...
Different implementations have different precision limitations, and to keep code portable, floating-point variables must not be used as the loop induction variable. See Goldberg's work for an introduction to this topic [Goldberg 1991].
For the purpose of this rule, a loop counter is an induction variable that is used as an operand of a comparison expression that is used as the controlling expression of a do
, while
, or for
loop. An induction variable is a variable that gets increased or decreased by a fixed amount on every iteration of a loop [Aho 1986]. Furthermore, the change to the variable must occur directly in the loop body (rather than inside a function executed within the loop).
...
The use of floating-point variables as loop counters can result in unexpected behavior .
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FLP30-C | Low | Probable | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| for-loop-float | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-FLP30 | Fully implemented | ||||||
Clang |
| cert-flp30-c | Checked by clang-tidy | ||||||
CodeSonar |
| LANG.STRUCT.LOOP.FPC | Float-typed loop counter | ||||||
Compass/ROSE |
Coverity |
| MISRA C 2004 Rule 13.4 MISRA C 2012 Rule 14.1 | Implemented |
ECLAIR |
| CC2.FLP30 | Fully implemented | ||||||
Helix QAC |
| C3339, C3340, C3342 C++4234 | |||||||
Klocwork |
| MISRA.FOR.COUNTER.FLT | |||||||
LDRA tool suite |
| 39 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-FLP30-a | Do not use floating point variables as loop counters | |||||||
PC-lint Plus |
| 9009 | Fully supported | ||||||
Polyspace Bug Finder |
|
|
| CERT C: Rule FLP30-C | Checks for use of float variable as loop counter (rule fully covered) | |||||||
PVS-Studio |
| V1034 | |||||||
RuleChecker |
| for-loop-float | Fully checked |
SonarQube C/C++ Plugin |
| S2193 | Fully implemented | ||||||
TrustInSoft Analyzer |
| non-terminating | Exhaustively detects non-terminating statements (see one compliant and one non-compliant example). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C |
FLP30-CPP. Do not use floating-point variables as loop counters | Prior to 2018-01-12: CERT: Unspecified Relationship | |
CERT Oracle Secure Coding Standard for Java | NUM09-J. Do not use floating-point variables as loop counters | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Floating-Point Arithmetic [PLF] | Prior to 2018-01-12: CERT: Unspecified Relationship |
MISRA C:2012 | Directive 1.1 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
MISRA C:2012 | Rule 14.1 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
...
...