CWE Rule 710

Improper Adherence to Coding Standards

Since R2024a

Description

Rule Description

The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.

Polyspace Implementation

The rule checker checks for Bitwise and arithmetic operations on the same data.

Examples

expand all

Bitwise and arithmetic operations on the same data

Issue

This issue occurs when bitwise and arithmetic operations are performed in the same expression.

Risk

Mixed bitwise and arithmetic operations do compile. However, the size of integer types affects the result of these mixed operations. For instance, the arithmetic equivalent of a left shift (<<) by a certain number of bits depends on the number of bits in the variable being shifted and therefore on the internal representation of its data type. With a mix of bitwise and arithmetic operations, the same expression can produce different results on different targets.

Mixed operations also reduce readability and maintainability.

Fix

Separate bitwise and arithmetic operations, or use only one type of operation per statement.

Example — Shift and Addition

unsigned int bitwisearithmix()
{
    unsigned int var = 50;
    var += (var << 2) + 1; //Noncompliant
    return var;
}

This example shows bitwise and arithmetic operations on the variable var. var is shifted by two (bitwise), then increased by 1 and added to itself (arithmetic).

Correction — Arithmetic Operations Only

You can reduce this expression to arithmetic-only operations: var + (var << 2) is equivalent to var * 5.

unsigned int bitwisearithmix()
{
    unsigned int var = 50;
    var = var * 5 +1;
    return var;
}

Check Information

Category: Others

Version History

Introduced in R2024a