MISRA Discussion Forums

Welcome, Guest

You have to register before you can post on our site.

6-5-2 and 6-5-4 on while loop checking std::vector::empty()

Posted by: cgpzs - 26-10-2021, 12:14 PM - Forum: 6.6 Statements (C++) - Replies (5)

Hi,

We have a static analyzer that is reporting warnings related to 6-5-2 and 6-5-4 in the following code:

Code:
    std::vector<std::int32_t> v{};

    // Fill vector

    // ...

    // Consume vector

    while (!v.empty())  // <<< 6-5-2, 6-5-4 violated here?

    {

        std::int32_t const value{v.back()};

        v.pop_back();

        std::cout << value << "\n";

    }

The warning is that the "loop counter v" is not compared against a relational operator (6-5-2) nor is it modified via ++ et al. (6-5-4).

The static analysis tool vendor claims this is not a false positive and indeed it's required by the MISRA rules.

Could you shed some light as to whether the code above is violating 6-5-2 and 6-5-4? Is "v" really a loop counter as per the MISRA definition? One could argue that the loop counter is the private member std::vector::__size, but is that really the scope of this rule?

This code pattern is very typical when implementing e.g. graph search, having a list of Nodes and inspecting them one by one until a condition is reached or the list of nodes is empty. The list of nodes can typically grow while inspecting each node, so iterator-based searches are not a good implementation alternative.

2.2 Dead code, 'operations' and casts

Posted by: ACHart - 21-10-2021, 01:39 PM - Forum: 8.2 Unused code - Replies (1)

Hi,

I have a question regarding the meaning of 'Dead Code' within MISRA-2012. My question is, I believe, somewhat similar to this thread, but the contents of that thread appear to be missing such that I cannot determine what the exact question was, nor the answer.

My questions are:

1) What is an 'operation'? 'Dead code' is defined in terms of 'operations', but 'operation' is never defined in MISRA.

2) Does an addition/subtraction of a constant 0 to a value (either literally or by macro) count as dead code? This sometimes happens in the context of register offsets where the first offset is 0.

Code:
#define BASE_ADDR 0x80000000u

#define CTRL_OFFSET 0x0u

uint32_t a = BASE_ADDR + 0x0u; // Dead addition?

uint32_t b = BASE_ADDR + CTRL_OFFSET; // Dead addition?

3) Does a cast of a value to it's own type count as dead code?

Code:
uint8_t a = (uint8_t)0u; // Dead cast? (Type of 0u is UTLR)

uint8_t b = (uint8_t)a; // Dead cast? (Type of a is uint8_t)

4) Does an explicit cast to a type for which implicit conversion is allowed count as dead code?

Code:
uint8_t a = (uint8_t)0; // Dead cast? (Type of 0 is STLR, but assignment is permitted by exception)

uint16_t b = (uint16_t)a; // Dead cast? (Conversion to wider type of same signedness is allowed implicitly)

for loop iterator being comapred to a variable of another type

Posted by: ZESS - 11-10-2021, 10:14 PM - Forum: 8.14 Control statement expressions - Replies (3)

So I had this bug where I was trying to compare my "for loop" iterator to a variable "var":

Code:
for (u_int8_t i=0; i<var; i++) ....

"var" was coded on 16 bits while "i" was coded on 8 bits , this led to an infinite loop as "i" could never reach "var".
I was wondering why this was not raised as a MISRA warning while compilation phase, I thought at first that I was disabling some rules but turned out I was not. I looked for a MISRA rule prohibiting this kind of implementation, but I could not find any.

I'm not sure if it's related to the tool I'm using or indeed there is no such rule that prevents comparing two variables with two different data types especially if they are used as break condition to loops.

Rule 17.4 and main

Posted by: hummelvario - 01-10-2021, 09:59 AM - Forum: 8.17 Functions - Replies (2)

Hello,
we are facing a conflict between armclang compiler warning and mandatory MISRA Rule.
The armclang compiler V6.16 seems to require "int main", but if we adhere to Rule 17.4 adding "return 0" at the end of main it is leading to a compiler warning.
(warning: 'return' will never be executed [-Wunreachable-code-return])

Who is having the higher priority here to comply with MISRA?
Is it required to deactivate / ignore the compiler warning at this point?

