SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user cjohns

Saved on

compared with

New Version 15

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This recommendation suggests ways to capture errors during floating point operations. What makes it difficult to detect these errors is that the application will not abort or even complain when these exceptions they occur.  For For example,  while the following statement generates a runtime error or exception.

Code Block
int j = 0;
int iResult = 1 / j;

readily generates a runtime error / exception , whereasThis one, however, generates no error messages.

Code Block
double x = 0.0;
double dResult = 1 / x;

generates no error messages.

Wiki Markup
Though the floating point exception conditions and handling isare standardized by IEEE \[1\], theoperating Operating Systemssystems implement support for handling floating point errors and other conditions in different ways.

Operating System

Handling FP errors

Linux
Solaris 10
Mac OS X 10.5
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00bca3bf62c39cc7-5d3c6872-46964f8b-bda3b21e-aceed3c35b69e306d5c064bd"><ac:plain-text-body><![CDATA[Fedora Core 5

C99 FP functions - These functions are declared in fenv.h [2]
]]></ac:plain-text-body></ac:structured-macro>
Before fenv.h based functions were standardized; an alternative to using these C99/fenv() function is using ieee_flags and ieee_handler

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="59d6cdaf97affecc-cf78f8db-408c4cf0-a3169335-568dfb209aa3843a02ba8a48"><ac:plain-text-body><![CDATA[

Windows

Structured Exception Handling - user defined handler _fpieee_flt [3]
]]></ac:plain-text-body></ac:structured-macro>
 

...

In this NCCE, floating point operations are carried out and there is no observation for errors during floating point operations. Please note that the range check on various operands for the operations has been intentionally ignored , since our intention is because we intend to capture the errors during a floating point operation.

...

MS Visual Studio 2008 and earlier does not support the C99 functions to handle floating point errors. Windows provides an alternative method to get the floating point exception code using _statusfp(), _statusfp2(), and _clearfp().

...

MS Visual Studio 2008 also uses structured exception handling (SEH) is used to handle for floating point operation. Using the SEH allows the programmer to change the results of the floating point operation that caused the error condition. Using SEH also provides more information about the error condition.

Code Block
bgColor#ccccff
fp_usingSEH() {
  /* ... */
  double a = 1e-40, b, c = 0.1;
  float x = 0, y;
  unsigned int rv ;

  unmask_fp();

  _try {
    /* Store into y is inexact and underflows */
    y = a;

    /* divide by zero operation */
    b = y / x;

    /* inexact */
    c = sin(30) * a;
  }

  _except (_fpieee_flt (GetExceptionCode(), GetExceptionInformation(), fpieee_handler)) {
	printf ("fpieee_handler: EXCEPTION_EXECUTE_HANDLER");
  }

  /* ... */
}

void unmask_fpsr(void) {
  unsigned int u;
  unsigned int control_word;
  _controlfp_s(&control_word, 0, 0);
  u = control_word & ~(_EM_INVALID \| _EM_DENORMAL \| _EM_ZERODIVIDE | _EM_OVERFLOW | _EM_UNDERFLOW | _EM_INEXACT);
  _controlfp_s( &control_word, u, _MCW_EM);
  return ;
}

int fpieee_handler(_FPIEEE_RECORD *ieee) {
  /* ... */

  switch(ieee->RoundingMode) {
    case _FpRoundNearest:
      /* ... */
      break;

      /* Other RMs include _FpRoundMinusInfinity, _FpRoundPlusInfinity, _FpRoundChopped */
      /* ... */
    }

  switch(ieee->Precision) {
    case _FpPrecision24:
      /* ... */
      break;

      /* Other Ps include _FpPrecision53*/
      /* ... */
    }

   switch(ieee->Operation) {
     case _FpCodeAdd:
       /* ... */
       break;

       /* Other Ops include _FpCodeSubtract, _FpCodeMultiply, _FpCodeDivide, _FpCodeSquareRoot, _FpCodeCompare, _FpCodeConvert, _FpCodeConvertTrunc */
       /* ... */
    }

  /* process the bitmap ieee->Cause */
  /* process the bitmap ieee->Enable */
  /* process the bitmap ieee->Status */
  /* process the Operand ieee->Operand1, evaluate format and Value */
  /* process the Operand ieee->Operand2, evaluate format and Value */
  /* process the Result ieee->Result, evaluate format and Value */
  /* the result should be set according to the operation specified in ieee->Cause and the result format as specified in ieee->Result */
  /* the Result set is based on the */
  /* ... */
}

Risk Assessment

The Floating If floating point exceptions if they go undetected, they will cause one or more of these conditions - : a security vulnerability, lower program efficiency, and generate inaccurate results. Most processors stall for a significant duration (sometimes upto a up to a second or even more on 32bit 32-bit desktop processors) when an operation incur incurs a NaN.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FLP03-A

1 (low)

2 (probable)

2 (medium)

P4

L3

...