...
- Controlling expression of
if,switch switch(selection statement) - Controlling expression of
while,do...while(iteration statement) - S
econd operand of for for(iteration statement) - First operand of
?:(selection statement) - Either operand of
||or&&(logical operators) - Second operand of comma operator when the comma expression is used in any of these contexts
- Second and third operands of
?:(selection statement) where the ternary expression is used in any of these contexts
...
In this noncompliant example, the expression x = y is used as the controlling expression of the while statement.
| Code Block | ||||
|---|---|---|---|---|
| ||||
do { /* ... */ } while ( foo(), x = y ) ; |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
do { /* ... */ } while ( foo(), (x = y) != 0) ;
|
Noncompliant Code Example
In this non-compliant noncompliant example, the expression p = q is used as the controlling expression of the while statement.
| Code Block | ||||
|---|---|---|---|---|
| ||||
do { /* ... */ } while ( x = y, p = q ) ; |
Compliant Solution
This is a compliant example because the expression x = y is not used as the controlling expression of the while statement.
| Code Block | ||||
|---|---|---|---|---|
| ||||
do { /* ... */ } while ( x = y, p == q ) ;
|
Exceptions
EXP18-EXP1: Assignment can be used where the result of the assignment is itself a parameter to a comparison expression or relational expression.
...
In this compliant example, the expression x = y is a single primary expression.
| Code Block | ||||
|---|---|---|---|---|
| ||||
if ( ( x = y ) ) { /* ... */ } |
EXP18-EXP3: Assignment can be used in the above contexts if it occurs in a function argument or array index.
In this compliant example, the expression x = y is used in a function argument.
| Code Block | ||||
|---|---|---|---|---|
| ||||
if ( foo( x = y ) ) { /* ... */ } |
This is a
non-compliantnoncompliant example because && is not a comparison or relational operator and the entire expression is not primary.
| Code Block | ||||
|---|---|---|---|---|
| ||||
if ( ( v = w ) && flag ) { /* ... */ } |
When the assignment of v to w is not intended, this conditional block is now executed when v is equal to w.
| Code Block | ||||
|---|---|---|---|---|
| ||||
if ( ( v == w ) && flag ) { /* ... */ };
|
When the assignment is intended, the following is an alternative compliant solution:
| Code Block | ||||
|---|---|---|---|---|
| ||||
if ( ( (v = w) != 0 ) && flag ) { /* ... */ }; |
Risk Assessment
Errors of omission can result in unintended program flow.
...
Tool | Version | Checker | Description | LDRA tool suite||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE |
|
| Could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an | ||||||||||
| LDRA
| LDRA
| exprctxt | Fully implemented. | |||||||||
GCC |
|
| Can detect violations of this recommendation when the | Compass/ROSE
|
| Could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an | |||||||
| ASSIGCOND.GEN |
| |||||||||||
| exprctxt | Fully implemented. | |||||||||||
| PRQA QA-C |
| 3314 | Partially implemented. |
...
| CERT C++ Secure Coding Standard | EXP19-CPP. Do not perform assignments in conditional expressions | ||
|---|---|---|---|
| CERT Oracle Secure Coding Standard for Java | EXP51-JG. Do not perform assignments in conditional expressions | ||
| ISO/IEC TR 17961 (Draft) | No assignment in conditional expressions [boolasgn] | ||
| ISO/IEC TR 24772 | Likely incorrect expression [KOA] | ||
| MITRE CWE | CWE-480, Use of incorrect operator | ISO/IEC TR 17961 (Draft) | No assignment in conditional expressions [boolasgn]
Bibliography
| [Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
|---|
...