MISRA Discussion Forums
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

  A3-9-1 - example with plain 'char' type
Posted by: mstaron - 08-02-2023, 08:00 AM - Forum: AUTOSAR C++:2014 rules - Replies (2)

The A3-9-1 rule recommends to use integer types from <cstdint>, indicating the size and signedness, but the plain 'char' type does not have corresponding type in this library. It is possible to replace only explicit signed or unsigned 'char' types.

The example in A3-9-1 shows the declaration of the plain 'char' type as non-compliant. I understand that in this case the 'i6' variable is initialized by numerical value, so its type should be changed to int8_t. However, this is a different problem that is non-compiant with Rule M5-0-11 "The plain char type shall only be used for the storage and use of character values.". The plain 'char' type is used in AUTOSAR documentation in cases which are marked as compliant (for example Rule A5-1-1). I suppose that A3-9-1 should apply only to 'char' types declared explicitly as signed or unsigned and should not apply to plain 'char' types.

Print this item

  M5-0-20 clarification
Posted by: rt1980 - 25-01-2023, 04:37 PM - Forum: 6.5 Expressions (C++) - Replies (1)

Hi All,

Rule 5-0-20 states that "Non-constant operands to a binary bitwise operator shall have the same underlying type." seems to make sense but my colleagues and I are bit unsure why the non-constant qualifier? 

Consider the following example. It's not clear to us why the first should be allowed if the second is not.

Code:
int foo(int i) {
  const unsigned char mask = ~(0x10);
  return i ^ mask; // compliant: mask is const
}

int foo(int i) {
  unsigned char mask = ~(0x10);
  return i ^ mask; // non-compliant: mask is not const and a different type than i
}


Thanks for your help!
Rafe

Print this item

  Rule 4-5-3 about using relational operators to determine uint8_t
Posted by: zhaohui - 08-12-2022, 08:00 AM - Forum: 6.4 Standard conversions (C++) - Replies (1)

Quote:Exceptionally, the following operators may be used if the associated restriction is observed:
• The binary + operator may be used to add an integral value in the range 0 to 9 to ‘0’;
• The binary – operator may be used to subtract character '0'.
• The relational operators <, <=, >, >= may be used to determine if a character (or wide
character) represents a digit.
According to exceptions and cases of Rule 4-5-3, it seems that Exp1 apples to uint8_t and Exp2, Exp3 apply to character (wide character). And the rule title mainly cares about plain char and wchar_t, so, 
1. What about using uint8_t as operands of relational operators?
2. Which kind of cases does uint8_t violate this rule? Does this rule only check binary operator "+" only for uint8_t?
Code:
void f(void)
{
    char ch = 't';
    if (( ch >= '0') && ( ch <= '9')) // Compliant by exception
    {
        v = ch – '0';                 // Compliant by exception
    }

    unsigned char uc;
    if (( uc >= '0') && ( uc <= '9'))  // compliant or non-compliant?
    {
    }
}
Print this item

  MISRA C:2012 AMD3 published
Posted by: david ward - 05-12-2022, 10:40 PM - Forum: Announcements - No Replies

MISRA C:2012 Amendment 3 (which adds further support for C11/C18 language features) is now available as a free download from the "Resources" section of this Bulletin Board.

Print this item

  MISRA C:2012 AMD3
Posted by: david ward - 05-12-2022, 09:36 PM - Forum: MISRA resources - No Replies

We are pleased to announce the publication of MISRA C:2012 Amendment 3 (MISRA C:2012 AMD3). This document provides additional updates for ISO/IEC 9899:2011/2018 with consideration of new C11/C18 features.

This amendment is intended to be used with MISRA C:2012 (Third Edition, First Revision) as revised and amended by:

  • MISRA C:2012 Technical Corrigendum 2, and
  • MISRA C:2012 Amendment 2
This amendment is also compatible with MISRA C:2012 (Third Edition) as revised and amended by:
  • MISRA C:2012 Technical Corrigendum 1, 
  • MISRA C:2012 Technical Corrigendum 2, 
  • MISRA C:2012 Amendment 1, and
  • MISRA C:2012 Amendment 2.



Attached Files
.pdf   MISRA C 2012 AMD3.pdf (Size: 1.35 MB / Downloads: 47)
Print this item

  A20-8-2 / A20-8-3 - Is returning a non-owning pointer always a violation?
Posted by: vanhuynh - 24-11-2022, 01:41 PM - Forum: AUTOSAR C++:2014 rules - Replies (4)

Hello,

Our team uses a static analysis tool for ASIL-B compliance. The tool warns about violation of rule A20-8-2/A20-8-3 when a non-owning pointer is returned from a function:

Code:
  template <uint64_t CAPACITY>
  class FixedCapacityBuffer {
      std::array<uint8_t, CAPACITY> buffer;
      uint64_t length;

  public:
      uint8_t* Data() const noexcept { return buffer.data(); } //////////////< Violation of rule A20-8-2/A20-8-3?

