SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 36

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ordinarily, all of the mantissa bits are used to express significant figures, in addition to a leading 1, which is implied and therefore left out. Consequently, floats ordinarily have 24 significant bits of precision, and doubles ordinarily have 53 significant bits of precision. Such numbers are called normalized numbers. All floating-point numbers are limited in the sense that they have fixed precision. See FLP00-C. Understand the limitations of floating-point numbers.

Mantissa bits are used to express extremely small numbers that are too small to encode normally because of the lack of available exponent bits. Using mantissa bits extends the possible range of exponents. Because these bits no longer function as significant bits of precision, the total precision of extremely small numbers is less than usual. Such numbers are called denormalized, and they are more limited than normalized numbers. However, even using normalized numbers where precision is required can pose a risk. See FLP02-C. Avoid using floating-point numbers when precise computation is needed for more information.

Using denormalized numbers can severely impair the precision of floating-point numbers and should not be used.

...

Denormalized numbers can also be troublesome because some functions have implementation-defined behavior when used with denormalized values. For example, using the %a or $%A conversion specifier in a format string can produce implementation defined results when applied to denormalized numbers.

Section 7.21.6.1, para. paragraph 8, of the C standard Standard [ISO/IEC 9899:2011], states:

...

Code Block
#include<stdio.h>
float x = 0x1p-125;
double y = 0x1p-1020;

printf("normalized float with %%e    : %e\n", x);
printf("normalized float with %%a    : %a\n", x);
x = 0x1p-140;
printf("denormalized float with %%e  : %e\n", x);
printf("denormalized float with %%a  : %a\n", x);
printf("normalized double with %%e   : %e\n", y);
printf("normalized double with %%a   : %a\n", y);
y = 0x1p-1050;
printf("denormalized double with %%e : %e\n", y);
printf("denormalized double with %%a : %a\n", y);

Implementation Details

On a 32-bit Linux machine using GCC version 4.3.2, this code produces the following output:

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

CERT Oracle Secure Coding Standard for Java

...

NUM05-J. Do not use denormalized numbers

...

Bibliography

[Bryant 2003]Section 2.4, "Floating Point"

ISO/IEC 9899:2011

...

[IEEE 754]

...

 
[ISO/IEC 9899:2011]Section 7.21.6.1, "The fprintf Function"

Image Modified