SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 111

changes.mady.by.user Roberto Bagnara

Saved on

compared with

New Version 112

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Evaluation of an expression may produce side effects. At specific points during execution, known as sequence points, all side effects of previous evaluations have completed, and no side effects of subsequent evaluations have yet taken place.

The C Standard, Section section 6.5 [ISO/IEC 9899:2011], states:

...

Programs cannot safely rely on the order of evaluation of operands between sequence points. In this noncompliant code example, the order of evaluation of the operands to the + operator is unspecified.:

Code Block
bgColor#FFcccc
langc
a = i + b[++i];

...

These examples are independent of the order of evaluation of the operands and can be interpreted in only one way.:

Code Block
bgColor#ccccff
langc
++i;
a = i + b[i];

...

The order of evaluation for function arguments is unspecified.:

Code Block
bgColorFFcccc
langc
func(i++, i);

...

This solution is appropriate when the programmer intends for both arguments to func() to be equivalent.:

Code Block
bgColor#ccccff
langc
i++;
func(i, i);

This solution is appropriate when the programmer intends for the second argument to be one greater than the first.:

Code Block
bgColor#ccccff
langc
j = i++;
func(j, i);

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator.

Coverity

Include Page
Coverity_V
Coverity_V

EVALUATION_ORDER

Can detect the specific instance where a statement contains multiple side effects on the same value with an undefined evaluation order because, with different compiler flags or different compilers or platforms, the statement may behave differently.

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

evalordr

Fully implemented.

    

GCC

Include Page
GCC_V
GCC_V

 

Can detect violations of this rule when the -Wsequence-point flag is used.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

35 D
1 Q
9 S
134 S

Fully implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V

0400 [U]
0401 [U]
0402 [U]
0403 [U]

Fully implemented.

Splint

Include Page
Splint_V
Splint_V

 

 

...

CERT C++ Secure Coding StandardEXP30-CPP. Do not depend on order of evaluation between sequence points
CERT Oracle Secure Coding Standard for JavaEXP05-J. Do not write more than once to the same variable within an expression
ISO/IEC TR 24772:2013Operator Precedence/Order of Evaluation [JCW]
Side-effects and Order of Evaluation [SAM]
MISRA - C:2012Rule 12.1 (advisory)

Bibliography

[ISO/IEC 9899:2011]Section 6.5, "Expressions," and Annex C, "Sequence Points"
[Summit 2005]Questions 3.1, 3.2, 3.3, 3.3b, 3.7, 3.8, 3.9, 3.10a, 3.10b, and 3.11
[Saks 2007] 

...