Page History

Integer Using integer arithmetic used to calculate a value for assignment to a floating-point variable may lead to loss of information.   This problem can be avoided by converting one of the integers in the expression to a floating type.

...

When converting integers to floating-point values, and vice versa, it is important to carry out proper range checks to avoid undefined behavior (see FLP34-C. Ensure that floating-point conversions are within range of the new type).

Noncompliant Code Example

In this non-compliant noncompliant code example, the division and multiplication operations take place on integers and are then converted to floating point. Consequently, floating-point variables d, e, and f are  are not initialized correctly because the operations take place before the values are converted to floating-point values and hence the . The results are truncated to the nearest decimal point integer or may overflow. Consequently, the division and multiplication operations take place on integers then get converted to floating point.

void func(void) {
  short a = 533;
  int b = 6789;
  long c = 466438237;

  float d = a / 7; /* d is 76.0 */
  double e = b / 30; /* e is 226.0 */
  double f = c * 789; /*  f may be negative due to overflow */
}

Compliant Solution

...

(Floating-Point Literal)

In this compliant solution, the decimal error in initialization is eliminated by ensuring that at least one of the operands to the division operation is floating point.:

void func(void) {
  short a = 533;
  int b = 6789;
  long c = 466438237;

  float d = a / 7.0f; /* d is 76.14286 */
  double e = b / 30.; /* e is 226.3 */
  double f = (double)c * 789; /* f is 368019768993.0 360*/
}

Compliant Solution

...

(Conversion)

In this compliant codesolution, the decimal error in initialization is eliminated by first storing the integer in the floating-point variable and then performing the arithmetic operation. This practice ensures that at least one of the operands is a floating-point number and consequently that the subsequent arithmetic operation is performed on floating-point numbersoperands.

void func(void) {
  short a = 533;
  int b = 6789;
  long c = 466438237;

  float d = a;
  double e = b;
  double f = c;

  d /= 7; /* d is 76.14286 */
  e /= 30; /* e is 226.3 */
  f *= 789; /* f is 591176368019768993.472750 */
}

Risk Assessment

Exceptions

FLP06-C-EX0: It may be desirable for to have the operation to take place as integers before the conversion (obviating the need for a call to trunc() call, for example). In such casesIf this is the programmer's intention, it should be clearly documented to avoid future maintainers misunderstanding the intent of the code.help future maintainers understand that this behavior is intentional.

Risk Assessment

Improper conversions between integers and floating-point values may yield unexpected results, especially loss of precision. Additionally, these unexpected results may actually involve overflow, or undefined behavior.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Hatton 95|AA. C References#Hatton 95]\] Section 2.7.3, "Floating-point misbehavior"
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.2.4.2.2, "Characteristics of floating types <float.h>"

Related Guidelines

Bibliography

...

Image Added Image Added Image AddedImage Removed      05. Floating Point (FLP)       FLP34-C. Ensure that demoted floating point values are within range