The logical AND and logical OR operators (&&, ||) exhibit "short circuit" operation. That is, the second operand is not evaluated if the result can be deduced solely by evaluating the first operand. Therefore, the second operand should not contain side effects since, if it does, it will not be apparent whether the side effects happen.
Non-Compliant Code Example
int i;
int max;
...
if ( (i >= 0 && (i++) <= max) ) {
...
}
It is unclear whether the value of i will be incremented as a result of evaluating the condition.
Compliant Solution
In this compliant solution, the behavior is much clearer.
int i;
int max;
...
if ( (i >= 0 && (i + 1) <= max) ) {
i++;
...
}
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP01-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |