Welcome to the MISRA discussion forum

MISRA is pleased to announce that a draft of its “Guidelines for Automotive Safety Case Arguments” will shortly be available for public review. The ISO 26262 standard defines a safety case as an “argument that the safety requirements for an item are complete and satisfied by evidence compiled from work products of the safety activities during development”. This new MISRA document will give practical guidance on a model for structuring automotive safety arguments, although its principles may also be applicable in other sectors.

Update 25 November 2016. The call for reviewers is now closed. Thank you to everyone who has responded and we will be in contact within the next week regarding the next steps in the review process.

Exception: Variables which are written by the program but read by an external entity (e.g. ASAM MCD tools like Vector CANape) are not considered a violation of this rule.

Dear MISRA team,

we have certain variables which are required by our boot loader (a separate binary) but are not used in the main program itself.
In my book, this is not a violation of 0-1-3, because clearly those variables have a usage, albeit one that static analysis cannot prove.
Therefore i would like to propose the following addendum to rule 0-1-3:

Exception: a variable which is required by an external binary program only (e.g. an embedded systems boot loader) is not considered a violation of this rule.

Dear MISRA team,

i think in the example below, the non-const get_p is a violation of this rule, while the static analysis tool says otherwise.
The compliant example in the document refers to shared data, which is not the case here.
I think it was misinterpreted as "returning a member of type T* is always compliant".
If so, maybe in the next version of the standard this rule needs a better formulation in terms of exceptions.

It is hard to understand the reason to add Amplification 2 "The conversion of the constant expression in a switch statement's case label to the promoted type of the controlling expression".

What kind of risks should be eliminated with this?

Thank you,
Mario Ikeda

Typically, on embedded systems with a simple RTOS, main is used as background task, so it never returns:

MISRA C:2012 has made reference to ISO/IEC 9899:1999 (C99). As of 2011, there is the latest ISO/IEC 9899:2011 (C11). I wonder if any Supplement, Amendment or slight change has been prepared in this respect. Or MISRA C:2012 is invariant w.r.t said latest ISO standard?

Hi,
In my code I have a static const array which is declared outside the block scope of the function where it’s used. Also it is only used by one function, so the Note 9003 is correct.
But the array is large and will ruin the overview of the function. So I want to suppress the warning using /*lint -e9003*/ before the array and /*lint +e9003*/ behind it.
But this has no effect. As I suppress the warning global it works, but this shall not be the way to do.
Any idea how to suppress the warning local for just one variable?

Could you write an explicit chapter on how to deal with this situation in the next version of the standard?
For example, i don't think this is what MISRA intended: http://support.gimpel.com/forums/225702-...th-mixed-c
Also, consider adding exceptions to some rules in the context of headers being included in both C and C++ modules:

A presentation slide from Andrew Banks, Chairman of MISRA C Working Group, says
that MISRA C:2012 has no explicit library-specific restriction on 7 standard headers and among these is included.
(page 13, http://www.open-std.org/jtc1/sc22/wg14/w.../n2035.pdf)
so I thought I would be able to check whether a program is a conforming freestanding program or not by applying MISRA C:2012 guidelines.

However, in MISRA C:2012 Rule 17.1 says the features of shall not be used.

I think some rules of MISRA C:2012 are too restrictive to use in various kinds of industries.
Moreover, it makes me unhappy that complying with MISRA C:2012 doesn't imply conforming freestanding implementation.

is the slide wrong? or is there any mistake in my mind?
I'm beginner in MISRA guidelines, so I might have lots of errors.
I will appreciate your advices and help.