MISRA Discussion Forums

Welcome, Guest

You have to register before you can post on our site.

C, Assembler and MISRA

Posted by: Errol - 25-10-2023, 08:56 AM - Forum: General Questions - No Replies

	Understanding that assembler code has to be documented and isolated (Directives 4.2 & 4.3 ), are there any limits to how much assembly code there is in a project? Could you have have a project that is mostly assembly with only C wrappers and yet still claim MISRA compliance?

14.3 and enum constants in macro expansion

Posted by: Timofei - 19-10-2023, 07:30 AM - Forum: 8.14 Control statement expressions - Replies (1)

Hi,

We have a configuration macro with a value being an enum constant. We use that macro in an if-statement, and it violates the rule 14.3.

Code:
enum my_enum {

    MY_ENUM

};

#define CONF_MACRO MY_ENUM

if (CONF_MACRO == MY_ENUM) {...}

Note that in the case of enum constants we cannot convert the if-statement to a preprocessor #if-statement since the values of enum constants are not known at the preprocessing step. How can we solve this issue?

A6-4-1 What is the definition of a "case-clause"?

Posted by: cgpzs - 11-10-2023, 07:17 AM - Forum: AUTOSAR C++:2014 rules - Replies (1)

Hi!

Rule A6-4-1 says:

Rule A6-4-1 (required, implementation, automated)
A switch statement shall have at least two case-clauses, distinct from
the default label.

What is the definition of a "case-clause"? Is it a "case-clause label", or a "case-clause block of code"?

Our static analyzer is warning about this code:

Code:
void foo(int i)

{

  switch(i)

  {

    case 3:

    case 7: 

    case 12:

    case 25:

      doSomething();

      break;

    default:

      doSomethingElse();

      break;

  }

}

It warns because there is only one case "block of code" (doSomething), and it expects that there are at least 2 (distinct from default case). It then wants us to rewrite the code in a much less readable way, like:

Code:
if (i == 3 || i == 7 || i == 12 || i == 25) 

{  

  doSomething();

}

else

{

  doSomethingElse()

}

Is our static analyzer correct in warning A6-4-1 in the above code?

Please note: A6-4-1 inherits from HIC++ HIC++ v4.0 [9]: 6.1.4, which is more explicit than AUTOSAR, claiming that "at least two case labels" are needed. There's a big difference between "label" and "block".

Furthermore, consider the documentation from Perforce about HIC++ 6.1.4:

https://www.perforce.com/resources/qac/h...statements

There, they claim that the following code is compliant (while not being compliant in AUTOSAR):

Code:
// @@+ Compliant: 2 case labels distinct from the default label +@@

switch (i)

{

  case 0:

  case 1:

    doSomething ();

    break;

  default:

    doSomethingElse ();

    break;

}

Why should AUTOSAR change the meaning of the HIC++ rule?

Thanks!

Rul1 14-7-1 and explicit class instantiation

Posted by: mstaron - 30-08-2023, 06:58 AM - Forum: 6.14 Templates (C++) - Replies (1)

Does this rule should detect functions in template classes, that have no instances, but the class is explicitly instantiated?
In this case member functions are instantiated accordingly to the C++ standard:

Quote:8 An explicit instantiation that names a class template specialization is also an explicit instantiation of the
same kind (declaration or definition) of each of its members (not including members inherited from base
classes and members that are templates) that has not been previously explicitly specialized in the translation
unit containing the explicit instantiation, except as described below. [ Note: In addition, it will typically be
an explicit instantiation of certain implementation-dependent data about the class. —end note ]
9 An explicit instantiation definition that names a class template specialization explicitly instantiates the class
template specialization and is an explicit instantiation definition of only those members that have been
defined at the point of instantiation.

but these functions are never used.

Example:

Code:
template <typename T>

class Temp {

    public:

    void f1(){}  // Compliant?

    void f2(){}  // Compliant?

};

template class Temp<int>;

A7-1-2: Is it really intented to mark also functions as constexpr?

Posted by: cgpzs - 28-08-2023, 09:37 AM - Forum: AUTOSAR C++:2014 rules - Replies (3)

Hi,

A7-1-2 says:
The constexpr specifier shall be used for values that can be determined at compile time.

So it only talks about "values", not "functions". However, in the example, it says the following code is not compliant, because the function Pow1 "can be" constexpr but is not marked as such:

Code:
std::int32_t Pow1(std::int32_t number)

{

    return (number * number);

}

void Fn()

{

    const std::int32_t threeSquare = Pow1(3); // Non-compliant, possible run-time evaluation

}

On the other hand, examples are not normative - the title of the rule is.

Therefore I ask: is rule A7-1-2 intended to mark every single function as constexpr if it _can_ be constexpr?

In my opinion, this has negative consequences. Constexpr-ness of a function should be a careful design decision, not something added blindly to comply with a static analysis tool. It limits the way an author can choose to implement a given function. Maybe today the function _can_ be constexpr, but tomorrow as an author I want to refactor the implementation to e.g. use more modern libraries from STL, which don't have constexpr support in C++14 (for example, a silly std::array::operator[] is not supported in constexpr functions). Changing the implementation would require removing constexpr and updating also all the clients (which could dramatically cascade into second-order functions and so on). Or the alternative would be to be locked into constexpr and have to resort to older-style code to implement it (e.g. use a C array instead of std::array), making the function ultimately less safe and violating other Autosar rules.

Thanks!

Rule 6-3-1: Does it also apply to "case" blocks?

