><![CDATA[ | [[Bloch 2005 | AA. Bibliography#Bloch 05]] | Puzzle 2: Time for a Change | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="652c5452-4bc7-4737-b7a3-c998f719d584"><ac:plain-text-body><![CDATA[ | [[Goldberg 1991 | AA. Bibliography#Goldberg 91]] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b6ed6616-39ba-453a-9dfa-f113e1cf7e4d"><ac:plain-text-body><![CDATA[ | [[IEEE 754 | AA. Bibliography#IEEE 754 2006]] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7212e8d6-3cb7-4be2-a789-ef0fec6252c8"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [§4.2.3, "Floating-Point Types, Formats, and Values" | http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3 |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
...
NUM06-J. Provide mechanisms to handle unsigned data when required 03. Numeric Types and Operations (NUM) NUM08-J. Do not use denormalized numbers