Main Content

MISRA C:2023 Rule 10.7

If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type

Since R2024a

expand all in page

Description

Rule Definition

If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed, then the other operand shall not have wider essential type.

Rationale

A composite expression is a nonconstant expression using a composite operator. In the Essential Type Model, composite operators are:

  • Multiplicative (*, /, %)

  • Additive (binary +, binary -)

  • Bitwise (&, |, ^)

  • Shift (<<, >>)

  • Conditional (?, :)

Restricting implicit conversion on composite expressions mean that sequences of arithmetic operations within expressions must use the same essential type. This restriction reduces confusion and avoids loss of value, sign, precision, or layout. However, this rule does not imply that all operands in an expression are of the same essential type.

Performing arithmetic operation between essentially real floating types and essentially complex floating types does not violate this rule.

For more information on essential types, see Essential Types in MISRA C Rules 10.x.

Polyspace Implementation

Polyspace® reports a violation of this rule if an operand in a composite expression is implicitly converted to a wider essential type.

Polyspace does not report violations of this rule for pointer arithmetic and for conversions between essentially real floating type and essentially complex floating type.

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

This example shows compliant and noncompliant arithmetic operations in composite expressions.

#include <stdint.h>
#include <complex.h>
void foo() {
	uint16_t u16x = 0, u16y = 0;
	uint32_t u32x = 0, u32y = 0;
	u32x * (u16x + u16y);         // Noncompliant
	u32x = (u16x + u16y) + u32x;  // Noncompliant
	

}


void bar() {
	_Complex float cx;
	_Complex double dx;
	float f;
	double d;

	cx + f;         // Compliant
	cx + d;         // Compliant
}

In foo(), Polyspace reports violations when an operand is implicitly converted to a wider essential type. In bar(), the composite expressions implicitly convert essentially real floating numbers to essentially complex floating number. These implicit conversions are compliant.

Check Information

Group: The Essential Type Model
Category: Required
AGC Category: Advisory

Version History

Introduced in R2024a

See Also

Topics