MISRA Discussion Forums
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

  Rule A12-8-4 and default constructing data members in a move constructor
Posted by: Albin - 15-06-2022, 01:26 PM - Forum: AUTOSAR C++:2014 rules - Replies (2)

Quoting the rationale of this A12-8-4:

Quote:Data members or base classes initialization in move constructor needs to be done with move semantics.
Does this mean that in order to comply with the rule, all data members in a move constructor must be initialized with move semantics, and thus no data members may be default constructed in a move constructor?
The text of the rule does not go that far, it merely prevents the use of copy semantics in move constructors.

Print this item

  MISRA documentation storage
Posted by: lubomir.milko - 10-05-2022, 11:43 AM - Forum: General Questions - Replies (1)

Hello, in a company where I work, we have a license for MISRA C:2012 guidelines document allowing 100 people to see its content. We would like to avoid having a local copy of this PDF document for each reader. So, now we are sharing the document on sharepoint, where the access is controlled and there is a setting that does not allow downloading the PDF, only to open it in a web browser. This would be fine, however, we are also working on new company coding guidelines and it would be very good if we could create links to specific pages of MISRA C guidelines PDF. Normally, it is possible to add for example "#page=3" at the end of an URL address for the PDF document and it will open it in 3rd page. However, with the document in sharepoint, restricted only for specific users and with disabled download, it is not possible to reference the specific page using this method. For some reason it seems to work only with unrestricted documents.

So, do you have some other recommended ways of storing the MISRA documentation that allow showing only the content in web browser, without downloading and where only selected people can access it, while also being able to create links to specific pages?

Print this item

  A5-16-1 Clarification
Posted by: hahn - 06-05-2022, 09:12 AM - Forum: AUTOSAR C++:2014 rules - Replies (2)

Hi,

we stumbled upon a few situations in which rule A5-16-1 is not particularly clear.

(1) The example contradicts the rule text as the usage of ?: as sub-expression in assignments (which is an expression again) is named compliant. This was already mentioned in https://forum.misra.org.uk/thread-1612.html .
(2) Code like "A a = 1 ? x : y;" where A is a class and x and y are objects of A. Assuming assignments are okay for this rule, the ?: is not the operand of the assignment but of an implicit call to the copy constructor of A. Should such implicit calls be ignored (aka treated as transparent) or is the rule okay with usage of ?: as function call argument in general?

It would be great if the exceptions for this rule could be clarified. Thanks a lot!

Print this item

  Rule 14-7-1 and templates that must be specialized
Posted by: chgros - 29-04-2022, 10:25 PM - Forum: 6.14 Templates (C++) - Replies (1)

One of our clients is using code like this:

Code:
template<bool b> SomeClass;

template <> SomeClass<true> {
  void foo();
};
SomeClass<true> s;

We report a 14-7-1 defect, as non-specialized SomeClass is never instantiated.
They're complaining it's a false positive. Could we get a ruling? Arguably the explicit specialization and the non-specialization are different classes, and to be compliant both should be instantiated. On the other hand, this might be a reasonable thing to do if e.g. the goal is to prevent the code from working with <false> (note: I'm only guessing at the goal. The example from the customer doesn't go much further than this)
Do you have any guidance?

Print this item

  Rule 8.7: clarifications of no linkage for an object
Posted by: chenzhuowansui - 28-04-2022, 06:18 AM - Forum: 8.8 Declarations and defnitions - No Replies

Hi there,

could anyone help explain the following sentence in the Rationale part of Rule 8.7



Quote:Restricting the visibility of an object by giving it internal linkage or no linkage reduces the chance that
it might be accessed inadvertently.


as specified by the C standard:



Quote:If the declaration of an identifier for a function has no storage-class specifier, its linkage
is determined exactly as if it were declared with the storage-class specifier extern. If
the declaration of an identifier for an object has file scope and no storage-class specifier,
its linkage is external.


if an object is declared with no linkage, the default linkage is external linkage, so why giving no linkage to an object could restrict the visibility and reduces the chance that it might be accessed inadvertently?

thanks!

