V733. It is possible that macro expansion resulted in incorrect evaluation order.


The analyzer has detected a potential error that has to do with the use of macros expanding into arithmetic expressions. One normally expects that the subexpression passed as a parameter into a macro will be executed first in the resulting expression. However, it may not be so, and this results in bugs that are difficult to diagnose.

Consider this example:

#define RShift(a) a >> 3
....
y = RShift(x & 0xFFF); 

If we expand the macro, we'll get the following expression:

y = x & 0xFFF >> 3;

Operation ">>" has higher priority than "&". That's why the expression will be evaluated as "x & (0xFFF >> 3)", while the programmer expected it to be "(x & 0xFFF) >> 3".

To fix this, we need to put parentheses around the 'a' argument:

#define RShift(a) (a) >> 3

However, there is one more improvement we should make. It is helpful to parenthesize the whole expression in the macro as well. This is considered good style and can help avoid some other errors. This is what the final improved version of the sample code looks like:

#define RShift(a) ((a) >> 3)

Note. This diagnostic is similar to V1003. The latter is less accurate and produces more false positives since it deals with a macro declaration rather than the expanded macro. On the other hand, despite its flaws, diagnostic V1003 can detect errors that V733 cannot.

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-783.

You can look at examples of errors detected by the V733 diagnostic.


Bugs Found

Checked Projects
367
Collected Errors
13 552