 
                            ...
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| int value;
if (scanf("%d", &value) == 1) {
  if (value % 2 != 0) {
    /* Take action if value is odd */
  }
}
 | 
Compliant Solution
Using bitwise operators is safe on unsigned integers:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| unsigned int value;
if (scanf("%u", &value) == 1) {
  if (value & 0x1 != 0) {
    /* Take action if value is odd */
  }
}
 | 
Risk Assessment
Incorrect assumptions about integer representation can lead to execution of unintended code branches and other unexpected behavior.
| Recommendation | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| INT16-C | Medium | Unlikely | No | 
| No | P2 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
| Astrée | 
 | bitop-type | Partially checked | ||||||
| Helix QAC | 
 | C2940, C2945 DF2941, DF2942, DF2943, DF2946, DF2947, DF2948 | |||||||
| LDRA tool suite | 
 | 50 S, 120 S | Partially Implemented | ||||||
| Parasoft C/C++test | 
 | 
| 
 | 
| 
 | 
2940, 2941, 2942, 2943, 2945, 2946, 2947, 2948
...
| CERT_C-INT16-a CERT_C-INT16-b | Bitwise operators shall only be applied to operands of unsigned underlying type (with exceptions) Bitwise operators shall not use positive integer literals as operands | ||||||||
| PC-lint Plus | 
 | 502, 2704, 9088 | Partially supported: reports bitwise not of signed quantity, declaration of named signed single-bit bitfields, and negation of the minimum negative integer | ||||||
| RuleChecker | 
 | bitop-type | Partially checked | 
...