SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 27

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Consequently, the BigDecimal(double val) constructor must not be invoked with floating-point literals.

Noncompliant Code Example

This noncompliant code example passes a double value to the BigDecimal constructor. Because the decimal literal 0.1 can not be precisely represented by a double, precision of the BigDecimal is affected.

Code Block
bgColor#FFcccc
// prints 0.1000000000000000055511151231257827021181583404541015625
System.out.println(new BigDecimal(0.1));

Compliant Solution

This compliant solution passes the decimal literal as a String so that the BigDecimal(String val) constructor is invoked, and precision is preserved.

Code Block
bgColor#ccccff
// prints 0.1
System.out.println(new BigDecimal("0.1"));

Risk Assessment

Using the BigDecimal(double val) constructor with decimal floating point literals can lead to loss of precision.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

NUM08 NUM13-J

low

probable

low

P6

L2

Automated Detection

Automated detection appears to be straightforward.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

[JLS 2005]

...

NUM12-J. Do not use floating point variables as loop counters      03. Floating Point (FLP)      NUM09-J. Do not rely on the default string representation of floating point values