Computers can only represent a finite number of digits. As a result, it is impossible to precisely represent repeating binary-representation values such as 1/3 or 1/5 with the most common floating point representation: binary floating point.
When precise computations are necessary, consider alternative representations that may be able to completely represent values. For example, if you are performing arithmetic on decimal values and need an exact decimal rounding, represent the values in binary-coded decimal instead of using floating point. Another option is decimal floating-point arithmetic as specified by ANSI/IEEE 754-2007. ISO/IEC WG14 has drafted a proposal to add support for decimal floating-point arithmetic to the C language[[ISO/IEC DTR 24732]].
When precise computation is necessary, carefully and methodically estimate the maximum cumulative error of the computations, regardless of whether decimal or binary is used, to ensure that the resulting error is within tolerances. Consider using numerical analysis to properly understand the numerical properties of the problem. A useful introduction can be found in [[Goldberg 91]].
Risk Analysis
Using a representation other than floating point may allow for more precision and accuracy for critical arithmetic.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FLP02-A |
low |
probable |
medium |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[IEEE 754 2006]]
[[ISO/IEC JTC1/SC22/WG11]]
[[ISO/IEC PDTR 24772]] "PLF Floating Point Arithmetic"
[[ISO/IEC DTR 24732]]
[[Goldberg 91]]
FLP01-A. Take care in rearranging floating point expressions 05. Floating Point (FLP) FLP03-A. Detect and handle floating point errors