You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

Computer arithmetic is often imprecise. The computer can only maintain a finite number of digits.  Although floating point types can represent fractions, they are not immune to this limitation.  As a result, it is impossible to precisely represent repeating binary-representation values, such as 1/3 or 1/5, in binary floating point.

When precise computations are necessary, consider alternative representations that may be able to completely represent your values. For example, if you are performing arithmetic on decimal values and need an exact decimal rounding, represent the values in binary-coded decimal instead of using floating point. Another option is decimal floating-point arithmetic as specified by ANSI/IEEE 754-2007. There is a draft document in WG14 [ISO/IEC TR 24732] which proposes adding support for decimal floating-point arithmetic to the C language.

When precise computation is necessary, carefully and methodically evaluate the cumulative error of the computations, regardless of whether decimal or binary is used, to ensure that the resulting error is within tolerances. Consider using numerical analysis to properly understand the numerical properties of the problem. A useful introduction can be found in Goldberg 91.

Risk Analysis

Using a representation other than floating point may allow for more precision and accuracy for critical arithmetic.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FLP00-A

1 (low)

2 (probable)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[IEEE 754 2006]]
[[ISO/IEC JTC1/SC22/WG11]]
[[ISO/IEC PDTR 24772]] "PLF Floating Point Arithmetic"
ISO/IEC TR 24732. Extension for the programming language C to support decimal floating-point arithmetic. March, 2008.
ANSI/IEEE 754-2007 - IEEE Standard for Floating-Point Arithmetic. The Institute of Electrical and Electronic Engineers, Inc. Draft.
[[Goldberg 91]]


05. Floating Point (FLP)      05. Floating Point (FLP)       FLP01-A. Take care in rearranging floating point expressions

  • No labels