Tool
Version
Checker
Description
Operands shall not be of an inappropriate essential type
2940, 2941, 2942, 2943, 2945, 2946, 2947, 2948
Although many common implementations use a two's complement representation of signed integers, the C Standard declares such use as implementation-defined and allows all of the following representations:
This is a specific example of MSC14-C. Do not introduce unnecessary platform dependencies.
One way to check whether a number is even or odd is to examine the least significant bit, but the results will be inconsistent. Specifically, this example gives unexpected behavior on all one's complement implementations:
int value;
if (scanf("%d", &value) == 1) {
if (value & 0x1 != 0) {
/* Take action if value is odd */
}
}
|
The same thing can be achieved compliantly using the modulo operator:
int value;
if (scanf("%d", &value) == 1) {
if (value % 2 != 0) {
/* Take action if value is odd */
}
}
|
Incorrect assumptions about integer representation can lead to execution of unintended code branches and other unexpected behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT16-C | Medium | Unlikely | High | P2 | L3 |
Tool | Version | Checker | Description |
| Astrée | bitop-type | Partially checked | |
| LDRA tool suite | 50 S, 120 S | Partially Implemented | |
| Parasoft C/C++test | CERT_C-INT16-a | Bitwise operators shall only be applied to operands of unsigned underlying type | |
| Polyspace Bug Finder | MISRA C:2012 Rule 10.1 | Operands shall not be of an inappropriate essential type | |
| PRQA QA-C | 2940, 2941, 2942, 2943, 2945, 2946, 2947, 2948 | ||
| RuleChecker | bitop-type | Partially checked |
