SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Abhijit Rao

Saved on

compared with

New Version 9

changes.mady.by.user Abhijit Rao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Operating System

Handling FP errors

Linux
Solaris 10
Mac OS X 10.5
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b0aa51f4540c8c1d-3fd02388-4e9c46bf-9f87a741-3615445b6465546f9f4a8662"><ac:plain-text-body><![CDATA[Fedora Core 5

C99 FP functions - These functions are declared in fenv.h [2]
]]></ac:plain-text-body></ac:structured-macro>
Before fenv.h based functions were standardized; an alternative to using these C99/fenv function is using ieee_flags and ieee_handler  

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ef3d678a7ee50c0f-f1489ff8-4b6d4429-a9adb4b1-8c88df0da675b3c2dbada8a7"><ac:plain-text-body><![CDATA[

Windows

Structured Exception Handling - user defined handler _fpieee_flt [3]
]]></ac:plain-text-body></ac:structured-macro>
 

Non-Compliant Code Example

In this NCCE, floating point operations are carried out and there is no observation for errors during floating point operations. Please note the range check on various operands for the operations has been intentionally ignored, since our intention is capture the errors during a floating point operation.

Code Block
bgColor#FFCCCC
fpOper_noErrorChecking() {
	...
	double a = 1e-40, b, c = 0.1;
	float x = 0, y;
	// inexact and underflows
	y = a;
	// divide by zero operation
	b = y / x;
	// inexact (loss of precision)
	c = sin(30) * a;
	...
}

Compliant Solution

Here is an example that demonstrates how to handle FP operations using the FP functions as standardized in C99.

Code Block
bgColor#ccccff
#include <fenv.h>

fpOper_fenv() {
      double a = 1e-40, b, c = 0.1;
      float x = 0, y;
      int fpeRaised;
      /* ... */

      feclearexcept(FE_ALL_EXCEPT);
      // Store a into y is inexact and underflows:
      y = a;
      fpeRaised = fetestexcept(FE_ALL_EXCEPT);
      // fpeRaised  has FE_INEXACT and FE_UNDERFLOW

      feclearexcept(FE_ALL_EXCEPT);

      // divide by zero operation
      b = y / x;
      fpeRaised = fetestexcept(FE_ALL_EXCEPT);
      // fpeRaised has FE_DIVBYZERO

      feclearexcept(FE_ALL_EXCEPT);

      c = sin(30) * a;
      fpeRaised = fetestexcept(FE_ALL_EXCEPT);
      // fpeRaised has FE_INEXACT

      feclearexcept(FE_ALL_EXCEPT);
	.....
}

Implementation-Specific Details

Windows OS nor the libraries with MS Visual studio support C99 functions, instead Structured Exception Handling is used to handle for FP operation. Windows also provides an alternative method to get the FP exception code - using _statusfp/_statusfp2 and/or _clearfp.

...

Code Block
fp_usingSEH() {
  /* ... */
  double a = 1e-40, b, c = 0.1;
  float x = 0, y;
  unsigned int rv ;

  unmask_fp();

  _try {
	// Store into y is inexact and underflows:
	y = a;

	// divide by zero operation
	b = y / x;

	// inexact
	c = sin(30) * a;
  }

  _except (_fpieee_flt (GetExceptionCode(), GetExceptionInformation(), fpieee_handler)) {
	printf ("fpieee_handler: EXCEPTION_EXECUTE_HANDLER");
  }

   ...
}

void unmask_fpsr(void)
{
      	unsigned int u;
      	unsigned int control_word;
	_controlfp_s(&control_word, 0, 0);
	u = control_word & ~(_EM_INVALID \| _EM_DENORMAL \| _EM_ZERODIVIDE | _EM_OVERFLOW | _EM_UNDERFLOW | _EM_INEXACT);
	_controlfp_s( &control_word, u, _MCW_EM);
	return ;
}

int fpieee_handler (_FPIEEE_RECORD *ieee)
{
	// ...

	switch(ieee->RoundingMode) {
		case _FpRoundNearest:
			// ....
		break;

		/* Other RMs include _FpRoundMinusInfinity, _FpRoundPlusInfinity, _FpRoundChopped */
			// ....
	}

	switch(ieee->Precision) {
		case _FpPrecision24:
		// ....
		break;

		/* Other Ps include _FpPrecision53*/
		// ....
	}

	switch(ieee->Operation) {
		case _FpCodeAdd:
		 // ...
		break;

		/* Other Ops include _FpCodeSubtract, _FpCodeMultiply, _FpCodeDivide, _FpCodeSquareRoot, _FpCodeCompare, _FpCodeConvert, _FpCodeConvertTrunc */
		// ....
	}

 	// process the bitmap ieee->Cause
	// process the bitmap ieee->Enable
	// process the bitmap ieee->Status
	// process the Operand ieee->Operand1, evaluate format and Value
	// process the Operand ieee->Operand2, evaluate format and Value
	// process the Result ieee->Result, evaluate format and Value
	// the result should be set according to the operation specified in ieee->Cause and the result format as specified in ieee->Result
	// the Result set is based on the
	// ...
}

Risk Assessment

The Floating point exceptions if they go undetected will cause one or more of these conditions - security vulnerability, lower program efficiency and generate inaccurate results. Most processors stall for significant duration (sometimes upto a second or even more on 32bit desktop processors) when an operation incur a NaN.

References

Wiki Markup
\[1\] IEEE standard for binary floating-point arithmetic
[http://ieeexplore.ieee.org/xpl/standardstoc.jsp?isnumber=1316]

...