SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 151

changes.mady.by.user Arthur Hicken

Saved on

compared with

New Version 152

changes.mady.by.user Sandy Shrum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GCC has no options to handle shifts by negative amounts or by amounts outside the width of the type predictably or to trap on them; they are always treated as undefined. Processors may reduce the shift amount modulo the width of the type. For example, 32-bit right shifts are implemented using the following instructions on x86-32:

Code Block
sarl   %cl, %eax

The sarl instructions take a bit mask of the least significant 5 bits from %cl to produce a value in the range [0, 31] and then shift %eax that many bits:

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.ARITH.BIGSHIFT
LANG.ARITH.NEGSHIFT

Shift amount exceeds bit width
Negative shift amount

Compass/ROSE

 

 

Can detect violations of this rule. Unsigned operands are detected when checking for INT13-C. Use bitwise operators only on unsigned operands

ECLAIR
Include Page
ECLAIR_V
ECLAIR_V
CC2.INT34Partially implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

LDRA tool suite

Include Page
LDRA_V
LDRA_V

51 S, 403 S, 479 S

Partially implemented

Parasoft C/C++test9.5MISRA-038 
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

0499
2790
2791 (D)
2792 (A)
2793 (S)

Partially implemented
Cppcheck
Include Page
Cppcheck_V
Cppcheck_V
shiftNegative, shiftTooManyBits

Context sensitive analysis
There is a warning Warns whenever Cppcheck sees a negative shift for a POD expression
(The warning for shifting too many bits is written only if Cppcheck has sufficient type information and you use --platform to specify the sizes of the standard types.)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...