Do not refer to an atomic variable twice in an expression.

Vulnerability and risk

When operations on atomic variables are assumed to be atomic, but are not atomic, surprising data races can occur, leading to corrupted data and invalid control flow.

Vulnerable code example

atomic_int n = ATOMIC_VAR_INIT(0);
int compute_sum(void) {
  return n * (n + 1) / 2;

This noncompliant code example takes an atomic global variable n and computes n + (n - 1) + (n - 2) + ... + 1, using the formula n * (n + 1) / 2. The value of n may change between the two atomic reads of n in the expression, yielding an incorrect result.