SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 30 Next »

String representations of floating point values can lead to incorrect conclusions about the precision of the values. For example, consider converting a value of type float to the type double, a widening primitive conversion. Refer to the guideline FLP10-J. Avoid casting primitive integer types to floating-point types without range checks for more details about such conversions. When the value of the float variable must be represented exactly using the double type, an explicit assignment is more appropriate than first converting the floating point value to a String and then to a double.

Noncompliant Code Example

This noncompliant code example obtains the result of 1/1000.0 and represents it as a String. However, even though the resulting value is precise, an extra zero digit is appended at the end. Any operations on the string, such as comparisons, can yield incorrect results.

int i = 1;
String s = Double.valueOf (i / 1000.0).toString(); // s contains 0.0010
if(s.equals("0.001")) { // Fails
  // Do something
}

Noncompliant Code Example

This noncompliant code example attempts to use a regular expression to eliminate the trailing zeros. However, even though this works for 1/1000.0, for 1/10000.0, it produces the string 1.0E-4, which the regular expression is unable to process as expected. Subsequent comparison operations can still fail.

int i = 1;
String s = Double.valueOf (i / 10000.0).toString(); // s contains 0.0010
s = s.replaceFirst("[.0]*$", "");
// ...

Compliant Solution

This compliant solution uses the BigDecimal class and strips the trailing zeros so that future operations do not fail.

int i = 1;
BigDecimal d = new BigDecimal(Double.valueOf (i / 1000.0).toString()).stripTrailingZeros();
if(d.compareTo(new BigDecimal("0.001")) == 0) { // Passes
  // Do something
}

Risk Assessment

Relying on the string representation of floating point types can result in imprecise values.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

FLP09-J

low

likely

medium

P6

L2

Automated Detection

TODO

Related Vulnerabilities

HV-192

Bibliography

[[API 2006]]
[[JLS 2005]]

FLP08-J. Avoid using floating point literals with the BigDecimal constructor      Floating Point (FLP)      08. Object Orientation (OBJ)

  • No labels