Hauptinhalt

CERT C: Rec. FLP02-C

Avoid using floating-point numbers when precise computation is needed

Description

Rule Definition

Avoid using floating-point numbers when precise computation is needed.1

Polyspace Implementation

The rule checker checks for Floating point comparison with equality operators.

Examples

expand all

Issue

Floating point comparison with equality operators occurs when you use an equality (==) or inequality (!=) operation with floating-point numbers.

Polyspace® does not raise a defect for an equality or inequality operation with floating-point numbers when:

  • The comparison is between two float constants.

        float flt = 1.0;
        if (flt == 1.1)
  • The comparison is between a constant and a variable that can take a finite, reasonably small number of values.

    float x;
    
    int rand = random(); 
    switch(rand) { 
    case 1: x = 0.0; break; 
    case 2: x = 1.3; break; 
    case 3: x = 1.7; break; 
    case 4: x = 2.0; break; 
    default: x = 3.5; break; }
    //…
    if (x==1.3) 
  • The comparison is between floating-point expressions that contain only integer values.

    float x = 0.0;
    for (x=0.0;x!=100.0;x+=1.0) {
    //…
    if (random) break;
    }
    
    if (3*x+4==2*x-1)
    //…
    if (3*x+4 == 1.3)
  • One of the operands is 0.0, unless you use the option flag -detect-bad-float-op-on-zero.

    /* Defect detected when
    you use the option flag */
    
    if (x==0.0f) 

    If you are running an analysis through the user interface, you can enter this option in the Other field, under the Advanced Settings node on the Configuration pane. See Other.

    At the command line, add the flag to your analysis command.

    polyspace-bug-finder -sources filename ^
    -checkers BAD_FLOAT_OP -detect-bad-float-op-on-zero

Risk

Checking for equality or inequality of two floating-point values might return unexpected results because floating-point representations are inexact and involve rounding errors.

Fix

Instead of checking for equality of floating-point values:

if (val1 == val2)
check if their difference is less than a predefined tolerance value (for instance, the value FLT_EPSILON defined in float.h):
#include <float.h>
if(fabs(val1-val2) < FLT_EPSILON)

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See:

Example - Floats Inequality in for-loop
#include <stdio.h>
#include <math.h>
#include <float.h>

void func(void)
{
    float f;
    for (f = 1.0; f != 2.0; f = f + 0.1)     //Noncompliant
        (void)printf("Value: %f\n", f);
}

In this function, the for-loop tests the inequality of f and the number 2.0 as a stopping mechanism. The number of iterations is difficult to determine, or might be infinite, because of the imprecision in floating-point representation.

Correction — Change the Operator

One possible correction is to use a different operator that is not as strict. For example, an inequality like >= or <=.

#include <stdio.h>
#include <math.h>
#include <float.h>

void func(void)
{
    float f;
    for (f = 1.0; f <= 2.0; f = f + 0.1)    
        (void)printf("Value: %f\n", f);
}

Check Information

Group: Rec. 05. Floating Point (FLP)

Version History

Introduced in R2019a


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.