...
| Wiki Markup |
|---|
When precise computation is necessary, use alternative representations that can accurately represent the values. For example, if you are performing arithmetic on decimal values and need an exact decimal rounding, represent the values in binary-coded decimal instead of using floating-point values. Another option is decimal floating-point arithmetic as specified by ANSI/IEEE 754-2007. ISO/IEC WG14 has drafted a proposal to add support for decimal floating-point arithmetic to the C language \[[ISO/IEC DTR 24732|AA. Bibliography#ISO/IEC DTR 24732]\]. |
| Wiki Markup |
|---|
When precise computation is necessary, carefully and methodically estimate the maximum cumulative error of the computations, regardless of whether decimal or binary is used, to ensure that the resulting error is within tolerances. Consider using numerical analysis to properly understand the problem. An introduction can be found in \[[Goldberg 1991|AA. Bibliography#Goldberg 91]\]. |
...
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: FLP02-CPP. Avoid using floating point numbers when precise computation is needed
Java The CERT Oracle Secure Coding Standard for Java: FLP00-J. Avoid using floating point numbers when precise computation is needed
ISO/IEC TR 24772 "PLF Floating Point Arithmetic"
Bibliography
| Wiki Markup |
|---|
\[[Goldberg 1991|AA. Bibliography#Goldberg 91]\]
\[[IEEE 754 2006|AA. Bibliography#IEEE 754 2006]\]
\[[ISO/IEC JTC1/SC22/WG11|AA. Bibliography#ISO/IEC JTC1/SC22/WG11]\]
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "PLF Floating Point Arithmetic"
\[[ISO/IEC DTR 24732|AA. Bibliography#ISO/IEC DTR 24732]\] |
...
FLP01-C. Take care in rearranging floating point expressions 05. Floating Point (FLP) FLP03-C. Detect and handle floating point errors