      // ...
  };

Code:
 
Rule A20-8-3: "A unique_ptr shall be used to represent exclusive ownership."
Rule A20-8-3: "A std::shared_ptr shall be used to represent shared ownership."

However, I do not want to express exclusive or shared ownership. Is the warning correct or a false-positive?

Print this item

  A12-1-1 - Does it apply to POD structs?
Posted by: cgpzs - 23-10-2022, 06:45 AM - Forum: AUTOSAR C++:2014 rules - Replies (5)

Hi,

Does A12-1-1 apply to POD structs? Example:

Code:
struct Foo
{
  int x;
  int y;
};

The members of `Foo` are by default uninitialized. Does A12-1-1 require `Foo` to explicitly initialize its members, like this?

Code:
struct Foo
Code:
{
Code:
  int x{};
Code:
  int y{};
Code:
};


Please note that the above change has some implications, namely that `Foo` is no longer trivial. As such, compilers will warn about performing `memcpy` operations on them. This is a problem for serializer/deserializer type of code.

Thanks!

Print this item

  8.2 Function types shall be in prototype form with named parameters
Posted by: sowisojh - 27-09-2022, 12:02 PM - Forum: 8.8 Declarations and defnitions - Replies (3)

Given is the following code:

Code:
myheader.h

/* define a type of a callback function */
typedef uint16_t(my_callback_fct_t)(uint16_t const *a);


myimplementation.c

#include "myheader.h"

/* function declaration of myCallbackFunction */
static my_callback_fct_t myCallbackFunction;

[...]

/* function definition of myCallbackFunction */
static uint16_t myCallbackFunction(uint16_t const *a)
{
  return (*a) + (uint16_t)1u;
}

Does the function declaration of myCallbackFunction in the above code comply with the Rule 8.2?
As the prototype specifies the parameters by usage of the type my_callback_fct_t and this prototype includes all the parameter and their names I would treat this as a correct prototype as requested by Rule 8.2. even though this is not explicitly listed as being compliant in the MISRA standard.

The background for this kind of function prototyping is to tie the function to an externally defined function prototype which will be used for callbacks in another part of the code.

kind regards
sowiso

Print this item

  How to handle Guidelines that are mentioned as 'Required' in 2012
Posted by: [email protected] - 26-09-2022, 06:43 AM - Forum: MISRA Compliance discussions - Replies (1)

Hello,
I am using MISRA 2012 to review the SW code(Both Auto code and Manual). 
I am bit confused to handle the the guidelines that are mentioned as 'Required'. 
I would like to know what are all the cases when the the rules can be deviated with reasonable justification. And what are all the cases when deviation is not at all accepted with any justification. 

Thank you!

Print this item

  A7-1-1 and function parameters
Posted by: mstaron - 31-08-2022, 01:03 PM - Forum: AUTOSAR C++:2014 rules - Replies (2)

The 'A7-1-1' uses the term: 'immutable data declaration'. This is not defined in the C ++ standard, so it is unclear if this rule applies to function parameters.

Code:
int f(int x)  // Is it Non-compliant?
{
  return x;
}
Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,119
» Latest member: aromauld
» Forum threads: 967
» Forum posts: 2,656

Full Statistics

Online Users
There are currently 92 online users.
» 0 Member(s) | 90 Guest(s)
Facebook, Google

Latest Threads
C++17 [[fallthrough]]; at...
Forum: 6.6 Statements (C++)
Last Post: mshawa
22-04-2024, 06:29 PM
» Replies: 0
» Views: 29
cvalue and constant integ...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
19-04-2024, 04:53 PM
» Replies: 1
» Views: 191
Rule 6-2-3 and C++17 [[fa...
Forum: 6.6 Statements (C++)
Last Post: misra cpp
19-04-2024, 04:48 PM
» Replies: 1
» Views: 154
10.2.3 Amplification
Forum: 4.10 Declarations
Last Post: misra cpp
12-04-2024, 02:20 PM
» Replies: 1
» Views: 170
Rule 7.0.5 Example potent...
Forum: 4.7 Standard conversions
Last Post: misra cpp
12-04-2024, 01:54 PM
» Replies: 1
» Views: 155
Rule 0.2.4 non-compliant ...
Forum: 4.0 Language independent issues
Last Post: misra cpp
12-04-2024, 01:51 PM
» Replies: 1
» Views: 170
Further guidance on MISRA...
Forum: 8.10 The essential type model
Last Post: mshawa
09-04-2024, 02:29 PM
» Replies: 0
» Views: 84
MISRA AC SLSF:2023 AMD1
Forum: MISRA AC resources
Last Post: david ward
05-04-2024, 01:56 PM
» Replies: 0
» Views: 100
MISRA AC GMG:2023 release...
Forum: MISRA AC GMG discussions
Last Post: misra-ac
25-03-2024, 06:01 PM
» Replies: 2
» Views: 451
14.3 and enum constants i...
Forum: 8.14 Control statement expressions
Last Post: misra-c
24-03-2024, 01:08 PM
» Replies: 1
» Views: 350