Rule: None of the bit-wise operators (i.e., &, |, ~, ^, <<, and >>) shall be used to manipulate signed integer data.
Example (don’t):
int8_t signed_data = -4;
signed_data >>= 1; // not necessarily -2
Reasoning: The C standard does not specific the underlying format of signed data (e.g., 2’s complement) and leaves the effect of some bit-wise operators to be defined by the compiler author.
Coding Standard Rule #6
Coding Standard Rule #8
These rules are excerpts from the Embedded C Coding Standard book.
Tags: embedded, programming, security, standards