Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND (&
), bitwise OR (|
), or bitwise XOR (^
) operators with an operand of type _Bool
, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.
In this noncompliant code example, a bitwise &
operator is used with the results of two equality-expressions:
if (getuid() == 0 & getgid() == 0) { /* ... */ } |
This compliant solution uses the &&
operator for the logical operation within the conditional expression:
if (getuid() == 0 && getgid() == 0) { /* ... */ } |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP46-C | Low | Likely | Low | P9 | L2 |
Tool | Version | Checker | Description |
---|---|---|---|
Astrée | inappropriate-bool | Supported indirectly via MISRA C:2012 Rule 10.1 | |
Axivion Bauhaus Suite | CertC-EXP46 | ||
CodeSonar | LANG.TYPE.IOT | Inappropriate operand type | |
CONSTANT_EXPRESSION_RESULT | Partially implemented | ||
Cppcheck | cert.py | Detected by the addon cert.py | |
Helix QAC | C3344, C4502 C++3709 | ||
Klocwork | MISRA.LOGIC.OPERATOR.NOT_BOOL | ||
LDRA tool suite | 136 S | Fully Implemented | |
Parasoft C/C++test | CERT_C-EXP46-b | Expressions that are effectively Boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, ?:) | |
PC-lint Plus | 514 | Fully supported | |
Polyspace Bug Finder | CERT C: Rule EXP46-C | Checks for bitwise operations on boolean operands (rule fully covered) | |
PVS-Studio | V564, V1015 | ||
RuleChecker | inappropriate-bool | Supported indirectly via MISRA C:2012 Rule 10.1 |
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
ISO/IEC TR 24772:2013 | Likely Incorrect Expression [KOA] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-480, Use of incorrect operator | 2017-07-05: CERT: Rule subset of CWE |
CWE 2.11 | CWE-569 | 2017-07-06: CERT: Rule subset of CWE |
Key here for mapping notes
Intersection( EXP45-C, EXP46-C) = Ø
CWE-480 = Union( EXP46-C, list) where list =
[Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |