...
A floating result overflows if a finite result value with ordinary accuracy would have magnitude (absolute value) too large for the representation with full precision in the specified type. A result that is exactly an infinity does not overflow. If a floating result overflows and default rounding is in effect, then the function returns the value of the macro HUGE_VAL, HUGE_VALF, or HUGE_VALL according to the return type, with the same sign as the correct value of the function; however, for the types with reduced-precision representations of numbers beyond the overflow threshold, the function may return a representation of the result with less than full precision for the type. If a floating resultoverflowsanddefaultroundingisineffectandtheintegerexpressionmath_errhandling & MATH_ERRNO is nonzero, then the integer expression errno acquires the value ERANGE. If a floating result overflows, and the integer expression math_errhandling & MATH_ERREXCEPT is nonzero, the "overflow" floating-point exception is raised (regardless of whether default rounding is in effect).
...
The result underflows if a nonzero result value with ordinary accuracy would have magnitude (absolute value) less than the minimum normalized number in the type; however a zero result that is specified to be an exact zero does not underflow. Also, a result with ordinary accuracy and the magnitude of the minimum normalized number may underflow.269) If the result underflows, the function returns an implementation-defined value whose magnitude is no greater than the smallest normalized positive number in the specified type; if the integer expression math_errhandling & MATH_ERRNO is nonzero, whether errno acquires the value ERANGE is implementation-defined; if the integer expression math_errhandling & MATH_ERREXCEPT s nonzero, whether the"underflow" floating-point exception is raised is implementation-defined.
...
Failure to prevent or detect domain and range errors in math functions may cause unexpected results.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
FLP32-C | Medium | Probable | Yes | YesMedium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| stdlib-limits | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-FLP32 | Partially implemented | ||||||
| CodeSonar |
| MATH.DOMAIN.ATAN MATH.DOMAIN.TOOHIGH MATH.DOMAIN.TOOLOW MATH.DOMAIN MATH.RANGE MATH.RANGE.GAMMA MATH.DOMAIN.LOG MATH.RANGE.LOG MATH.DOMAIN.FE_INVALID MATH.DOMAIN.POW MATH.RANGE.COSH.TOOHIGH MATH.RANGE.COSH.TOOLOW MATH.DOMAIN.SQRT | Arctangent Domain Error Argument Too High Argument Too Low Floating Point Domain Error Floating Point Range Error Gamma on Zero Logarithm on Negative Value Logarithm on Zero Raises FE_INVALID Undefined Power of Zero cosh on High Number cosh on Low Number sqrt on Negative Value | ||||||
| Helix QAC |
| C5025 C++5033 | |||||||
| Parasoft C/C++test |
| CERT_C-FLP32-a | Validate values passed to library functions | ||||||
| PC-lint Plus |
| 2423 | Partially supported: reports domain errors for functions with the Semantics *dom_1, *dom_lt0, or *dom_lt1, including standard library math functions | ||||||
| Polyspace Bug Finder |
| CERT-C: Rule FLP32-C | Checks for invalid use of standard library floating point routine (rule fully covered) | ||||||
| RuleChecker |
| stdlib-limits | Partially checked | ||||||
| TrustInSoft Analyzer |
| out-of-range argument | Partially verified. |
...