Page History

Two consecutive question marks signify the start of a trigraph sequence. According to the C Standard, section subclause 5.2.1.1 [ISO/IEC 9899:2011],

All occurrences in a source file of the following sequences of three characters (that is, trigraph sequences) are replaced with the corresponding single character.
??=
#

??)
]

??!
|
??(
[

??'
^

??>
}
??/
\

??<
{

??-
~

Noncompliant Code Example

...

Code Block

bgColor	#FFcccc
lang	c

// What is the value of a now??/
a++;

Compliant Solution

The following This compliant solution eliminates the accidental introduction of the trigraph by separating the question marks:

...

Inadvertent trigraphs can result in unexpected behavior. Some compilers provide options to warn when trigraphs are encountered or to disable trigraph expansion. Use the warning options, and ensure your code compiles cleanly. (See MSC00-C. Compile cleanly at high warning levels.)

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
PRE07-C	Low	Unlikely	Medium	P2	L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

trigraph

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-PRE07

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

dtrigraf

CC2.PRE07

Fully implemented

GCC

Include Page

	GCC_V
	GCC_V

Can detect violation of this recommendation when the -Wtrigraphs flag is used

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C3601

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

81 S

Fully implemented

PRQA QA-C Include PagePRQA_VPRQA_V3601Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-PRE07-a

Trigraphs shall not be used

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

584, 854, 9060

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. PRE07-C

Checks for use of trigraphs (rec. fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

trigraph

Fully checked

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

TrigraphUsage

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

Secure

Coding Standard	VOID PRE07-CPP. Avoid using repeated question marks
MISRA C:2012	Rule 4.2 (advisory)

Bibliography

[ISO/IEC 9899:2011]

Section

Subclause 5.2.1.1, "Trigraph Sequences"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 82

New Version Current

Key

Noncompliant Code Example

Compliant Solution

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography

`??=`	`#`	`??)`	`]`	`??!`	`\|`
`??(`	`[`	`??'`	`^`	`??>`	`}`
`??/`	`\`	`??<`	`{`	`??-`	`~`