SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 95

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 96

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update parasoft

...

A less portable but potentially more secure solution is to use the capabilities provided by the underlying implementation. If this approach is taken, the caveats of that system must be well understood. The following table provides a starting point for some common operating systems:

Operating System

How to Handle Floating-Point Errors

Linux
Solaris 10
AIX 5.3
HP-UX 11.31
Mac OS X 10.5

Use the C floating-point exception functions

Windows

Use either the C floating-point exception functions or structured exception handling through _fpieee_flt [MSDN]

Noncompliant Code Example

...

Undetected floating-point errors may result in lower program efficiency, inaccurate results, or software vulnerabilities. Most processors stall for a significant duration when an operation incurs a NaN (not a number) value.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FLP03-C

Low

Probable

High

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
float-division-by-zeroPartially checked
Compass/ROSE

 

 



Could detect violations of this rule by ensuring that floating-point operations are surrounded by feclearexcept() and fetestexcept(). It would need to look for type conversions to float or double, divisions (by a number not known to be nonzero), and multiplication. It may be wisest to apply this to all floating-point operations in general

LDRA tool suite
Include Page
LDRA_V
LDRA_V
43 DPartially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
BD-PB-ZERO, MISRA2004-10_2_
{
b,  MISRA2004-10_2_c,  MISRA2004-10_2_d
}
Partially implemented
Implemented
Parasoft Insure++
  


Runtime analysis
Polyspace Bug FinderR2016a

Float conversion overflow

Float overflow

Invalid use of standard library floating point routine

Float division by zero

Overflow when converting between floating point data types

Overflow from operation between floating points

Wrong arguments to standard library function

Dividing floating point number by zero

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID FLP03-CPP. Detect and handle floating point errors
MITRE CWECWE-369, Divide by zero

Bibliography

[IEEE Std 1003.1:2013]XBD, Headers, <fenv.h>
[Intel 2001]
 

[ISO/IEC 9899:2011]Subclause 7.6.2, "Floating-Point Exceptions"
[Keil 2008]
 

[MSDN]"fpieee_flt (CRT)"
[SecurityFocus 2007]
 

...



...