Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

C programmers commonly make errors regarding the precedence rules of C operators due to because of the nonintuitively unintuitive low-precedence levels of "&", "|", "^", "<<", and ">>". Mistakes regarding precedence rules can be avoided by the suitable use of parentheses. Using parentheses defensively reduces errors and, if not taken to excess, makes the code more readable.

...

.

Subclause 6.5 of the C Standard defines the precedence of operation by the order of the subclauses.

Noncompliant Code Example

The following C expression, intended intent of the expression in this noncompliant code example is to test the least significant bit of x:

Code Block
bgColor#FFCCCC
langc

x & 1 == 0

Because of operator precedence rules, the expression is parsed as

Code Block
bgColor#FFCCCC
langc

x & (1 == 0)

which the compiler would probably evaluate at compile time evaluates to

Code Block
bgColor#FFCCCC
langc

(x & 0)

and then to 0.

Compliant Solution

To get this expression to evaluate as expectedIn this compliant solution, parentheses should be are used to specify the order of operation.ensure the expression evaluates as expected:

Code Block
bgColor#ccccff
langc

(x & 1) == 0

...

Exceptions

unmigratedEXP00-wiki-markup\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.5, "Expressions" \[[NASA-GB-1740.13|AA. C References#NASA-GB-1740.13]\] 6.4.3, "C Language" \[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Precedence, pp. 287-288)C-EX1: Mathematical expressions that follow algebraic order do not require parentheses. For instance, in the expression

Code Block
x + y * z

the multiplication is performed before the addition by mathematical convention. Consequently, parentheses to enforce the algebraic order would be redundant:

Code Block
bgColor#ffcccc
langc
x + (y * z)

Risk Assessment

Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way, which can lead to unexpected and abnormal program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP00-C

Low

Probable

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP00Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.PARENS

Missing Parentheses

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.EXP00

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3389, C3390, C3391, C3392, C3393, C3394, C3395, C3396, C3397, C3398, C3399, C3400


Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.EXPR.PARENS
LDRA tool suite
Include Page
LDRA_V
LDRA_V

361 S, 49 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-EXP00-a

Use parenthesis to clarify expression order if operators with precedence lower than arithmetic are used

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9050

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. EXP00-C


Checks for possible unintended evaluation of expression because of operator precedence rules (rec. fully covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V502, V593, V634, V648, V1104
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S864

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[Dowd 2006]Chapter 6, "C Language Issues" ("Precedence," pp. 287–288)
[Kernighan 1988]
[NASA-GB-1740.13]Section 6.4.3, "C Language"


 

...

Image Added Image Added Image Added