...
Conversion from int or long to float, or long to double may can lead to loss of precision (loss of least significant bits). In this case, the resulting floating-point value is a rounded version of the integer value, using IEEE 754 round-to-nearest mode. Despite this loss of precision, the JLS requires that the conversion and rounding occur silently; , that is, without any runtime exception. See the JLS, Section 5 §5.1.2, "Widening Primitive Conversion" for more information.
Note that conversions from float to double can also lose information about the overall magnitude of the converted value. See guideline "NUM09-J. Use the strictfp modifier for floating point calculation consistency across platforms" for additional information.
...
In this noncompliant code example, two identical large integer literals are passed as arguments to the subFloatFromInt() method. The second argument is coerced to float, cast back to int, and subtracted from a value of type int. The result is returned as a value of type int.
This method may could have unexpected results because of the loss of precision. Values of type float have 23 mantissa bits, a sign bit, and an 8 bit exponent. The exponent allows type float to represent a larger range than that of type int. However, the 23-bit mantissa means that float supports exact representation only of integers whose representation fits within 23 bits; float supports only approximate representation of integers outside that range.
...
In this example, the subFloatFromInt() method throws java.lang.ArithmeticException. This general approach, with appropriate range checks, should be used for conversions from long to either float or double.
Compliant Solution (
...
Wider Type)
This compliant solution accepts an argument of type double instead of an argument of type float. Values of type double have 52 mantissa bits, a sign bit, and an 11 bit exponent. Consequently, integer Integer values of type int and narrower can be converted to double without a loss of precision.
...
Note that this compliant solution cannot be used when the primitive integers are of type long, because Java lacks a primitive floating-point type whose mantissa can represent the full range of a long.
...
Converting integer values to floating-point types whose mantissa has fewer bits than the original integer value may can result in a rounding error.
...
Automatic detection of casts that can lose precision is straightforward. Sound determination of whether those casts correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings could be useful.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
C Secure Coding Standard: "FLP36-C. Beware of precision loss when converting integral types to floating point"
C++ Secure Coding Standard: "FLP36-CPP. Beware of precision loss when converting integral types to floating point"
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="bab70f28-10ac-49b5-a040-dcc680c139aa"><ac:plain-text-body><![CDATA[ | [[JLS |
...
2005 |
...
AA. |
...
Bibliography#JLS |
...
05] |
...
] |
...
[ |
...
§5.1.2 |
...
, "Widening Primitive Conversion" | http://java.sun.com/docs/books/jls/third_edition/html/conversions.html#5.1.2 |
...
] | ]]></ac:plain-text-body></ac:structured-macro> |
...
NUM16-J. Convert integers to floating point for floating-point operations 03. Numeric Types and Operations (NUM) NUM18-J. Be aware of numeric promotion behavior