SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 83

changes.mady.by.user Swasti Shrivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND (&), bitwise OR (|), or bitwise XOR (^) operators with an operand of type _Bool, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.

Noncompliant Code Example

In this noncompliant code example, a bitwise & operator is used with the results of two equality-expressions:

Code Block
bgColor#FFcccc
langc
if (getuid() == 0 & getgid() == 0) { 
  /* ... */ 
}

Compliant Solution

This compliant solution uses the && operator for the logical operation within the conditional expression:

Code Block
bgColor#ccccff
langc
if (getuid() == 0 && getgid() == 0) {
  /* ... */
}

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP46-C

Low

Likely

Low

P9

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
inappropriate-boolSupported indirectly via MISRA C:2012 Rule 10.1
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP46
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.IOTInappropriate operand type

Coverity

Include Page
Coverity_V
Coverity_V

CONSTANT_EXPRESSION_RESULT

Partially implemented

Cppcheck
Include Page
Cppcheck_V
Cppcheck_V
cert.pyDetected by the addon cert.py
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3344, C4502

C++3709


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.LOGIC.OPERATOR.NOT_BOOL
LDRA tool suite
Include Page
LDRA_V
LDRA_V
136 SFully Implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-EXP46-b

Expressions that are effectively Boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, ?:)

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

514

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule EXP46-C

Checks for bitwise operations on boolean operands (rule fully covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V564, V1015

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

inappropriate-boolSupported indirectly via MISRA C:2012 Rule 10.1

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

ISO/IEC TR 24772:2013Likely Incorrect Expression [KOA]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-480, Use of incorrect operator2017-07-05: CERT: Rule subset of CWE
CWE 2.11CWE-5692017-07-06: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-480 and EXP46-C

Intersection( EXP45-C, EXP46-C) = Ø

CWE-480 = Union( EXP46-C, list) where list =

  • Usage of incorrect operator besides s/&/&&/ or s/|/||/

Bibliography

[Hatton 1995]Section 2.7.2, "Errors of Omission and Addition"