Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki MarkupAccording to \[[JLS Section 4to The Java Language Specification (JLS), §4.2.3, "Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3]\]:"NaN Values" [JLS 2015]:

NaN (not-a-number) is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. The equality operator == returns false if either operand is NaN, and the inequality operator != returns true if either operand is NaN.

Because this unordered property is often unexpected, direct comparisons with NaN must not be performed. Problems can arise when programmers write code that compares floating-point values without considering the semantics of NaN. For example, input validation checks that fail to consider the possibility of a NaN value as input can produce unexpected results (see NUM08-J. Check floating-point inputs for exceptional values for additional information)" Problems can ensue when the programmer uses such operators on NaN values in comparison operations. There is also a possibility that the input validation condition does not expect a NaN value as input.

Noncompliant Code Example

A frequently encountered mistake is the doomed This noncompliant code example attempts a direct comparison with NaN, typically in expressions. As per its semantics, no value can be compared to NaN using common operators, including NaN itself. This noncompliant example demonstrates one of such cases. In accordance with the semantics of NaN, all comparisons with NaN yield false (with the exception of the != operator, which returns true). Consequently, this comparison always return false, and the "result is NaN" message is never printed.

Code Block
bgColor#FFcccc

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;
    double result = Double.NaN;Math.cos(1/x); // Returns NaN if input is infinity
    if (result == Double.NaN) { // Comparison is always false!
      System.out.println("Bothresult areis equalNaN");
    }
  }
}

Compliant Solution

This compliant solution uses the method Double.isNaN() to check if whether the expression corresponds to a NaN value.:

Code Block
bgColor#ccccff

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;	  
    double result = Double.NaN;
Math.cos(1/x); // Returns NaN when input is infinity
    if (Double.isNaN(result)) { 
      System.out.println("Bothresult areis equalNaN");
    }
  }
}

Risk Assessment

Comparisons with NaN values may can lead to unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP02

NUM07-J

low

Low

unlikely

Probable

medium

Medium

P2

P4

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] [Section 4.2.3, Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3]
\[[FindBugs 08|AA. Java References#FindBugs 08]\] FE: Doomed test for equality to NaN

Automated detection of comparison with NaN is straightforward. Sound determination of whether the possibility of an unordered result has been correctly handled is not feasible in the general case. Heuristic checks could be useful.

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.NUM07.NANAvoid comparisons to Double.NaN or Float.NaN
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6038

Bibliography


...

Image Added Image Added Image AddedEXP00-J. Use the same type for the second and third operands in conditional expressions      02. Expressions (EXP)      EXP02-J. Do not ignore values returned by methods