Page History

Wiki MarkupAccording to \[[JLS Section 4to The Java Language Specification (JLS), §4.2.3, "Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3]\Values" [JLS 2015]:

NaN (not-a-number) is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. The equality operator == returns false if either operand is NaN, and the inequality operator != returns true if either operand is NaN.

Because this unordered property is often unexpected, direct comparisons with NaN must not be performed. Problems can arise when the programmer uses such operators on NaN values in comparison operations. There is also a possibility that the input validation condition does not expect programmers write code that compares floating-point values without considering the semantics of NaN. For example, input validation checks that fail to consider the possibility of a NaN value as input can produce unexpected results (see NUM08-J. Check floating-point inputs for exceptional values for additional information).

Noncompliant Code Example

A frequently encountered mistake is the doomed This noncompliant code example attempts a direct comparison with NaN, typically in expressions. As per its semantics, no value (including NaN itself) can be compared to NaN using common operators. This noncompliant example demonstrates one of the many violations. In accordance with the semantics of NaN, all comparisons with NaN yield false (with the exception of the != operator, which returns true). Consequently, this comparison always return false, and the "result is NaN" message is never printed.

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;
    double result = Math.cos(1/x); // returnsReturns NaN if input is infinity
    if (result == Double.NaN) { // compareComparison is withalways infinityfalse!
      System.out.println("Bothresult areis equalNaN");
    }
  }
}

Compliant Solution

This compliant solution uses the method Double.isNaN() to check if whether the expression corresponds to a NaN value.:

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;	  
    double result = Math.cos(1/x); // returnsReturns NaN ifwhen input is infinity
    if (Double.isNaN(result)) { 
      System.out.println("Bothresult areis equalNaN");
    }
  }
}

Risk Assessment

Comparisons with NaN values may can lead to unexpected results.

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[JLS 05|AA. Java References#JLS 05]\] [Section 4.2.3, Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3]
\[[FindBugs 08|AA. Java References#FindBugs 08]\] FE: Doomed test for equality to NaN

Automated detection of comparison with NaN is straightforward. Sound determination of whether the possibility of an unordered result has been correctly handled is not feasible in the general case. Heuristic checks could be useful.

Bibliography

[FindBugs 2008]	FE: Doomed test for equality to NaN
[JLS 2015]	§4.2.3, "Floating-Point Types, Formats, and Values"
[Seacord 2015]	Image Added NUM07-J. Do not attempt comparisons with NaN LiveLesson

...

Image Added Image Added Image AddedFLP01-J. Take care in rearranging floating point expressions      06. Floating Point (FLP)      FLP30-J. Do not use floating point variables as loop counters