...
Note that while commas serve to delimit multiple arguments in a function call, these commas are not considered "comma operators". Multiple arguments of a function call may be evaluated in any order, with no sequence points in between each other.
Non-Compliant Code Example
The resulting value of g in this non-compliant code example depends on unspecified behavior:
| Code Block | ||
|---|---|---|
| ||
int g;
int f(int i) {
g = i;
return i;
}
void h(int h1, int h2) {
/* ... */
}
int main(void) {
h( f(1), f(2)); /* NOT a comma operator! */
/* ... */
return 0;
}
|
This code may result in g being assigned the value 1, or equally likely, being assigned the value 2.
Compliant Solution
This compliant solution is independent of the order of evaluation of the operands and can only be interpreted in one way.
| Code Block | ||
|---|---|---|
| ||
int g;
int f(int i) {
g = i;
return i;
}
int main(void) {
int x = f(1), f(2); /* a true comma operator */
/* ... */
return 0;
}
|
This code always results in g being assigned the value 2.
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP10-A | medium | probable | medium | P8 | L2 |
...