Welcome to the MISRA discussion forum

We are using snprintf() function (https://linux.die.net/man/3/snprintf) in a framework that lets you program autonomous driving cars (our product).
The function is currently being used only for logging of console data on the secondary, non-real time computer.


However, both PCLint and Coverity static code analysis tools mark it as non-compliant:

Rule 21.6
The Standard Library input/output functions shall not be used
C90 [Unspecified 2–5, 16–18; Undefined 77–89; Implementation 53–68]
C99 [Unspecified 3–6, 34–37; Undefined 138–166, 186; Implementation J.3.12(14–32)] [Koenig 74]

Category: Required
Analysis: Decidable, Single Translation Unit
Applies to: C90, C99

Amplification
This rule applies to the functions that are specified as being provided by and, in C99,
their wide-character equivalents specified in Sections 7.24.2 and 7.24.3 of the C99 Standard as being
provided by .

None of these identifiers shall be used and no macro with one of these names shall be expanded.

Rationale
Streams and file I/O have unspecified, undefined and implementation-defined behaviours associated
with them.

See also
Rule 22.1, Rule 22.3, Rule 22.4, Rule 22.5, Rule 22. 6



We have a following rebuttal:
The problem is that if the source and destination string buffers in a snprintf() call are the same, the behavior is undefined.

These buffers are passed as char pointers to

The example of Directive 4.10 "Precautions shall be taken in order to prevent the contents of a header file being included more than once" says that in order to facilitate checking, the contents of the header should be protected from being included more than once using one of the following two forms:

For Dir 4.8 the document is not clear about whether the following case should be considered as non-compliant.

/* def.h */
struct SomeType
{
/* Object implementation */
}

/* no-use.c */
#include def.h
/* Do something. But no use of SomeType at all. */

The example doesn't involve any pointer but indeed goes against the rationale since the implementation details of SomeType is not needed in no-use.c and it should at least be opaque. Also, logically, "no pointer" implies "a pointer is never dereferenced", since there is no such pointer to begin with.

Please kindly help to advise. Thanks!

Does the following expression comply with Rule 13.2?

(x = a) && (x = b)

What if it is preceded by the following declaration?

int a = 0;

Thanks,
rCs

Hi,
will MISRA AC SLSF guideline be updated?
If yes, is there a planned release date?

Thank you in advance,
Paolo Drudi

Why is
#include "c:\headers\measurement_regs.h "
non compliant to rule 20.2 due to \ in the path?

MISRA AC SLSF 022 states that a model information block is required for every subsystem. Does application of this rule include virtual subsystems, or only "true" (i.e., atomic or nonvirtual) subsystems?
Stated differently: Virtual subsystems should share the identity and origin of the parent model, atomic subsystem, or library to which they belong (the rationale for rule 022), so do they need that information reiterated in their own model information block?
I would appreciate knowing what the community consensus is on this topic.
~Ben

Hello,

I have one question regarding the copyright of the Exemplar Suite. I want to share this with my colleagues in my company, so am i allowed to do that?

We have an internal tool for sharing , can i upload these examples there?

It will be accessed in my company only.

Thank you.

Hello,

I am getting MISRA 5.2 rule violation in my project. The code for which i am getting violation is a structure that is declared as extern in one header file. The code example is as under

1.h

I want to just clarify that following is a MISRA violation before using it in my code. I am calling one function from a file as under: