V1057. Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time.

The analyzer has detected suspicious code initializing the pseudorandom number generator to a constant value.

// C
srand(0);
// C++
std::mt19937 engine(1);

When initialized in such a way, the generator will be producing a predictable sequence of numbers or the same number at every run.

To avoid this, assign the seed to some random number such as the current system time:

srand(time(0));

However, this approach may lead to issues in multithreaded applications: 'time(0)' may return identical values in different threads. Also, keep in mind that the user could change the time settings.

Starting with C++11, the 'std::random_device' generator is available, which implements an interface to the true-random number generator:

std::random_device rd;
std::mt19937 engine(rd());

However, if your system lacks such a generator, the regular pseudorandom number generator will be used.

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-337.


Bugs Found

Checked Projects
378
Collected Errors
13 715