Rule 10.3, conversion of constant expression

Moderators: misra-c, david ward

Post Reply
Motozo Mario Ikeda
Posts: 7
Joined: Mon Aug 03, 2015 1:14 am
Company: DENSO

Rule 10.3, conversion of constant expression

Post by Motozo Mario Ikeda » Thu Oct 20, 2016 12:30 am

It is hard to understand the reason to add Amplification 2 "The conversion of the constant expression in a switch statement's case label to the promoted type of the controlling expression".

What kind of risks should be eliminated with this?

Thank you,
Mario Ikeda

dg1980
Posts: 109
Joined: Wed Apr 27, 2016 2:33 pm
Company: Elektrobit Automotive GmbH

Re: Rule 10.3, conversion of constant expression

Post by dg1980 » Thu Oct 20, 2016 10:35 am

Code: Select all

#include <stdint.h>
extern uint8_t x;

void foo(void)
{
  switch (x)
  {
  case -1:/*violates 10.3 -> as a result, this case is unreachable code because of silent integer promotion*/
    break;
  }
}

Motozo Mario Ikeda
Posts: 7
Joined: Mon Aug 03, 2015 1:14 am
Company: DENSO

Re: Rule 10.3, conversion of constant expression

Post by Motozo Mario Ikeda » Fri Oct 21, 2016 12:46 am

Thank you. But I think unreachable code should be detected by Rule 2.1.

What confuses me is the phrase "The conversion .. to the promoted type of the controlling expression".
In this sample code, x is promoted to int(int16_t or int32_t) and -1 is converted to int.

As a result int is assigned to int. It should be compliant.

I may understand if the phrase is "The conversion .. to the essential type of the controlling expression".

dg1980
Posts: 109
Joined: Wed Apr 27, 2016 2:33 pm
Company: Elektrobit Automotive GmbH

Re: Rule 10.3, conversion of constant expression

Post by dg1980 » Fri Oct 21, 2016 7:38 am

Actually, both operands are promoted to unsigned int, so on a 32bit processor you compare 0x000000FFh with 0xFFFFFFFFh, which is always false:

Code: Select all

19:   switch (x)
0028140E  movzx       eax,byte ptr [_x (287138h)]  
00281415  mov         dword ptr [ebp-0C4h],eax  
0028141B  cmp         dword ptr [ebp-0C4h],0FFFFFFFFh  
00281422  je          foo+36h (281426h)  
00281424  jmp         foo+4Dh (28143Dh)
(C99 6.8.4.2 Item 5 and 6.3.8.1).

Motozo Mario Ikeda
Posts: 7
Joined: Mon Aug 03, 2015 1:14 am
Company: DENSO

Re: Rule 10.3, conversion of constant expression

Post by Motozo Mario Ikeda » Wed Nov 16, 2016 8:15 am

Sorry for late reply.

In my understanding both operands are promoted to signed int based on the Integral promotion rule.
When a cotrol expression is "x", case -1: is not reachable.
But if the control expression is "x-1", case -1: is reachable when x is 0.

I still do not understand what kind of risk should be eliminated by the Amplification 2.
Essential type should be discussed in this rule instead of "The conversion .. to the promoted type".

Motozo Mario Ikeda
Posts: 7
Joined: Mon Aug 03, 2015 1:14 am
Company: DENSO

Re: Rule 10.3, conversion of constant expression

Post by Motozo Mario Ikeda » Wed Nov 16, 2016 8:16 am

Sorry for late reply.

In my understanding both operands are promoted to signed int based on the Integral promotion rule.
When a cotrol expression is "x", case -1: is not reachable.
But if the control expression is "x-1", case -1: is reachable when x is 0.

I still do not understand what kind of risk should be eliminated by the Amplification 2.
Essential type should be discussed in this rule instead of "The conversion .. to the promoted type".

misra-c
Posts: 566
Joined: Thu Jan 05, 2006 1:11 pm

Re: Rule 10.3, conversion of constant expression

Post by misra-c » Fri Dec 09, 2016 9:07 am

First some background on the C standard conversions in switch statements.
C99 6.8.4.2(5) The integer promotions are performed on the controlling expression. The constant expression in each case label is converted to the promoted type of the controlling expression.
The Amplification is written in a way which describes the relevent conversion in the C standard.

The actual check that should be performed is between the essential type of the case label expression and the essential type of controlling expression.

We agree that the wording is not clear and will clarify it in a later version.

In the example given by dg1980, "x" will be promoted from uint8_t ( assumed to be unsigned char ) to the C standard type of "signed int" if all the values of "unsigned char" fit in the "signed int" ( assumed to be 32-bit). The C standard type of "-1" is "signed int".

This is not compliant with rule 10.3. It will also violate rule 2.1 as suggested.
---
Posted by and on behalf of
the MISRA C Working Group

Post Reply

Return to “8.10 The essential type model”