Two consecutive question marks signify the start of a trigraph sequence. According to the C Standard, section subclause 5.2.1.1 [ISO/IEC 9899:2011],
All occurrences in a source file of the following sequences of three characters (that is, trigraph sequences) are replaced with the corresponding single character.
??=
#
??)
]
??!
|
??(
[
??'
^
??>
}
??/
\
??<
{
??-
~
Noncompliant Code Example
In this noncompliant code example, a++
is not executed because the trigraph sequence ??/
is replaced by \
, logically putting a++
on the same line as the comment.:
Code Block | ||||
---|---|---|---|---|
| ||||
// whatWhat is the value of a now??/ a++; |
Compliant Solution
The following This compliant solution eliminates the accidental introduction of the trigraph by separating the question marks.:
Code Block | ||||
---|---|---|---|---|
| ||||
// whatWhat is the value of a now? ?/ a++; |
...
This noncompliant code example includes the trigraph sequence ??!
, which is replaced by the character |
.:
Code Block | ||||
---|---|---|---|---|
| ||||
size_t i = /* someSome initial value */; if (i > 9000) { if (puts("Over 9000!??!") == EOF) { /* Handle Errorerror */ } } |
This example prints Over 9000!|
if a C-compliant compiler is used.
...
This compliant solution uses string concatenation to concatenate the two question marks; otherwise, they are interpreted as beginning a trigraph sequence.:
Code Block | ||||
---|---|---|---|---|
| ||||
size_t i = /* someSome initial value */; /* assignmentAssignment of i */ if (i > 9000) { if (puts("Over 9000!?""?!") == EOF) { /* Handle Errorerror */ } } |
This code prints Over 9000!??!
, as intended.
...
Inadvertent trigraphs can result in unexpected behavior. Some compilers provide options to warn when trigraphs are encountered or to disable trigraph expansion. Use the warning options, and ensure your code compiles cleanly. (See MSC00-C. Compile cleanly at high warning levels.)
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE07-C |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|
Astrée |
| trigraph | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-PRE07 | |||||||
|
|
|
CC2.PRE07 | Fully implemented |
GCC |
|
Can detect violation of this recommendation when the |
Helix QAC |
| C3601 | |||||||
LDRA tool suite |
|
|
|
81 S | Fully implemented |
Parasoft C/C++test |
| CERT_C-PRE07-a | Trigraphs shall not be used | ||||||
PC-lint Plus |
| 584, 854, 9060 | Fully supported | ||||||
Polyspace Bug Finder |
| CERT C: Rec. PRE07-C | Checks for use of trigraphs (rec. fully covered) | ||||||
RuleChecker |
| trigraph | Fully checked | ||||||
SonarQube C/C++ Plugin |
| TrigraphUsage |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID PRE07-CPP. Avoid using repeated question marks |
MISRA |
C:2012 | Rule 4.2 (advisory) |
Bibliography
...
...