You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Sometimes it is desired to obtain consistent results from floating point operations, across different JVMs and platforms. This guarantee is imposed by the strictfp modifier which ensures that intermediate operations do not result in arithmetic underflow or overflow commonly encountered while dealing with float and double types. The strictfp modifier can be used with a class, method or interface.

Usage

Strictness Behavior

Class

All code in the class including (instance, variable, static) initializers, code in nested classes

Method

All code within the method is subject to strictness constraints

Interface

All code in the class that implements the interface is also strict

An expression is strict if any of the contained classes, methods and interfaces is defined to be a strictfp. Constant expressions containing floating point operations are also evaluated strictly.

Notably, the strict behavior cannot be inherited by a subclass that extends a strictfp superclass. All compile-time constants are by default, strictfp.

Noncompliant Code Example

This noncompliant example does not enforce the strictfp constraints. Double.MAX_VALUE is being multiplied by 1.1 and reduced back by dividing by 1.1 according to the evaluation order. JVM implementations are not required to report an overflow resulting from the initial multiplication, although they can chose to treat this case as strictfp. The ability to use extended exponent ranges to represent intermediate values is thus implementation defined.

class Strictfp {
  public static void main(String[] args) {
    double d = Double.MAX_VALUE;
    System.out.println("This value \"" + ((d * 1.1) / 1.1) + "\" cannot be represented as double.");
  }
}

Compliant Solution

To be compliant, use the strictfp modifier within an expression (class, method or interface) to guarantee that intermediate results do not vary due to implementation defined compiler optimizations or by design. This code snippet is guaranteed to return positive INFINITY due to the intermediate overflow condition.

strictfp class Strictfp {
  public static void main(String[] args) {
    double d = Double.MAX_VALUE;
    System.out.println("This value \"" + ((d * 1.1) / 1.1) + "\" cannot be represented as double.");
  }
}

Risk Assessment

Not using the strictfp modifier can result in platform defined behavior with respect to the accuracy of floating point operations.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP03-J

low

unlikely

low

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[JLS 05]] 15.4 FP-strict Expressions
[[JPL 05]] 9.1.3. Strict and Non-Strict Floating-Point Arithmetic
[[McCluskey 01]] Making Deep Copies of Objects, Using strictfp, and Optimizing String Performance
[[Darwin 04]] Ensuring the Accuracy of Floating-Point Numbers


FLP02-J. Do not attempt comparisons with NaN expressions      05. Floating Point (FLP)      05. Floating Point (FLP)

  • No labels