MISRA Discussion Forums
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

  Interpretation of Dir 4.3
Posted by: nakagawat - 23-01-2017, 06:45 AM - Forum: 7.4 Code design - Replies (1)

Hi All,

Would you please advise me if a macro containing both assembly and C code
is a violation of Dir 4.3?

Example:
#define M_def do { asm( "mv r0,r1" ); use_uint32( 0 ); } while( 0 )

Please note that 'use_uint32( 0 );' is a function call.

Regards,
Tad

Print this item

  How does MISRA C rules map to ISO26262 and IEC61508
Posted by: Qiong - 10-01-2017, 02:51 PM - Forum: General Questions - No Replies

Where can I find a document that describes the mapping between MISRA rules and ISO26262 and IEC61508? Thank you.

Print this item

  Rule 11.8: non-compatible pointees
Posted by: pmhill - 05-01-2017, 04:58 PM - Forum: 8.11 Pointer type conversions - Replies (1)

In the following code I would like to know which of the casts are compliant for rule 11.8?

[code]
const int a[10];
int *pi;
int **ppi;
const int **cppi;
const float **cppf;

void f() {
pi = (int*) &a; /* int *

Print this item

  [CFP] Safety/Security Rules Study Group for C programming
Posted by: paulsherwood - 04-01-2017, 04:00 PM - Forum: General Questions - No Replies

Hi all,
sorry for the late notice on this I failed to get logged in here until now.

There has been some discussion between members of MISRA members and contributors to the CERT standard for secure c, leading to the creation of a new study group as outlined in the email at
https://lists.trustable.io/pipermail/tru...00181.html

I wonder if other MISRA folks might be interested to get involved?

br
Paul

Print this item

  Rule 13.3 incr/decr op with volatile
Posted by: minhyuk - 03-01-2017, 01:53 AM - Forum: 8.13 Side effects - Replies (4)

Hello,

Code:
volatile int x;
x++; // non-compliant - because, x declared with volatile

In the above code, because 'x' variable is declared as volatile, I think it violates Rule 13.3. What do you think?

Print this item

  Rule 3-4-1 and classes
Posted by: drstaiger - 21-12-2016, 10:50 AM - Forum: 6.3 Basic concepts (C++) - Replies (1)

The rule's title includes "types", but the body of the rule does not specify further whether this is meant for typedefs only, or for complex classes as well.
For example, a class only used in a single function: should it be moved into the function? That would work against the typical ideas of short functions and separation of responsibilities. Could you please clarify MISRA's intention here?

Print this item

  Which rule of MISRA C:2012 matches rule 13.3 of MISRA C: 2004
Posted by: Qiong - 14-12-2016, 06:31 PM - Forum: MISRA C:2004 to MISRA C:2012 migration - Replies (3)

MISRA C: 2004 has Rule 13.3 (required): Floating-point expressions shall not be tested for equality or inequality.

This rule is very useful. We use Mathworks/Polyspace for static analysis. We can find issues of (floating variable == or != 0.0) by turning on MISRA C: 2004, but we miss this check by using MISRA C:2012.

We want to always apply the latest MISRA C standard, but not sure which rule in MISRA C: 2012 matches rule 13.3 of MISRA C: 2004?

Print this item

  MISRA C:2012 Examples Suite
Posted by: misra-c - 09-12-2016, 01:41 PM - Forum: MISRA C resources - No Replies

This suite of files is intended to illustrate issues addressed by the MISRA C rules as expressed in:

  • MISRA C:2012 Guidelines for the use of the C language in critical systems, ISBN 978-1-906400-10-1 paperback and ISBN 978-1-906400-11-8 PDF.
  • MISRA C:2012 Amendment 1Additional security guidelines for MISRA C:2012, ISBN 978-1-906400-16-3 PDF.
The examples are mainly taken from the example sections in the MISRA C:2012 guidelines. It is not intended to be an exhaustive test suite and should not be used as such.

