Page History

...

Errors

...

during

...

floating

...

point

...

operation

...

are

...

often

...

ignored

...

by

...

the

...

applications;

...

instead

...

much

...

effort

...

is

...

only

...

in

...

validating

...

the

...

operands

...

before

...

an

...

operation.

...

This

...

recommendation

...

suggests

...

ways

...

to

...

capture

...

errors

...

during

...

floating

...

point

...

operations.

...

What

...

makes

...

it

...

difficult

...

to

...

detect

...

these

...

errors

...

is

...

that

...

the

...

application

...

will

...

not

...

abort

...

or

...

even

...

complain

...

when

...

these

...

exceptions

...

occur.

...

 For example,

...

 while the

...

following

...

statement

}
int j = 0;
int iResult = 1 / j;
{code}

readily

...

generates

...

a

...

runtime

...

error

...

/

...

exception

...

,

...

whereas

}
double x = 0.0;
double dResult = 1 / x;
{code}

generates

...

no

...

error

...

messages.

...

Though the floating point exception conditions and handling is standardized by IEEE \[1\], the Operating Systems implement support for handling floating point errors and other conditions in different ways.

...

Non-Compliant Code Example

In this NCCE, floating point operations are carried out and there is no observation for errors during floating point operations. Please note the range check on various operands for the operations has been intentionally ignored, since our intention is capture the errors during a floating point operation.

 System \\ || Handling FP errors ||
| Linux \\
Solaris 10 \\
Mac OS X 10.5 \\
Fedora Core 5 | C99 FP functions - These functions are declared in fenv.h \[2\] \\
Before fenv.h based functions were standardized; an alternative to using these C99/fenv function is using ieee_flags and ieee_handler   |
| Windows \\ | Structured Exception Handling - user defined handler \_fpieee_flt \[3\] \\
  \\ |
*Non-Compliant Code Example*

In this NCCE, floating point operations are carried out and there is no observation for errors during floating point operations. Please note the range check on various operands for the operations has been intentionally ignored, since our intention is capture the errors during a floating point operation.
{code:bgColor=#FFCCCC}
fpOper_noErrorChecking()
{
	...
	double a = 1e-40, b, c = 0.1;
	float x = 0, y;
	// inexact and underflows
	y = a;
	// divide by zero operation
	b = y / x;
	// inexact (loss of precision)
	c = sin(30) * a;
	...
}
{code}
*

Compliant

...

Solution

...

Here

...

is

...

an

...

example

...

that

...

demonstrates

...

how

...

to

...

handle

...

FP

...

operations

...

using

...

the

...

FP

...

functions

...

as

...

standardized

...

in

...

C99.

{:=

Code Block
bgColor	#ccccff
} #include <fenv.h> fpOper_fenv() { double a = 1e-40, b, c = 0.1; float x = 0, y; int fpeRaised; /* ........ */ feclearexcept(FE_ALL_EXCEPT); // Store a into y is inexact and underflows: y = a; fpeRaised = fetestexcept(FE_ALL_EXCEPT); // fpeRaised has FE_INEXACT and FE_UNDERFLOW feclearexcept(FE_ALL_EXCEPT); // divide by zero operation b = y / x; fpeRaised = fetestexcept(FE_ALL_EXCEPT); // fpeRaised has FE_DIVBYZERO feclearexcept(FE_ALL_EXCEPT); c = sin(30) * a; fpeRaised = fetestexcept(FE_ALL_EXCEPT); // fpeRaised has FE_INEXACT feclearexcept(FE_ALL_EXCEPT); ..... } {code} h3.

Implementation-Specific

...

Details

...

Windows

...

OS

...

nor

...

the

...

libraries

...

with

...

MS

...

Visual

...

studio

...

support

...

C99

...

functions,

...

instead

...

Structured

...

Exception

...

Handling

...

is

...

used

...

to

...

handle

...

for

...

FP

...

operation

...

.

...

  Windows

...

also

...

provides

...

an

...

alternative

...

method

...

to

...

get

...

the

...

FP

...

exception

...

code

...

-

...

using

...

_statusfp/_statusfp2.

Code Block
{code} fpOper_usingStatus() { .... double a = 1e-40, b, c; float x = 0, y; unsigned int rv = _clearfp() ; // Store into y is inexact and underflows: y = a; rv = _clearfp() ; //rv has _SW_INEXACT and _SW_UNDERFLOW // zero-divide b = y / x; rv = _clearfp() ; //rv has _SW_ZERODIVIDE // inexact c = sin(30) * a; rv = _clearfp() ;//rv has _SW_INEXACT ....} {code}

Using

...

the

...

