MISRA C:2012 Rule 18.2

Subtraction between pointers shall only be applied to pointers that address elements of the same array

Description

Rule Definition

Subtraction between pointers shall only be applied to pointers that address elements of the same array.

Rationale

This rule applies to expressions of the form pointer_expression1 - pointer_expression2. The behavior is undefined if pointer_expression1 and pointer_expression2:

Do not point to elements of the same array,
Or do not point to the element one beyond the end of the array.

Polyspace Implementation

Polyspace^® reports a violation of this rule when you subtract pointers that are null or that point to elements in different arrays.

If one of the pointers in the subtraction operation is unknown to Polyspace in the current analysis, a violation of this rule is not reported. For example, in this code, Polyspace cannot determine the underlying objects of arg_ptr and temp:

extern int *getPtr();
void foo(int *arg_ptr) {
	int diff, diff2;
	int c_str[50];
	int *temp = getPtr();

	int diff = c_str - arg_ptr; //No violation
	int diff2 = c_str - tmp;  //No violation
}

The subtraction involving these pointers are not reported as violations of this rule.

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

Subtracting Pointers

#include <stddef.h>
#include <stdint.h>

void f1 (int32_t *ptr)
{
    int32_t a1[10];
    int32_t a2[10];
    int32_t *p1 = &a1[ 1];
    int32_t *p2 = &a2[10];
    ptrdiff_t diff1, diff2, diff3;

    diff1 =  p1 - a1;   // Compliant
    diff2 =  p2 - a2;   // Compliant
    diff3 =  p1 - p2;   // Noncompliant
}

In this example, the three subtraction expressions show the difference between compliant and noncompliant pointer subtractions. The diff1 and diff2 subtractions are compliant because the pointers point to the same array. The diff3 subtraction is not compliant because p1 and p2 point to different arrays.

Noncompliant Pointer Subtraction

#include <stddef.h>
#include <stdint.h>

void f1()
{
	int32_t var1, var2 = 20;
	int32_t* i;
	int32_t* j;

	i = &var1;
	j = &var2;

	int32_t diff4;

	diff4 = i - j;	//Noncompliant
}

In this example, the diff4 subtraction is not compliant because the pointers i and j are not pointers to an array.

Check Information

Group: Pointers and Arrays

Category: Required

AGC Category: Required

Version History

expand all

R2023a: Pointer subtraction involving outputs of stubbed function no longer ignored

Polyspace reports violations of this rule even if you use the output of a stubbed function to perform a pointer subtraction operation. For instance, in this code, the pointer ptr is returned by the function get_ptr():

int32_t *ptr = get_ptr ( );
int32_t a1[ 10 ];
int32_t *p1 = &a1[ 1 ];
int32_t diff = ptr - p1;   //Noncompliant

Because the function get_ptr() lacks a body, Polyspace treats it as a stubbed function. Polyspace no longer ignores pointer arithmetic operations when one of the operands is the output of the stubbed function. In this case, because get_ptr() is called before p1 is declared, the pointers ptr and p1 cannot point to the same array. Polyspace reports a violation.

MISRA C:2012 Rule 18.2

Description

Rule Definition

Rationale

Polyspace Implementation

Troubleshooting

Examples

Subtracting Pointers

Noncompliant Pointer Subtraction

Check Information

Version History

R2023a: Pointer subtraction involving outputs of stubbed function no longer ignored

See Also

Topics