Code: Select all

`u16a = (uint16_t) ~u16b;`

Associated weakness : http://cwe.mitre.org/data/definitions/192.html and/or http://cwe.mitre.org/data/definitions/704.html

If I bypass integral promotion with cast to a widening type, the warning disappears;

Code: Select all

`u16a = (uint16_t) ~((unsigned int)u16b);`

In MISRA C 2012, section 8.10, rule 10.1, Rationale item 6 :The results of some bitwise operations on signed integers (6.5).

I don't understand why use of essentially type operands with bitwise operators can be implementation dependant while operators beahaviors are defined for standard type. In ISO C99, beahavior of bitwise operators is defined for standard type. I suppose after integral promotion ? Then, if small unsigned integers are used as operand with bitwise operators, operator works systematically with signed int after integral promotion. The behavior is implementation-dependant (two's or one's complement implementation can produce different results). Then, even with expected essentially type, I can obtain an implementation beahavior, no ?Shift and bitwise operations should only be performed on operands of essentially unsigned type. The numeric value resulting from their use on essentially signed types is implementation-defined.

Have I a bad interpretation of all standards (MISRA C, ISO C99, CWE, etc.) ?