...
Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way, which can lead to unexpected and abnormal program behavior.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
EXP00-C | Low | Probable | Yes |
Yes |
P6 |
L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-EXP00 | Fully implemented | ||||||
| CodeSonar |
| LANG.STRUCT.PARENS | Missing Parentheses | ||||||
| CC2.EXP00 | Fully implemented | |||||||
| Helix QAC |
| C3389, C3390, C3391, C3392, C3393, C3394, C3395, C3396, C3397, C3398, C3399, C3400 | |||||||
| Klocwork |
| CERT.EXPR.PARENS | |||||||
| LDRA tool suite |
| 361 S, 49 S | Fully implemented | ||||||
| Parasoft C/C++test |
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
| CERT_C-EXP00-a | Use parenthesis to clarify expression order if operators with precedence lower than arithmetic are used | |||||||
| PC-lint Plus |
| 9050 | Fully supported | ||||||
| Polyspace Bug Finder |
| Checks for possible unintended evaluation of expression because of operator precedence rules (rec. fully covered) | |||||||
| PVS-Studio |
| V502, V593, V634, V648, V1104 | |||||||
| SonarQube C/C++ Plugin |
| S864 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID EXP00-CPP. Use parentheses for precedence of operation |
| ISO/IEC TR 24772:2013 | Operator Precedence/Order of Evaluation [JCW] |
| MISRA C:2012 | Rule 12.1 (advisory) |
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Precedence," pp. 287–288) |
| [Kernighan 1988] |
| [NASA-GB-1740.13] | Section 6.4.3, "C Language" |
...