Welcome to the MISRA discussion forum

Motozo Mario Ikeda · 19-10-2016, 11:30 PM

It is hard to understand the reason to add Amplification 2 "The conversion of the constant expression in a switch statement's case label to the promoted type of the controlling expression".

What kind of risks should be eliminated with this?

Thank you,
Mario Ikeda

dg1980 · 20-10-2016, 09:35 AM

Code:
#include 

extern uint8_t x;

void foo(void)

{

  switch (x)

  {

  case -1:/*violates 10.3 -> as a result, this case is unreachable code because of silent integer promotion*/

    break;

  }

}

Motozo Mario Ikeda · 20-10-2016, 11:46 PM

Thank you. But I think unreachable code should be detected by Rule 2.1.

What confuses me is the phrase "The conversion .. to the promoted type of the controlling expression".
In this sample code, x is promoted to int(int16_t or int32_t) and -1 is converted to int.

As a result int is assigned to int. It should be compliant.

I may understand if the phrase is "The conversion .. to the essential type of the controlling expression".

dg1980 · 21-10-2016, 06:38 AM

Actually, both operands are promoted to unsigned int, so on a 32bit processor you compare 0x000000FFh with 0xFFFFFFFFh, which is always false:

Code:
19:   switch (x)

0028140E  movzx       eax,byte ptr [_x (287138h)]  

00281415  mov         dword ptr [ebp-0C4h],eax  

0028141B  cmp         dword ptr [ebp-0C4h],0FFFFFFFFh  

00281422  je          foo+36h (281426h)  

00281424  jmp         foo+4Dh (28143Dh)

(C99 6.8.4.2 Item 5 and 6.3.8.1).

Motozo Mario Ikeda · 16-11-2016, 08:15 AM

Sorry for late reply.

In my understanding both operands are promoted to signed int based on the Integral promotion rule.
When a cotrol expression is "x", case -1: is not reachable.
But if the control expression is "x-1", case -1: is reachable when x is 0.

I still do not understand what kind of risk should be eliminated by the Amplification 2.
Essential type should be discussed in this rule instead of "The conversion .. to the promoted type".

Motozo Mario Ikeda · 16-11-2016, 08:16 AM

Sorry for late reply.

In my understanding both operands are promoted to signed int based on the Integral promotion rule.
When a cotrol expression is "x", case -1: is not reachable.
But if the control expression is "x-1", case -1: is reachable when x is 0.

I still do not understand what kind of risk should be eliminated by the Amplification 2.
Essential type should be discussed in this rule instead of "The conversion .. to the promoted type".

misra-c · 09-12-2016, 09:07 AM

First some background on the C standard conversions in switch statements.

Quote:C99 6.8.4.2(5) The integer promotions are performed on the controlling expression. The constant expression in each case label is converted to the promoted type of the controlling expression.

The Amplification is written in a way which describes the relevent conversion in the C standard.

The actual check that should be performed is between the essential type of the case label expression and the essential type of controlling expression.

We agree that the wording is not clear and will clarify it in a later version.

In the example given by dg1980, "x" will be promoted from uint8_t ( assumed to be unsigned char ) to the C standard type of "signed int" if all the values of "unsigned char" fit in the "signed int" ( assumed to be 32-bit). The C standard type of "-1" is "signed int".

This is not compliant with rule 10.3. It will also violate rule 2.1 as suggested.

Login
Username:
Password:
	Remember me Lost Password?