[metadata]
id = "INT12-C"
type = "recommendation"
category = "INT"
number = 12
title = "Do not make assumptions about the type of a plain int bit-field when used in an expression"
description = """
Bit-fields can be used to allow flags or other integer values with small ranges
to be packed together to save storage space. It isimplementation-definedwhether
the specifierintdesignates the same type assigned intor the same type asunsigned
intfor bit-fields. According to the C Standard [ISO/IEC 9899:2011], C integer
promotions also require that "if anintcan represent all values of the original
type (as restricted by the width, for a bit-field), the value is converted to
anint; otherwise, it is converted to anunsigned int." This issue is similar to
the signedness of plainchar, discussed inINT07-C. Use only explicitly signed or
unsigned char type for numeric values. A plainintbit-field that is treated as
unsigned will promote tointas long as its field width is less than that
ofintbecauseintcan hold all values of the original type. This behavior is the
same as that of a plainchartreated as unsigned. However, a plainintbit-field
treated as unsigned will promote tounsigned intif its field width is the same as
that ofint. This difference makes a plainintbit-field even trickier than a
plainchar.
"""
severity = "Low"
likelihood = "Unlikely"
priority = "P1"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.INT12-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/INT12-C.+Do+not+make+assumptions+about+the+type+of+a+plain+int+bit-field+when+used+in+an+expression"