...
When precise computation is necessary, carefully and methodically estimate the maximum cumulative error of the computations, regardless of whether decimal or binary is used, to ensure that the resulting error is within tolerances. Consider using numerical analysis to properly understand the problem. An introduction can be found in David Goldberg's "What Every Computer Scientist Should Know about Floating-Point Arithmetic" [Goldberg 1991].
Noncompliant Code Example
...
Using a representation other than floating point may allow for more accurate results.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FLP02-C |
Low |
Probable |
High | P2 | L3 |
Automated Detection
Checks for floating
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| float-comparison | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-FLP02 | |||||||
| Compass/ROSE |
Can detect violations of this recommendation. In particular, it checks to see if the arguments to an equality operator are of a floating-point type | |||||||||
| Helix QAC |
| C0790 | |||||||
| LDRA tool suite |
| 56 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-FLP02-a | Floating-point expressions shall not be tested for equality or inequality | ||||||
| PC-lint Plus |
| 777, 9252 | Partially supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rec. FLP02-C | Checks for floating point comparison with equality operators (rec. partially covered) | ||||||
| PVS-Studio |
| V550 | |||||||
| RuleChecker |
| float-comparison | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
Related Guidelines
| SEI CERT C++ |
Bibliography
...
...