Sonarqube报告任何出现 bigdecimal(double)构造函数作为错误。 description 此规则指的是 javadoc该构造函数的结果可能是不可预测的“ ”;但是在Javadoc中,还有注释#3:“当必须将双重用作bigdecimal的来源时,请注意,该构造函数提供了精确的转换” 非常重要的IMBOT Sonarqube。
该描述提供了这个不合规的例子:
BigDecimal bd2 = new BigDecimal(1.1);
我完全同意它,但是让我们考虑一个这样的案例:
BigDecimal bd = new BigDecimal(Math.sqrt(123.45));
Sonarqube与前一个相似的案例报告为错误,但我认为它应该标记为假阳性,因为此用例指的是Javadoc的注释3。
Sonarqube的描述也指此页面说:“不要从浮点文字中构造bigdecimal对象” :它更具限制性,并且适用于第一个示例,但不适用于第二个示例。
因此,问题是:我们是否应该机械地更改Sonarqube建议的 bigdecimal(double)的任何出现?我猜不是,但是 sonarqube文档说“对于代码气味和虫子,期望零false pentives” ,我很惊讶Sonarqube在此用例中如此误导性。
最后,请注意,在这篇文章但是我的问题完全不同。
SonarQube reports any occurrence of the BigDecimal(double) constructor as a bug. The description of this rule refers to the note #1 in the JavaDoc that says "The results of this constructor can be somewhat unpredictable"; but in the JavaDoc there is also the note #3: "When a double must be used as a source for a BigDecimal, note that this constructor provides an exact conversion" that is very important IMHO and it's ignored by SonarQube.
The description provides this non-compliant example:
BigDecimal bd2 = new BigDecimal(1.1);
and I fully agree with it, but let's consider a case like this one:
BigDecimal bd = new BigDecimal(Math.sqrt(123.45));
It is reported as a bug by SonarQube just like the previous one but I think it should be marked as a false positive because this use case refers to note #3 of the JavaDoc.
The description from SonarQube also refers to this page but it provides a different rule that says "Do not construct BigDecimal objects from floating-point literals": it is more restrictive and it applies to the first example but not to the second one.
So the question is: should we mechanically change any occurrence of BigDecimal(double) as suggested by SonarQube? I guess no but SonarQube documentation says "For Code Smells and Bugs, zero false-positives are expected" and I'm surprised that SonarQube is so misleading on this use case.
Finally note that BigDecimal(double) in the context of SonarQube is discussed also in this post but my question is quite different.
发布评论