SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Aleksandr Karbyshev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Automated Detection table and Axivion Bauhaus entry

...

This applies only to implementations that conforms to the optional Annex F, "IEC 60559 Floating-Point Arithmetic."  The macro __STDC_IEC_559__ can be used to determine whether an implementation conforms to Annex F.

Noncompliant Code Example

This noncompliant code example fails to cast the result of the expression in the return statement and thereby guarantee that the range or precision is no wider than expected. The uncertainty in this example is introduced by the constant 0.1f. This constant may be stored with a range or precision that is greater than that of float. Consequently, the result of x * 0.1f may also have a range or precision greater than that of float. As described previously, this range or precision may not be reduced to that of a float, so the caller of calcPercentage() may receive a value that is more precise than expected. This may lead to inconsistent program execution across different platforms.

Code Block
bgColor#FFcccc
langc
float calc_percentage(float value) {
  return value * 0.1f;
}

void float_routine(void) {
  float value = 99.0f;
  long double percentage;

  percentage = calc_percentage(value);
}

Compliant Solution (

...

within the Function)

This compliant solution casts the value of the expression in the return statement. It forces the return value to have the expected range and precision, as described in subclause 5.2.4.2.2, paragraph 9, of the C Standard [ISO/IEC 9899:2011].

Code Block
bgColor#ccccff
langc
float calc_percentage(float value) {
  return (float)(value * 0.1f);
}

void float_routine(void) {
  float value = 99.0f;
  long double percentage;

  percentage = calc_percentage(value);
}

...


Forcing the range and precision inside the calcPercentage() function is a good way to fix the problem once without having to apply fixes in multiple locations (every time calcPercentage() is called).  This compliant solution uses a temporary variable as the forcing mechanism:
 Code Block
bgColor#ccccff
langc
void float_routine(void) {
  float value = 99.0f;
  long double percentage;
  volatile float temp;

  percentage = temp = calc_percentage(value);
}

  
Compliant Solution (Outside the Function)
Source code to the called function may not always be available. This compliant solution casts the return value of the calcPercentage() function to float to force the correct range and precision when the source of the called function cannot be modified.
 Code Block
bgColor#ccccff
langc
void float_routine(void) {
  float value = 99.0f;
  long double percentage;

  percentage = (float) calc_percentage(value);
}

Risk Assessment
Failure to follow this guideline can lead to inconsistent results across different platforms.
Rule
Severity
Likelihood
Remediation Cost
Priority
Level
FLP37
FLP07-C
Low
Probable
Medium
P4
L3
Automated Detection
Tool
Version
Checker
Description
Axivion Bauhaus Suite
 Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-FLP07
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[ISO/IEC 9899:2011]Subclause 6.8.6.4, "The return Statement"
Annex F.6, "The return Statement"
[WG14/N1396]
 
...


...
Image Modified Image Modified Image Modified