...
Performing bit manipulation and arithmetic operations on the same variable obscures the programmer's intentions and reduces readability. It also makes it more difficult for a security auditor or maintainer to determine which checks must be performed to eliminate security flaws and ensure data integrity.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT14-C | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
Can detect violations of this recommendation. However, it can detect only those violations where both bitwise and arithmetic operators are used in the same expression | |||||||||
| LDRA tool suite |
| 585 S | Fully implemented | ||||||
| Polyspace Bug Finder | R2016b | Bitwise and arithmetic operation on the same data | Statement with mixed bitwise and arithmetic operations |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
...
...