Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





  MISRA C++ 9.6.2
Posted by: gdavis - 06-07-2024, 02:20 AM - Forum: 4.9 Statements - Replies (1)

Hello,
My question is about the third example for MISRA C++ 2023 Rule 9.6.2: "A goto statement shall reference a label in a surrounding block".

void f3(int32_t i, int32_t x, int32_t y)
{
  switch( i )
  {                                   // statement A
    case 0:
      if ( x < y )
        goto L3;                      // Non-compliant
      break;
    case 1:
    L3:
      break;
  }
}

I am not sure why this is non-compliant. In terms of the amplification of the rule, "A goto statement shall be enclosed in a statement that directly encloses its reference label", statement A is the compound statement as shown above. I believe the goto statement is enclosed within statement A, and statement A directly-encloses the reference label (L3).

The MISRA C 2012 and MISRA C 2023 versions of the equivalent rule 15.3 provide a different amplification that directly addresses this: "A switch-clause that does not consist of a compound statement is treated as if it were a block"

Please let me know what you think. Thank you.

Print this item

  Explain deviation requirement
Posted by: Gabriel - 18-06-2024, 11:26 AM - Forum: 8.10 The essential type model - No Replies

Hello, could someone explain the following deviation requirement: 

"This deviation permit shall only be applied if the compiler's implementation has been verified to be consistent with the code generator's configuration (implicit or explicit)."

It is mentiond in rule 10.3, 10.4 and 10.8.
How to prove that this can be fullfilled? Could you refer to autocode?

Thanks!

Print this item

  MISRA AC SLSF:2023 AMD1 and AMD2 available
Posted by: misra-ac - 05-06-2024, 03:45 PM - Forum: MISRA AC SLSF discussions - No Replies

MISRA AC SLSF:2023 Amendment 1 and MISRA AC SLSF:2023 Amendment 2 (which contains modifications that bring the guidelines up to date for MATLAB releases R2023b and R2024a, respectively) are now available as free downloads from the "MISRA AC resources" section of this Bulletin Board.

Print this item

  MISRA AC SLSF:2023 AMD2
Posted by: misra-ac - 05-06-2024, 03:37 PM - Forum: MISRA AC resources - No Replies

This Amendment to MISRA AC SLSF:2023 contains modifications that bring the guidelines up to date for MATLAB release R2024a



Attached Files
.pdf   MISRA AC SLSF 2023 AMD2.pdf (Size: 447.66 KB / Downloads: 4)
Print this item

  Rule 0.0.1
Posted by: gdavis - 24-05-2024, 05:20 AM - Forum: 4.0 Language independent issues - Replies (1)

Hello,

I apologize for this basic question, but can somebody please walk me through the first first five lines of MISRA C++ 2023 Rule 0.0.1?

bool f0();

int32_t f1( int32_t c, int32_t &res )
{
  if ( false && f0() ) { }       // Compliant - statement is considered to be reachable
  ...

In particular, why is the empty block statement ("{ }") considered to be reachable? My thinking is:

The condition of the if statement is considered a constant expression in C++17, one that evaluates to false. Therefore, we follow the third bullet point:

  • The blocks linked by the edges from a condition of a selection-statement or an iteration-statement are all considered reachable, except when the condition is a constant expression, in which case only the blocks linked by edges selected by the condition are considered reachable.

So, this seems to me that we should consider the empty block statement to be unreachable.

Also, what is the purpose of the first two bullet points:
  • Both operands of a reachable logical AND (&&) or logical OR (||) operator are considered reachable
  • All three operands of a reachable conditional operator ( ? : ) are considered reachable

Rule 0.0.1 is concerned with statements, so I don't see how subexpressions matter unless these rules are meant to convey that an expression such as ( false && f0() ) is potentially throwing and/or not a constant expression (for the purposes of this rule).. But, I feel like I may be reading too much into this.

Thank you in advance.

