...
Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way, which can lead to unexpected and abnormal program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP00-C | Low | Probable | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC-EXP00 | Fully implemented | ||||||
CodeSonar |
| LANG.STRUCT.PARENS | Missing Parentheses | ||||||
| CC2.EXP00 | Fully implemented | |||||||
Helix QAC |
| C3389, C3390, C3391, C3392, C3393, C3394, C3395, C3396, C3397, C3398, C3399, C3400 | |||||||
Klocwork |
| CERT.EXPR.PARENS | |||||||
LDRA tool suite |
| 361 S, 49 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-EXP00-a | Use parenthesis to clarify expression order if operators with precedence lower than arithmetic are used | |||||||
PC-lint Plus |
| 9050 | Fully supported | ||||||
Polyspace Bug Finder |
|
|
| Checks for possible |
unintended evaluation of expression because of operator precedence rules |
Operator precedence rules cause unexpected evaluation order in arithmetic expression
(rec. fully covered) | ||
PVS-Studio |
|
|
|
|
|
|
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
| V502, V593, V634, V648, V1104 | ||||||||
SonarQube C/C++ Plugin |
| S864 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID EXP00-CPP. Use parentheses for precedence of operation |
ISO/IEC TR 24772:2013 | Operator Precedence/Order of Evaluation [JCW] |
MISRA C:2012 | Rule 12.1 (advisory) |
Bibliography
[Dowd 2006] | Chapter 6, "C Language Issues" ("Precedence," pp. 287–288) |
[Kernighan 1988] |
[NASA-GB-1740.13] | Section 6.4.3, "C Language" |
...