Print this item

  Rule 9.2 zero initialization of array of struct
Posted by: sowisojh - 27-04-2022, 11:28 AM - Forum: 6.9 Initialisation - Replies (1)

I Have the following code:

Code:
#include <stdint.h>

typedef struct {
    int16_t foo;
    int16_t bar;
} foobar_t;

static foobar_t foobars[42] = {0};

In rule 9.2 the following is given:

Quote:Note also that all the elements of arrays or structures can be initialised (to zero or NULL) by giving an
explicit initialiser for the first element only. If this method of initialisation is chosen then the first
element should be initialised to zero (or NULL), and nested braces need not be used.


Is the zero initialization of foobars compliant with Rule 9.2?

Lint is complaining about this kind of initialization, but I'm not sure if it is right or not
Warning: LINT [W940] omitted braces within an initializer [MISRA 2004 Rule 9.2]


The rule mentions that the first element should be initialized to zero. The first element, which can be listed in the initialization list, would be the member foo of the first struct of the first array element. Setting this to 0 would, in my understanding, comply with rule 9.2. As in the last sentence "... nested braces need not be used" is mentioned, no further braces around the 0 are required.

Print this item

  MISRA C:2012 TC2
Posted by: david ward - 20-04-2022, 06:40 PM - Forum: MISRA resources - No Replies

We are pleased to announce the publication of MISRA C:2012 Technical Corrigendum 2 (MISRA C:2012 TC2). This document provides additional clarification on MISRA C:2012 and should be read in conjunction with either

  • MISRA C:2012 (Third Edition, First Revision) Guidelines for the use of the C language in critical
    systems, as revised by
  • MISRA C:2012 Amendment 2, Updates for ISO/IEC 9899:2011 Core functionality
or
  • MISRA C:2012 (Third Edition) Guidelines for the use of the C language in critical systems, as
    revised by:
  • MISRA C:2012 Amendment 1, Additional security guidelines for MISRA C:2012
  • MISRA C:2012 Amendment 2, Updates for ISO/IEC 9899:2011 Core functionality
  • MISRA C:2012 Technical Corrigendum 1



Attached Files
.pdf   MISRA C 2012 TC2.pdf (Size: 166.76 KB / Downloads: 57)
Print this item

  M9-3-3 and observable state
Posted by: kth - 14-04-2022, 01:32 PM - Forum: AUTOSAR C++:2014 rules - Replies (3)

The AUTOSAR Guidelines for the use of the C++14 language in critical and safety-related systems (Release 19-03/latest) basically reuse MISRA C++ Rule 9-3-3 as M9-3-3 but add two clarification notes and a reference to C++ Core Guidelines 

  • Con.2: By default, make member functions const.

The rationale of Con.2 explicitly uses "observable state": 

Quote:Reason A member function should be marked const unless it changes the object’s observable state. This gives a more precise statement of design intent, better readability, more errors caught by the compiler, and sometimes more optimization opportunities.

Motivation of this post is that our static analysis tool currently reports a M9-3-3 finding for this code:
Code:
class B final {
public:
  B(int* dest) : p_{dest} {}
 
  int& Get() { return *p_; }  // M9-3-3 reported
 
  // Here adding const to Get() does not lead to a compiler error, due to the indirection that is introduced with
  // the pointer 'p_'. However, adding const without changing the return type to 'const int&' is missleading.
private:
  int val_{0};
  int* p_{&val_};
};



A similar example with shared_ptr:
Code:
class Data
{
  public:
    // changes the observable state
    void Set(int val) noexcept
    {
      val_ = val;
    }

    int Get() const noexcept
    {
      return val_;
    }

  private:
    int val_;
};

class WithSharedPtr {
  public:

    void SetValue() {  //< M9-3-3 Method can be declared const reported here
      sptr->Set(3);
    }

    void ChangePtr() {
      sptr = std::make_shared<Data>();
    }

    int GetValue() const {
      return sptr->Get();
    }

  private:
    std::shared_ptr<Data> sptr = std::make_shared<Data>();
};

For both findings adding const is technically possible, but the observable state is changed.

