...
Attempting to modify an object in an unsequenced or indeterminately sequenced evaluation may cause that object to take on an unexpected value, which can lead to unexpected program behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP50-CPP | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC++-EXP50 | |||||||
Clang |
| -Wunsequenced | Can detect simple violations of this rule where path-sensitive analysis is not required | ||||||
CodeSonar |
| LANG.STRUCT.SE.DEC | Side Effects in Expression with Decrement | |||||||
Compass/ROSE | Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator | ||||||||
| EVALUATION_ORDER | Can detect the specific instance where a statement contains multiple side effects on the same value with an undefined evaluation order because, with different compiler flags or different compilers or platforms, the statement may behave differently | |||||||
| CC2.EXP30 | Fully implemented | |||||||
GCC |
|
Can detect violations of this rule when the |
Helix QAC |
|
|
|
C++3220, C++3221, C++3222, C++3223, C++3228 | ||||||||
Klocwork |
| PORTING.VAR.EFFECTS |
CERT.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT MISRA |
. |
MISRA.
INCR_DECR.OTHER |
LDRA tool suite |
| 35 D, 1 Q, 9 S, 134 S, 67 D, 72 D | Partially implemented | ||||||
Parasoft C/C++test |
|
|
|
CERT_CPP-EXP50-a | The value of an expression shall be the same under any order of evaluation that the standard permits | ||||||||
Polyspace Bug Finder |
| CERT C++: EXP50-CPP | Checks for situations where expression value depends on order of evaluation (rule fully covered). | ||||||
PVS-Studio |
| V521, V708 |
SonarQube C/C++ Plugin |
| IncAndDecMixedWithOtherOperators | Partially implemented | ||||||
Splint |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 14882-2014] | Subclause 1.9, "Program Execution" |
[MISRA 2008] | Rule 5-0-1 (Required) |
...
...