CERT C++: EXP52-CPP

The issue occurs when the right hand operand of a logical && or || operator contains side effects. When evaluated, an expression with side effect modifies at least one of the variables in the expression.

The checker does not consider volatile accesses and function calls as potential side effects.

When evaluated, an expression with side effect modifies at least one of the variables in the expression. For instance, n++ is an expression with side effect.

The right-hand operand of a:

In other cases, the right-hand operands are not evaluated, so side effects of the expression do not take place. If your program relies on the side effects, you might see unexpected results in those cases.

If you want the expression in the right-hand operand evaluated, perform the evaluation in a separate statement.

For instance, instead of:

if(isOK && n++) {}

n++;
if(isOK && n) {}

This issue occurs when the sizeof, alignof or decltype operator operates on an expression with a side effect. When evaluated, an expression with side effect modifies at least one of the variables in the expression.

For instance, the defect checker does not flag sizeof(n+1) because n+1 does not modify n. The checker flags sizeof(n++) because n++ is intended to modify n.

Side effects in an alignof operator or decltype operator do not persist beyond the operation. The expression in a sizeof operator is evaluated only if it is required for calculating the size of a variable-length array, for instance, sizeof(a[n++]).

When an expression with a side effect is not evaluated, the variable modification from the side effect does not happen. If you rely on the modification, you can see unexpected results.

Evaluate the expression with a side effect in a separate statement, and then use the result in a sizeof, _Alignof, or _Generic operator.

For instance, instead of:

a = sizeof(n++);

n++;
a = sizeof(n);

The checker considers a function call as an expression with a side effect. Even if the function does not have side effects now, it might have side effects on later additions. The code is more maintainable if you call the function outside the sizeof operator. If you call a function in a decltype, for instance, to select the correct overload of a function and then determine its return type, the checker considers such a call as an exception.

#include <stdio.h>

void func(void) {
    unsigned int a = 1U;
    unsigned int b = (unsigned int)sizeof(++a); //Noncompliant
    printf ("%u, %u\n", a, b);
}

In this example, sizeof operates on ++a, which is intended to modify a. Because the expression is not evaluated, the modification does not happen. The printf statement shows that a still has the value 1.

One possible correction is to perform the increment first, and then provide the result to the sizeof operator.

#include <stdio.h>

void func(void) {
    unsigned int a = 1U;
    ++a;
    unsigned int b = (unsigned int)sizeof (a); 
    printf ("%u, %u\n", a, b);
}