EXP46-C. Do not use a bitwise operator with a Boolean-like operand
Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND ( & ), bitwise OR ( | ), or bitwise XOR ( ^ ) operators with an operand of type _Bool , or the result of a relational-expression or equality-expression . If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.
Noncompliant Code Example
In this noncompliant code example, a bitwise & operator is used with the results of two equality-expressions :
if (getuid() == 0 & getgid() == 0) {
/* ... */
}
Compliant Solution
This compliant solution uses the && operator for the logical operation within the conditional expression:
if (getuid() == 0 && getgid() == 0) {
/* ... */
}
Risk Assessment
| Recommendation | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| EXP46-C | Low | Likely | Yes | No | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Astrée | 25.10 | bitwise-operator-with-boolean-like-operand | Fully checked |
| Axivion Bauhaus Suite | 7.2.0 | CertC-EXP46 | |
| CodeSonar | 9.1p0 | LANG.TYPE.IOT | Inappropriate operand type |
2017.07 | CONSTANT_EXPRESSION_RESULT | Partially implemented | |
| Cppcheck | 2.15 | bitwiseOnBoolean | |
| Cppcheck Premium | 24.11.0 | bitwiseOnBoolean | |
| Helix QAC | 2025.2 | C3344, C4502 C++3709 | |
| Klocwork | 2025.2 | MISRA.LOGIC.OPERATOR.NOT_BOOL | |
| LDRA tool suite | 9.7.1 | 136 S | Fully Implemented |
| Parasoft C/C++test | 2025.2 | CERT_C-EXP46-b | Expressions that are effectively Boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, ?:) |
| PC-lint Plus | 1.4 | 514 | Fully supported |
| Polyspace Bug Finder | R2025b | CERT C: Rule EXP46-C | Checks for bitwise operations on boolean operands (rule fully covered) |
| PVS-Studio | 7.42 | V564 , V1015 | |
| RuleChecker | 25.10 | bitwise-operator-with-boolean-like-operand | Fully checked |
| Security Reviewer - Static Reviewer | 6.02 | C73 | Fully implemented |
Related Guidelines
Key here (explains table format and definitions)
| Taxonomy | Taxonomy item | Relationship |
| ISO/IEC TR 24772:2013 | Likely Incorrect Expression [KOA] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-480 , Use of incorrect operator | 2017-07-05: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-569 | 2017-07-06: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-480 and EXP46-C
Intersection( EXP45-C, EXP46-C) = Ø
CWE-480 = Union( EXP46-C, list) where list =
- Usage of incorrect operator besides s/&/&&/ or s/|/||/
Bibliography
| [ Hatton 1995 ] | Section 2.7.2, "Errors of Omission and Addition" |
