C programmers commonly make errors regarding the precedence rules of C operators due to the unintuitive low precedence levels of "&", "|", "^", "<<", and ">>". Mistakes regarding precedence rules can be avoided by the suitable use of parentheses. Using parentheses defensively reduces errors and, if not taken to excess, makes the code more readable.
Non-Compliant Code Example
The intent of the expression in this non-compliant code example is to test the least significant bit of x.
x & 1 == 0
Because of operator precedence rules, the expression is parsed as
x & (1 == 0)
which the compiler evaluates to
(x & 0)
and then to 0.
Compliant Solution
In this compliant solution, parentheses are used to ensure the expression evaluates as expected.
(x & 1) == 0
Exceptions
EXP00-EX1: Mathemtical expressions that follow algebraic order do not require parentheses. For instance, in the expression:
x + y * z
the multiplication is performed before the addition by mathematical convention. Therefore parenthesis to enforce this would be redundant.
x + (y * z)
Risk Assessment
Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way. This can lead to unexpected and abnormal program behavior.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP00-A |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
Automated Detection
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Dowd 06]] Chapter 6, "C Language Issues" (Precedence, pp. 287-288)
[[ISO/IEC 9899-1999]] Section 6.5, "Expressions"
[[ISO/IEC PDTR 24772]] "JCW Operator precedence/Order of Evaluation"
[[MISRA 04]] Rule 12.1
[[NASA-GB-1740.13]] Section 6.4.3, "C Language"
03. Expressions (EXP) 03. Expressions (EXP) EXP01-A. Do not take the size of a pointer to determine the size of the pointed-to type