Avoid dangerous types

28 July 2017
Posted by Michael MULLER
Code Insights, Code Reliability, Risk, Software Resiliency

C/C++ (MISRA)

Software ResiliencyCode Reliability

Why you should care

The basic numerical types of char, int short, long, float, double, and long double should not be used directly to declare variable. This is because their storage size is machine dependent, and so for portability consideration, specific-lengths typedefs types should be used instead.

Example of usefull typedefs:

  • typedef char char_t;
  • typedef signed char int8_t;
  • typedef unsigned char uint8_t;
  • typedef float float32_t;
  • typedef double float64_t;

… and so on…

5362

References

MISRA-Cpp-2008 3.9.2

How we detect

Count one violation each time a variable is declared using directly one of the below basic type :

  • char
  • int
  • short
  • long
  • float
  • double

In addition, the Highlight implementation add the following:

  • bool
  • signed
  • unsigned

Concerned variables are global variables, auto variable, class data members and struct fields.

Example of violations:

char c;
unsigned int i;
float f;

PL/SQL

Software ResiliencyCode Reliability

Why you should care

PLSQL include Datatypes such as LONG, CHAR, VARCHAR and VARCHAR2
LONG datatype is used to store variable-length character strings with a maximum size of 32,760 bytes. They are only supported for backward compatibility with existing L79 applications while new applications use CLOB or NCLOB datatypes. CHAR datatype is used to hold fixed-length, blank padded strings with a max size of 32,767 bytes while VARCHAR datatypes is used to hold variable-length strings with the same size as CHAR. VARCHAR2 does not distniguish between a NULL or empty string unlike VARCHAR hence the possibility of VARCHAR causing more bugs.

Business Impacts

It is useful to distinguish PLSQL Datatypes as proper implementation of datatypes result in greater productivity. Improper implementation of datatypes would cause a loss of time which would be unproductive in the long run.

Production Risk
5362

CAST Recommendations

References

https://docs.oracle.com/cd/B19306_01/appdev.102/b14261/datatypes.htm
https://docs.oracle.com/cd/A97630_01/appdev.920/a96624/03_types.htm
https://docs.oracle.com/cd/B28359_01/appdev.111/b28370/datatypes.htm#i43252
https://stackoverflow.com/questions/1171196/what-is-the-difference-between-varchar-and-varchar2

Style Guide

How we detect

This code insight focuses on how the data represented internally depends on the database character set.
CHAR[(maximum_size [CHAR | BYTE] )]
If you do not specify a maximum size, it defaults to 1. If you specify the maximum size in bytes rather than characters, a CHAR(n) variable might be too small to hold n multibyte characters. To avoid this possibility, use the notation CHAR(n CHAR) so that the variable can hold n characters in the database character set, even if some of those characters contain multiple bytes.
CHAR is a fixed length data type which should only be used when appropriate. CHAR columns/variables are always filled to the specified length, this may lead to side-effects.
VARCHAR : The VARCHAR data type is a subtype of VARCHAR2. There is a strong possibility, that the meaning of VARCHAR might change in future version of ANSI SQL Standard. ORACLE recommends that you avoid using VARCHAR and use VARCHAR2 instead.
LONG : LONG and LONG RAW data type support will be discontinued in future
ORACLE releases.

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See featuresHow it works
Copyright © 2021 CAST All Rights Reserved