V2531. MISRA. Expression of essential type 'foo' should not be explicitly cast to essential type 'bar'.


This diagnostic rule is based on the software development guidelines developed by MISRA (Motor Industry Software Reliability Association).

This diagnostic applies only to code written in C.

A value of one essential type should not be explicitly cast to a value of another incompatible essential type. The MISRA standard introduces the essential type model, where variables can have the following types:

  • Boolean for Boolean values true/false: _Bool;
  • signed for signed integers or anonymous enums: signed char, signed short, signed int, signed long, signed long long, enum { .... }; ;
  • unsigned for unsigned integers: unsigned char, unsigned short, unsigned int, unsigned long, unsigned long long;
  • floating for floating-point values: float, double, long double;
  • character for characters only: char;
  • named enum for named sets of user-defined values: enum name { .... }; .

This model does not include pointers.

The following table shows situations that developers should avoid:

Picture 4

Exceptions:

  • A variable of type 'enum' can be cast to an alias for that type.
  • Constant integers '0' and '1' can be cast to Boolean.

Reasons for explicit type conversion are as follows:

  • to make code easier to read;
  • to change a type to use it in a subsequent arithmetic operation;
  • deliberate truncation of the value (when casting from a wider type to a narrower type, i.e. long -> short).

For some reasons, casts from one essential type to another may be dangerous or meaningless, for example:

  • casting from signed/unsigned integer to named enum may be dangerous as the value may not fit into the range determined by the maximum size of the given enum type;
  • casts from Boolean to any other type are usually meaningless;
  • casts between essential and character types are also meaningless as there is no precise mapping between the two representations.

The following example will trigger the corresponding warnings:

enum A {ONE, TWO = 2};

float foo(int x, char ch)
{
    enum A a = (enum A) x;  // signed to enum, may lead to 
                            // unspecified behavior

    int y = int(x == 4);    // Meaningless cast Boolean to signed

    return float(ch) + .01; // Meaningless cast character to floating,
                            // there is no precise mapping between
                            // two representations
}

Bugs Found

Checked Projects
354
Collected Errors
13 290