Use of this Examples Suite is subject to the conditions in the enclose READ_ME file. In particular please note that a free license of these code examples is offered only for individual use. Redistribution of the code examples in any form is not permitted. If you wish to use the Examples Suite in this way, including distribution with a tool, please contact MISRA for licensing terms.

This suite will be updated from time to time. You can check you have the latest version by visiting this area of the MISRA Forum. There is an MD5 checksum provided in the file description that can be used to check that a copy of the archive is a genuine copy.  The date and version number of the latest release will always be listed at the end of this post.

Version history

Version number 2.0
Date: 11 November 2016
Reason: Addition of examples to clarify guidelines and examples for new AMD1 rules

Version number: 1.0
Date: 13 January 2014
Reason: Initial release


Latest release
Version number 2.0
Date: 11 November 2016
MD5 checksum: E00B8C1A782F82C08C4DECFB7DD64605



Attached Files
.zip   Example_Suite_2016_11_01.zip (Size: 169.83 KB / Downloads: 75)
Print this item

  Clarification for rule 11-0-1
Posted by: dg1980 - 01-12-2016, 01:40 PM - Forum: 6.11 Member access control (C++) - Replies (1)

Hi,

the rule text only mentions classes, not structs.
Now, in C++ struct and class are synonyms, except that by default everything is public in a struct.
So, does this rule implicitly apply to all structs as well?
Thank you.

Print this item

  Possible inaccurate example?
Posted by: andream - 17-11-2016, 05:34 PM - Forum: 8.2 Unused code - Replies (2)

The following is the example reported for Rule 2.2 (dead code):

Quote:In this example, it is assumed that the object pointed to by p is used in other functions.

Code:
extern volatile uint16_t v;
extern char *p;

void f (void )  {
   uint16_t x;
   (void) v;  /* Compliant - v is accessed for its side effect * and the cast  to void is permitted by exception */
   (int32_t) v; /* Non-compliant - the cast operator is dead */
   v >> 3;     /* Non-compliant - the >> operator is dead */
   x = 3;      /* Non-compliant - the = operator is dead * - x is not subsequently read */
   *p++;       /* Non-compliant - result of * operator is not used */
   (*p)++;     /* Compliant - *p is incremented */
}

I'm not sure that last but one statement represents a non-compliance. In fact, the expression *p++ is treated as *(p++), as the precedence of postfix ++ is higher than *. Indeed the result of * operator is not used, but p value results permanently increased, and p is a global variable. How can be stated that it is not compliant, alias dead code, i.e. "...whose removal would not affect program behaviour"?

Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,171
» Latest member: stephanmuench
» Forum threads: 998
» Forum posts: 2,752

Full Statistics

Online Users
There are currently 361 online users.
» 0 Member(s) | 359 Guest(s)
Bing, Google

Latest Threads
Rule 6.2.1: non-inline co...
Forum: 4.6 Basic concepts
Last Post: cgpzs
Yesterday, 10:11 AM
» Replies: 0
» Views: 21
Rule 0.1.2
Forum: 4.0 Language independent issues
Last Post: stephanmuench
21-11-2024, 01:12 PM
» Replies: 0
» Views: 32
A18-9-4
Forum: AUTOSAR C++:2014 rules
Last Post: cgpzs
23-10-2024, 12:04 PM
» Replies: 2
» Views: 360
A8-4-5: are partial moves...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
22-10-2024, 02:03 PM
» Replies: 1
» Views: 318
model information blocks ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:27 PM
» Replies: 1
» Views: 4,439
MISRA AL SLSF - Rule 043I
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:11 PM
» Replies: 1
» Views: 8,857
MISRA AC EC guidelines
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:21 AM
» Replies: 4
» Views: 15,496
News on future releases
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:05 AM
» Replies: 1
» Views: 5,688
Signal naming convention ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 07:57 AM
» Replies: 1
» Views: 7,243
Rule 7.0.2: operator cons...
Forum: 4.7 Standard conversions
Last Post: karos
14-10-2024, 08:52 PM
» Replies: 2
» Views: 425