...
Rearrangement for floating-point expressions is often restricted because of limitations in precision as well as range. The implementation cannot generally apply the mathematical associative rules for addition or multiplication, nor the distributive rule, because of roundoff error, even in the absence of overflow and underflow. Likewise, implementations cannot generally replace decimal constants to rearrange expressions. In the following fragment, rearrangements suggested by mathematical rules for real numbers are often not valid.
Code Block double x, y, z; /* ... */ x = (x * y) * z; /* not equivalent to x *= y * z; */ z = (x - y) + y ; /* not equivalent to z = x; */ z = x + x * y; /* not equivalent to z = x * (1.0 + y); */ y = x / 5.0; /* not equivalent to y = x * 0.2; */
Risk Assessment
Failing to understand the limitations in precision of floating point represented numbers and the implications of this on the arrangement of expressions can cause unexpected arithmetic results.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FLP01-A | 1 ( low ) | 2 ( probable ) 2 ( | medium ) | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.2.3, "Program execution" |
...
FLP00-A. Consider avoiding floating point numbers when precise computation is needed 05. Floating Point (FLP) FLP02-A. Understand the caveats of floating point exceptions