Conversion from integer types such as char, short, int and long to floating types such as float and double in an assignment statement Using integer arithmetic to calculate a value for assignment to a floating-point variable may lead to loss of information if . This problem can be avoided by converting one of the integer types is not converted integers in the expression to a floating type.
...
When converting integers to floating-point values, and vice versa, it is important to carry out proper range checks to avoid undefined behavior (see FLP34-C. Ensure that floating-point conversions are within range of the new type).
Noncompliant Code Example
In this non-compliant noncompliant code example, the division and multiplication operations take place on integers and are then converted to floating point. Consequently, floating-point variables d, e, and f are are not initialized correctly because the division operation takes place on two integer types and hence the result is truncated to nearest decimal pointoperations take place before the values are converted to floating-point values. The results are truncated to the nearest integer or may overflow.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void func(void) { short a; int b; long c; float d; double e; double f; a=533; b=6789; c=466438237; d=a/7; e=b/30; f=c/789; printf("Value of d is %f\n", d); // Incorrect value of d i.e. 76.000000 is printed printf("Value of e is %f\n", e); // Incorrect value of e i.e. 226.000000 is printed printf("Value of f is %f\n", f); // Incorrect value of f i.e. 591176.000000 is printed |
Compliant Code Solution 1
In this compliant code, we remove the decimal error in initialization by making the division operation to involve at least one floating point operand. Hence, the result of the operation is the correct floating point number.
| Code Block | ||
|---|---|---|
| ||
short a;
int b;
long c;
float d;
double e;
double f;
a=533;
b=6789;
c=466438237;
d=a/7.0f;
e=b/30.0f;
f=c/789.0f;
printf("Value of d is %f\n", d); // Correct value of d i.e. 76.142860 is printed
printf("Value of e is %f\n", e); // Correct value of e i.e. 226.300000 is printed
printf("Value of f is %f\n", f); // Correct value of f i.e. 591176.472750 is printed
|
Compliant Code Solution 2
= 533;
int b = 6789;
long c = 466438237;
float d = a / 7; /* d is 76.0 */
double e = b / 30; /* e is 226.0 */
double f = c * 789; /* f may be negative due to overflow */
} |
Compliant Solution (Floating-Point Literal)
In this compliant solution, the decimal error in initialization is eliminated by ensuring that at least one of the operands to the division operation is floating point:
| Code Block | ||||
|---|---|---|---|---|
| ||||
void func(void) {
short a = 533;
int b = 6789;
long c = 466438237;
float d = a / 7.0f; /* d is 76.14286 */
double e = b / 30.; /* e is 226.3 */
double f = (double)c * 789; /* f is 368019768993.0 */
} |
Compliant Solution (Conversion)
In this compliant solution, the decimal error in initialization is eliminated In this compliant code, we remove the decimal error in initialization by first storing the integer in the floating-point variable and then performing the division arithmetic operation. This practice ensures that atleast at least one of the operands is a floating-point number and hence, the result is the correct floating point numberthat the subsequent arithmetic operation is performed on floating-point operands.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void func(void) { short a; int b; long c = 533; float d; double e; double f; a=533; b= int b = 6789; long c = 466438237; float d = a; double e = b; double f = c; d/=7; e/=30; f/=789; printf("Value of d is %f\n", d)/= 7; // Correct value of d i.e. * d is 76.142860 is printed printf("Value of14286 */ e is %f\n", e); // Correct value of e i.e. 226.300000 is printed printf("Value of f is %f\n", f); // Correct value of f i.e. 591176.472750 is printed |
Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FLP33-C | 1 (low) | 2 (probable) | 1 (high) | P2 | L3 |
References
/= 30; /* e is 226.3 */
f *= 789; /* f is 368019768993.0 */
} |
Exceptions
FLP06-C-EX0: It may be desirable to have the operation take place as integers before the conversion (obviating the need for a call to trunc(), for example). If this is the programmer's intention, it should be clearly documented to help future maintainers understand that this behavior is intentional.
Risk Assessment
Improper conversions between integers and floating-point values may yield unexpected results, especially loss of precision. Additionally, these unexpected results may actually involve overflow, or undefined behavior.
Recommendation | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
FLP06-C | Low | Probable | No | No | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: This rule aims to prevent truncations and overflows. All possible overflows are reported by Astrée. | |||||||
| Axivion Bauhaus Suite |
| CertC-FLP06 | |||||||
| CodeSonar |
| LANG.TYPE.MOT | Mismatched operand types | ||||||
| Compass/ROSE | Can detect violations of this rule. Any assignment operation where the type of the assigned-to value is | ||||||||
| Helix QAC |
| C4117, C4118 | |||||||
| LDRA tool suite |
| 435 S | Enhanced enforcement | ||||||
| Parasoft C/C++test |
| CERT_C-FLP06-a | Implicit conversions from integral to floating type which may result in a loss of information shall not be used | ||||||
| PC-lint Plus |
| 653, 790, 942 | Fully supported | ||||||
| Polyspace Bug Finder |
| Checks for float overflow (rec. partially covered) | |||||||
| PVS-Studio |
| V636 | |||||||
| Splint |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [Hatton 1995] | Section 2.7.3, "Floating-Point Misbehavior" |
...
Hatton 95 Section 2.7.3, "Floating-point misbehavior"
ISO/IEC 9899-1999 Section 5.2.4.2.2, "Characteristics of floating types <float.h>"