CWE Rule 480

This issue occurs when an assignment is made inside the predicate of a conditional, such as if or while.

In C and C++, a single equal sign is an assignment not a comparison. Using a single equal sign in a conditional statement can indicate a typo or a mistake.

#include <stdio.h>

void bad_equals_ex(int alpha, int beta)
{
    if(alpha = beta)  //Noncompliant
    {
        printf("Equal\n");
    }
}

The equal sign is flagged as a defect because the assignment operator is used within the predicate of the if-statement. The predicate assigns the value beta to alpha, then implicitly tests whether alpha is true or false.

One possible correction is adding an additional equal sign. This correction changes the assignment to a comparison. The if condition compares whether alpha and beta are equal.

#include <stdio.h>

void equality_test(int alpha, int beta)
{
    if(alpha == beta)
    {
        printf("Equal\n");
    }
}

If an assignment must be made inside the predicate, a possible correction is adding an explicit comparison. This correction assigns the value of beta to alpha, then explicitly checks whether alpha is nonzero. The code is clearer.

#include <stdio.h>

int assignment_not_zero(int alpha, int beta)
{
    if((alpha = beta) != 0)
    {
        return alpha;
    }
    else
    {
        return 0;
    }
}

If the assignment can be made outside the control statement, one possible correction is to separate the assignment and comparison. This correction assigns the value of beta to alpha before the if. Inside the if-condition, only alpha is given to test if alpha is nonzero or not NULL.

#include <stdio.h>

void assign_and_print(int alpha, int beta)
{
    alpha = beta;
    if(alpha)
    {
        printf("%d", alpha);
    }
}

This issue occurs when you use an equality operator instead of an assignment operator in a simple statement.

The use of == operator instead of an = operator can silently produce incorrect results. If you intended to assign a value to a variable, the assignment does not occur. The variable retains its previous value or if not initialized previously, stays uninitialized.

Use the = (assignment) operator instead of the == (equality) operator.

The check appears on chained assignment and equality operators such as:

compFlag = val1 == val2;

compFlag = (val1 == val2);

If the use of == operator is intended, add comments to your result or code to avoid another review. See:

void populate_array(void)
{
    int i = 0;
    int j = 0;
    int array[4];

    for (j == 5; j < 9; j++)  //Noncompliant
    {
        array[i] = j;
        i++;
    }
}

Inside the for-loop, the statement j == 5 tests whether j is equal to 5 instead of setting j to 5. The for-loop iterates from 0 to 8 because j starts with a value of 0, not 5. A by-product of the invalid equality operator is an out-of-bounds array access in the next line.

One possible correction is to change the == operator to a single equal sign (=). Changing the == sign resolves both defects because the for-loop iterates the intended number of times.

void populate_array(void)
{
    int i = 0;
    int j = 0;
    int array[4];

    for (j = 5; j < 9; j++) {
        array[i] = j;
        i++;
    }
}

This issue occurs when you use bitwise operators, such as:

with:

Using Boolean type variables as array indices, in Boolean arithmetic expression, and in shifting operations does not raise this defect.

Boolean-like operands, such as variables of type bool and outputs of relational operators typically appear in logical expressions. Using a bitwise operator in an expression containing Boolean variables and relational operators might be a sign of logic error. Because bitwise operators and logical operators look similar, you might inadvertently use a bitwise operator instead of a logical operator. Such logic errors do not raise any compilation error and can introduce bugs in your code that are difficult to find.

Use logical operators in expressions that contain Boolean variables and relational operator. To indicate that you intend to use a bitwise operator in such an expression, use parentheses.

class User{
	//...
	int uid;
	int euid;
public:
	int getuid();
	int geteuid();
};
void Noncompliant ()
{
	User nU;
	if (nU.getuid () & nU.geteuid () == 0) {   //Noncompliant
		//...
	}else{
		//...
	}
}

In this example, the if-else block is executed conditionally. The conditional statement uses the bitwise AND (&) instead of the logical AND (&&), perhaps by mistake. Consider when the function nU.geteuid() evaluates to 0, and nU.getuid() evaluates to 2. In this case, the else block of code executes if you use & because 2&1 evaluates to false. Conversely, the if block of code executes when you use && because 2&&1 evaluates to true. Using & instead of && might introduce logic errors and bugs in your code that are difficult to find. Polyspace^® flags the use of bitwise operators in these kinds of expressions where relational operators are also used.

One possible correction is to use logical operators in expressions that contain relational operators and Boolean variables.

class User{
	//...
	int uid;
	int euid;
public:
	int getuid();
	int geteuid();
};
void Noncompliant ()
{
	User nU;
	if (nU.getuid () && nU.geteuid () == 0) {   //Compliant
		//...
	}else{
		//...
	}
}