Page History

...

Noncompliant Code Example (sizeof)

In this noncompliant code example, the expression a++ is not evaluated:

...

Consequently, the value of a after b has been initialized is 14.

Compliant Solution (sizeof)

In this compliant solution, the variable a is incremented outside of the sizeof operator:

#include <iostream>
void f() {
  int a = 14;
  int b = sizeof(a);
  ++a;
  std::cout << a << ", " << b << std::endl;
}

Noncompliant Code Example (decltype)

In this noncompliant code example, the expression i++ is not evaluated within the decltype specifier:

...

Consequently, the value of i remains 0.

Compliant Solution (decltype)

In this compliant solution, i is incremented outside of the decltype specifier, so that it is evaluated as desired:

#include <iostream>

void f() {
  int i = 0;
  decltype(i) h = 12;
  ++i;
  std::cout << i;
}

Exceptions

EXP32-CPP-EX1: It is permissible for an expression with side effects to be used as an unevaluated operand in a macro definition or SFINAE context. While these situations rely on the side effects to produce valid code, they typically do not rely on values produced as a result of the side effects.

...

In an instantiation of is_incrementable, the use of the postfix increment operator generates side effects which are used to determine whether the type is postfix incrementable. However, the value result of these side effects is discarded, so the side effects are only used for SFINAE.

Risk Assessment

If expressions that appear to produce side effects are an unevaluated operand, the results may be different than expected. Depending on how this result is used, it can lead to unintended program behavior.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography