All geek questions in one place

MISRA C ++ 5-0-3 Rule False Positive Warning

My static analyzer generates the following warning:

Rule 5-0-3 MCPP: this complex expression is implicitly converted to a different substantial type

for the following code:

void func(const uint32_t arg)
{
    //32U has underlying type uint8_t
    const uint32_t u32a = arg % 32U; //warning issued in this line
    const uint32_t u32b = (arg % static_cast<uint32_t>(32U)); //same warning issued in this line
    const uint32_t u32c = static_cast<uint32_t>(arg % 32U); //compliant
}

In accordance with the rules for converting the base MISRA type:

Otherwise, if both operands are of integral type, the base type of the expression can be found using the following:

- If the operand types are the same size, and either unsigned, the result is unsigned.

- Otherwise, the result type will look like this: type.

, , , , 32U uint8_t, , uint32_t, static_cast .

, ? ?

EDIT: MISRA , :

, :

  • , , .

  • , , .

  • , .

. 2 , , 32U uint8_t.

+4
3

. , , , , 32, uint8_t. , 32 U ( MISRA).

MISRA , , uint32_t arg; ... arg % 32U . uint32_t, . , -, - - , , MISRA / .

, . MISRA, .

arg % static_cast<uint32_t>(32U) , . , , .

+1

, , , , 32U uint8_t

32U uint8_t . , , int/unsigned int. cppreference nnnnU a unsigned int, unsigned long int unsigned long long int. , , 32U - unsigned int.

, , 32U - , uint32_t, .

+2

32U unsigned, uint32_t. , uint8_t

A unsigned , 0 65535, . , , . uint8_t, a uint8_t , unsigned.

, , unsigned 16- , 32- 64- - , , a uint32_t.

The result of the expression arg % 32Ucan therefore be of type uint32_t(if it unsignedis 16 bits), uint32_t(if unsignedit uint32_tis the same 32-bit types), or unsigned(if it unsignedis a 64-bit type). In the latter case, initialization u32arequires conversion from unsignedto uint32_t.

Your static analyzer warns you of this potential change in behavior between systems.

So no, this is not a false positive.

+2
source

Source: https://habr.com/ru/post/1673980/

More articles:


All Articles