Print this item

  Exemplar Suite for MISRA C++
Posted by: gdavis - 21-05-2024, 09:58 PM - Forum: General questions - Replies (1)

Hello,

Is there an Exemplar suite for MISRA C++ (either 2023 or 2008?). Looking around, I could not find one, but I wanted to check to make sure I am not missing anything.

Thank you!

Best Regards,

-Greg

Print this item

  Application of Rule 15.0.1 to Abstract Interface Classes
Posted by: nehalpatel - 14-05-2024, 06:19 PM - Forum: 4.15 Special member functions - Replies (2)

It seems rule 15.0.1 has conflicting requirements for pure virtual / abstract classes with no data members. e.g. if we create the following classes:

Code:
class CanMessage {
public:
  CanMessage();

  // Required for inheritance
  virtual ~CanMessage() = default;

  // Want to move and copy through derived classes
  CanMessage(const CanMessage&) noexcept = default;
  CanMessage(CanMessage&&) noexcept = default;
  CanMessage& operator=(const CanMessage&) & noexcept = default;
  CanMessage& operator=(CanMessage&&) & noexcept = default;

  virtual uint32_t Id() = 0;
  virtual uint8_t DataLength() = 0;
  virtual std::span<std::byte> Data() = 0;
};

class CanClassicMessage : public CanMessage {
public:
  CanClassicMessage(uint32_t id, uint8_t data_length) : CanMessage{}, id_{id} data_length_{data_length} {}
  ~CanClassicMessage() noexcept override = default;

  CanClassicMessage(const CanClassicMessage&) noexcept = default;
  CanClassicMessage(CanClassicMessage&&) noexcept = default;
  CanClassicMessage& operator=(const CanClassicMessage&) & noexcept = default;
  CanClassicMessage& operator=(CanClassicMessage&&) & noexcept = default;

  uint32_t Id() override { return id_; }
  uint8_t DataLength() override { return data_length_; }
  std::span<std::byte> Data() { return data_; }
 
private:
  uint32_t id_;
  uint8_t data_length_;
  std::array<std::byte, 8> data_;
};

class CanFDMessage : public CanMessage {
public:
  CanFDMessage(uint32_t id, uint8_t data_length) : CanMessage{}, id_{id} data_length_{data_length} {}
  ~CanFDMessage() noexcept override = default;

  CanFDMessage(const CanFDMessage&) noexcept = default;
  CanFDMessage(CanFDMessage&&) noexcept = default;
  CanFDMessage& operator=(const CanFDMessage&) & noexcept = default;
  CanFDMessage& operator=(CanFDMessage&&) & noexcept = default;

  uint32_t Id() override { return id_; }
  uint8_t DataLength() override { return data_length_; }
  std::span<std::byte> Data() { return data_; }

private:
  uint32_t id_;
  uint8_t data_length_;
  std::array<std::byte, 64> data_;
}

Per the rule, we either need 
  • a protected non-virtual destructor.
  • Unmovable class that has a public virtual destructor.

However these prevent us from being able to create a std::unique_ptr to the base class (and allow the derived classes to manage their data through their destructors), or prevents us from being able to copy or move one CanClassicMessage to another CanClassicMessage, if the base copy/move constructors are deleted.

There is an exception for Aggreagate types, but it seems there needs to be an other one for an Interface/Abstract class which holds no data.

Print this item

  A13-5-4 opposite operator clarification
Posted by: aromauld - 26-04-2024, 03:34 PM - Forum: AUTOSAR C++:2014 rules - Replies (1)

We would like to get clarification on what "opposite operators" means.

The referenced JSF guideline says (such as == and !=) which implies there are others, but there are no examples present other than "!= and ==". 

Presumably this includes relational operators, but it doesn't discuss how. This rule would seemingly imply that <= should be implemented using >=. But would this mean that it is considered non-compliant to implement it with operator >?


