...
Attempting to modify an object in an unsequenced or indeterminately sequenced evaluation may cause that object to take on an unexpected value, which can lead to unexpected program behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP50-CPP | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Clang |
| -Wunsequenced | Can detect simple violations of this rule where path-sensitive analysis is not required | ||||||
| Compass/ROSE |
Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator | |||||||||
| EVALUATION_ORDER | Can detect the specific instance where a statement contains multiple side effects on the same value with an undefined evaluation order because, with different compiler flags or different compilers or platforms, the statement may behave differently | |||||||
| CC2.EXP30 | Fully implemented | |||||||
| GCC |
|
Can detect violations of this rule when the | ||||||||
| Klocwork |
| PORTING.VAR.EFFECTS |
| LDRA tool suite |
| 35 D, 1 Q, 9 S, 134 S, 67 D, 72 D | Partially implemented | ||||||
| Parasoft C/C++test |
|
|
| JSF-204.1{a,b,c,d,g} | Fully implemented | ||||||
| PRQA QA-C++ |
| 3220, 3221, 3222, 3223, 3228 |
| SonarQube C/C++ Plugin |
| IncAndDecMixedWithOtherOperators | Partially implemented | ||||||
| Splint |
|
| PVS-Studio | 6.22 | V521, V708 | General analysis rule set |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 14882-2014] | Subclause 1.9, "Program Execution" |
| [MISRA 2008] | Rule 5-0-1 (Required) |
...
...