CertC-EXP15

Do not place a semicolon on the same line as an if, for, or while statement

Required inputs: IR

Do not use a semicolon on the same line as an if, for, or while statement because it typically indicates programmer error and can result in unexpected behavior.

Noncompliant Code Example

In this noncompliant code example, a semicolon is used on the same line as an if statement:

if (a == b); {
  /* ... */
}

Compliant Solution

It is likely, in this example, that the semicolon was accidentally inserted:

if (a == b) {
  /* ... */
}

Risk Assessment

Errors of omission can result in unintended program flow.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
EXP15-C	High	Likely	Low	P27	L1

Related Guidelines

SEI CERT Oracle Coding Standard for Java	MSC51-J. Do not place a semicolon immediately following an if, for, or while condition
ISO/IEC TR 24772:2013	Likely Incorrect Expression [KOA]
MITRE CWE	CWE-480, Use of incorrect operator

Bibliography

[ Hatton 1995]

Section 2.7.2, "Errors of Omission and Addition"

Excerpt from SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) and SEI CERT C Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/recommendations/expressions-exp/exp15-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
null_statement_in_if	Null statement used as branch of an if	None	False
null_statement_in_loop	Null statement used as loop body	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.