SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 166

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 167

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

The following table lists the double forms of standard mathematical functions, along with checks that should be performed to ensure a proper input domain, and indicates whether they can also result in range or pole errors, as reported by the C Standard. Both float and long double forms of these functions also exist but are omitted from the table for brevity. If a function has a specific domain over which it is defined, the programmer must check its input values. The programmer must also check for range errors where they might occur. The standard math functions not listed in this table, such as fabs(), have no domain restrictions and cannot result in range or pole errors.

Function

Domain

Range

Pole 

acos(x)

-1 <= x && x <= 1

No

No
asin(x)-1 <= x && x <= 1YesNo
atan(x)NoneYesNo

atan2(y, x)

x != 0 && y != 0

No

No

acosh(x)

x >= 1

Yes

No
asinh(x)NoneYesNo

atanh(x)

-1 < x && x < 1

Yes

Yes

cosh(x), sinh(x)

None

Yes

No

exp(x), exp2(x), expm1(x)

None

Yes

No

ldexp(x, exp)

None

Yes

No

log(x), log10(x), log2(x)

x >= 0

No

Yes

log1p(x)

x >= -1

No

Yes

ilogb(x)

x != 0 && !isinf(x) && !isnan(x)

Yes

No
logb(x)x != 0Yes Yes

scalbn(x, n), scalbln(x, n)

None

Yes

No

hypot(x, y)

None

Yes

No

pow(x,y)

x > 0 || (x == 0 && y > 0) ||
(x < 0 && y is an integer)

Yes

Yes

sqrt(x)

x >= 0

No

No
erf(x)NoneYesNo

erfc(x)

None

Yes

No

lgamma(x), tgamma(x)

x != 0 && ! (x < 0 && x is an integer)

Yes

Yes

lrint(x), lround(x)

None

Yes

No

fmod(x, y), remainder(x, y),
remquo(x, y, quo)

y != 0

Yes

No

nextafter(x, y),
nexttoward(x, y)

None

Yes

No

fdim(x,y)

None

Yes

No 

fma(x,y,z)

None

Yes

No

Domain and Pole Checking

The most reliable way to handle domain and pole errors is to prevent them by checking arguments beforehand, as in the following exemplar:

...

Failure to prevent or detect domain and range errors in math functions may cause unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP32-C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

BD-API-VALPARAMImplemented
Polyspace Bug FinderR2016aInvalid use of standard library floating point routine

Wrong arguments to standard library function

 PRQA QA-C 9.1 5025
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardFLP03-C. Detect and handle floating-point errorsPrior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-682, Incorrect Calculation2017-07-07: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

...

  • Incorrect calculations that do not involve floating-point range errors


Bibliography

[ISO/IEC 9899:2011]

7.3.2, "Conventions"
7.12.1, "Treatment of Error Conditions"
F.10.7, "Remainder Functions" 

[IEEE 754 2006 ]
 

[Plum 1985]Rule 2-2
[Plum 1989]Topic 2.10, "conv—Conversions and Overflow"
[UNIX 1992]System V Interface Definition (SVID3)

...


...