CERT C: Rule FLP30-C

Do not use floating-point variables as loop counters

expand all in page

Description

Rule Definition

Do not use floating-point variables as loop counters.¹

Polyspace Implementation

The rule checker checks for Use of float variable as loop counter.

Examples

expand all

Use of float variable as loop counter

Issue

The issue occurs when a loop counter has a floating type.

If the for index is a variable symbol, Polyspace^® checks that it is not a float.

Risk

When using a floating-point loop counter, accumulation of rounding errors can result in a mismatch between the expected and actual number of iterations. This rounding error can happen when a loop step that is not a power of the floating point radix is rounded to a value that can be represented by a float.

Even if a loop with a floating-point loop counter appears to behave correctly on one implementation, it can give a different number of iteration on another implementation.

Example - for Loop Counters

In this example, the three for loops show three different loop counters. The first and second for loops use float variables as loop counters, and therefore are not compliant. The third loop uses the integer count as the loop counter. Even though count is used as a float inside the loop, the variable remains an integer when acting as the loop index. Therefore, this for loop is compliant.

int main(void){
    unsigned int counter = 0u;
    int result = 0;
    float foo;

    // Float loop counters
    for(float foo = 0.0f; foo < 1.0f; foo +=0.001f){ /*Non-compliant*/
        /*counter = 1000 at the end of the loop */
        ++counter;
    }

    float fff = 0.0f; 
    for(fff = 0.0f; fff <12.0f; fff += 1.0f){    /* Non-compliant*/
        result++;
    }

    // Integer loop count
    for(unsigned int count = 0u; count < 1000u; ++count){ /* Compliant */
        foo = (float) count * 0.001f;
    }
}

while Loop Counters

This example shows two while loops both of which use floating point variables in the while-loop conditions:

The first while loop uses the floating point variable foo in the condition and inside the loop. Because foo changes, floating-point rounding errors can cause unexpected behavior. Polyspace reports a violation.
In the second while loop, the floating point array buffer is used in the loop condition. Polyspace identifies iter1 and iter2 as the loop variable. Because the loop variables are not floating point variables, a violation is not reported.

int main(void){
    unsigned int iter1 =0;
    int iter2;
    float foo;
    double buffer[2];
    double tmp;

    foo = 0.0f;
    while (foo < 1.0f){/* Non-compliant - foo used as a loop counter */
        foo += 0.001f;  
    }
       
	//...
    while((iter1+1 < 2)&& (buffer[iter1]<buffer[iter2])){ //Compliant - loop counter is integer
		// swap buffer[iter1] and buffer[iter2]
        tmp = buffer[iter2];
        buffer[iter2] = buffer[iter1];
        buffer[iter1] = tmp;
        iter2 = iter1;
        iter1++;
    }
						
    return 1; 
}

Check Information

Group: Rule 05. Floating Point (FLP)

Version History

Introduced in R2019a

expand all

R2023a: Improved detection of loop counter

The rule checker correctly detects floating-point variables that are not the loop counter in a loop condition. For instance, this code uses the double array buffer in the while loop condition. Polyspace correctly recognizes that buffer is not the loop variable and does not report a violation.

int main(void){
    unsigned int iter1, iter2;
    double buffer[2];
    double tmp; 
	//...
    while((iter1+1 < 2)&& (buffer[iter1]<buffer[iter2])){ //Compliant - loop counter is integer
		// swap buffer[iter1] and buffer[iter2]
        tmp = buffer[iter2];
        buffer[iter2] = buffer[iter1];
        buffer[iter1] = tmp;
        iter2 = iter1;
        iter1++;
    }
						
    return 1; 
}

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.