SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 176

changes.mady.by.user Swasti Shrivastava

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example leads to to undefined behavior if 16 if the integral part of f_a cannot be represented as an integer:

...

As a result of these conversions, it is possible that d_a is outside the range of values that can be represented by a float or that big_d is outside the range of values that can be represented as either a float or a double. If this is the case, the result is is undefined on behavior 17 on implementations that do not support Annex F, "IEC 60559 Floating-Point Arithmetic."

...

Converting a floating-point value to a floating-point value of a smaller range and precision or to an integer type, or converting an integer type to a floating-point type, can result in a value that is not representable in the destination type and is undefined behavior on implementations that do not support Annex F.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

FLP34-C

Low

Unlikely

Yes

LowYes

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported

Astrée reports all potential overflows resulting from floating-point conversions.

Compass/ROSE



Can detect some violations of this rule. However, it does not flag implicit casts, only explicit ones

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.TYPE.IAT

Inappropriate Assignment Type

Coverity

Include Page
Coverity_V
Coverity_V

MISRA_CAST (needs verification)

Can detect instances where implicit float conversion is involved: implicitly converting a complex expression with integer type to floating type, implicitly converting a double expression to narrower float type (may lose precision), implicitly converting a complex expression from float to double, implicitly converting from float to double in a function argument, and so on

Cppcheck

Include Page
Cppcheck_V
Cppcheck_V

floatConversionOverflow

suspiciousFloatingPointCast


Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

floatConversionOverflow

suspiciousFloatingPointCast


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C4450, C4451, C4452, C4453, C4454, C4462, C4465

C++3011


Klocwork

Include Page
Klocwork_V
Klocwork_V

MISRA.CAST.FLOAT.WIDER
MISRA.CAST.FLOAT.INT
MISRA.CAST.INT_FLOAT
MISRA.CONV.FLOAT


LDRA tool suite
Include Page
LDRA_V
LDRA_V
435 S, 93 SPartially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-FLP34-a
CERT_C-FLP34-b

Avoid implicit conversions from wider to narrower floating type
Avoid implicit conversions of floating point numbers from wider to narrower floating type

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

735, 736,
915, 922,
9118, 9227

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FLP34-C

Checks for float conversion overflow (rule partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V615, V2003, V2004
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

C88Fully implemented
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

float_to_int

Exhaustively verified (see one compliant and one non-compliant example).

...