CERT C: Rec. EXP20-C

Perform explicit tests to determine success, true and false, and equality

Since R2026a

expand all in page

Description

Perform explicit tests to determine success, true and false, and equality¹

Polyspace Implementation

The rule checker checks for Implicit condition check.

Examples

expand all

Implicit condition check

Issue

The rule checker reports a violation if a non-boolean value is implicitly compared against TRUE in the condition statement of an if, while, do-while, or ?: (ternary operator) statement. For example:

int x;
//...
if(x){  //implicit condition check
}

Polyspace^® does not report a violation for these cases:

A Boolean value is compared implicitly against TRUE. For example, this code implicitly compares the Boolean value returned by the function myFunc():
```
bool myFunc();
if(myFunc()){  // No violations
  //.....
}
```
By default, Polyspace considers the bool type defined in stdbool.h as a Boolean type. You can specify additional Boolean types for your code using the option Effective boolean types (-boolean-types).
A pointer is compared implicitly. For example, this code implicitly compared the pointer ptr:
```
int* ptr;
//...
if(ptr){  // No violations
//...
}
```

Risk

Using implicit condition check in conditional statements makes your code difficult to maintain and understand. Testing values in your code explicitly makes your code more robust.

Fix

Replace implicit condition checks in your code with explicit tests.

Example

In this example, the header file product.h declares a function validateProduct() that validates the structure Product. The implementation of this function is hidden. In the source file source.c, the function processProducts() expects that validateProduct() return 1 if the validation succeeds, but does not check that the return value is equal to 1 explicitly. Polyspace reports a violation.

product.h

#ifndef PRODUCT_H
#define PRODUCT_H

#include <stdio.h>
#include <string.h>

#define MAX_NAME_LENGTH 100

typedef struct {
    int id;
    char name[MAX_NAME_LENGTH];
} Product;

// Function prototype for validating a single Product struct
int validateProduct(const Product *product);

#endif // PRODUCT_H

src.c

#include "product.h"

// Function to process multiple Product structs
void processProducts(Product *products, size_t count) {
    for (size_t i = 0; i < count; ++i) {
        
        if (validateProduct(&products[i])) {  //Noncompliant
            // Operate on the valid product
            //...
        } else {
           // Handle validation errors
           //...
            
        }
    }
}

Correction

To fix this violation, check the returned value of validateProduct() explicitly.

product.h

#ifndef PRODUCT_H
#define PRODUCT_H

#include <stdio.h>
#include <string.h>

#define MAX_NAME_LENGTH 100

typedef struct {
    int id;
    char name[MAX_NAME_LENGTH];
} Product;

// Function prototype for validating a single Product struct
int validateProduct(const Product *product);

#endif // PRODUCT_H

src.c

#include "product.h"

// Function to process multiple Product structs
void processProducts(Product *products, size_t count) {
    for (size_t i = 0; i < count; ++i) {
        
        if (1 == validateProduct(&products[i])) { //Compliant
           // Operate on the valid product
           //...
        } else {
           // Handle validation errors
           //...
            
        }
    }
}

Check Information

Group: Rec. 03. Expressions (EXP)

PQL Name: std.cert.EXP20_C

Version History

Introduced in R2026a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.