MISRA Discussion Forums

Welcome, Guest

You have to register before you can post on our site.

A13-5-4 opposite operator clarification

Posted by: aromauld - Yesterday, 03:34 PM - Forum: AUTOSAR C++:2014 rules - No Replies

We would like to get clarification on what "opposite operators" means.

The referenced JSF guideline says (such as == and !=) which implies there are others, but there are no examples present other than "!= and ==".

Presumably this includes relational operators, but it doesn't discuss how. This rule would seemingly imply that <= should be implemented using >=. But would this mean that it is considered non-compliant to implement it with operator >?

Code:
inline bool operator<=(const X& lhs, const X& rhs) { return !(lhs > rhs); }

Are relational operators allowed to call any other relational operators? Are there any other pairings that are considered opposites for this rule?

C++17 [[fallthrough]]; attribute and (Rule 6-4-3 and Rule 6-4-5)

Posted by: mshawa - 22-04-2024, 06:29 PM - Forum: 6.6 Statements (C++) - No Replies

	Given the response from: Rule 6-2-3 and C++17 [[fallthrough]]; attribute (misra.org.uk) Should Rule 6-4-3(A switch statement shall be a well-formed switch statement) and Rule 6-4-5(An unconditional throw or break statement shall terminate every non-empty switch-clause) also have an exception for the [[fallthrough]]; attribute when used in an empty switch case?

Further guidance on MISRA-C 2012 Rule 10.6

Posted by: mshawa - 09-04-2024, 02:29 PM - Forum: 8.10 The essential type model - No Replies

MISRA-C 2012 D.3 states that UTLR/STLR rules are only applied to integer constant expressions for operators that explicitly specify this in D.7. D.7 further states that the essential type is the standard type unless otherwise listed and does not specify a non-standard essential type for sizeof.

Given the following example:

Code:
typedef unsigned int uint32_t;

typedef unsigned short uint16_t;

extern uint16_t u16;

extern uint32_t u32;

extern void foo( void );

void foo( void ) {

    uint32_t case1 = (sizeof(uint32_t) + sizeof(uint32_t)) + u16; /*Case 1*/

    uint32_t case2 = u32 + u32 + u16; /*Case 2*/

    uint32_t case3 = sizeof(uint32_t) + (sizeof(uint32_t) + u16);/*Case 3*/

    uint32_t case4 = sizeof(uint32_t) + u16 + sizeof(uint32_t); /*Case 4*/

}

Which of the cases violates Rule 10.6 while providing the rationale?

MISRA AC SLSF:2023 AMD1

Posted by: david ward - 05-04-2024, 01:56 PM - Forum: MISRA AC resources - No Replies

	This Amendment to MISRA AC SLSF:2023 contains modifications that bring the guidelines up to date for MATLAB release R2023b Attached Files MISRA AC SLSF 2023 AMD1.pdf (Size: 444.31 KB / Downloads: 6)

Rule 6-2-3 and C++17 [[fallthrough]]; attribute

Posted by: kafka - 27-03-2024, 02:44 PM - Forum: 6.6 Statements (C++) - Replies (1)

	Should the C++17 [[fallthrough]]; attribute be given an exception for MISRA C++ 2008 Rule 6-2-3 (a null statement shall appear on a line by itself)?

10.2.3 Amplification

Posted by: hahn - 26-03-2024, 03:08 PM - Forum: 4.10 Declarations - Replies (1)

Hi,

I find the amplification of rule 10.2.3 confusing.

In general I wonder what the difference to a simple "no implicit conversion from unscoped enumeration type without underlying type to numeric type" (plus the exception for static_cast in bullet point 3) is?

In particular, as example, for the following code

Code:
enum E {E1, E2};

int f(int);

E operator+(E, E);

int main() {

  E e = E1;

  f(e); // Compliant? (1)

  e = e + e; // Non-compliant (2)

}

I wonder whether (1) should be compliant or not. At least it is not listed in the amplification, but seems like a problematic case anyway.
In turn, should (2) be non-compliant as operands to "arithmetic operator" are explicitly listed in the amplification, while I think this case is absolutely fine.

It would be great to get a clarification on what the rule intends.

Rule 7.0.5 Example potential typo

Posted by: danix800 - 21-03-2024, 01:57 PM - Forum: 4.7 Standard conversions - Replies (1)

```c
constexpr int32_t fn( int32_t i )
{
return i * i;
}

u8 + fn( 10 ) // Compliant by exception #1
```

Is u8 a typo? Reasonable one might be 'u32 + fn(10)'?

u8 << 2 is non-compliant, so should u8 + f(10), this should be a typo.

