SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 99

changes.mady.by.user Joerg Herter

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Improper conversions between integers and floating-point values may yield unexpected results, especially loss of precision. Additionally, these unexpected results may actually involve overflow, or undefined behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

FLP06-C

Low

Probable

No

Low

No

P6

P2

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported: This rule aims to prevent truncations and overflows. All possible overflows are reported by Astrée.
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V

 Supported, but no explicit checker

Axivion Bauhaus Suite_V

CertC-FLP06
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.MOTMismatched operand types
Compass/ROSE

 

 



Can detect violations of this rule. Any assignment operation where the type of the assigned-to value is float or double, but all the expressions to the right of the assignment are integral, is a violation of this rule

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C4117, C4118
LDRA tool suite
Include Page
LDRA_V
LDRA_V

435 S

Enhanced enforcement

Parasoft C/C++test
9.5MISRA-043_{c,d}
Include Page
Parasoft_V
Parasoft_V

CERT_C-FLP06-a
CERT_C-FLP06-b

Implicit conversions from integral to floating type which may result in a loss of information shall not be used
Implicit conversions from integral constant to floating type which may result in a loss of information shall not be used

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

653, 790, 942

Fully supported

 

Polyspace Bug Finder
R2016aFloat overflow

Overflow from operation between floating points

PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v

4117
4118

Partially implemented

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. FLP06-C


Checks for float overflow (rec. partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V636
Splint
Include Page
Splint_V
Splint_V

 

 



Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardFLP34-C. Ensure that floating-point conversions are within range of the new type 
SEI CERT C++ Coding StandardVOID FLP05-CPP. Convert integers to floating point for floating point operations
CERT Oracle Secure Coding Standard for JavaNUM50-J. Convert integers to floating point for floating-point operations
MITRE CWECWE-681, Incorrect conversion between numeric types
CWE-682, Incorrect calculation

Bibliography

[Hatton 1995]Section 2.7.3, "Floating-Point Misbehavior"

...


...

Image Modified Image Modified Image Modified