...
The C Standard, 6.3.1.4, paragraph 1 2 [ISO/IEC 9899:20112024], says,
When a finite value of real decimal floating type is converted to an integer type other than
_Bool
bool, the fractional part is discarded (i.e. , the value is truncated toward zero). If the value of the integral part cannot be represented by the integer type, the behavior is undefinedthe "invalid" floating-point exception shall be raised and the result of the conversion is unspecified.
Paragraph 2 of the same subclause says,
When a value of integer type is converted to a real standard floating type, if the value being converted can be represented exactly in the new type, it is unchanged. If the value being converted is in the range of values that can be represented but cannot be represented exactly, the result is either the nearest higher or nearest lower representable value, chosen in an implementation-defined manner. If the value being converted is outside the range of values that can be represented, the behavior is undefined.
And subclause 6.3.1.5, paragraph 1+2, says,
When a value of real floating type is converted to a real floating type, if the value being converted can be represented exactly in the new type, it is unchanged.
When a value of real floating type is converted to a standard floating type, if If the value being converted is in the range of values that can be represented but cannot be represented exactly, the result is either the nearest higher or nearest lower representable value, chosen in an implementation-defined manner. If the value being converted is outside the range of values that can be represented, the behavior is undefined.
See undefined behaviors 17 and 18.
...
Tool | Version | Checker | Description | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported , but no explicit checkerAstrée reports all potential overflows resulting from floating-point conversions. | |||||||||||||||
Compass/ROSE | Can detect some violations of this rule. However, it does not flag implicit casts, only explicit ones | ||||||||||||||||
CodeSonar |
| LANG.TYPE.IAT | Inappropriate Assignment Type | ||||||||||||||
| MISRA_CAST (needs verification) | Can detect instances where implicit float conversion is involved: implicitly converting a complex expression with integer type to floating type, implicitly converting a double expression to narrower float type (may lose precision), implicitly converting a complex expression from | |||||||||||||||
Helix QAC |
| C4450, C4451, C4452, C4453, C4454, C4462, C4465 C++3011 | |||||||||||||||
Klocwork |
| MISRA.CAST.FLOAT.WIDER | |||||||||||||||
LDRA tool suite |
| 435 S, 93 S | Partially implemented | ||||||||||||||
Parasoft C/C++test |
| MISRA2004-10_1_d | Partially implemented | Polyspace Bug Finder | |||||||||||||
Include Page | Polyspace Bug Finder_V | Polyspace Bug Finder_V | CERT_C-FLP34-a CERT_C-FLP34-b | Avoid implicit conversions from wider to narrower floating type | |||||||||||||
PC-lint Plus |
| 735, 736, | Partially supported | ||||||||||||||
Polyspace Bug Finder |
| Checks for float conversion overflow (rule partially covered) | PRQA QA-C | ||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 4450, 4451, | Partially implemented | PRQA QA-C++ | 3011 | |||||||||||
PVS-Studio |
| V615, V2003, V2004 | |||||||||||||||
TrustInSoft Analyzer |
| float_to_int | Exhaustively verified (see one compliant and one non-compliant example). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
[IEEE 754 2006] | |
[ISO/IEC 9899:20112024] | Subclause 6.3.1.4, "Real Floating and Integer" Subclause 6.3.1.5, "Real Floating Types" |
...