Rule 0.2.4 non-compliant reason

Posted by: danix800 - 15-03-2024, 02:20 PM - Forum: 4.0 Language independent issues - Replies (1)

	Hi! I've questions about the examples of MISRA C++:2023 Rule 0.2.4 "Functions with limited visibility should be used at least once": namespace B { struct C2 {}; static void swap( C2 &, C2 & ); // Non-compliant } B:wap() is marked as non-compliant, could anyone please give some explanations? Thank you very much!

cvalue and constant integral expression in generic context

Posted by: gerbor - 12-03-2024, 12:17 PM - Forum: AUTOSAR C++:2014 rules - Replies (1)

We would like to have some clarification regarding cvalues and integral constant expressions when considering C++14.

Main Question: Is N, which is an integral constant expression, a cvalue as defined in MISRA C++:2008?

Code:
template <typename T, int N>

constexpr auto fun()

{

    constexpr auto v = T{N};

    return /* something */;

}

Question 2: Does the use of {} or () have any affect on whether N is a cvalue?

Question 3: Does it matter whether T is fundamental type or a class type? For example:

Code:
template <typename T>

struct CustomScalar final

{

    T val{};

    constexpr CustomScalar() = default;

    explicit constexpr CustomScalar(T x) : val{x} {}

};

int main()

{

    fun<CustomScalar<float>, 2>();

}

Documentation of reasoning to keep/modify/drop AUTOSAR rules

Posted by: Rico Tilgner - 06-03-2024, 01:29 AM - Forum: General questions - Replies (1)

We started looking at the new MISRA C++ 2023 guidelines and ways for us to migrate over from AUTOSAR C++14. However, since we have some embedded platforms for which C++17 compilers aren't available (yet), we'll have to apply some combination of AUTOSAR and MISRA until we can fully move over. In Loïc Joly's talk at NDC TechTown he mentioned e.g. the reasoning for getting rid of the single return rule. Does MISRA provide any documentation on such reasonings for other old MISRA/AUTOSAR rules? This would help us a lot in our effort to find an AUTOSAR C++14 subset which we could employ together with MISRA C++ 2023. Alternatively, do you know of any other efforts that are underway to apply MISRA C++ 2023 to C++14 platforms?

Pages (97): 1 2 3 4 5 … 97 Next »

Search Forums

(Advanced Search)

Forum Statistics

» Members: 6,119
» Latest member: aromauld
» Forum threads: 968
» Forum posts: 2,657

Full Statistics

Online Users

There are currently 111 online users.
» 0 Member(s) | 108 Guest(s)
Bing, Facebook, Google

Latest Threads

A13-5-4 opposite operator...
Forum: AUTOSAR C++:2014 rules
Last Post: aromauld
Yesterday, 03:34 PM
» Replies: 0
» Views: 7

C++17 [[fallthrough]]; at...
Forum: 6.6 Statements (C++)
Last Post: mshawa
22-04-2024, 06:29 PM
» Replies: 0
» Views: 34

cvalue and constant integ...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
19-04-2024, 04:53 PM
» Replies: 1
» Views: 193

Rule 6-2-3 and C++17 [[fa...
Forum: 6.6 Statements (C++)
Last Post: misra cpp
19-04-2024, 04:48 PM
» Replies: 1
» Views: 164

10.2.3 Amplification
Forum: 4.10 Declarations
Last Post: misra cpp
12-04-2024, 02:20 PM
» Replies: 1
» Views: 182

Rule 7.0.5 Example potent...
Forum: 4.7 Standard conversions
Last Post: misra cpp
12-04-2024, 01:54 PM
» Replies: 1
» Views: 156

Rule 0.2.4 non-compliant ...
Forum: 4.0 Language independent issues
Last Post: misra cpp
12-04-2024, 01:51 PM
» Replies: 1
» Views: 172

Further guidance on MISRA...
Forum: 8.10 The essential type model
Last Post: mshawa
09-04-2024, 02:29 PM
» Replies: 0
» Views: 90

MISRA AC SLSF:2023 AMD1
Forum: MISRA AC resources
Last Post: david ward
05-04-2024, 01:56 PM
» Replies: 0
» Views: 108

MISRA AC GMG:2023 release...
Forum: MISRA AC GMG discussions
Last Post: misra-ac
25-03-2024, 06:01 PM
» Replies: 2
» Views: 457

Login
Username:
Password:
	Remember me Lost Password?

Welcome to the MISRA discussion forum