Do not use the bitwise
AND (&, ampersand) or bitwise
OR (|, pipe) operator in a conditional expression because this typically indicates programmer error and can result in unexpected behavior. Use &
or |
only for bitwise operations and use &&
or ||
only for logical operations.
Noncompliant Code Example
In this noncompliant code example, a bitwise
expression is used in a conditional expression.
if (!(getuid() & geteuid() == 0)) { /* ... */ }
Compliant Solution
This compliant solution uses the &&
operator for the logical operation within the conditional expression.
if (!(getuid() && geteuid() == 0)) { /* ... */ }
Automated Detection
The Coverity Prevent Version 5.0 CONSTANT_EXPRESSION_RESULT checker can detect the specific instance where bitwise operator is used in place of logical operator or vice versa. The behavior might be desirable in some situation, so further verification is necessary.
Bibliography
[Hatton 95] Section 2.7.2, "Errors of omission and addition"
[ISO/IEC PDTR 24772] "KOA Likely Incorrect Expressions"
[[MITRE 07]] CWE ID 480, "Use of Incorrect Operator"
03. Expressions (EXP) EXP18-C. Do not perform assignments in conditional expressions