sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

//! FLP00-C: Understand the limitations of floating-point numbers
//!
//! Floating-point numbers have finite precision and are prone to rounding errors.
//! Different platforms (IEEE 754 vs IBM) and compiler optimization levels can
//! produce different results for the same floating-point operations. Direct
//! equality comparisons of floating-point values should be avoided.
//!
//! ## Examples:
//!
//! **Non-compliant:**
//! ```c
//! float c = a / b;
//! if (c == a / b) {  // Direct equality comparison
//!     // May fail unpredictably
//! }
//! ```
//!
//! **Compliant:**
//! ```c
//! float c = a / b;
//! float diff = fabsf(c - (a / b));
//! if (diff <= __FLT_EPSILON__) {  // Epsilon-based comparison
//!     // Robust comparison
//! }
//! ```
//!
//! **Compliant (using relative difference):**
//! ```c
//! float RelDif(float a, float b) {
//!   float c = fabsf(a);
//!   float d = fabsf(b);
//!   d = fmaxf(c, d);
//!   return d == 0.0f ? 0.0f : fabsf(a - b) / d;
//! }
//!
//! if (RelDif(c, a / b) <= __FLT_EPSILON__) {
//!     // Comparison succeeds
//! }
//! ```

use super::super::{CertRule, RuleViolation};
use crate::manifest::{RuleCategory, Severity};
use crate::utility::cert_c::ast_utils::get_node_text;
use tree_sitter::Node;

pub struct Flp00C;

impl CertRule for Flp00C {
    fn rule_id(&self) -> &'static str {
        "FLP00-C"
    }

    fn description(&self) -> &'static str {
        "Understand the limitations of floating-point numbers"
    }

    fn severity(&self) -> Severity {
        Severity::Medium
    }

    fn category(&self) -> RuleCategory {
        RuleCategory::Recommendation
    }

    fn cert_id(&self) -> &'static str {
        "FLP00-C"
    }

    fn check(&self, node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();
        self.find_fp_equality_comparisons(node, source, &mut violations);
        violations
    }
}

impl Flp00C {
    /// Find direct equality comparisons of floating-point values
    fn find_fp_equality_comparisons(
        &self,
        node: &Node,
        source: &str,
        violations: &mut Vec<RuleViolation>,
    ) {
        if node.kind() == "binary_expression" {
            // Check for == or != operators
            if let Some(operator) = node.child_by_field_name("operator") {
                let op_text = get_node_text(&operator, source);

                if op_text == "==" || op_text == "!=" {
                    // Check if either operand is floating-point
                    let left = node.child_by_field_name("left");
                    let right = node.child_by_field_name("right");

                    if let (Some(left_node), Some(right_node)) = (left, right) {
                        let left_is_fp = self.looks_like_floating_point(&left_node, source);
                        let right_is_fp = self.looks_like_floating_point(&right_node, source);

                        // Skip comparisons with exact values like 0.0
                        let left_is_zero = self.is_zero_literal(&left_node, source);
                        let right_is_zero = self.is_zero_literal(&right_node, source);

                        if (left_is_fp || right_is_fp) && !left_is_zero && !right_is_zero {
                            violations.push(RuleViolation {
                                rule_id: self.rule_id().to_string(),
                                message: format!(
                                    "Direct {} comparison of floating-point values. \
                                     Floating-point arithmetic has finite precision and may produce \
                                     unexpected results across platforms and optimization levels.",
                                    if op_text == "==" {
                                        "equality"
                                    } else {
                                        "inequality"
                                    }
                                ),
                                severity: self.severity(),
                                line: operator.start_position().row + 1,
                                column: operator.start_position().column + 1,
                                file_path: String::new(),
                                suggestion: Some(
                                    "Use epsilon-based comparison (e.g., fabsf(a - b) <= __FLT_EPSILON__) \
                                     or a relative difference function for robust floating-point comparisons"
                                        .to_string(),
                                ),
                                requires_manual_review: Some(true),
                            });
                        }
                    }
                }
            }
        }

        // Recurse through children
        for i in 0..node.child_count() {
            if let Some(child) = node.child(i) {
                self.find_fp_equality_comparisons(&child, source, violations);
            }
        }
    }

    /// Check if expression looks like it involves floating-point values.
    ///
    /// Key constraints to avoid false positives:
    /// - A bare `.` in expression text also appears in struct member access
    ///   (`obj.field`), so the decimal-point check is restricted to
    ///   `number_literal` nodes where it unambiguously means a float literal.
    /// - Integer division (`int / int`) does NOT produce a float, so the
    ///   presence of `/` alone is not sufficient.
    fn looks_like_floating_point(&self, node: &Node, source: &str) -> bool {
        // Floating-point literal: only check for `.` inside a number_literal node.
        // `text.contains('.')` on arbitrary expression text also matches struct
        // member access (`obj.field`) and is the primary source of false positives.
        if node.kind() == "number_literal" {
            let text = get_node_text(node, source);
            // Skip hex literals — 0xFF ends with 'f' but is not float
            if text.starts_with("0x") || text.starts_with("0X") {
                return false;
            }
            // Decimal point, scientific notation, or explicit float suffix
            if text.contains('.')
                || text.ends_with('f')
                || text.ends_with('F')
                || text.to_ascii_lowercase().contains('e')
            {
                return true;
            }
        }

        // Float/double keyword appearing literally in a cast or type expression.
        // Only check when the node itself is a type node, not on arbitrary text
        // (to avoid matching variable names that happen to contain "float").
        if matches!(
            node.kind(),
            "cast_expression" | "type_descriptor" | "primitive_type"
        ) {
            let text = get_node_text(node, source);
            if text.contains("float") || text.contains("double") {
                return true;
            }
        }

        // Call to a known floating-point math function.
        const FP_FUNCTIONS: &[&str] = &[
            "sqrtf", "powf", "expf", "logf", "sinf", "cosf", "tanf", "fabsf", "fmaxf", "fminf",
            "sqrt", "pow", "exp", "log", "sin", "cos", "tan", "fabs", "fmax", "fmin",
        ];
        if node.kind() == "call_expression" {
            if let Some(function) = node.child_by_field_name("function") {
                let func_name = get_node_text(&function, source);
                if FP_FUNCTIONS.contains(&func_name) {
                    return true;
                }
            }
        }

        // For compound expressions, recurse into operands so that
        // `a * 2.0f + b` correctly propagates the float signal.
        // Do NOT recurse into field_expression / subscript_expression nodes
        // because those just mean the sub-expression has a `.` or `[]` which
        // doesn't imply floating-point.
        if matches!(
            node.kind(),
            "binary_expression" | "unary_expression" | "parenthesized_expression"
        ) {
            for i in 0..node.child_count() {
                if let Some(child) = node.child(i) {
                    if self.looks_like_floating_point(&child, source) {
                        return true;
                    }
                }
            }
        }

        false
    }

    /// Check if expression is a zero literal (0.0, 0.0f, etc.)
    fn is_zero_literal(&self, node: &Node, source: &str) -> bool {
        let text = get_node_text(node, source).trim();

        // Match various zero representations
        matches!(
            text,
            "0.0"
                | "0.0f"
                | "0.0F"
                | "0.00"
                | "0."
                | ".0"
                | "0.0L"
                | "0.0l"
                | "0e0"
                | "0.0e0"
                | "0.0e+0"
                | "0.0e-0"
        )
    }
}