SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 46 Next »

Narrower primitive types can be cast to wider types without affecting the magnitude of numeric values. However, when the expressions are not strictfp (guideline FLP04-J. Use the strictfp modifier for floating point calculation consistency), conversions from float to double may lose information about the overall magnitude of the converted value. See JLS Section 5.1.2, "Widening Primitive Conversion" for more information.

Conversion from int or long to float, or long to double can lead to loss of precision (loss of least significant bits). No runtime exception occurs despite this loss. Also, see guideline EXP05-J. Be aware of integer promotions in binary operators.

Noncompliant Code Example

In this noncompliant code example, a value of type int is converted to the type float. Because type float has only 23 mantissa bits, the result of subtracting the original from this value is non-zero.

class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
    float approx = big;
    System.out.println(big - (int)approx);  // This is expected to be zero but it prints -46
  }
}

Compliant Solution

Numbers of type float have 23 mantissa bits, a sign bit, and an 8 bit exponent. The exponent allows type float to represent a larger range than that of type int. Nevertheless, integers whose representation requires more than 23 bits can only be represented approximately by a float.

class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
                  
    // The significand can store at most 23 bits
    if ((big > 0x007fffff) || (big < -0x800000)) { 
      throw new ArithmeticException("Insufficient precision");	
    }

    float approx = big;
    System.out.println(big - (int)approx);  // Prints zero when no precision is lost
  }
}

Risk Assessment

Casting integer values to floating-point types whose mantissa has fewer bits than does the original integer value will lose precision. In the absence of strictfp, casts from type float to type double may also lose precision.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

INT03-J

low

unlikely

medium

P2

L3

Automated Detection

Automatic detection of casts that may lose precision is straightforward. Sound determination of whether those casts correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings may be useful.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Other Languages

This guideline appears in the C Secure Coding Standard as FLP36-C. Beware of precision loss when converting integral types to floating point.

This guideline appears in the C++ Secure Coding Standard as FLP36-CPP. Beware of precision loss when converting integral types to floating point.

Bibliography

[[JLS 2005]] Section 5.1.2, "Widening Primitive Conversion"

INT02-J. Remember that the remainder operator may return a negative result value      06. Integers (INT)      INT04-J. Avoid using the char integral type to hold signed values

  • No labels