Combination of different strong types with arithmetic operator

The STRONG.TYPE family of checkers detects situations in which programmer-enforced strong typing (type-defined abstract types) is broken or ignored, allowing the underlying ANSI type semantics to dominate.

The STRONG.TYPE.JOIN.OTHER checker looks for an instance in which two strongly typed values are compared with a binary operator. In this rule, the binary operator is defined as one of

  • the five arithmetic operators, +, -, *, /, and %
  • the three bit-wise operators, |, &, and ^

Vulnerability and risk

A compiler following the ANSI standard won't report a warning for this sort of issue, as it checks only the underlying types, not the surface, or programmer-defined, types. As a result, it's possible that a logic error can occur.

Vulnerable code example

 typedef int Count;
 typedef int Weight;

 int main() {
   Weight w, w1;
   Count c;
   w1 = w + c ; 
   return 0;

Klocwork flags line 7, indicating that values of different strong types w and c are joined with the + operator.