Welcome to the MISRA discussion forum

Hi,

I have a few questions about rule M11-0-1:

Rule 11–0–1
(Required)
Member data in non-POD class types shall be private.

* As posted in a previous question, "class types" here means "class, struct or union". Is my understanding correct?
* Why should the fact that a type is POD or not influence access control?

Let's have the following controversial example. Having the following POD type:

Hello Sir,

I was going through MISRA C 2012 rules, Does MISRA says any guidelines to choose compiler for C as there are many compilers available in the market.

Regards
Subhra

The MISRA C:2012 Permits are now available as a free download from the "Resources" section of this Bulletin Board.

The MISRA C:2012 Permits presents a number of deviation permits covering commonly-encountered use cases for use with the MISRA C:2012 guidelines. It should be used in conjunction with MISRA Compliance:2020, a companion document which describes the purpose of deviation permits and which sets out the principles by which the concept of MISRA Compliance is governed.

No sooner had the MISRA C:2004 Permits been published, the question was asked “When will MISRA C:2012 Permits be published?” The wait is now over ...

MISRA C:2012 Permits provides a set of permits to aid compliance, particularly in the lower-levels (e.g. hardware access), but also to make compliance easier where automatically generated code is being created.

A related Guideline Reclassification Plan for Automatically Generated Code is being worked on, and will be released in due course.

This document presents a number of deviation permits covering commonly-encountered use cases for use with the MISRA C:2012 guidelines. It should be used in conjunction with MISRA Compliance:2020, a companion document which describes the purpose of deviation permits and which sets out the principles by which the concept of MISRA Compliance is governed.

The number of deviation permits within this document is expected to grow and it is possible that existing deviation permits may be revised. The document contains a table with a record of these changes.

The current release is Edition 1, published March 2021.

Attached Files

  MISRA C 2012 Permits (First Edition).pdf (Size: 269.03 KB / Downloads: 85)

Hello,

6-5-4 says "The loop-counter shall be modified by one of: --, ++, - = n, or + = n; where n remains constant for the duration of the loop"

Should this code below raise 6-5-4?

int main() {
int k = 8;

for (int j = 0; j < 10; j += k + 3) {
}
}

If 'n' concerns variable only, I would say 'Yes'.
If 'n' concerns expressions, I would say 'No'.

What do you think?
Thanks in advance for your help.

Nadège

MISRA is pleased to announce that drafts of new versions of its Autocode documents MISRA AC GMG "Generic Modelling Design and Style Guidelines" and MISRA AC SLSF "Modelling Design and Style Guidelines for the Application of Simulink and Stateflow" will shortly be available for public review.

The revision process has focused on the following:

• Addressing feedback raised on the previous versions
  
• Seeking to reduce areas of ambiguity and inconsistency
  
• Updating SLSF for more recent revisions of the MathWorks toolset with expanded capabilities and, in some areas, modelling semantics
  
• Further clarifying and extending Stateflow usage guidelines to define more tightly a standardized usage style from a subset of Stateflow’s capabilities
  

Rule 10.3 exception 1 allows assigning a signed integer constant expression to an essentially unsigned type, if the value can be represented in that type; u8 = 2 * 24; is allowed.
Rule 10.4 has no such exception
Expressions like u32 > 0, u8 != 0, and u32 += 1 violate rule 10.4.

Now:

uint32_t u32idem(uint32_t x) { return x; }
bool less_u32(uint32_t a, uint32_b ) { return a < b; }

if (u32 < u32idem(1)) { /* accepted by 10.3 and 10.4 */
} else if (less_u32(u32, 3)) { /* accepted by 10.3 (and 10.4) */
} else if (u32 < 4u) { /* fine by 10.4 */
} else if (u32 < 7) { /* violates 10.4 */
} else if (11u > u32) { /* ok, remove u and it's not */
} else {
switch (u32) {
case 23: /* ok */
...

Why are binary operators handled differently from assignments and switch cases? I think the exception should be the same for both 10.3 and 10.4 ?

Why is there no exception for Rule 10.4 allowing an integer constant expression to be used in a binary expression?

Hello MISRA Bulletin Board,

I understand mixing signed and unsigned variables in arithmetic operations can really lead to unexpected results,
but I really fail to see what is the risk in adding a constant value of 2 (SLTR of signed char) to an unsigned 8-bit (char) variable.

Could you please elaborate what can possibly go wrong in this case?

Thanks in advance.

The MISRA checker I am using is rejecting operators in #if as noted in the following code.

I try to implement the checks for "9.3 - Arrays shall not be partially initialized" in Cppcheck, and would like to have some clarifications.

Is it ok to mix initializers like this, as long as every element gets initialized?

int32_t a[3] = { 1, 2, [2]=3 };

For multi-dimensional arrays, this would be compliant:

int32_t b[2][2] = { { 1, 2 }, { [1]=4 } };

beacuse b[1] is initialized with only a designated initializer.


As for c, both the array subobjects c[0] and c[1] are fully initialized, but there is no initialization of c[2]. Does that make the statement non-compliant?

int32_t c[3][2] = { { 1, 2 }, { 3, 4 } };


What about the arrays below, are they compliant or not, and why? Also, are they violatin 9.2 or 9.4?
int32_t d[1][2] = { [0][1]=2, [0]={1} };
int32_t e[1][2] = { [0]={1}, [0][1]=2 };
int32_t f[3][2] = { [1]={3, 4}, { 5, 6 }, [0][1]=2, [0][0]=1 };
int32_t g[2][2] = { { 1, 2 }, [1][0]=3, 4 };

Let me know what you think. If you have more (tricky) examples, then please share!