MISRA Discussion Forums

Welcome, Guest

You have to register before you can post on our site.

Rule 6.7.2 variable templates

Posted by: gdavis - 24-07-2025, 06:55 PM - Forum: 4.6 Basic concepts - Replies (1)

Is the following considered to be compliant:

Code:
template <typename T>

T var = 42;

By itself it seems not to be in the spirit of the rule since there's no "const" in the declaration. But what if the only instantiation is something like:

Code:
int foo() { return var<const int>; }

Thank you.

Rule 0.1.1

Posted by: Merge - 30-06-2025, 12:59 PM - Forum: 4.0 Language independent issues - Replies (3)

Hi,

I was made aware of the following by a colleague.
In one of the official examples for rule 0.1.1 MISRA C++ 2023 states, quote:

Code:
m = 10; // Non-compliant - when looping, overwrites incremented value

However, I would argue that during the last loop iteration, the value is being read (and modified) by the increment before being returned. In the rule amplification, it is stated that an object is considered observed if it has been observed in any iteration, which I would therefore consider being the case here.

In other words, `m` is observed in this line, so it should not be a violation as per the rule amplification. Am I missing something?

I'll admit that the example is not the cleanest code for expressing the particular functionality (e.g., statement could be moved out of the loop), but we have to keep in mind that this is merely a simple example for illustration purposes and a real-world example might look comparatively more complex.

I would appreciate a second opinion :-)

Best regards,
Daniel "Merge" Merget

9.4.2 assert(false) in default clause, compliant?

Posted by: cgpzs - 03-06-2025, 07:01 PM - Forum: 4.9 Statements - Replies (1)

Hi,

MISRA C++:2023 Rule 9.4.2 provides a number of requirements on switch statements, in particular that every branch shall be unconditionally terminated.

Assuming that assertions are always enabled (also in Release builds), would this code be compliant with 9.4.2?

Code:
enum class Foo

{

  a,

  b

};

int get(Foo f)

{

  switch(f)

  {

    case Foo::a: { return 123; }

    case Foo::b: { return 321; }

    default: { assert(false && "Unreachable"); }

  }

}

assert(false) leads to calling the assert_handler function, which is marked [[noreturn]], so it would fall under requirement 5f of the rule. Would you agree?

Thanks!

MISRA C++ 2008 Rule 6-1-1 Clarification

Posted by: mshawa - 27-05-2025, 08:10 PM - Forum: 6.6 Statements (C++) - Replies (1)

Given the headline text of MISRA C++ 2008 Rule 6-1-1, MISRA C++ 2023 Rule 9.6.2 seems to be the equivalent rule in this case. MISRA C++ 2023 Rule 9.6.2 includes the following non-compliant example:

Code:
switch(i)

{

    case 0:

      if(x < y)

        goto L3;            // Non-compliant

      break;

    case 1:

    L3:

      break;

}

This example seems to echo an amplification made in the MISRA C 2012 Rule 15.3 (that has the same headline text as MISRA C++ 2008 Rule 6-1-1), which states:

Quote:For the purposes of this rule, a switch-clause that does not consist of a compound statement is treated as if it were a block.

It would be greatly appreciated if you could clarify whether the above example was also intended to violate MISRA C++ Rule 6-1-1.

11.9 and function calls and returned pointers

Posted by: danielmarjamaki2 - 26-05-2025, 07:22 AM - Forum: 8.11 Pointer type conversions - Replies (1)

Could you please clarify to me if this violates 11.9:

Code:
int* f1(void) {

    return 0;  // 11.9 ?

}

And does this violate 11.9:

Code:
void f2(int* ptr);

void f3(void) {

    f2(0);

}

Do you consider returns and function calls to be "assignments" otherwise it seems to me that the Amplification says these are compliant?

The last example in the PDF does suggest that function calls should be considered to be "assignments" however there is no non-compliant example code that I can rely on.

Thank you

9.4.2 - Requirement about the default clause

Posted by: cgpzs - 20-05-2025, 10:03 AM - Forum: 4.9 Statements - Replies (1)

Hi,

Rule 9.4.2 requires every switch statement to have a default clause, to match handling of if/else. However, unlike an if/else statement, this has a very serious implication: it prevents the compiler from warning about explicitly unhandled enumerators:

Code:
enum class Enum

{

  A,

  B,

  C  // newly added

};

// some client code, far away from the Enum declaration

int process(Enum e)

{

  switch(e)

  {

    case Enum::A: { return 123; }

    case Enum::B: { return 321; }

    // Oops, client code does not realize they should handle Enum::C, compiler didn't warn!

    default: { return 0; }

  }

}

One could put a runtime assertion in the `default` clause, but it only shifts the problem to the right. A problem that would have been caught at compile time can now only be caught at runtime. We should catch as many defects as possible at compile time.

One can also enable -Wswitch-enum, but this is not always desirable. Sometimes one explicitly wants the switch to be non-exhaustive, and can express that via the "default" clause. With the warning, one needs to introduce non-compliant inline suppressions with compiler-specific pragmas. Or one must explicitly list all the unwanted labels and fall-through the default case, polluting the code with non-interesting code paths.

Here we are balancing two risks:

1. The risk of not handling a valid enumerator (as above).
2. The risk of not handling an non-enumerator int casted into an Enum (as per the Rationale), in the spirit of defensive programming.

Questions: has Risk 1 been considered by MISRA? Is there evidence suggesting that Risk 2 is more likely to happen than Risk 1, and we should therefore prioritize it instead?

Thanks!

21.2.2 Why shall std::strerror not be used?

Posted by: cgpzs - 13-05-2025, 06:26 PM - Forum: 4.21 Language support library - Replies (3)

The rationale of the rule says:

> Also, some string handling functions only report errors through the use of errno

But that't not the case for std:: strerror, it does not report any errors through errno, nor is it possible for it to "read beyond the bounds of an object passed as a parameter", so it's perfectly safe to use it.

An alternative is to use std::make_error_condition(static_cast<std::errc>(errno)).message(), but it seems like overkill just to achieve the same thing, making the code far less readable.

It's also worth noting that MISRA does not ban the usage of errno (besides the restriction from 22.4.1), which is required for using POSIX functions that don't have any equivalent in the Standard Library.

Would you agree?

Rule 7.0.5, example non-compliant with 7.0.6?

Posted by: cgpzs - 17-04-2025, 12:10 PM - Forum: 4.7 Standard conversions - Replies (3)

Rule 7.0.5 presents this example:

Code:
u8a += static_cast< uint32_t >( u8b ) // Compliant - u8a -> unsigned int

Yes, compliant with 7.0.5. But this code then violates 7.0.6, since there is an implicit narrowing conversion from uint32_t to uint8_t in the assignment, right?

Code:
u8a = (uint32_t)(u8a) + (uint32_t)(u8b);

So, how are we supposed to write this type of code? Like this?

Code:
u8a = static_cast<std::uint8_t>(static_cast<std::uint32_t>(u8a) + static_cast<std::uint32_t>(u8b));

Does that really make the code safer?

Rule 9.3.1 - iteration statement followed by 'try'

Posted by: mstaron - 28-03-2025, 06:19 AM - Forum: 4.9 Statements - Replies (1)

It is possible to add the 'try' statement directly after 'while', for example:

class Exception{};
void f(int i)
{
while(i) try { // Non-compliant
//...
} catch(Exception e){
}
}

I think this is non-compliant with the Rule 9.3.1, because 'try' is not a compound statement. However, accordingly to the standard 'try' should be always followed by a compound statement if it is inside a function. This code seems to be clear, so maybe this case could be added as an exception in the future versions of MISRA C++ standard.

16.6.1 clarification

Posted by: cgpzs - 26-03-2025, 02:36 PM - Forum: 4.16 Overloading - Replies (3)

Hi,

Rule 16.6.1 marks this example as non-compliant:

Code:
C operator+( int32_t rhs ) const;  // Non-compliant

However it does not provide a compliant alternative. It's unclear if rule 16.6.1 wants us to:

a) Duplicate the function and create 2 versions for each order of the parameters, in order to guarantee symmetry (even if it may not be useful for the user, potentially being dead code):

Code:
C operator+(C       lhs, int32_t rhs );

C operator+(int32_t lhs, C       rhs );

b) Implement only 1 overload, but as a non-member function. This still does not solve the problem of "operator+ must be symmetrical", i.e that "1 + c" and "c + 1" must be supported.

Code:
friend C operator+(C lhs, int32_t rhs );

Could you clarify?

Thanks!

Pages (103): « Previous 1 2 3 4 5 … 103 Next »

Search Forums

(Advanced Search)

Forum Statistics

» Members: 6,237
» Latest member: mr li
» Forum threads: 1,034
» Forum posts: 2,851

Full Statistics

Online Users

There are currently 425 online users.
» 0 Member(s) | 421 Guest(s)
Applebot, Bing, Google, UptimeRobot

Latest Threads

Compiler - minimal test s...
Forum: General Questions
Last Post: delirium5223
04-09-2025, 12:16 PM
» Replies: 0
» Views: 594

named vs positional initi...
Forum: 8.9 Initialization
Last Post: delirium5223
04-09-2025, 11:27 AM
» Replies: 0
» Views: 586

Gaps in enums
Forum: General Questions
Last Post: delirium5223
04-09-2025, 11:06 AM
» Replies: 0
» Views: 308

Rule 13.3 incr/decr op in...
Forum: 8.13 Side effects
Last Post: delirium5223
04-09-2025, 10:55 AM
» Replies: 0
» Views: 278

Rule 11.6.1 - Variables i...
Forum: 4.11 Declarators
Last Post: cgpzs
02-09-2025, 11:26 AM
» Replies: 0
» Views: 726

Rule 6.8.4 clarification ...
Forum: 4.6 Basic concepts
Last Post: misra cpp
24-08-2025, 03:26 PM
» Replies: 1
» Views: 740

Rule 0.1.2 - missing exce...
Forum: 4.0 Language independent issues
Last Post: misra cpp
24-08-2025, 03:23 PM
» Replies: 1
» Views: 744

21.18 is a safe strncpy f...
Forum: 8.21 Standard libraries
Last Post: dunno
20-08-2025, 08:47 AM
» Replies: 1
» Views: 2,460

Rule 10.1.1
Forum: 4.10 Declarations
Last Post: misra cpp
08-08-2025, 01:21 PM
» Replies: 1
» Views: 769

Rule 6.7.2 variable templ...
Forum: 4.6 Basic concepts
Last Post: misra cpp
01-08-2025, 11:49 AM
» Replies: 1
» Views: 712

Login
Username:
Password:
	Remember me Lost Password?

Welcome to the MISRA discussion forum