Main Content

CERT C: Rule EXP46-C

Do not use a bitwise operator with a Boolean-like operand

Description

Rule Definition

Do not use a bitwise operator with a Boolean-like operand.1

Polyspace Implementation

The rule checker checks for Use of bitwise operator with a Boolean-like operand.

Examples

expand all

Issue

Use of bitwise operator with a Boolean-like operand occurs when you use bitwise operators, such as:

  • Bitwise AND (&, &=)

  • Bitwise OR (|, |=)

  • Bitwise XOR (^, ^=)

  • Bitwise NOT(~)

with:

  • Boolean type variables

  • Outputs of relational or equality expressions

Using Boolean type variables as array indices, in Boolean arithmetic expression, and in shifting operations does not raise this defect.

Risk

Boolean-like operands, such as variables of type bool and outputs of relational operators typically appear in logical expressions. Using a bitwise operator in an expression containing Boolean variables and relational operators might be a sign of logic error. Because bitwise operators and logical operators look similar, you might inadvertently use a bitwise operator instead of a logical operator. Such logic errors do not raise any compilation error and can introduce bugs in your code that are difficult to find.

Fix

Use logical operators in expressions that contain Boolean variables and relational operator. To indicate that you intend to use a bitwise operator in such an expression, use parentheses.

Example — Possible Bug Due to Using Bitwise Operator
int getuid();
int geteuid();
void func ()
{
	if (getuid () & geteuid () == 0) {//Noncompliant   
		/* ... */
	}else{
		/*...*/
	}
}

In this example, the if-else block is executed conditionally. The conditional statement uses the bitwise AND (&) instead of the logical AND (&&), perhaps by mistake. Consider when the function geteuid() evaluates to 0, and getuid() evaluates to 2. In this case, the else block of code executes if you use & because 2&1 evaluates to false. Conversely, the if block of code executes when you use && because 2&&1 evaluates to true. Using & instead of && might introduce logic errors and bugs in your code that are difficult to find. Polyspace® flags the use of bitwise operators in these kinds of expressions where relational operators are also used.

Correction — Use Logical Operators with Boolean-Like Operands

One possible correction is to use logical operators in expressions that contain relational operators and Boolean variables.

int getuid();
int geteuid();
void func ()
{
	if (getuid () && geteuid () == 0) { //Compliant   
		/* ... */
	}else{
		/*...*/
	}
}
Correction — Enclose Operands in Parentheses

Another possible correction, if your intent is to use the & operator, is to enclose the operands in parentheses to preserve the order of operations and the intended logic.

int getuid();
int geteuid();
void func ()
{
	if ((getuid ()) & (geteuid () == 0)) { //Compliant  
		/* ... */
	}else{
		/*...*/
	}
}

Check Information

Group: Rule 03. Expressions (EXP)

Version History

Introduced in R2019a

expand all


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.