SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 9

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reorg'd exceptions, added code examples for comma-operator exception

...

Exceptions

EXP10-EX1: The && operator guarantees left-to-right evaluation; there is a sequence point after the evaluation of the first operand.EXP10-EX2: The || operator guarantees and || operators guarantee left-to-right evaluation; there is a sequence point after the evaluation of the first operand.

EXP10-EX3EX2: The first operand of a condition expression is evaluated; there is a sequence point after its evaluation. The second operand is evaluated only if the first compares unequal to 0; the third operand is evaluated only if the first compares equal to 0.

EXP10-EX3: There is a sequence point before function calls, meaning that the function designator, the actual arguments, and subexpressions within the actual arguments are evaluated before the function is invoked.

EXP10-EX4: The left operand of a comma operator is evaluated followed by the right operand. There is a sequence point in between.EXP10-EX5: There is a sequence point before function calls, meaning that the function designator, the actual arguments, and subexpressions within the actual arguments are evaluated before the function is invoked

Note that while commas serve to delimit multiple arguments in a function call, these commas are not considered "comma operators". Multiple arguments of a function call may be evaluated in any order, with no sequence points in between each other.

Non-Compliant Code Example

The resulting value of g in this non-compliant code example depends on unspecified behavior:

Code Block
bgColor#FFcccc

int g;

int f(int i) {
  g = i;
  return i;
}

void h(int h1, int h2) {
  /* ... */
}

int main(void) {
  h( f(1), f(2));  /* NOT a comma operator! */
  /* ... */
  return 0;
}

This code may result in g being assigned the value 1, or equally likely, being assigned the value 2.

Compliant Solution

This compliant solution is independent of the order of evaluation of the operands and can only be interpreted in one way.

Code Block
bgColor#ccccff

int g;

int f(int i) {
  g = i;
  return i;
}

int main(void) {
  int x = f(1), f(2);  /* a true comma operator */
  /* ... */
  return 0;
}

This code always results in g being assigned the value 2.

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP10-A

medium

probable

medium

P8

L2

...