...
The resulting value is now more likely to be consistent with the programmer's expectations.
Exceptions
INT03-EX1: Bitwise operations may be used to construct constant expressions.
| Code Block | ||
|---|---|---|
| ||
int limit = 1 << 17 - 1; // 2^17 - 1 = 131071
|
int03-EX2: Data that is normally treated arithmetically may be treated with bitwise operations for the purpose of serialization or deserialization. This is often required for reading or writing the data from a file or network socket, It may also be used when reading or writing the data from a tightly packed data structure of bytes.
| Code Block | ||
|---|---|---|
| ||
int value = /* interesting value */
Byte bytes[] = new Byte[4];
for (int i = 0; i < bytes.length; i++) {
bytes[i] = value >> (i*8) & 0xFF;
}
/* bytes[] now has same bit representation as value */
|
Risk Assessment
Performing bit manipulation and arithmetic operations on the same variable obscures the programmer's intentions and reduces readability. This in turn makes it more difficult for a security auditor or maintainer to determine which checks must be performed to eliminate security flaws and ensure data integrity.
...