Page History

...

The recommendation EXP30-J. Do not depend on operator precedence while using expressions containing side-effects advises against depending on parentheses for specifying the evaluation order, however this advice is applicable only to expressions that contain side-effects.

Noncompliant Code Example

The intent of the expression in this noncompliant code example is to add the variable OFFSET with the result of the bitwise AND between x and MASK.

...

x & (1337 - 1337)

Compliant Solution

In this compliant solution, parentheses are used to ensure that the expression evaluates as expected.

public static final int MASK = 1337;
public static final int OFFSET = -1337;

public static int computeCode(int x) {
  return (x & MASK) + OFFSET;
}

Exceptions

EXP00-EX1: Mathematical expressions that follow algebraic order do not require parentheses. For instance, consider the expression:

...

x + (y * z)

Risk Assessment

Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way. This can lead to unexpected and abnormal program behavior.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Coding Standard as EXP00-C. Use parentheses for precedence of operation.

This rule appears in the C++ Secure Coding Standard as EXP00-CPP. Use parentheses for precedence of operation.

References

\[[Tutorials 08|AA. Java References#Tutorials 08]\] [Expressions, Statements, and Blocks|http://java.sun.com/docs/books/tutorial/java/nutsandbolts/expressions.html], [Operators|http://java.sun.com/docs/books/tutorial/java/nutsandbolts/operators.html]
\[[ESA 05|AA. Java References#ESA 05]\] Rule 65: Use parentheses to explicitly indicate the order of execution of numerical operators

...