MISRA C++:2008 Rule 9-6-4

Named bit-fields with signed integer type shall have a length of more than one bit

Description

Rule Definition

Named bit-fields with signed integer type shall have a length of more than one bit.

Rationale

Variables with signed integer bit-field types of length one might have values that do not meet developer expectations. For instance, signed integer types of fixed width such as std::int16_t (from cstdint) have a two's complement representation. In this representation, a single bit is just the sign bit and the value might be 0 or -1.

Polyspace Implementation

The checker flags declarations of named variables having signed integer bit field types of length equal to one.

Bit field types of length zero are not flagged.

Troubleshooting

If you expect a rule violation but Polyspace^® does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

Compliant and Noncompliant Bit-Field Types

#include <cstdint>

typedef struct
{
   std::uint16_t IOFlag :1;    //Compliant - unsigned type
   std::int16_t InterruptFlag :1; //Noncompliant
   std::int16_t Register1Flag :2; //Compliant - Length more than one bit
   std::int16_t : 1; //Compliant - Unnamed
   std::int16_t : 0; //Compliant - Unnamed
   std::uint16_t SetupFlag :1; //Compliant - unsigned type
} InterruptConfigbits_t;

In this example, only the second bit-field declaration is noncompliant. A named variable is declared with a signed type of length one bit.

Check Information

Group: Classes

Category: Required

Version History

Introduced in R2013b