Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND (&), bitwise OR (|), or bitwise XOR (^) operators with an operand of type _Bool, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.
Noncompliant Code Example
In this noncompliant code example, a bitwise & operator is used with the results of an equality-expression:
if (!(getuid() & geteuid() == 0)) {
/* ... */
}
Compliant Solution
This compliant solution uses the && operator for the logical operation within the conditional expression:
if (!(getuid() && geteuid() == 0)) {
/* ... */
}
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP46-C | Low | Likely | Low | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Astrée | 24.04 | inappropriate-bool | Supported indirectly via MISRA C:2012 Rule 10.1 |
| Axivion Bauhaus Suite | 7.2.0 | CertC-EXP46 | |
| CodeSonar | 8.1p0 | LANG.TYPE.IOT | Inappropriate operand type |
2017.07 | CONSTANT_EXPRESSION_RESULT | Partially implemented | |
| Cppcheck | 1.66 | cert.py | Detected by the addon cert.py |
| Helix QAC | 2024.1 | C3344, C4502 C++3709 | |
| Klocwork | 2024.1 | MISRA.LOGIC.OPERATOR.NOT_BOOL | |
| LDRA tool suite | 9.7.1 | 136 S | Fully Implemented |
| Parasoft C/C++test | 2023.1 | CERT_C-EXP46-b | Expressions that are effectively Boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, ?:) |
| PC-lint Plus | 1.4 | 514 | Fully supported |
| Polyspace Bug Finder | R2023b | CERT C: Rule EXP46-C | Checks for bitwise operations on boolean operands (rule fully covered) |
| PRQA QA-C | Unable to render {include} The included page could not be found. | 3344,4502 | |
| PRQA QA-C++ | 4.4 | 3709 | |
| PVS-Studio | 7.30 | V564, V1015 | |
| RuleChecker | 24.04 | inappropriate-bool | Supported indirectly via MISRA C:2012 Rule 10.1 |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| ISO/IEC TR 24772:2013 | Likely Incorrect Expression [KOA] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-480, Use of incorrect operator | 2017-07-05: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-569 | 2017-07-06: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-480 and EXP46-C
Intersection( EXP45-C, EXP46-C) = Ø
CWE-480 = Union( EXP46-C, list) where list =
- Usage of incorrect operator besides s/&/&&/ or s/|/||/
Bibliography
| [Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