According to the C Standard, 5.1.2.2.3, paragraph 1 [ISO/IEC 9899:2011], "Reaching the } that terminates the main function returns a value of 0."
Is there another possibility to comply with the MISRA Rule 17.4?

Rule 14.3 and preprocessor constants

Posted by: hummelvario - 01-10-2021, 09:31 AM - Forum: 8.14 Control statement expressions - Replies (1)

Hi,

I have a question regarding a reported MISRA violation in our code, which isn't completely clear to me after reading the MISRA Guidelines.

Does the MISRA C:2012 Rule 14.3 (Controlling expressions shall not be invariant) also apply to predefined constants, which include function-lika macros?

Example:

Code:
#define ROUND_TO(type, val) ((type) (((val) < 0.0) ? ((val) - 0.5) : ((val) + 0.5)))

#define RMS_TO_AVERAGE  ROUND_TO(uint16_t, ((70.0) / (1.11)))

In this case the expression ((val) < 0.0) is invariant, but it is only once used initialising a constant (RMS_TO_AVERAGE).

Regards, Kevin

Rule8.9 applicability to const ?

Posted by: Soren_Kolbach_Hansen - 24-09-2021, 01:49 PM - Forum: 8.8 Declarations and defnitions - Replies (1)

	Hello, I have a question regarding rule 8.9. We are currenly using static const instead of defines at the top of our files to manage implementation specific constants, however this is being flagged as a violation of rule8.9 if only used in one function, however as per the rationale of 8.9 this does not make all that much sense to us, is this really the intent of the rule? Best regards Soren

R4-5-1 Alternative tokens

Posted by: ELovisari - 23-09-2021, 10:26 AM - Forum: 6.4 Standard conversions (C++) - Replies (3)

Hello,

I have a request for clarification for rule 4-5-1:

Quote:Rule 4–5–1
(Required)
Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator = , the logical operators && , || , ! , the equality operators == and !=, the unary & operator, and the conditional operator.

Rule 4-5-1 and its Rationale do not seem to explicitly forbid the alternative operator representations and, or and not, which, if I understand correctly, are equivalent to the allowed &&, || and !. Rule 2-5-1 explicitly forbids digraphs, but restricts the notion of digraph to the six cases given in its Rationale.

Can I therefore interpret the rule as implicitly allowing and, or and not (and then maybe also not_eq) tokens?

Essential types of constant variables

Posted by: LordMordac - 30-07-2021, 10:27 PM - Forum: 6.5 Expressions (C++) - Replies (2)

I'm having a disagreement with my tool vendor over the essential types of constant variables.

Code:
uint32_t v1 = 1U;

const uint32_t v2 = 1U;

static const uint32_t v3 = 1U;

constexpr uint32_t v4 = 1U;

My interpretation of the spec is that all the identifiers (v1, v2, v3 and v4) have uint32_t essential type.

My tool vendor's interpretation is that v1 has a uint32_t essential type. While v2, v3 and v4 have a uint8_t essential type. (I don't have any insight into their reasoning)

Clarification on this issue would be much appreciated.

Initialisation of multiple constant arrays WITHOUT #define

Posted by: misra cpp - 22-07-2021, 02:22 PM - Forum: 6.16 Preprocessing directives (C++) - No Replies

Note this post was made by jonesthechip, but was lost when the bulletin board was migrated to MISRA's new website. It's been resubmitted by misra cpp

Unread post by jonesthechip » Wed May 26, 2021 10:27 am

A code base derived from an earlier C product has a large number of #define XYZ = {{1,2,3}} statements in a header.
The string defined by XYZ is used to initialise part of a ROM constant array, as follows:-

SpecialType ABC = {XYZ, 0, 1, pointer};

'SpecialType' is a structure with a three byte array that gets loaded with the replacement data from XYZ, and other sundry components.

