CERT.EXPR.PARENS

The operator’s precedence within expressions should be made explicit.

Vulnerability and risk

Mistakes regarding precedence rules can cause an expression to be evaluated in an unintended way, which can result in unexpected behavior.

Vulnerable code example

1
2
3
4
5
6
7
   unsigned int test(unsigned int m, unsigned int n, unsigned int o)
   {
      unsigned int a;
      a = m == n | o ? o : n;
      o = m * n + a;
      return o;
   }

In this noncompliant example, Klocwork reports a CERT.EXPR.PARENS defect on lines 4 and 5 because the code does not use parentheses with operators to indicate precedence. This code can result in unexpected behavior.

Fixed code example

1
2
3
4
5
6
7
   unsigned int test(unsigned int m, unsigned int n, unsigned int o)
   {
      unsigned int a;
      a = (m == n) | o ? o : n;
      o = (m * n) + a;
      return o;
   }

The above example is compliant because it uses parentheses to properly indicate precedence.

Related checkers

• MISRA.EXPR.PARENS.2012

External guidance

• CERT EXP50-CPP: Do not depend on the order of evaluation for side effects
• CERT EXP00-C: Use parentheses for precedence of operation