Page History

C programmers commonly make errors regarding the precedence rules of C operators because of the unintuitive low-precedence levels of &, |, ^, <<, and >>. Mistakes regarding precedence rules can be avoided by the suitable use of parentheses. Using parentheses defensively reduces errors and, if not taken to excess, makes the code more readable.

Subclause 6.5 of the C Standard defines the precedence of operation by the order of the subclauses.

Noncompliant Code Example

The intent of the expression in this noncompliant code example is to test the least significant bit of x:

x & 1 == 0

Because of operator precedence rules, the expression is parsed as

x & (1 == 0)

which evaluates to

(x & 0)

and then to 0.

Compliant Solution

In this compliant solution, parentheses are used to ensure the expression evaluates as expected:

(x & 1) == 0

Exceptions

EXP00-EX1: Mathematical expressions that follow algebraic order do not require parentheses. For instance, in the expression

x + y * z

the multiplication is performed before the addition by mathematical convention. Consequently, parentheses to enforce the algebraic order would be redundant:

x + (y * z)

Risk Assessment

Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way, which can lead to unexpected and abnormal program behavior.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography