MISRA Discussion Forums
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

  Question about Dir 4.3 when a static function contains only variable declaration, asm and return statement
Posted by: chenzhuowansui - 29-06-2019, 09:39 AM - Forum: 7.4 Code design - Replies (8)

Hi,
Given the following case:

Code:
static inline uint32_t test(void)
{
    uint32_t tmp;

    __asm__ __volatile__(
        "mrc p15, 0, %0, c1, c0, 2\n\t"
        : "=r" (tmp)
        );

    return tmp;
}

i wonder if we could take the above case as compliant, as we cannot have variable declaration and return value in assembly. Thanks

Print this item

  A question on Dir-4.9, in a case when a function-like macro and a function are not interchangeable.
Posted by: mz99 - 21-06-2019, 07:26 AM - Forum: 7.4 Code design - Replies (1)

Is the use of the function-like macro compliant (shown in Example 1 and 2 below) with Dir-4.9, in a case when a function-like macro and a function are not interchangeable?

Example 1:
-----------------------------------------------
#define ASSIGN( a, b ) ( ( a ) = ( b ) )
-----------------------------------------------

Example 2:
-----------------------------------------------
#define MACRO( a, b )

int32_t var1;
MACRO(var1,var2)
-----------------------------------------------

The macros are not interchangeable with functions,
because in Example 1, the arguments can't be modified if it is defined as a function,
and in Example 2, compile error occurs because var2 is not defined.

Print this item

  MISRA C:2004 deviation permits reusable in MISRA C:2012
Posted by: andream - 02-05-2019, 03:39 PM - Forum: MISRA C:2004 to MISRA C:2012 migration - Replies (1)

Within MISRA Compliance 2016 it was cited the possibility to utilize possible deviation permits. However, unless wrong, since 2016 only the MISRA C:2004 deviation permits have been published, while no official deviation permits for MISRA C:2012 (am I wrong?). If this is confirmed, in case a given MISRA C:2004 rule, which is substantially confirmed also in MISRA C:2012, is associated to a deviation permit, can this latter also be applied/utilized in for MISRA C:2012?

Print this item

  CERT C EXP47-C not considered by MISRA C:2012 Addendum 3
Posted by: RogerThat - 19-04-2019, 02:41 PM - Forum: General Questions - Replies (1)

MISRA C: 2012 Addendum 3 coverage to CERT C rule EXP47-C "Do not call va_arg with an argument of the incorrect type" is not defined.

I would consider that EXP47-C is covered by MISRA-C :2012 Rule 17.1

Is it correct ?

Print this item

  Definition of "object"
Posted by: mz99 - 17-04-2019, 12:21 AM - Forum: 8.8 Declarations and defnitions - Replies (6)

The word "object" is used in some rules of MISRA-C:2012. (e.g. Rule-8.9)
What is the definition of "object" in MISRA-C:2012?
Which of the following are considered as "object" in MISRA-C:2012?

  • Variable
  • Const-qualified variable
  • Function
  • Object-like macro
  • Function-like macro
Print this item

  Rule 15.5 and return statements as children of labels
Posted by: rgamble - 29-03-2019, 01:33 PM - Forum: 8.15 Control flow - Replies (2)

Rule 15.5 says:

Quote:When a return statement is used, it should be the final statement in the compound statement that forms the body of the function.

Consider the following example:

Code:
typedef unsigned uint32_t;
uint32_t ten(uint32_t var) {
    if (var == 10) {
       return 10;
    }
}

I think it is pretty clear that this violates Rule 15.5 as the return statement is a child statement of the body of the if, even though no other statements appear between the return statement and the end of the function. Is this correct?

What then about the following:

Code:
typedef unsigned uint32_t;
uint32_t ten() {
my_label:
    return 10;
}

The return statement is technically a child of the label statement so the "final statement in the compound statement that forms the body of the function" is a label statement according to the grammar of C. Is this intended to be a violation of Rule 15.5?

Print this item

  Typo in rule 22.9
Posted by: gwd - 28-03-2019, 03:49 PM - Forum: 8.22 Resources - Replies (1)

I recently downloaded MISRA C:2012, third edition, first revision, February 2019. The text for Rule 22.9 on page 190 says, "The value of errno shall be set to zero after calling an errno-setting-function" (emphasis mine). But the amplification, rationale, and exception all seem to deal with the testing of errno, not the setting of errno. The rule in Appendix A (on page 203) says, "..shall be tested against zero...", as does the version of the rule in the 2016 addendum. Seems like the text on page 190 probably needs to be fixed.

Print this item

  Welcome!
Posted by: david ward - 26-03-2019, 12:37 PM - Forum: MISRA Safety Arguments discussions - No Replies

This new forum has been set up for asking questions about and discussing MISRA's "Guidelines for automotive safety arguments" (otherwise known as MISRA SC and MISRA Safety Cases).

The Working Group responsible for the MISRA SC document will consider questions posted here and if appropriate give an official response (which will be posted by the "MISRA Reply" user). Any other comments and responses from any posters shall not be considered an official MISRA position.

We expect to respond to questions on an approximately monthly basis so if you don't hear from us, please bear with us as we have day jobs to do too!

Print this item

  About Rule 18-4-1 "Dynamic heap memory allocation shall not be used."
Posted by: Sebastien.Ashby@nxp - 25-03-2019, 06:38 PM - Forum: 6.18 Language support library (C++) - Replies (1)

Hi,

I have a question about Rule 18-4-1 "Dynamic heap memory allocation shall not be used.".

C++ already has a form of memory allocation for its automatic variables.
That is they are allocated on the stack.
I take for granted that this form of memory allocation is allowed by MISRA.

Would managing and allocating the heap space in a stack fashion address most concerns associated with rule 18-4-1?

For example, the call stack is also subject to out-of-storage runtime failure, i.e. stack overflow.
The call stack being used to store a host of values associated with function calls and its depth may be based on runtime values.
The only way to secure against this being to find the worst case your system allows and set the stack size accordingly.

If the heap space allocator was not subject to:

  • Memory leaks
    Non-deterministic behavior
    • Fragmentation
      Order of allocation/deallocation

And the memory exhaustion case was handled in the same fashion as the call stack.
Meaning testing your system to find the worst case and ensuring that at least that amount is available.

Would this type of dynamic heap memory allocation be compliant with the intent of rule 18-4-1?


Best regards.

Sebastien Ashby

Print this item

  About Rule 5-0-15 and the size of the array
Posted by: Sebastien.Ashby@nxp - 25-03-2019, 05:32 PM - Forum: 6.5 Expressions (C++) - Replies (1)

Hi,
I have a question about Rule 5-0-15: "Array indexing shall be the only for of pointer arithmetic".

Is the rule satisfied if the code referencing the array element has no knowledge of the dimensions of the array object at compile/link time?

For example, in the case where the argument passed to parameter "p2" of "my_fn" is an array whose size is defined at runtime?

Code:
void my_fn ( uint8_t * p1, uint8_t p2[ ] )
{
   uint8_t index = 0;
   uint8_t * p3;
   uint8_t * p4;
   *p1 = 0;
   ++index;
   index = index + 5;
   p1      = p1 + 5;   // Non-compliant – pointer increment
   p1[ 5 ] = 0;        // Non-compliant – p1 was not declared as array
   p3      = &p1[ 5 ]; // Non-compliant – p1 was not declared as array

   p2[ 0 ]     = 0;
   p2[ index ] = 0;        // Compliant
   p4          = &p2[ 5 ]; // Compliant
}
uint8_t a1[ 16 ];
uint8_t a2[ 16 ];

my_fn ( a1, a2 );
my_fn ( &a1[ 4 ], &a2[ 4 ] );
Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,171
» Latest member: stephanmuench
» Forum threads: 998
» Forum posts: 2,752

Full Statistics

Online Users
There are currently 272 online users.
» 0 Member(s) | 270 Guest(s)
Bing, Google

Latest Threads
Rule 6.2.1: non-inline co...
Forum: 4.6 Basic concepts
Last Post: cgpzs
9 hours ago
» Replies: 0
» Views: 15
Rule 0.1.2
Forum: 4.0 Language independent issues
Last Post: stephanmuench
Yesterday, 01:12 PM
» Replies: 0
» Views: 29
A18-9-4
Forum: AUTOSAR C++:2014 rules
Last Post: cgpzs
23-10-2024, 12:04 PM
» Replies: 2
» Views: 353
A8-4-5: are partial moves...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
22-10-2024, 02:03 PM
» Replies: 1
» Views: 312
model information blocks ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:27 PM
» Replies: 1
» Views: 4,436
MISRA AL SLSF - Rule 043I
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:11 PM
» Replies: 1
» Views: 8,849
MISRA AC EC guidelines
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:21 AM
» Replies: 4
» Views: 15,473
News on future releases
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:05 AM
» Replies: 1
» Views: 5,678
Signal naming convention ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 07:57 AM
» Replies: 1
» Views: 7,231
Rule 7.0.2: operator cons...
Forum: 4.7 Standard conversions
Last Post: karos
14-10-2024, 08:52 PM
» Replies: 2
» Views: 414