Re: shame on MISRA
- From: CBFalconer <cbfalconer@xxxxxxxxx>
- Date: Mon, 23 Apr 2007 19:29:13 -0400
Marcin Wolcendorf wrote:
On Mon, 23 Apr 2007 14:20:53 -0400, CBFalconer wrote:
Marcin Wolcendorf wrote:...
Well, having ~0U is not quite enough; I want to use it :). So I
did: uint16_t some_variable = (uint16_t)(~0U);
(effectively- all #defines, ...) to have 0xffff in some_variable.
It was enough to trigger the rule.
Ignoring Misra, that is not as accurate as "unsigned = -1", which
will set all bits to one everywhere.
Are there situations, when ~0 won't set all 1s? The only one I can
think of that late that could be dangerous is:
unsigned long long var = ~0;
Right?
Wrong. C representation may be sign/magnitude or 1's complement.
2's comp: -1 ---> -0x0001 ---> 0xffff
~ 1 ---> ~0x0001 ---> 0xffff (note NOT sign)
1's comp: -1 ---> -0x0001 ---> 0xffff
~ 1 ---> ~0x0001 ---> 0xfffe (note NOT sign)
sign mag: -1 ---> -0x0001 ---> 0xffff
~ 1 ---> ~0x0001 ---> 0xfffe (note NOT sign)
because of the rules for bringing unsigned into range.
--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
<http://www.aaxnet.com/editor/edit043.html>
cbfalconer at maineline.net
--
Posted via a free Usenet account from http://www.teranews.com
.
- Follow-Ups:
- Re: shame on MISRA
- From: Dan Henry
- Re: shame on MISRA
- From: Stefan Reuther
- Re: shame on MISRA
- References:
- Re: shame on MISRA
- From: Marcin Wolcendorf
- Re: shame on MISRA
- From: Arlet
- Re: shame on MISRA
- From: Marcin Wolcendorf
- Re: shame on MISRA
- From: Marcin Wolcendorf
- Re: shame on MISRA
- From: Robert Adsett
- Re: shame on MISRA
- From: Marcin Wolcendorf
- Re: shame on MISRA
- From: CBFalconer
- Re: shame on MISRA
- From: Marcin Wolcendorf
- Re: shame on MISRA
- Prev by Date: Re: SDCC: Whats 0xAA using binary?
- Next by Date: Re: Controller for Custom LCD Glass
- Previous by thread: Re: shame on MISRA
- Next by thread: Re: shame on MISRA
- Index(es):
Relevant Pages
|
