[C-safe-secure-studygroup] On MISRA C:2012 Rule 6.2

Roberto Bagnara bagnara at cs.unipr.it
Wed Jun 14 15:07:19 UTC 2017 

MISRA C:2012 Rule 6.2:
Single-bit named bit-fields shall not be of a signed type

In C11, it is implementation-defined how the value of a signed integer
with a set sign bit is obtained from the value of the other bits.
The representation of signed integers can be

- sign and magnitude;
- two's complement;
- ones' complement.

Moreover, it is implementation-defined whether a value with
sign bit 1 and all value bits zero (for sign and magnitude and
two's complement), or with sign bit 1 and all value bits 1 (for
ones' complement) is a trap representation or a normal value.
In the case of sign and magnitude and ones' complement, if this
representation is a normal value, then it is called a negative zero.

Anyway, single-bit named signed bit-fields are a can of worms:
the best that can happen is that, in a two's complement representation,
the cleared single-bit represents 0 and the set single-bit represents
-1, which would be surprising to most people.  E.g., what can you
expect from the following code?

struct S {
  signed int bf:1;
} s = { 1 };

(Answer: one could think it is undefined behavior, as 1 would seem
to be converted to -1.  In fact, by 6.3.1.3#3, the behavior is
implementation-defined: the bf field can be initialized to 0
or -1, or a signal can be raised.)

For sign and magnitude and ones' complement the cleared bit would
stand for +0 and the set bit would stand for -0 (a negative zero).
But the set bit could be a trap representation as well for any
representation of negative numbers.

Nothing to be gained, everything to loose: this should be enough
to forbid single-bit named bit-fields in all profiles.

Note that there is no problem for unnamed bit-fields as their value
cannot be accessed.

-- 
     Prof. Roberto Bagnara

Applied Formal Methods Laboratory - University of Parma, Italy
mailto:bagnara at cs.unipr.it
                              BUGSENG srl - http://bugseng.com
                              mailto:roberto.bagnara at bugseng.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2093 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170614/edd75172/attachment.bin>

More information about the C-safe-secure-studygroup mailing list