SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version Current

changes.mady.by.user Joerg Herter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Do Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND (&), ampersand) or bitwise OR (|), pipe) operator in a conditional expression because this typically indicates programmer error and can result in unexpected behavior. Only use & or | only for bitwise operations, and to use && or || only for logical operationsor bitwise XOR (^) operators with an operand of type _Bool, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.

Noncompliant Code Example

In this noncompliant code example, a bitwise expression is used in a conditional expression. bitwise & operator is used with the results of two equality-expressions:

Code Block
bgColor#FFcccc
langc

if (!(getuid() == 0 & geteuidgetgid() == 0)) { 
  /* ... */ 
}

Compliant Solution

This compliant solution uses the && operator for the logical operation within the conditional expression.:

Code Block
bgColor#ccccff
langc

if (!(getuid() == 0 && geteuidgetgid() == 0)) {
  /* ... */
}

Bibliography 

Risk Assessment
Rule
Severity
Likelihood
Remediation Cost
Priority
Level
EXP46-C
Low
Likely
Low
P9
L2
Automated Detection
Tool
Version
Checker
Description
Astrée
 Include Page
Astrée_V
Astrée_V
bitwise-operator-with-boolean-like-operandFully checked
Axivion Bauhaus Suite
 Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-EXP46
CodeSonar
 Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.IOTInappropriate operand type
Coverity
 Include Page
Coverity_V
Coverity_V
CONSTANT_EXPRESSION_RESULT
Partially implemented
Cppcheck
 Include Page
Cppcheck_V
Cppcheck_V
bitwiseOnBoolean
Cppcheck Premium
 Include Page
Cppcheck Premium_V
Cppcheck Premium_V
bitwiseOnBoolean
Helix QAC
 Include Page
Helix QAC_V
Helix QAC_V
C3344, C4502
C++3709

Klocwork
 Include Page
Klocwork_V
Klocwork_V
MISRA.LOGIC.OPERATOR.NOT_BOOL
LDRA tool suite
 Include Page
LDRA_V
LDRA_V
136 SFully Implemented
Parasoft C/C++test
 Include Page
Parasoft_V
Parasoft_V
CERT_C-EXP46-b
Expressions that are effectively Boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, ?:)
PC-lint Plus
 Include Page
PC-lint Plus_V
PC-lint Plus_V
514
Fully supported
Polyspace Bug Finder
 Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V
CERT C: Rule EXP46-C
Checks for bitwise operations on boolean operands (rule fully covered)
PVS-Studio
 Include Page
PVS-Studio_V
PVS-Studio_V
V564, V1015

RuleChecker
 Include Page
RuleChecker_V
RuleChecker_V
bitwise-operator-with-boolean-like-operandFully checked
Security Reviewer - Static Reviewer
 Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V
C73Fully implemented
Related Guidelines
Key here (explains table format and definitions)
Taxonomy
Taxonomy item
Relationship
ISO/IEC TR 24772:2013Likely Incorrect Expression [KOA]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-480, Use of incorrect operator2017-07-05: CERT: Rule subset of CWE
CWE 2.11CWE-5692017-07-06: CERT: Rule subset of CWE
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-480 and EXP46-C
Intersection( EXP45-C, EXP46-C) = Ø
CWE-480 = Union( EXP46-C, list) where list =
  • Usage of incorrect operator besides s/&/&&/ or s/|/||/
Bibliography
[Hatton 1995]Section 2.7.2, "Errors of Omission and Addition"

...
Image Added Image Added Image Added Wiki Markup\[Hatton 95\] Section 2.7.2, "Errors of omission and addition" 
\[ISO/IEC PDTR 24772\] "KOA Likely Incorrect Expressions" 
\[Seacord 09\] "MSC02-C. Avoid errors of omission"