This weblog put up is coauthored by Manuel Arenaz, lead contributor of the Fortran normal.
As safety specialists, we are sometimes requested to audit software program and supply experience on safe coding practices. Our analysis and efforts have produced a number of coding requirements particularly coping with safety in common programming languages, comparable to C, Java, and C++. This put up describes our work on the SEI CERT Fortran Coding Customary, which gives a core of well-documented and enforceable coding tips for Fortran.
Fortran within the Trendy Software program Ecosystem
Fortran is without doubt one of the oldest high-level programming languages nonetheless in lively use and stays a cornerstone of scientific, engineering, and high-performance computing (HPC) software program. On the TIOBE Index from Could 2026, Fortran was the eleventh most-used programming language. Because the extensively adopted Fortran 77 (F77) normal, the language has repeatedly developed by way of main revisions, together with Fortran 90, 95, 2003, 2008, 2018, and the latest Fortran 2023 normal, introducing trendy options for modularity, interoperability, parallelism, and software program engineering.
Fortran continues to energy crucial functions in areas comparable to local weather and climate prediction, aerospace, nuclear power, computational physics, and nationwide safety. Distinguished Fortran-based functions embrace the U.S. Navy’s NEPTUNE weather-prediction mannequin, the LS-DYNA finite-element solver for structural and crash simulations, and BLAS/LAPACK numerical linear algebra libraries extensively utilized in scientific computing.
As these historically remoted scientific and HPC functions turn out to be more and more built-in into trendy, interconnected software program ecosystems, the publicity of Fortran codebases to cybersecurity threats and software program provide chain dangers has considerably elevated. In response, the Fortran neighborhood has proven rising curiosity in safe software program growth practices, vulnerability prevention, and safe coding requirements. Latest efforts embrace the publication of ISO/IEC TR 24772-8 on avoiding vulnerabilities in Fortran and the emergence of static and software program composition evaluation instruments focusing on Fortran functions.
As well as, the latest emergence of specialised static evaluation instruments for Fortran now permits builders to supply an automatic audit of a Fortran codebase by analyzing supply code and producing diagnostic alerts that vary from insecure coding practices and bugs to reliability and maintainability points. These capabilities, similar to these lengthy out there for C and C++, present a sensible basis for contemporary safe software program growth in Fortran.
The SEI CERT Fortran Coding Customary remains to be younger and rising. The C and Java requirements every have greater than 100 guidelines in over 15 sections. The Fortran normal at present has 25 tips, initially organized in a number of sections together with:
Addressing Safety Vulnerabilities in Fortran
Fortran shares many programming ideas and low-level capabilities with C and C++, together with procedural programming, guide reminiscence administration, interoperability with exterior libraries, and performance-oriented design. On the similar time, Fortran gives a number of options which are significantly well-suited for scientific and high-performance computing, together with intrinsic multidimensional array operations, native array slicing and whole-array syntax, built-in help for numerical computation, specific parallel programming constructs, and language-level amenities for environment friendly vectorization and mathematical optimization.
Traditionally, the Fortran neighborhood has centered on new options and improved efficiency reasonably than safety. Our work on the SEI CERT Fortran Coding Customary facilities on Fortran language and library points that particularly handle safety, comparable to implicit declaration of variables, use of uninitialized variables, undefined conduct, out-of-bounds reminiscence accesses, and correct argument checking.
The SEI CERT Fortran Coding Customary leverages the group’s data of Fortran and a number of other sources to supply related materials on safety. These embrace on-line sources such because the safety and reliability checkers documented within the Codee Open Catalog and current guidelines from the SEI CERT C Coding Customary which are relevant to Fortran as a result of similarities between the languages. For instance, CERT Fortran guideline ARR01-F and CERT C rule ARR30-C each mandate that each one indices to an array are inside the bounds of the array.
Fortran has most of the similar safety points that plague C and C++. A widely known crucial situation frequent to all three languages is undefined conduct, which happens when a program executes operations for which the language normal doesn’t outline a predictable end result, permitting compilers to generate arbitrary conduct. In Fortran, undefined conduct might come up from points comparable to the usage of uninitialized variables, out-of-bounds array accesses, or invalid process interfaces. These conditions are significantly harmful as a result of they will silently produce incorrect numerical outcomes, utility crashes, nondeterministic execution, or exploitable vulnerabilities which are troublesome to detect and reproduce. This situation is mentioned additional in guideline MSC03-F within the SEI CERT Fortran Coding Customary, which illustrates undefined conduct by way of Fortran code that enables the compiler to take away a verify to detect integer overflow solely.
Not like C and C++, Fortran traditionally helps implicit typing of variables, a language function launched in early variations of Fortran to scale back the quantity of code programmers wanted to write down on methods with restricted computing sources. Below implicit typing guidelines, undeclared variables are robotically assigned a kind based mostly on the primary letter of their identify, which might simply conceal typographical errors and programming errors. In trendy software program, this conduct is taken into account harmful as a result of a misspelled variable identify might silently introduce a brand new variable as an alternative of triggering a compilation error, doubtlessly resulting in undefined conduct, incorrect numerical outcomes, or safety vulnerabilities. Guideline TYP02-F discusses this situation additional.
Noncompliant Code Instance
Whereas a floating-point division of seven / 2.5 = 2.8, an integer division produces 7 / 2 = 3 (with a the rest of 1). Since res begins with “R”, it’s nonetheless an actual (floating-point) sort, and so this system prints 3.0 reasonably than 3.
This program prints 2.8 utilizing flang 22.1.7, or 2.79999995 utilizing gfortran 15.2.1 on MacOS 26.5.
Trendy Fortran has extra security options than basic C. For instance, automated reminiscence administration for allocatable arrays, array bounds checking, and stronger interfaces and argument checking. These options assist forestall frequent lessons of vulnerabilities comparable to reminiscence leaks, invalid reminiscence accesses, interface mismatches, and out-of-bounds errors, bettering the reliability and safety of scientific and high-performance computing functions. Tips PRC01-F, PRC02-F, and PRC03-F focus on these points additional.
What’s Forward for the SEI CERT Coding Customary for Fortran
The SEI CERT Fortran Coding Customary is now publicly accessible, however it’s not completed. By making the usual publicly accessible, we invite the Fortran neighborhood to assist us enhance it by reviewing the prevailing tips and suggesting new ones. You will get concerned by utilizing GitHub’s points framework to start out discussions about the usual. Or you may fork the mission and submit a pull request with prompt enhancements. The CERT Safe Coding group will assessment all pull requests and merge permitted requests into the usual. We now have launched a latest video in regards to the strategy of updating the SEI CERT Coding Requirements in GitHub.
We hope so as to add a number of tips every week. Presumably the Fortran normal may develop to about the identical dimension because the C or Java requirements as a result of all three languages are comparable in scope.
