According to the The Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], Section 4 (JLS), §4.2.3, "Floating-Point Types, Formats, and Values"[JLS 2015]: Wiki Markup
NaN
(not-a-number) is unordered, so the numerical comparison operators<
,<=
,>
, and>=
returnfalse
if either or both operands areNaN
. The equality operator==
returnsfalse
if either operand isNaN
, and the inequality operator!=
returnstrue
if either operand isNaN
.
Because this unordered property is often unexpected, direct comparisons with NaN
must not be performed. Problems can arise when the programmer uses such operators on NaN
values in comparison operations. There is also a possibility that the input validation condition does not expect programmers write code that compares floating-point values without considering the semantics of NaN
. For example, input validation checks that fail to consider the possibility of a NaN
value as input can produce unexpected results (see NUM08-J. Check floating-point inputs for exceptional values for additional information).
Noncompliant Code Example
This noncompliant code example attempts a direct comparison with NaN
. As per In accordance with the semantics of NaN
, all comparisons with NaN
yield false (with the exception of the !=
operator, which returns true). Consequently, the this comparison must always return false
, and the "
Both are equalresult is NaN"
message is never printed.
Code Block | ||
---|---|---|
| ||
public class NaNComparison { public static void main(String[] args) { double x = 0.0; double result = Math.cos(1/x); // returnsReturns NaN if input is infinity if (result == Double.NaN) { // comparisonComparison is always false! System.out.println("Bothresult areis equalNaN"); } } } |
Compliant Solution
This compliant solution uses the method Double.isNaN()
to check whether the expression corresponds to a NaN
value.:
Code Block | ||
---|---|---|
| ||
public class NaNComparison { public static void main(String[] args) { double x = 0.0; double result = Math.cos(1/x); // returnsReturns NaN when input is infinity if (Double.isNaN(result)) { System.out.println("Bothresult areis equalNaN"); } } } |
Risk Assessment
Comparisons with NaN
values can lead to unexpected results.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
NUM07-J |
Low |
Probable |
Medium | P4 | L3 |
Automated Detection
Automated detection of floating point comparison operators with NaN
is straightforward. Sound determination of whether the possibility of an unordered result has been correctly handled is not feasible in the general case. Heuristic checks could be useful.
Findbugs checks for the specific case of comparison with a constant NaN
.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
Wiki Markup |
---|
\[[FindBugs 2008|AA. Bibliography#FindBugs 08]\] FE: Doomed test for equality to NaN
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 4.2.3, Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3] |
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Parasoft Jtest |
| CERT.NUM07.NAN | Avoid comparisons to Double.NaN or Float.NaN | ||||||
PVS-Studio |
| V6038 |
Bibliography
...
FLP04-J. Use the strictfp modifier for floating point calculation consistency 07. Floating Point (FLP) FLP06-J. Check floating point inputs for exceptional values