...
Using denormalized numbers can severely impair the precision of floating point numbers and should not be used.
FLP00-C. Understand the limitations of floating point numbers
FLP02-C. Avoid using floating point numbers when precise computation is needed
Noncompliant Code Example
This code attempts to reduce a floating point number to a denormalized value and then restore the value. This operation is very imprecise. FLP02-C
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
float x = 1/3.0;
printf("Original : %e\n", x);
x = x * 7e-45;
printf("Denormalized? : %e\n", x);
x = x / 7e-45;
printf("Restored : %e\n", x);
|
...
If using doubles also produces denormalized numbers some other solution must be found.
...
Denormalized numbers can also be troublesome because some functions have implementation defined behavior when used with denormalized values. For example, using the %a or $%A conversion specifier in a format string can produce implementation defined results when applied to denormalized numbers.
According to ISO/IEC 9899:TC3 §7.19.6.1:
A double argument representing a floating-point number is converted in the style ?0xh.hhhh p±d, where there is one hexadecimal digit (which is nonzero if the argument is a normalized floating-point number and is otherwise unspecified) before the decimal-point character
Relying on the %a and %A specifiers to produce values without a leading zero is error prone.
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FLP05-C | medium | probable | high | P4 | L3 |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[IEEE 754|AA. C References#IEEE 754 2006]\] \[[Bryant 03|AA. C References#Bryant 03]\] Computer Systems: A Programmer's Perspective. Section 2.4 Floating Point \[[ISO/IEC 9899:1999]\] |