CertC-PRE07

Avoid using repeated question marks

Required inputs: IR

Two consecutive question marks signify the start of a trigraph sequence. According to the C Standard, subclause 5.2.1.1 [ ISO/IEC 9899:2011],

All occurrences in a source file of the following sequences of three characters (that is, trigraph sequences) are replaced with the corresponding single character.

??=	#		??)	]		??!	|
??(	[		??'	^		??>	}
??/	\		??<	{		??-	~

Noncompliant Code Example

In this noncompliant code example, a++ is not executed because the trigraph sequence ??/ is replaced by \, logically putting a++ on the same line as the comment:

// What is the value of a now??/
a++;

Compliant Solution

This compliant solution eliminates the accidental introduction of the trigraph by separating the question marks:

// What is the value of a now? ?/
a++;

Noncompliant Code Example

This noncompliant code example includes the trigraph sequence ??!, which is replaced by the character |:

size_t i = /* Some initial value */;
if (i > 9000) {
   if (puts("Over 9000!??!") == EOF) {
     /* Handle error */
   }
}

This example prints Over 9000!| if a C-compliant compiler is used.

Compliant Solution

This compliant solution uses string concatenation to concatenate the two question marks; otherwise, they are interpreted as beginning a trigraph sequence:

size_t i = /* Some initial value */;
/* Assignment of i */
if (i > 9000) {
   if (puts("Over 9000!?""?!") == EOF) {
     /* Handle error */
   }
}

This code prints Over 9000!??!, as intended.

Risk Assessment

Inadvertent trigraphs can result in unexpected behavior. Some compilers provide options to warn when trigraphs are encountered or to disable trigraph expansion. Use the warning options, and ensure your code compiles cleanly. (See MSC00-C. Compile cleanly at high warning levels.)

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
PRE07-C	Low	Unlikely	Medium	P2	L3

Related Guidelines

SEI CERT C++ Coding Standard	VOID PRE07-CPP. Avoid using repeated question marks
MISRA C:2012	Rule 4.2 (advisory)

Bibliography

[ ISO/IEC 9899:2011]

Subclause 5.2.1.1, "Trigraph Sequences"

Excerpt from SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) and SEI CERT C Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/recommendations/preprocessor-pre/pre07-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
trigraph_use	Use of trigraph.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

allow_in_comments

allow_in_comments : bool = True

Allow the use of trigraphs in comments.

Exception: a trigraph at the end of a line that might be interpreted as a line continuation is not allowed even if this option is enabled.