Literal decimal floating-point numbers can not always be represented precisely using the double primitive type, because the underlying representation of double is binary. This imprecision becomes apparent when a BigDecimal is constructed from a double.
Consequently, Decimal numbers cannot be precisely represented as a BigDecimal when the BigDecimal(double val) constructor is used. The primitive type double cannot precisely represent all decimal fractions because its underlying representation is binary. Consequently, the input to the BigDecimal(double val) constructor can lose precision before the constructor is ever invokedmust not be invoked with floating-point literals.
Noncompliant Code Example
This noncompliant code example passes a double value to the BigDecimal constructor. Because of thisthe decimal literal 0.1 can not be precisely represented by a double, precision of the literal BigDecimal is affected.
| Code Block | ||
|---|---|---|
| ||
// prints 0.1000000000000000055511151231257827021181583404541015625 System.out.println(new BigDecimal(0.1)); |
Compliant Solution
This compliant solution passes the decimal literal as a String so that the BigDecimal(String val) constructor is invoked, and precision is preserved.
| Code Block | ||
|---|---|---|
| ||
// prints 0.1
System.out.println(new BigDecimal("0.1"));
|
Risk Assessment
Using the BigDecimal(double val) constructor with decimal floating point literals leads can lead to loss of precision.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FLP08-J | low | probable | low | P6 | L2 |
Automated Detection
Automated detection appears to be straightforward.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
[JLS 2005]
...
FLP07-J. Do not use floating point variables as loop counters Floating Point (FLP) FLP09-J. Do not rely on the default string representation of floating point values