...
The C Standard, 6.5, paragraph 2 [ISO/IEC 9899:20112024], states
If a side effect on a scalar object is unsequenced relative to either a different side effect on the same scalar object or a value computation using the value of the same scalar object, the behavior is undefined. If there are multiple allowable orderings of the subexpressions of an expression, the behavior is undefined if such an unsequenced side effect occurs in any of the orderings.
This requirement must be met for each allowable ordering of the subexpressions of a full expression; otherwise, the behavior is undefined. (See undefined behavior 3534.)
The following sequence points are defined in the C Standard, Annex C [ISO/IEC 9899:2011]:
...
Furthermore, Section 6.5.1617.1, paragraph 3 [ISO/IEC 9899:2024] says (regarding assignment operations):
The side effect of updating the stored value of the left operand is sequenced after the value computations of the left and right operands.
This rule means that statements such as
...
Not all instances of a comma in C code denote a usage of the comma operator. For example, the comma between arguments in a function call is not a sequence point. However, according to the C Standard, 6.5.23.23, paragraph 10 8 [ISO/IEC 9899:20112024]
Every evaluation in the calling function (including other function calls) that is not otherwise specifically sequenced before or after the execution of the body of the called function is indeterminately sequenced with respect to the execution of the called function.
This rule means that the order of evaluation for function call arguments is unspecified and can happen in any order.
...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| evaluation-order multiple-volatile-accesses | Fully checked | ||||||||||||
Axivion Bauhaus Suite |
| CertC-EXP30 | |||||||||||||
Clang |
| -Wunsequenced | Detects simple violations of this rule, but does not diagnose unsequenced function call arguments. | ||||||||||||
CodeSonar |
| LANG.STRUCT.SE.DEC | Side Effects in Expression with Decrement | ||||||||||||
Compass/ROSE | Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator | ||||||||||||||
| EVALUATION_ORDER | Can detect the specific instance where a statement contains multiple side effects on the same value with an undefined evaluation order because, with different compiler flags or different compilers or platforms, the statement may behave differently | |||||||||||||
Cppcheck |
| unknownEvaluationOrder | Partially implemented | ||||||||||||
Cppcheck Premium |
| unknownEvaluationOrder | Partially implemented | ||||||||||||
| CC2.EXP30 | Fully implemented | |||||||||||||
GCC |
| Can detect violations of this rule when the | |||||||||||||
Helix QAC |
| C0400C0400, C0401, C0402, C0403, C0404, C0405 | Fully implemented | ||||||||||||
Klocwork |
| PORTING.VAR.EFFECTS | Fully implemented | ||||||||||||
LDRA tool suite |
| 35 D, 1 Q, 9 S, 30 S, 134 S | Partially implemented | ||||||||||||
Parasoft C/C++test |
| CERT_C-EXP30-a | The value of an expression shall be the same under any order of evaluation that the standard permits | ||||||||||||
PC-lint Plus |
| 564 | Partially supported | ||||||||||||
Polyspace Bug Finder |
| CERT C: Rule EXP30-C | Checks for situations when expression value depends on order of evaluation or of side effects (rule partially covered) | ||||||||||||
PRQA QA-C | |||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 0400, 0401, 0402, 0403, 0404, 0405 | Fully implemented | PVS-Studio |
| V532, V567 | ||||||||
RuleChecker |
| evaluation-order multiple-volatile-accesses | Fully checked | ||||||||||||
Splint |
| ||||||||||||||
SonarQube C/C++ Plugin |
| IncAndDecMixedWithOtherOperators | |||||||||||||
TrustInSoft Analyzer |
| separated | Exhaustively verified (see one compliant and one non-compliant example). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Bibliography
[ISO/IEC 9899:2011] | Annex C, "Sequence Points" |
[ISO/IEC 9899:2024] | 6.5, "Expressions" 6.5. 217. 21, " Function CallsAssignment Operators" Annex C6.5.3.3, " Sequence PointsFunction Calls" |
[Saks 2007] | |
[Summit 2005] | Questions 3.1, 3.2, 3.3, 3.3b, 3.7, 3.8, 3.9, 3.10a, 3.10b, and 3.11 |
...