Opening and closing braces for if, for, or while statements should always be used, even if said statement has only a single body line.
Braces help improve the uniformity, and therefore readability of code.
More importantly, when inserting an additional statement in a body containing only a single line, it is easy to forget to add braces when the indentation tends to give a strong (but probably misleading) guide to the structure.
Noncompliant Code Example
This noncompliant code example uses an if-else statement without braces to authenticate a user.
int login; if (invalid_login()) login = 0; else login = 1;
The programmer adds a debugging statement to determine when the login is valid, but forgets to add opening and closing braces.
int login;
if (invalid_login())
login = 0;
else
printf("Login is valid\n");
login = 1;
Due to the indentation of the code, it is difficult to tell that the code is not functioning as intended by the programmer, leading to a possible security breach.
Compliant Code Example
Opening and closing braces are used even when the body is a single statement.
int login;
if (invalid_login()) {
login = 0;
} else {
login = 1;
}
Noncompliant Code Example
When you have an if-else statement nested in another if statement, always put braces around the if-else.
This noncompliant code example does not use braces.
if (a)
if (b)
win();
else
lose();
Compliant Code Example
if (a) {
if (b)
Unknown macro: { win(); }
else
Unknown macro: { lose(); }
}