Computers can only represent a finite number of digits. As a result, it is impossible to precisely represent repeating binary-representation values such as 1/3 or 1/5 with the most common floating point representation: binary floating point.
When precise computations are necessary, consider alternative representations that may be able to completely represent values. For example, if you are performing arithmetic on decimal values and need an exact decimal rounding, represent the values in binary-coded decimal instead of using floating point. Another option is decimal floating-point arithmetic as specified by ANSI/IEEE 754-2007. ISO/IEC WG14 has drafted a proposal to add support for decimal floating-point arithmetic to the C language [[ISO/IEC DTR 24732]].
When precise computation is necessary, carefully and methodically estimate the maximum cumulative error of the computations, regardless of whether decimal or binary is used, to ensure that the resulting error is within tolerances. Consider using numerical analysis to properly understand the numerical properties of the problem. A useful introduction can be found in [[Goldberg 91]].
Non-Compliant Code Example
This non-compliant code example takes the mean of 10 numbers, and then checks to see if the mean matches the first number. It should, since the 10 numbers are all 10.1. Yet, due to the imprecision of floating-point arithmetic, the computed mean does not match the numbers.
#include <stdio.h>
/* Returns the mean value of the array */
float mean(float array[], int size) {
float total = 0.0;
int i;
for (i = 0; i < size; i++) {
total += array[i];
printf("array[%d] = %f and total is %f\n", i, array[i], total);
}
return total / size;
}
enum {array_size = 10};
float array_value = 10.1;
int main() {
float array[array_size];
float avg;
int i;
for (i = 0; i < array_size; i++) {
array[i] = array_value;
}
avg = mean( array, array_size);
printf("mean is %f\n", avg);
if (avg == array[0]) {
printf("array[0] is the mean\n");
} else {
printf("array[0] is not the mean\n");
}
return 0;
}
On a 64-bit Linux machine using gcc 4.1, this program yields the following output:
array[0] = 10.100000 and total is 10.100000 array[1] = 10.100000 and total is 20.200001 array[2] = 10.100000 and total is 30.300001 array[3] = 10.100000 and total is 40.400002 array[4] = 10.100000 and total is 50.500000 array[5] = 10.100000 and total is 60.599998 array[6] = 10.100000 and total is 70.699997 array[7] = 10.100000 and total is 80.799995 array[8] = 10.100000 and total is 90.899994 array[9] = 10.100000 and total is 100.999992 mean is 10.099999 array[0] is not the mean
Compliant Solution
This code may be fixed by replacing the floating-point numbers with integers for the internal computation. Floats are used only when printing results.
#include <stdio.h>
/* Returns the mean value of the array */
int mean(int array[], int size) {
int total = 0.0;
int i;
for (i = 0; i < size; i++) {
total += array[i];
printf("array[%d] = %f and total is %f\n", i, array[i] / 100.0, total / 100.0);
}
return total / size;
}
enum {array_size = 10};
int array_value = 1010;
int main() {
int array[array_size];
int avg;
int i;
for (i = 0; i < array_size; i++) {
array[i] = array_value;
}
avg = mean( array, array_size);
printf("mean is %f\n", avg / 100.0);
if (avg == array[0]) {
printf("array[0] is the mean\n");
} else {
printf("array[0] is not the mean\n");
}
return 0;
}
On a 64-bit Linux machine using gcc 4.1, this program yields the following output, which is what we expect:
array[0] = 10.100000 and total is 10.100000 array[1] = 10.100000 and total is 20.200000 array[2] = 10.100000 and total is 30.300000 array[3] = 10.100000 and total is 40.400000 array[4] = 10.100000 and total is 50.500000 array[5] = 10.100000 and total is 60.600000 array[6] = 10.100000 and total is 70.700000 array[7] = 10.100000 and total is 80.800000 array[8] = 10.100000 and total is 90.900000 array[9] = 10.100000 and total is 101.000000 mean is 10.100000 array[0] is the mean
Risk Analysis
Using a representation other than floating point may allow for more precision and accuracy for critical arithmetic.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FLP02-A |
low |
probable |
medium |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[IEEE 754 2006]]
[[ISO/IEC JTC1/SC22/WG11]]
[[ISO/IEC PDTR 24772]] "PLF Floating Point Arithmetic"
[[ISO/IEC DTR 24732]]
[[Goldberg 91]]
FLP01-A. Take care in rearranging floating point expressions 05. Floating Point (FLP) FLP03-A. Detect and handle floating point errors