Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND (&
), bitwise OR (|
), or bitwise XOR (^
) operators with an operand of type _Bool
, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.
Noncompliant Code Example
In this noncompliant code example, a bitwise &
operator is used with the results of an equality-expression:
if (!(getuid() & geteuid() == 0)) { /* ... */ }
Compliant Solution
This compliant solution uses the &&
operator for the logical operation within the conditional expression:
if (!(getuid() && geteuid() == 0)) { /* ... */ }
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP46-C | Low | Likely | Low | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
CodeSonar | 8.1p0 | LANG.TYPE.IOT | Inappropriate operand type |
2017.07 | CONSTANT_EXPRESSION_RESULT | Can detect the specific instance where bitwise operator is used in place of logical operator, or vice versa. The behavior might be desirable in some situations, so further verification is necessary | |
Klocwork | 2024.1 | MISRA.LOGIC.OPERATOR.NOT_BOOL | |
LDRA tool suite | 9.7.1 | 136 S | Fully Implemented |
Parasoft C/C++test | 9.5 | MISRA2004-12_6_{a,b} | Fully implemented |
PRQA QA-C | Unable to render {include} The included page could not be found. | 3344,4502 | |
Cppcheck | 1.66 | cert.py | Detected by the addon cert.py |
Related Guidelines
ISO/IEC TR 24772:2013 | Likely Incorrect Expression [KOA] |
MITRE CWE | CWE-480, Use of incorrect operator |
Bibliography
[Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |