SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 108

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user Richard W. Laughlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed references to Annex K.

...

Code Block
bgColor#ccccff
langc
int rc = 0;
unsigned int stringify = 0x80000000;
char buf[sizeof("256")];
rc = snprintf(buf, sizeof(buf), "%u", stringify >> 24);
if (rc == -1 || rc >= sizeof(buf)) {
  /* Handle error */
}

Also, consider using the sprintf_s() function, defined in ISO/IEC TR 24731-1, instead of snprintf() to provide some additional checks. (See STR07-C. Use the bounds-checking interfaces for string manipulation.)

Exceptions

INT13-C-EX1: When used as bit flags, it is acceptable to use preprocessor macros or enumeration constants as arguments to the & and | operators even if the value is not explicitly declared as unsigned.

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

INT13-C

High

Unlikely

Yes

MediumNo

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
bitop-typeFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-INT13
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.IOTInappropriate operand type
Compass/ROSE



Can detect violations of this rule. In particular, it flags bitwise operations that involved variables not declared with unsigned type

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.INT13

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C4532, C4533, C4534, C4543, C4544


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.BITS.NOT_UNSIGNED
MISRA.BITS.NOT_UNSIGNED.PREP
LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 S
120 S
331 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-INT13-a
Bitwise operators shall only be applied to operands of unsigned underlying type

Polyspace Bug Finder

R2016bBitwise operation on negative valueUndefined behavior for bitwise operations on negative values
CERT_C-INT13-b
Operands of bitwise and complement operators shall have an unsigned type
Operands of shift operators shall have an unsigned type
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9233

Partially supported: reports use of a bitwise operator on an expression with a signed MISRA C 2004 underlying type

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. INT13-C


Checks for bitwise operation on negative value (rec. fully covered)

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v4532, 4533, 4534, 4543, 4544Fully implemented

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
bitop-typeFully checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

S874


Splint
Include Page
Splint_V
Splint_V



...