SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 30

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The relational and equality operators are left-associative in C. Consequently, C, unlike many other languages, allows chaining of relational and equality operators. The C standard, Section Subclause 6.5.8, paragraph 6, footnote 107, of the C Standard [ISO/IEC 9899:2011], says:

The expression a<b<c is not interpreted as in ordinary mathematics. As the syntax indicates, it means (a<b)<c; in other words, "if a is less than b, compare 1 to c; otherwise, compare 0 to c."

These operators are left-associative, which means the leftmost comparison is performed first, and the result is compared with the rightmost comparison. This syntax allows a programmer to write an expression (particularly an expression used as a condition) that can be easily misinterpreted.

...

Although this noncompliant code example compiles correctly, it is unlikely that it means what the author of the code intended.:

Code Block
bgColor#FFcccc
langc
int a = 2;
int b = 2;
int c = 2;
/* ... */
if (a < b < c) /* misleading,Misleading; likely bug */
/* ... */
if (a == b == c) /* misleading,Misleading; likely bug */

The expression a < b < c evaluates to true rather than, as its author probably intended, to false, and the expression a == b == c evaluates to false rather than, as its author probably intended, to true.

...

Treat relational and equality operators as if it were invalid to chain them.:

Code Block
bgColor#ccccff
langc
if ( (a < b) && (b < c) ) /* clearer,Clearer and probably what was intended */
/* ... */
if ( (a == b) && (a == c) ) /* dittoDitto */

Risk Assessment

Incorrect use of relational and equality operators can lead to incorrect control flow.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP13-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
chained-comparisonFully checked

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.EXP13

Fully implemented

GCC
Include Page
GCC_V
GCC_V
 


Option -Wparentheses warns if a comparison like x<=y<=z appears

. This

; this warning is also enabled by -Wall

.ECLAIR

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3392, C3401, C4111, C4112, C4113


LDRA tool suite
Include Page
ECLAIR
LDRA_V
ECLAIR
LDRA_V
exprprns
433 SFully implemented
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

503, 731

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. EXP13-CChecks for possibly unintended evaluation of expression because of operator precedence rules (rec. fully covered)

PRQA QA


PVS-
C
Studio

Include Page

PRQA

PVS-Studio_V

PRQA

PVS-Studio_V

V709
3392

RuleChecker
3401
Include Page
4111
4112
4113
RuleChecker_V
RuleChecker_V
chained-comparisonFully checked
Fully implemented.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID EXP17-CPP. Treat relational and equality operators as if they were nonassociative

Bibliography

[ISO/IEC 9899:2011]
Section
Subclause 6.5.8, "Relational Operators"

...


...

Image Modified Image Modified Image Modified