You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

According to C99, Section 5.1.2.3, "Program execution" [[ISO/IEC 9899:1999]]:

Rearrangement for floating-point expressions is often restricted because of limitations in precision as well as range. The implementation cannot generally apply the mathematical associative rules for addition or multiplication, nor the distributive rule, because of roundoff error, even in the absence of overflow and underflow. Likewise, implementations cannot generally replace decimal constants to rearrange expressions. In the following fragment, rearrangements suggested by mathematical rules for real numbers are often not valid.

double x, y, z;
/* ... */
x = (x * y) * z; /* not equivalent to x *= y * z; */
z = (x - y) + y ; /* not equivalent to z = x; */
z = x + x * y; /* not equivalent to z = x * (1.0 + y); */
y = x / 5.0; /* not equivalent to y = x * 0.2; */

Consequently, care must be taken when rearranging floating point exceptions to ensure the greatest accuracy of the result.

Risk Assessment

Failing to understand the limitations in precision of floating-point-represented numbers, and the implications of this on the arrangement of expressions, can cause unexpected arithmetic results.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FLP01-A

low

probable

high

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899:1999]] Section 5.1.2.3, "Program execution"
[[ISO/IEC PDTR 24772]] "PLF Floating Point Arithmetic"


FLP00-C. Understand the limitations of floating point numbers      05. Floating Point (FLP)       FLP02-A. Consider avoiding floating point numbers when precise computation is needed

  • No labels