The Java language provides two primitive types, {{float}} and {{double}}, which "are conceptually associated with the single-precision 32-bit and double-precision 64-bit format IEEE 754 values and operations as specified in _IEEE Standard for Binary Floating-Point Arithmetic_, ANSI/IEEE Standard 754-1985 (IEEE, New York)" (\[[JLS 2005|AA. Bibliography#JLS 05]\], [Section 4.2.3|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3], "Floating-Point Types, Formats, and Values"). Each of the floating point types has a fixed, limited number of mantissa bits. Consequently, it is impossible to precisely represent any irrational number (for example, pi). Further, because these types use a binary mantissa, they cannot precisely represent many finite decimal numbers, such as 1/10, because these numbers have repeating binary representations. |
Avoid using the primitive floating point types when precise computation is necessary. Avoid them especially when performing currency calculations. Instead, consider alternative representations that are able to completely represent the necessary values. Whatever representation you choose, you must carefully and methodically estimate the maximum cumulative error of the computations to ensure that the resulting error is within acceptable tolerances. Consider using numerical analysis to properly understand the problem. See \[[Goldberg 1991|AA. Bibliography#Goldberg 91]\] for an introduction to these issues. |
This noncompliant code example performs some basic currency calculations.
double dollar = 1.00;
double dime = 0.10;
int number = 7;
System.out.println ("A dollar less " + number + " dimes is $" +
(dollar - number * dime) );
|
Because the value 1/10 lacks an exact representation in either Java floating point type — and, indeed, in any floating point format that uses a binary mantissa — this program prints
A dollar less 7 dimes is $0.29999999999999993 |
This compliant solution uses an integer type (such as long) and works with cents rather than dollars.
long dollar = 100;
long dime = 10;
int number = 7;
System.out.println ("A dollar less " + number + " dimes is " +
(dollar - number * dime) + " cents" );
|
This code correctly outputs:
A dollar less 7 dimes is 30 cents |
This compliant solution uses the BigDecimal type which provides exact representation of decimal values. Note that on most platforms computations performed using BigDecimal are less efficient than those performed using primitive types. The importance of this reduced efficiency is application-specific.
import java.math.BigDecimal;
BigDecimal dollar = new BigDecimal("1.0");
BigDecimal dime = new BigDecimal("0.1");
int number = 7;
System.out.println ("A dollar less " + number + " dimes is $" +
(dollar.subtract(new BigDecimal(number).multiply(dime) )) );
|
This code outputs:
A dollar less 7 dimes is $0.3 |
Using a representation other than floating point can allow for more precision and accuracy for critical arithmetic.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FLP00-J |
low |
probable |
high |
P2 |
L3 |
Automated detection of floating point arithmetic is straight-forward; determining which code suffers from insufficient precision is not feasible in the general case. Heuristic checks, such as flagging floating point literals that cannot be represented precisely, may be useful.
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
C Secure Coding Standard: FLP02-C. Avoid using floating point numbers when precise computation is needed
C++ Secure Coding Standard: FLP02-CPP. Avoid using floating point numbers when precise computation is needed
\[[Bloch 2008|AA. Bibliography#Bloch 08]\] Item 48: Avoid {{float}} and {{double}} if exact answers are required
\[[Bloch 2005|AA. Bibliography#Bloch 05]\] Puzzle 2: Time for a Change
\[[Goldberg 1991|AA. Bibliography#Goldberg 91]\]
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 4.2.3|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.3], "Floating-Point Types, Formats, and Values" |
Floating Point (FLP) Floating Point (FLP) FLP01-J. Take care in rearranging floating point expressions