SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 68

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that conversions from float to double can also lose information about the overall magnitude of the converted value. (See guideline FLP04-J. Use the strictfp modifier for floating point calculation consistency for additional information.)

Noncompliant Code Example

In this noncompliant code example, two identical large integer literals are passed as arguments to the subFloatFromInt() method. The second argument is coerced to float, cast back to int, and subtracted from a value of type int. The result is returned as a value of type int.

...

Code Block
bgColor#FFcccc
class WideSample {
  public static int subFloatFromInt(int op1, float op2) {
    return op1 - (int)op2;
  }

  public static void main(String[] args) {
    int result = subFloatFromInt(1234567890, 1234567890);
    // This prints -46, and not 0 as may be expected
    System.out.println(result);  
  }

}

Compliant Solution (ArithmeticException)

This compliant solution range checks the argument of the integer argument (op1) to ensure it can be represented as a value of type float without a loss of precision.

...

In this example, the subFloatFromInt() method throws java.lang.ArithmeticException.

Compliant Solution (wider type)

This compliant solution accepts an argument of type double instead of an argument of type float. Values of type double have 52 mantissa bits, a sign bit, and an 11 bit exponent. Consequently, integer values of type int and narrower can be converted to double without a loss of precision.

Code Block
bgColor#ccccff
class WideSample {
  public static int subDoubleFromInt(int op1, double op2) {
    return op1 - (int)op2;
  }

  public static void main(String[] args) {
    int result = subDoubleFromInt(1234567890, 1234567890);
    // Works as expected
    System.out.println(result);  
  }

}

Risk Assessment

Converting integer values to floating-point types whose mantissa has fewer bits than the original integer value will lose precision.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

FLP10-J

low

unlikely

medium

P2

L3

Automated Detection

Automatic detection of casts that can lose precision is straightforward. Sound determination of whether those casts correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings could be useful.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

C Secure Coding Standard: FLP36-C. Beware of precision loss when converting integral types to floating point

C++ Secure Coding Standard: FLP36-CPP. Beware of precision loss when converting integral types to floating point

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 5.1.2|http://java.sun.com/docs/books/jls/third_edition/html/conversions.html#5.1.2], "Widening Primitive Conversion"

...