Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

Wiki Markup According to the The Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], Section 4 (JLS), §4.2.3, "Floating-Point Types, Formats, and Values"[JLS 2015]:

NaN (not-a-number) is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. The equality operator == returns false if either operand is NaN, and the inequality operator != returns true if either operand is NaN.

Because this unordered property is often unexpected, problems direct comparisons with NaN must not be performed. Problems can arise when programmers write code that compares floating-point values without considering the semantics of NaN. For example, input validation checks that fail to consider the possibility of a NaN value as input may can produce unexpected results . See NUM11(see NUM08-J. Check floating-point inputs for exceptional values for additional information).

Noncompliant Code Example

This noncompliant code example attempts a direct comparison with NaN. As per In accordance with the semantics of NaN, all comparisons with NaN yield false (with the exception of the != operator, which returns true). Consequently, this comparison always return false, and the "result is NaN" message is never printed.

Code Block
bgColor#FFcccc

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;
    double result = Math.cos(1/x); // returnsReturns NaN if input is infinity
    if (result == Double.NaN) { // comparisonComparison is always false!
      System.out.println("result is NaN");
    }
  }
}

Compliant Solution

This compliant solution uses the method Double.isNaN() to check whether the expression corresponds to a NaN value.:

Code Block
bgColor#ccccff

public class NaNComparison {
  public static void main(String[] args) {
    double x = 0.0;	  
    double result = Math.cos(1/x); // returnsReturns NaN when input is infinity
    if (Double.isNaN(result)) { 
      System.out.println("result is NaN");
    }
  }
}

Risk Assessment

Comparisons with NaN values can lead to unexpected results.

Guideline

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

NUM10

NUM07-J

low

Low

Probable

probable

Yes

medium

Yes

P4

P6

L3

L2

Automated Detection

Automated detection of floating point comparison operators with NaN is straightforward. Sound determination of whether the possibility of an unordered result has been correctly handled is not feasible in the general case. Heuristic checks could be useful.

FindBugs checks for the specific case of comparison with a constant NaN.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

Wiki Markup
\[[FindBugs 2008|AA. Bibliography#FindBugs 08]\] FE: Doomed test for equality to NaN
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 4.2.3, Floating-Point Types, Formats, and Values|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3]

ToolVersionCheckerDescription
Klocwork

Include Page
Klocwork_V
Klocwork_V

JAVA.COMPARE.NAN
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.NUM07.NANAvoid comparisons to Double.NaN or Float.NaN
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6038

Bibliography


...

Image Added Image Added Image AddedNUM09-J. Use the strictfp modifier for floating point calculation consistency across platforms      03. Numeric Types and Operations (NUM)      NUM11-J. Check floating point inputs for exceptional values