Synopsis

Do not use the rand() function for generating pseudorandom numbers

Enabled by default

Yes

Severity/Certainty

Medium/Medium

Full description

The C Standard rand() function makes no guarantees as to the quality of the random sequence produced. The numbers generated by some implementations of rand() have a comparatively short cycle and the numbers can be predictable. Applications that have strong pseudorandom number requirements must use a generator that is known to be sufficient for their needs.

Coding standards

Code examples

The following code example fails the check and will give a warning:

void rand(void) {}

void test() {
  rand();
}

The following code example passes the check and will not give a warning about this issue:

void example(void) {}

void test() {
  example();
}