SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Fred Long

Saved on

compared with

New Version 5

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

From

To

Description

int or long

integral type T

Sign extend corresponding 2's complement form

char

integral type T

Zero extend representation of char value

Noncompliant Code Example

In this noncompliant example, an int is converted to float. Since a floating point number cannot be precise to 9 digits, the result of subtracting the original from this value is non-zero.

Code Block
bgColor#FFcccc
class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
    float approx = big;
    System.out.println(big - (int)approx);  //ideally this should be zero but it prints -46
  }
}

Compliant Solution

The significand part of a floating point number can hold at most 23 bit values. Anything above this threshold is discarded due to precision loss, as is demonstrated in this compliant solution.

Code Block
bgColor#ccccff
class WideSample {
  public static void main(String[] args) {
    int big = 1234567890;
                
    float approx = big;
    if(Integer.highestOneBit(big) <= Math.pow(2, 23)) { //the significand can store at most 23 bits
      System.out.println(big - (int)approx);  //always prints zero now
    }
    else {
      //handle error   //precision error
    }
  }
}

Risk Assessment

Casting numeric types to wider floating-point types may lose information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT03-J

low

unlikely

medium

P??

L??

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] Section 5.1.2, Widening Primitive Conversion