This gets expanded to SpecialType ABC = {{{1,2,3}}, 0, 1, pointer};

The header file groups a number of replacements strings defined as XYZ, PQR, UTC, etc to keep the data (access parameters for comms) in one 'logical' place. Some replacement strings are used once, some in several other files to initialise other structures.

To achieve MISRA compliance means getting rid of all of these *&!^%$ macros. (Or more deviations than you can shake a stick at... Not ideal!)

However, it appears to be a classic case of "you don't really want to start from here"...

The optimum fix would be to re-write the code to use a pointer to a fixed string and bin the macros, putting all of the three byte arrays into a set of constant structures and sharing pointers to individual elements. This would lead to an unholy amount of retesting (and possibly my head on a stake, to deter others).

The least worst practical approach appears to be to bin the macros and edit the text replacement directly into all of the files, which although time-consuming does generate identical output binary files and therefore requires no re-testing. However, this does break the link between copies of the same data sets, so that a change to a particular set would require a search and edit through the code base.

So, today's question is: any better suggestions, please?

Regard

Sid Jones

You are right, this is currently non-compliant

See MISRA compliance 2020 for how this sort of issue can be managed.

The rule 16-2-2 is currently under review for the next issue

New forum release notes

Posted by: david ward - 20-07-2021, 03:36 PM - Forum: Announcements - No Replies

Hello everyone, just a few notes concerning the new forum. Due to database migration issues please note the following:

If you registered after 21 May 2021 for the old forum you will need to register again.
If you registered before this date your account has been ported across but you will need to reset your password, please see the link at the top of this page.
We are working on reinstating posts made after 21 May – these will be reposted by one of the official MISRA accounts with the headline "Originally posted by nnn".
Downloads in the "Resources" section have now been reinstated.

If you find any other issues please get in touch via the "Contact us" form.

Pages (101): « Previous 1 … 12 13 14 15 16 … 101 Next »

Search Forums

(Advanced Search)

Forum Statistics

» Members: 6,196
» Latest member: galibl1
» Forum threads: 1,008
» Forum posts: 2,779

Full Statistics

Online Users

There are currently 235 online users.
» 0 Member(s) | 233 Guest(s)
Bing, Google

Latest Threads

A8-4-5: Should have an ex...
Forum: AUTOSAR C++:2014 rules
Last Post: cgpzs
Yesterday, 02:14 PM
» Replies: 2
» Views: 119

A18-9-4
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
14-02-2025, 01:04 PM
» Replies: 3
» Views: 1,204

Rule 3-4-1 and lifetimes,...
Forum: 6.3 Basic concepts (C++)
Last Post: misra cpp
14-02-2025, 01:02 PM
» Replies: 1
» Views: 87

Application of Rule 15.0....
Forum: 4.15 Special member functions
Last Post: misra cpp
07-02-2025, 12:44 PM
» Replies: 3
» Views: 2,576

Rule 6.2.1: non-inline co...
Forum: 4.6 Basic concepts
Last Post: misra cpp
07-02-2025, 12:43 PM
» Replies: 3
» Views: 739

A7-2-1 Still relevant in ...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
31-01-2025, 01:20 PM
» Replies: 1
» Views: 206

MISRA AC INT:2025
Forum: MISRA AC resources
Last Post: misra-ac
22-01-2025, 03:37 PM
» Replies: 0
» Views: 147

MISRA AC SLSF:2023 AMD3
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
13-01-2025, 10:58 AM
» Replies: 0
» Views: 199

MISRA AC SLSF:2023 AMD3
Forum: MISRA AC resources
Last Post: misra-ac
13-01-2025, 10:57 AM
» Replies: 0
» Views: 193

Rule 7.0.4 - exception fo...
Forum: 4.7 Standard conversions
Last Post: misra cpp
10-01-2025, 02:26 PM
» Replies: 4
» Views: 835

Login
Username:
Password:
	Remember me Lost Password?

Welcome to the MISRA discussion forum