MISRA Discussion Forums

Full Version: Double casting to bypass 11.4?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I ran into an issue with a static analysis tool the other day.

In my example:
pool_ptr->list = *((UCHAR **) work_ptr); /*violates MISRA 11.4 */
Both pointers are UCHAR *. The first location in the buffer is being used to hold another pointer.

Adding an intermediate cast to void * clears the warning.
pool_ptr -> tx_list = *((UCHAR **) (void *)work_ptr);

Regardless that this clears the message, I believe it is still a violation of the intent of MISRA 11.4. Do you agree?
Scott Nowell
Validated Software Corporation
Rule 11.4 uses the word "cast" when in reality the problem is the conversion (and the subsequent dereferencing).

Maybe Rule 11.4 could read:
The value of a pointer to an object type shall not be assigned the value of a pointer to an object of a different type.

William Forbes
Does anybody have any comments on the following (as far as I can tell) MISRA compliant code:

uint8_t    u8           = 0U ;
    uint8_t  * ptr_u8       = &u8 ;

    void     * ptr_nothing  = ptr_u8 ;       /* Rule 11.2 compliant */
    uint16_t * ptr_u16      = ptr_nothing ;  /* Rule 11.4 compliant - no cast */
    uint16_t   u16          = *ptr_u16 ;     /* What value is u16 ? !! */
I also think there is a typo in the second bullet point of paragraph 2 in section 6.11 which confuses the issue.
I think the 0 is missing from the definition of a null pointer constant, unless it is talking about a pointer to void!

Bill Forbes
Conversion of a pointer to object to a pointer to different object via a pointer to void is permitted by the MISRA C rules. While this style of coding is questionable, the MISRA C Working Group felt unable to prevent it given the extensive use of pointers to void in the C library.

We acknowledge the typographical error in the 2nd paragraph of 6.11. It should indeed have said (void *)0.

Tracker Id: 41