SEH

...

allows

...

the

...

programmer

...

to

...

change

...

the

...

results

...

of

...

the

...

FP

...

operation

...

that

...

caused

...

the

...

error

...

condition.

...

Using

...

SEH

...

also

...

provides

...

more

...

information

...

about

...

the

...

error

...

condition

Code Block

 fp_usingSEH() {       ...       double a = 1e-40, b, c = 0.1;       float x = 0, y;       unsigned int rv ;       unmask_fp();       \_try       {           // Store into y is inexact and underflows:           y = a;           // divide by zero operation           b = y / x;           // inexact           c = sin(30) * a;        }        \_except (_fpieee_flt (GetExceptionCode(), GetExceptionInformation(), fpieee_handler))        {                printf ("fpieee_handler: EXCEPTION_EXECUTE_HANDLER");         }         ... } void unmask_fpsr(void) {      unsigned int u;      unsigned int control_word;      \_controlfp_s(&control_word, 0, 0);      u = control_word & \~(_EM_INVALID \| \_EM_DENORMAL \| \_EM_ZERODIVIDE               \| \_EM_OVERFLOW \| \_EM_UNDERFLOW \| \_EM_INEXACT);       \_controlfp_s( &control_word, u, \_MCW_EM);       return ; } int fpieee_handler (_FPIEEE_RECORD \*ieee) {     // ...     switch(ieee->RoundingMode)     {         case \_FpRoundNearest:         // ....         break;         /\* Other RMs include \_FpRoundMinusInfinity, \_FpRoundPlusInfinity, \_FpRoundChopped \*/         // ....     }     switch(ieee->Precision)     {         case \_FpPrecision24:         // ....        break;        /\* Other Ps include \_FpPrecision53*/        // ....    }    switch(ieee->Operation)    {       case \_FpCodeAdd:       // ...       break;       /\* Other Ops include \_FpCodeSubtract, \_FpCodeMultiply, \_FpCodeDivide, \_FpCodeSquareRoot, \_FpCodeCompare, \_FpCodeConvert, \_FpCodeConvertTrunc \*/       // ....    }    // process the bitmap ieee->Cause    // process the bitmap ieee->Enable    // process the bitmap ieee->Status    // process the Operand ieee->Operand1, evaluate format and Value    // process the Operand ieee->Operand2, evaluate format and Value    // process the Result ieee->Result, evaluate format and Value    // the result should be set according to the operation specified in ieee->Cause and the result format as specified in ieee->Result    // the Result set is based on the    ... }\\ *

Risk

...

Assessment

...

The

...

Floating

...

point

...

exceptions

...

if

...

they

...

go

...

undetected

...

will

...

cause

...

one

...

or

...

more

...

of

...

these

...

conditions

...

-

...

security

...

vulnerability,

...

lower

...

program

...

efficiency

...

and

...

generate

...

inaccurate

...

results.

...

Most

...

processors

...

stall

...

for significant duration (sometimes upto a second or even more on 32bit desktop processors) when an operation incur a NaN.

References

Wiki Markup
\[1\] IEEE standard for binary floating-point arithmetic

...

http://ieeexplore.ieee.org/xpl/standardstoc.jsp?isnumber=1316http://ieeexplore.ieee.org/xpl/standardstoc.jsp?isnumber=

...

1316^{Image Added}

Wiki Markup
\[2\] fenv.h - Floating point environment

...

http://www.opengroup.org/onlinepubs/009695399/basedefs/fenv.h.htmlhttp://www.opengroup.org/onlinepubs/009695399/basedefs/fenv

...

.h.html^{Image Added}

Wiki Markup
\[3\] MSDN - CRT - fpieee_flt

...

http://msdn2.microsoft.com/en-us/library/te2k2f2t(VS.80).aspxhttp://msdn2.microsoft.com/en-us/library/te2k2f2t(VS.80).

...

aspx^{Image Added}

Wiki Markup
\[4\] Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture

...

ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdfftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.

...

pdf^{Image Added}

Wiki Markup
\[5\] Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability

...

http://www.securityfocus.com/bid/10538/discuss

...

^{Image Added}

Wiki Markup
\[6\] ARM support for floating-point computations

...

http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htmhttp://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.

...

htm^{Image Added}