| Note | ||
|---|---|---|
| ||
This rule may be deprecated and replaced by a similar guideline. 06/28/2014 -- Version 1.0 |
According to the The Java Language Specification (JLS), §15.7, "Evaluation Order" [JLS 20052015]:
The Java programming language guarantees that the operands of operators appear to be evaluated in a specific evaluation order, namely, from left to right.
§15.7.3, "Evaluation Respects Parentheses and Precedence" adds:
Java programming language implementations must respect the order of evaluation as indicated explicitly by parentheses and implicitly by operator precedence.
...
| Code Block | ||
|---|---|---|
| ||
class BadPrecedence {
public static void main(String[] args) {
int number = 17;
int threshold = 10;
number = (number > threshold ? 0 : -2)
+ ((31 * ++number) * (number = get()));
// ...
if (number == 0) {
System.out.println("Access granted");
} else {
System.out.println("Denied access"); // number = -2
}
}
public static int get() {
int number = 0;
// Assign number to non-zerononzero value if authorized, else 0
return number;
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
final int authnum = get(); number = ((31 * (number + 1)) * authnum) + (authnum > threshold ? 0 : -2); |
Exceptions
EXP05-J-EX0: The increment and decrement operators (++) and (--) read a numeric variable, and then assign a new value to the variable. Although these operators read and modify a value, they are well-understood and are an exception to this rule. This exception does not apply if a value modified by an increment or decrement operator is subsequently read or written.
EXP05-J-EX1: The conditional-or || and conditional-and && operators have well-understood semantics. Writes followed by subsequent writes or reads do not violate this rule if they occur in different operands of || or &&. Consider the following code example:
...
Failure to understand the evaluation order of expressions containing side effects can result in unexpected output.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP05-J | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Detection of all expressions involving both side effects and multiple operator precedence levels is straightforward. Determining the correctness of such uses is infeasible in the general case; heuristic warnings could be useful.
| Tool | Version | Checker | Description |
|---|
| Parasoft Jtest |
| CERT.EXP05.CID | Avoid using increment or decrement operators in nested expressions | ||||||
| PVS-Studio |
| V6044 | |||||||
| SonarQube |
| S881 | Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression |
Related Guidelines
EXP30-C. Do not depend on the order of evaluation for side effects | |
EXP50-CPP. Do not depend on the order of evaluation for side effects | |
Side Effects and Order of Evaluation [SAM] |
Bibliography
...
...