DEV Community

Cover image for DeepCode's Top Findings #12: Integer Promotion on Bitwise Operations in C
cu_0xff 🇪🇺 for DeepCode.AI

Posted on • Originally published at Medium

2 3

DeepCode's Top Findings #12: Integer Promotion on Bitwise Operations in C

DeepCode offers an AI-based Static Program Analysis for Java, JavaScript and TypeScript, C/C++ and Python. As you might know, DeepCode uses thousands of open source repos to train our engine. We asked the engine team to provide some stats on the findings. On the top suggestions from our engine, we want to introduce and give some background in this series of blog articles.

Language: C
Defect: Integer Promotion on Bitwise Operations
Diagnose: Cast the result of shift left to unsigned short to avoid unexpected behavior because of integral type promotion. The shifted expression is promoted to unsigned int, which may introduce a number of unknown bits.

This example is sponsored by Linux in the Alpha architecture (see here ). Obviously, you can load them also in your own dashboard.

So, here is the code:

static __inline__ int get_dma_residue(unsigned int dmanr)
{
    unsigned int io_port = (dmanr<=3)? ((dmanr&3)<<1) + 1 + IO_DMA1_BASE
                     : ((dmanr&3)<<2) + 2 + IO_DMA2_BASE;

    /* using short to get 16-bit wrap around */
    unsigned short count;

    count = 1 + dma_inb(io_port);
    count += dma_inb(io_port) << 8;

    return (dmanr<=3)? count : (count<<1);
}

What we should observe is there count variable which type is unsigned short. The function returns the type int and in the return statement, we have a conditional that either returns count(which would need a typecast to int) or a bitwise shift left of count.

The type conversion rules for bitwise operations in C are actually not that straight forward. The long explanation - as pointed out by DeepCode with the link More Info - is here. Under the hood, C converts operants oftentimes to int, applies the operation, and truncates the result to fit into the target variable. Bitwise operators are such an example.

Given the specific architecture, the implicit typecast between unsigned short and int might just work out perfectly. I would argue it is hard to follow the intent of the developer and he was aware (therefor the comment). Still, following the best practices, he should do explicit type conversions (see also the link above).

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

đź‘‹ Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay