LANG.CAST.RIP : 危険な整数拡張

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

ビット演算子 ~ もしくは << が潜在型の unsigned char もしくは unsigned short のオペランドに対して適用されており、かつその結果はオペランドの潜在型に直ちにキャストされていません。

クラス名

Risky Integer Promotion

日本語クラス名

危険な整数拡張

クラス分類

スタイル (style)

ニーモニック

LANG.CAST.RIP

カテゴリー

Misra2004	Misra2004:10.5	If the bitwise operators ~ and << are applied to an operand of underlying type unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand
AUTOSARC++14	AUTOSARC++14:M5-0-10	If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.
MisraC++2008	MisraC++2008:5-0-10	If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.
MisraC++2023	MisraC++2023:7.0.4	The operands of bitwise operators and shift operators shall be appropriate
CWE	CWE:704	Incorrect Type Conversion or Cast
CERT-C	CERT-C:EXP14-C	Beware of integer promotion when performing bitwise operations on integer types smaller than int
JSF++	JSF++:183	Every possible measure should be taken to avoid type casting.
DISA-6r1	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-16808	The designer will ensure the application is not vulnerable to integer arithmetic issues.

対応言語

C および C++ で利用可能です。

有効/無効設定

このワーニングクラスのチェックはデフォルトで無効になっており、プロジェクトには非正規の C向けAST が必要になります。有効にするにはプロジェクト設定ファイル（configuration file）に以下の WARNING_FILTER ルールと RETAIN_UNNORMALIZED_C_AST 設定を追加してください。

RETAIN_UNNORMALIZED_C_AST = Yes
WARNING_FILTER += allow class="Risky Integer Promotion"

注：非正規化された AST を継続して使用した場合、使用ディスク容量が増加し解析時間が長くなる可能性があります。

#include <stdio.h>

void RIP(void)
{
    unsigned char c;
    c = 0xff;
    printf("c=%x\n", c);                                         /* no ~ or << operation */
    printf("~c=%x\n", ~c); /* 'Risky Integer Promotion' warning issued here */
    printf("(unsigned char)~c=%x\n", (unsigned char)~c);         /* result of ~ operation is immediately cast */  
}
/* This prints:
 *
 * c=ff
 * ~c=ffffff00
 * (unsigned char)~c=0
 */

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

LANG.CAST.RIP : 危険な整数拡張

要旨

プロパティ

例

関連のある設定ファイルパラメータ