SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

According to the Java Language Specification [[JLS 2005]], Section 4.2.3, "Floating-Point Types, Formats, and Values":

NaN is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. The equality operator == returns false if either operand is NaN, and the inequality operator != returns true if either operand is NaN.

Problems can arise when the programmer uses such operators on NaN values in comparison operations. There is also a possibility that the input validation condition does not expect a NaN value as input.

Noncompliant Code Example

A frequently encountered mistake is the doomed comparison with NaN, typically in expressions. As per its semantics, no value (including NaN itself) can be compared to NaN using common operators. This noncompliant code example demonstrates one of the many violations. 

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;
    double result = Math.cos(1/x); // returns NaN if input is infinity
    if(result == Double.NaN) { // compare with infinity
      System.out.println("Both are equal");
    }
  }
}

Compliant Solution

This compliant solution uses the method Double.isNaN() to check if the expression corresponds to a NaN value.

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;	  
    double result = Math.cos(1/x); // returns NaN if input is infinity
    if(Double.isNaN(result)) { 
      System.out.println("Both are equal");
    }
  }
}

Risk Assessment

Comparisons with NaN values may lead to unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP05- J

low

probable

medium

P4

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[JLS 2005]] Section 4.2.3, Floating-Point Types, Formats, and Values
[[FindBugs 2008]] FE: Doomed test for equality to NaN

FLP04-J. Use the strictfp modifier for floating point calculation consistency      07. Floating Point (FLP)      FLP06-J. Check floating point inputs for exceptional values

  • No labels