LANG.STRUCT.LOOP.UB : Potential Unbounded Loop

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A loop does not have a fixed bound. (For more information, see the notes below.)

Class Name

Potential Unbounded Loop

Significance

style

Mnemonic

LANG.STRUCT.LOOP.UB

Categories

AUTOSARC++14	AUTOSARC++14:A6-5-2	A for loop shall contain a single loop-counter which shall not have floating-point type.
CWE	CWE:400	Uncontrolled Resource Consumption
	CWE:835	Loop with Unreachable Exit Condition ('Infinite Loop')
CERT-C	CERT-C:MSC21-C	Use robust loop termination conditions
POW10	POW10:2	Give all loops a fixed upper-bound.
JPL	JPL:3	Use verifiable loop bounds for all loops meant to be terminating.

Availability

Available for C and C++.

Enabling

Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow class="Potential Unbounded Loop"

#include <stdlib.h>

void lang_struct_loop_ub (void){
    int i = 0;
    while (rand()) { /* 'Potential Unbounded Loop' warning issued here */
      if (i++ == 10) {break;}
    }
}

CodeSonar will issue an Unbounded Loop warning if it cannot identify a loop counter whose value is updated and tested in a way that guarantees that the loop will executed a bounded number of times. This means that the following must all hold.

The loop counter is a variable.

The loop condition compares the loop counter against a constant value, using <, <=,>, or >=.

The loop updates the value of the loop counter in a direction consistent with the comparison in the loop condition. If the loop condition compares the loop counter against an upper bound, the loop body should increment the counter; if the condition tests it against a lower bound, the loop body should decrement it.

In for loops, the loop counter is only updated in the update (third) expression in the for header - not in the loop body.

Variables whose value is tested in the loop condition with one of {<, <=,>, >=} are called candidate loop counters. If there are one or more candidate loop counters but none of them satisfies all the required conditions, CodeSonar will report each candidate considered along with the reason that it is not suitable for demonstrating boundedness.

Use the NON_TERMINATING_LOOP_MARK configuration file parameter to specify loops that should not trigger a Potential Unbounded Loop warning. For example, this can be useful if you use constructs like for(;;){...} and while(1){...} and wish to continue to do so, or if you wish to be able to add special code comments to identify loops to exclude from this check.

The following configuration file parameters affect checks for this warning class.

LANG.STRUCT.LOOP.UB : Potential Unbounded Loop

Summary

Properties

Example

Notes

Relevant Configuration File Parameters