Seven misconceptions of MC/DC #7: You can get round MC/DC by using bitwise operators

This week we conclude the series on MC/DC misconceptions by assessing whether bitwise operators can help to get around MC/DC.

Another, somewhat controversial “trick” that might be applied as a way of reducing the testing burden resulting from MC/DC is to use C’s bitwise operators in place of logical operators.

For example, consider this:

int x = ( a & 0x2 ) | ( b & 0x1 );

if ( x ) {
    code 1
} else {
    code 2
}

From the above fragment, it is not possible to tell whether the above assignment really ought to be a Boolean assignment. Looking at the surrounding context, or performing some information flow analysis, might help to answer this question. For example, if the application subsequently uses x as a collection of bits (for example, to be written back to a hardware register), this might be considered more acceptable than if the only use of x is as a Boolean value in the above condition.

Another reason the above approach might be used is to force both conditions to be evaluated, which might be important if the act of reading the variables affects the underlying hardware – for example, as might occur in the case of specific hardware registers.

As a side note, the automotive guidelines on the use of C (MISRA C guidelines) is likely disallow the above approach – for example, both Rule 10.1 (Operands shall not be of an inappropriate essential type) and Rule 14.4 (The controlling expression of an if statement … shall have essentially Boolean type) apply in this situation.

The concern that an implementation inadvertently bypasses MC/DC tests through the use of bitwise operators can be addressed simply by using a coverage tool (RapiCover, for example) that provides the option of treating bitwise operations as logical operations, and consequently would require that the above expression is analyzed as if it were written with logical operations.