C programmers commonly make errors regarding the precedence rules of C operators due to the unintuitive low precedence levels of "&", "|", "^", "<<", and ">>". Mistakes regarding precedence rules can be avoided by the suitable use of parentheses. Using parentheses defensively reduces errors and, if not taken to excess, makes the code more readable.

Section 6.5 of \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] (C99) defines the precedence of operation by the order of the subclauses.

Non-Compliant Code Example

The intent of the expression in this non-compliant code example is to test the least significant bit of x.

x & 1 == 0

Because of operator precedence rules, the expression is parsed as

x & (1 == 0)

which the compiler evaluates to

(x & 0)

and then to 0.

Compliant Solution

In this compliant solution, parentheses are used to ensure the expression evaluates as expected.

(x & 1) == 0

Non-Compliant Code Example

It is common for C programmers to assign the return value of a function while concurrently checking for and in-band error condition.

if(ret = foo() != err) {
  /* use ret */
}

However, since comparison binds tighter than assignment, the value of foo() != err is stored in ret. So if foo() succeeds, ret will always be set to 0, and the if-statement will execute if and only if foo() fails, exactly opposite of what the programmer expects.

Compliant Solution

if((ret = foo()) != err) {
  /* use ret */
}

Exceptions

EXP00-EX1: Mathematical expressions that follow algebraic order do not require parentheses. For instance, in the expression:

x + y * z

the multiplication is performed before the addition by mathematical convention. Therefore parenthesis to enforce this would be redundant.

x + (y * z)

Risk Assessment

Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way. This can lead to unexpected and abnormal program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP00-A

1 (low)

2 (probable)

2 (medium)

P4

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Precedence, pp. 287-288)
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.5, "Expressions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "JCW Operator precedence/Order of Evaluation"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 12.1
\[[NASA-GB-1740.13|AA. C References#NASA-GB-1740.13]\] Section 6.4.3, "C Language"

03. Expressions (EXP)      03. Expressions (EXP)       EXP01-A. Do not take the size of a pointer to determine the size of the pointed-to type