Avoid performing bit manipulation and arithmetic operations on the same variable. Though such operations are valid and will compile, they can reduce code readability. Declaring a variable as containing a numeric value or a bitmap makes the programmer's intentions clearer and can lead to better code maintainability.
Non-Compliant
...
Code Example 1
In this non-compliant code example, both bit manipulation and arithmetic manipulation is performed on the integer type x. The end result is an optimized line of code that changes x to 5x + 1a (prematurely) optimized statement that assigns 5x + 1 to x for implementations where integers are represented as two's complement values.
| Code Block | ||
|---|---|---|
| ||
int x = 50; x += (x << 2) + 1; |
Though Although this is a legal manipulation, the exact result of performing this the shift depends on the underlying representation of the integer type. Thus the operation is , and is consequently implementation-defined. Additionally, it is challenging to immediately understand the effect of this code. The code is not self-documentingthe readability of the code is impaired.
Compliant Solution 1
Changing the second line In this compliant solution, the assignment statement is modified to reflect the arithmetic nature of x causes resulting in a clearer indication of the programmer's intentions to become clearer.
| Code Block | ||
|---|---|---|
| ||
int x = 50; x = 5 * x + 1; |
A reviewer might may now know recognize that the operation should be checked for integer overflow. This might not have been apparent in the original, non-compliant code listingexample.
Non-Compliant
...
Code Example 2
In this non-compliant code example, the coder programmer attempts to optimally divide x (prematurely) optimize dividing{{x}} by 4.
| Code Block | ||
|---|---|---|
| ||
int x = -50; x >>= 2; |
Though Although this code is likely to perform a division by 4, it is not guaranteed to. If x has a signed type and a negative value, the resulting value operation is implementation-defined and coudl could be implemented as either an arithmetic shift or a logical shift. The system is free to use whatever representation of an integer it wishes.
For example, if the internal representation of x is 0xFFFF FFCE (two's-complement), an arithmetic shift results in 0xFFFF FFF3 (-13 in two's-complement), while a logical shift results in 0x3FFF FFF3 (1 073 741 811 in two's-complement). The programmer may have not intended one of these results
The result of the shift also depends on the underlying representation of the integer type.
Compliant Solution 2
Change In this compliant solution, the shift to is replaced by a division operation so that the intention is clear.
| Code Block | ||
|---|---|---|
| ||
int x = -50; x /= 4; |
The compiler now knows exactly what the programmer intended, and it can select the correct assembly instructionresulting value is now more likely to be consistent with the programmers expectations.
Compliant Practice
To further separate bit collections and numeric types, it might be prudent to define a bitmapped type. A programmer can then run automated tools over the code in question to verify that only bit manipulations are performed on variables of this type.
| Code Block | ||
|---|---|---|
| ||
typedef int bitmap; bitmap x = 0x7f3; x = (x << 2) | 3; /* shifts in two 1-bits from the right */ |
Risk Assessment
By complicating information regarding how a variable is used in code, it is difficult to determine which checks must be performed to ensure data validity. Explicitly stating how a variable is used determines which checks to perform.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INTxx INT14-A | 2 (medium) | 1 (unlikely) | 2 (medium) | P4 | L3 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|cplusplus:AA. C++ References#ISO/IEC 9899-1999]\] Section 6.2.6.2, "Integer types" |
...