Page History

...

When converting integers to floating-point values, and vice versa, it is important to carry out proper range checks to avoid undefined behavior . (See see FLP34-C. Ensure that floating-point conversions are within range of the new type).)

Noncompliant Code Example

...

Code Block

bgColor	#CCCCFF
lang	c

void func(void) {
  short a = 533;
  int b = 6789;
  long c = 466438237;

  float d = a;
  double e = b;
  double f = c;

  d /= 7; /* d is 76.14286 */
  e /= 30; /* e is 226.3 */
  f *= 789; /* f is 368019768993.0 */
}

Exceptions

FLP06-C-EX0: It may be desirable to have the operation take place as integers before the conversion (obviating the need for a call to trunc(), for example). If this is the programmer's intention, it should be clearly documented to help future maintainers understand that this behavior is intentional.

...

Improper conversions between integers and floating-point values may yield unexpected results, especially loss of precision. Additionally, these unexpected results may actually involve overflow, or undefined behavior.

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
FLP06-C	Low	Probable

Low

No

P6

P2

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported: This rule aims to prevent truncations and overflows. All possible overflows are reported by Astrée.

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FLP06

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.TYPE.MOT

Mismatched operand types

Compass/ROSE

Can detect violations of this rule. Any assignment operation where the type of the assigned-to value is float or double, but all the expressions to the right of the assignment are integral, is a violation of this rule

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C4117, C4118

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

442 S
443 S
444 S

Fully implemented

PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v

4117
4118

435 S

Enhanced enforcement

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FLP06-a
CERT_C-FLP06-b

Implicit conversions from integral to floating type which may result in a loss of information shall not be used
Implicit conversions from integral constant to floating type which may result in a loss of information shall not be used

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

653, 790, 942

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. FLP06-C

Checks for float overflow (rec. partially covered)

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V636

Partially implemented

Splint

Include Page

	Splint_V
	Splint_V

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding Standard	FLP34-C. Ensure that floating-point conversions are within range of the new type
SEI CERT C++ Coding Standard	VOID FLP05-CPP. Convert integers to floating point for floating point operations
CERT Oracle Secure Coding Standard for Java	NUM50-J. Convert integers to floating point for floating-point operations
MITRE CWE	CWE-681, Incorrect conversion between numeric types CWE-682, Incorrect calculation

Bibliography

[Hatton 1995]

Section 2.7.3, "Floating-Point Misbehavior"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 90

New Version Current

Key

Noncompliant Code Example

Exceptions

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography