MISRA C++:2008 Rule 5-19-1

Evaluation of constant unsigned integer expressions should not lead to wrap-around

Description

Rule Definition

Evaluation of constant unsigned integer expressions should not lead to wrap-around.

Rationale

Unsigned integer expressions do not strictly overflow, but instead wraparound. Although there may be good reasons to use modulo arithmetic at run time, intentional use at compile time is less likely and might imply logic errors.

Polyspace Implementation

Polyspace^® flags the constant expressions that might wraparound.

Different compilers might define compile-time constants differently. In the following code, c+1u is considered a constant expression by GCC compilers, but not by the standard C++ compiler.

const uint16_t c = 0xffffu;
uint16_t y = c + 1u;

Whether you see a violation of this rule in the preceding code might depend on your compiler.

Troubleshooting

If you expect a rule violation but Polyspace does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

Avoid Unsigned Integer Wraparounds in Constant Expression

 
#define BEGIN        0x8000
#define FIN          0xFFFF
#define POS          0x8000
#if ( ( BEGIN + POS ) > FIN )
//....
#endif
#if ( ( ( FIN - BEGIN ) - POS ) < 0 )   //Noncompliant
//...
#endif

  void fn ( )
  {
    if ( ( BEGIN + POS ) > FIN ) {   // Noncompliant
      //...
    }
  }

In this example, the constant expressions (( FIN - BEGIN ) - POS) and (( BEGIN + POS ) > FIN) might lead to wraparounds. Polyspace flag these expressions.

Check Information

Group: Expressions

Category: Advisory

Version History

Introduced in R2013b