Posted by: cgpzs - 24-08-2023, 12:05 PM - Forum: 6.6 Statements (C++) - Replies (1)

Consider this piece of code:

Code:
enum Foo

{

  a,

  b

};

void foo(Foo f)

{

  switch(f)

  {

    case a:

      std::cout << "a\n";

      break;

    case b:

      std::cout << "b\n";

      break;

  }

}

Is the above compliant with M6-3-1, or does one need to add braces also to the "case" blocks, e.g.:

Code:
case a:

{

  std::cout << "a\n";

  break;

}

Thanks!

MISRA C:2012 Rule 10.8 Clarification

Posted by: uk000032 - 14-08-2023, 01:58 PM - Forum: 8.10 The essential type model - Replies (1)

MISRA C:2012 Rule 10.8 states "The value of a composite expression shall not be cast to a different essential type category or a wider essential type".

One example of a violation given is:

( uint32_t ) ( u16a + u16b ) /* Non-compliant - cast to wider
* essential type */

But what about:

( uint32_t ) u16a + ( uint32_t ) u16b /* Compliant? */

This kind of thing does get flagged by Polyspace 2022b as a violation of Rule 10.8, but am I correct in thinking that casting the variables before the compound operator is applied means that this not in fact a violation?

A8-5-2 + A8-5-3: No usage of auto allowed?

Posted by: chgros - 11-08-2023, 05:36 PM - Forum: AUTOSAR C++:2014 rules - Replies (2)

	It appears that it's impossible to use `auto` variables and be compliant with both A8-5-2 (which mandates {} initialization for all variables) and A8-5-3 (which forbids {} initialization for auto variables) Is that the intention? How is one supposed to use lambdas in that case?

MISRA AC SLSF:2023 released

Posted by: david ward - 09-08-2023, 04:24 PM - Forum: MISRA AC SLSF discussions - No Replies

We are pleased to announce a new version of MISRA AC GMG has been released.

The MISRA Autocode (AC) family of documents deals with the application of language subsets for automatic code generation purposes. This document, MISRA AC SLSF, contains the best practices, captured as a set of design and style guidelines, for the use of The Mathworks® Simulink® and Stateflow® tools for producing models that will be used for simulation and automatic code generation. Updated in June 2023, this second edition is the current version of MISRA AC SLSF. This document supersedes the first edition (published in 2009).

The MISRA webstore provides single-user PDFs and you can purchase a hardcopy via a "print on demand" service at the following link. Please be sure to select the most appropriate “marketplace” for your location to expedite delivery. MISRA AC SLSF:2023 hardcopy

MISRA AC GMG:2023 released

Posted by: david ward - 09-08-2023, 04:23 PM - Forum: MISRA AC GMG discussions - Replies (2)

We are pleased to announce a new version of MISRA AC GMG has been released.

The MISRA Autocode (AC) family of documents deals with the application of language subsets for automatic code generation purposes. This document, MISRA AC GMG, contains the best practices, captured as a set of design and style guidelines, for the use in all graphical modelling environments for producing models that will be used for simulation and automatic code generation. Updated in June 2023, this second edition is the current version of MISRA AC GMG. This document supersedes the first edition (published in 2009).

The MISRA webstore provides single-user PDFs and you can purchase a hardcopy via a "print on demand" service at the following link. Please be sure to select the most appropriate “marketplace” for your location to expedite delivery. MISRA AC GMG:2023 hardcopy

Pages (97): « Previous 1 2 3 4 5 … 97 Next »

Search Forums

(Advanced Search)

Forum Statistics

» Members: 6,118
» Latest member: mohana
» Forum threads: 967
» Forum posts: 2,656

Full Statistics

Online Users

There are currently 132 online users.
» 0 Member(s) | 130 Guest(s)
Bing, Facebook

Latest Threads

C++17 [[fallthrough]]; at...
Forum: 6.6 Statements (C++)
Last Post: mshawa
22-04-2024, 06:29 PM
» Replies: 0
» Views: 15

cvalue and constant integ...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
19-04-2024, 04:53 PM
» Replies: 1
» Views: 183

Rule 6-2-3 and C++17 [[fa...
Forum: 6.6 Statements (C++)
Last Post: misra cpp
19-04-2024, 04:48 PM
» Replies: 1
» Views: 141

10.2.3 Amplification
Forum: 4.10 Declarations
Last Post: misra cpp
12-04-2024, 02:20 PM
» Replies: 1
» Views: 164

Rule 7.0.5 Example potent...
Forum: 4.7 Standard conversions
Last Post: misra cpp
12-04-2024, 01:54 PM
» Replies: 1
» Views: 143

Rule 0.2.4 non-compliant ...
Forum: 4.0 Language independent issues
Last Post: misra cpp
12-04-2024, 01:51 PM
» Replies: 1
» Views: 164

Further guidance on MISRA...
Forum: 8.10 The essential type model
Last Post: mshawa
09-04-2024, 02:29 PM
» Replies: 0
» Views: 79

MISRA AC SLSF:2023 AMD1
Forum: MISRA AC resources
Last Post: david ward
05-04-2024, 01:56 PM
» Replies: 0
» Views: 91

MISRA AC GMG:2023 release...
Forum: MISRA AC GMG discussions
Last Post: misra-ac
25-03-2024, 06:01 PM
» Replies: 2
» Views: 448

14.3 and enum constants i...
Forum: 8.14 Control statement expressions
Last Post: misra-c
24-03-2024, 01:08 PM
» Replies: 1
» Views: 349

Login
Username:
Password:
	Remember me Lost Password?

Welcome to the MISRA discussion forum