10-10-2014, 07:11 AM
My static analyser tool throws a warning when small unsigned integer (short or char) operand is used with bitwise operator.
Static analyser warning : "Negative values cannot be stored as unsigned short. Coercing them to unsigned short can cause data loss or sign change."
Associated weakness : http://cwe.mitre.org/data/definitions/192.html and/or http://cwe.mitre.org/data/definitions/704.html
If I bypass integral promotion with cast to a widening type, the warning disappears;
In ISO C99 draft 2007 (http://www.open-std.org/JTC1/SC22/WG14/w.../n1256.pdf) section J.3.5 "implementation-defined behavior", last item is :
In MISRA C 2012, section 8.10, rule 10.1, Rationale item 6 :
I don't understand why use of essentially type operands with bitwise operators can be implementation dependant while operators beahaviors are defined for standard type. In ISO C99, beahavior of bitwise operators is defined for standard type. I suppose after integral promotion ? Then, if small unsigned integers are used as operand with bitwise operators, operator works systematically with signed int after integral promotion. The behavior is implementation-dependant (two's or one's complement implementation can produce different results). Then, even with expected essentially type, I can obtain an implementation beahavior, no ?
Have I a bad interpretation of all standards (MISRA C, ISO C99, CWE, etc.) ?
Code:
u16a = (uint16_t) ~u16b;
Static analyser warning : "Negative values cannot be stored as unsigned short. Coercing them to unsigned short can cause data loss or sign change."
Associated weakness : http://cwe.mitre.org/data/definitions/192.html and/or http://cwe.mitre.org/data/definitions/704.html
If I bypass integral promotion with cast to a widening type, the warning disappears;
Code:
u16a = (uint16_t) ~((unsigned int)u16b);
In ISO C99 draft 2007 (http://www.open-std.org/JTC1/SC22/WG14/w.../n1256.pdf) section J.3.5 "implementation-defined behavior", last item is :
Quote:The results of some bitwise operations on signed integers (6.5).
In MISRA C 2012, section 8.10, rule 10.1, Rationale item 6 :
Quote:Shift and bitwise operations should only be performed on operands of essentially unsigned type. The numeric value resulting from their use on essentially signed types is implementation-defined.
I don't understand why use of essentially type operands with bitwise operators can be implementation dependant while operators beahaviors are defined for standard type. In ISO C99, beahavior of bitwise operators is defined for standard type. I suppose after integral promotion ? Then, if small unsigned integers are used as operand with bitwise operators, operator works systematically with signed int after integral promotion. The behavior is implementation-dependant (two's or one's complement implementation can produce different results). Then, even with expected essentially type, I can obtain an implementation beahavior, no ?
Have I a bad interpretation of all standards (MISRA C, ISO C99, CWE, etc.) ?
<t></t>