Code:
inline bool operator<=(const X& lhs, const X& rhs) { return !(lhs > rhs); }

Are relational operators allowed to call any other relational operators? Are there any other pairings that are considered opposites for this rule?

Print this item

  C++17 [[fallthrough]]; attribute and (Rule 6-4-3 and Rule 6-4-5)
Posted by: mshawa - 22-04-2024, 06:29 PM - Forum: 6.6 Statements (C++) - Replies (1)

Given the response from:  Rule 6-2-3 and C++17 [[fallthrough]]; attribute (misra.org.uk)
Should Rule 6-4-3(A switch statement shall be a well-formed switch statement) and Rule 6-4-5(An unconditional throw or break statement shall terminate every non-empty switch-clause) also have an exception for the [[fallthrough]]; attribute when used in an empty switch case?

Print this item

  Further guidance on MISRA-C 2012 Rule 10.6
Posted by: mshawa - 09-04-2024, 02:29 PM - Forum: 8.10 The essential type model - No Replies

MISRA-C 2012 D.3 states that UTLR/STLR rules are only applied to integer constant expressions for operators that explicitly specify this in D.7. D.7 further states that the essential type is the standard type unless otherwise listed and does not specify a non-standard essential type for sizeof.


Given the following example: 
Code:
typedef unsigned int uint32_t;
typedef unsigned short uint16_t;
extern uint16_t u16;
extern uint32_t u32;

extern void foo( void );
void foo( void ) {
    uint32_t case1 = (sizeof(uint32_t) + sizeof(uint32_t)) + u16; /*Case 1*/
    uint32_t case2 = u32 + u32 + u16; /*Case 2*/
    uint32_t case3 = sizeof(uint32_t) + (sizeof(uint32_t) + u16);/*Case 3*/
    uint32_t case4 = sizeof(uint32_t) + u16 + sizeof(uint32_t); /*Case 4*/
}

Which of the cases violates Rule 10.6 while providing the rationale?

Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,144
» Latest member: ikoria
» Forum threads: 978
» Forum posts: 2,700

Full Statistics

Online Users
There are currently 38 online users.
» 0 Member(s) | 35 Guest(s)
Bing, Facebook, Google

Latest Threads
MISRA C++ 9.6.2
Forum: 4.9 Statements
Last Post: misra cpp
12-07-2024, 11:56 AM
» Replies: 1
» Views: 128
Words in Rule 21.1 and 21...
Forum: 8.21 Standard libraries
Last Post: misra-c
02-07-2024, 03:28 PM
» Replies: 2
» Views: 7,040
Phrase in Rule 21.7 and R...
Forum: 8.21 Standard libraries
Last Post: misra-c
02-07-2024, 03:26 PM
» Replies: 2
» Views: 7,839
"See Also" in Rule 21.1
Forum: 8.21 Standard libraries
Last Post: misra-c
02-07-2024, 03:24 PM
» Replies: 2
» Views: 7,294
A question for Rule21.8
Forum: 8.21 Standard libraries
Last Post: misra-c
02-07-2024, 03:22 PM
» Replies: 2
» Views: 8,453
Shall Rule 21.1 apply to ...
Forum: 8.21 Standard libraries
Last Post: misra-c
02-07-2024, 03:09 PM
» Replies: 1
» Views: 3,797
8.3 and parameter name om...
Forum: 8.8 Declarations and defnitions
Last Post: misra-c
02-07-2024, 09:47 AM
» Replies: 2
» Views: 7,318
Rule 8.4 - main function
Forum: 8.8 Declarations and defnitions
Last Post: misra-c
02-07-2024, 09:44 AM
» Replies: 6
» Views: 11,928
Rule 8.7: clarifications ...
Forum: 8.8 Declarations and defnitions
Last Post: misra-c
02-07-2024, 09:34 AM
» Replies: 1
» Views: 1,193
Floating point test for e...
Forum: 8.10 The essential type model
Last Post: misra-c
02-07-2024, 09:24 AM
» Replies: 2
» Views: 7,771