My question: what is the correct interpretation of MISRA C++ 9-3-3 and AUTOSAR M9-3-3?

Print this item

  3-2-4 and pure virtual functions
Posted by: Tobias Loose - 10-04-2022, 06:19 AM - Forum: 6.3 Basic concepts (C++) - Replies (1)

Hi!

Rule 3-2-4 states:


Quote:An identifier with external linkage shall have exactly one definition.


This would also apply to pure virtual functions of abstract base classes. I have personally never seen anyone use that feature and gather from reading up about it that it is questionable design to supply definitions for those. In most cases, these functions would be empty and collide with rules about unused code anyway.

Was this intended or an oversight? I propose to add an exception for pure virtual functions.

Also, I propose to replace "An" with "All". Otherwise, it would be enough to add one variable somewhere and provide a definition for it.

Thanks!

Print this item

  Conflict 12-1-3 and 12-1-2
Posted by: Tobias Loose - 08-04-2022, 02:13 PM - Forum: AUTOSAR C++:2014 rules - Replies (1)

Hi!

The text of A12-1-2:


Quote:Both NSDMI and a non-static member initializer in a constructor shall not be used in the same type.


And A12-1-3:

Quote:If all user-defined constructors of a class initialize data members with constant values that are the same across all constructors, then data members shall be initialized using NSDMI instead.


These are in conflict if a type initializes some members to a constant cross all constructors, but other members to non-constant values. The conflict arises from having to move the constant member's initializer to NSDMI and having to do the same thing with the other members (for A12-1-2) but not being able to (due to their dependence on constructor arguments).

Initializing to one value and then overwriting in the ctor body with another value is not an option when the member is const or when there is no cheap first initialization (e.g. due to dynamically allocated memory etc.).

I suggest revising A12-1-3 to:

Quote:If all user-defined constructors of a class initialize all data members with constant values that are the same across all constructors, then data members shall be initialized using NSDMI instead.


Thanks!

Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,119
» Latest member: aromauld
» Forum threads: 968
» Forum posts: 2,657

Full Statistics

Online Users
There are currently 97 online users.
» 0 Member(s) | 94 Guest(s)
Applebot, Bing, Facebook

Latest Threads
A13-5-4 opposite operator...
Forum: AUTOSAR C++:2014 rules
Last Post: aromauld
Yesterday, 03:34 PM
» Replies: 0
» Views: 7
C++17 [[fallthrough]]; at...
Forum: 6.6 Statements (C++)
Last Post: mshawa
22-04-2024, 06:29 PM
» Replies: 0
» Views: 34
cvalue and constant integ...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
19-04-2024, 04:53 PM
» Replies: 1
» Views: 193
Rule 6-2-3 and C++17 [[fa...
Forum: 6.6 Statements (C++)
Last Post: misra cpp
19-04-2024, 04:48 PM
» Replies: 1
» Views: 164
10.2.3 Amplification
Forum: 4.10 Declarations
Last Post: misra cpp
12-04-2024, 02:20 PM
» Replies: 1
» Views: 182
Rule 7.0.5 Example potent...
Forum: 4.7 Standard conversions
Last Post: misra cpp
12-04-2024, 01:54 PM
» Replies: 1
» Views: 156
Rule 0.2.4 non-compliant ...
Forum: 4.0 Language independent issues
Last Post: misra cpp
12-04-2024, 01:51 PM
» Replies: 1
» Views: 172
Further guidance on MISRA...
Forum: 8.10 The essential type model
Last Post: mshawa
09-04-2024, 02:29 PM
» Replies: 0
» Views: 90
MISRA AC SLSF:2023 AMD1
Forum: MISRA AC resources
Last Post: david ward
05-04-2024, 01:56 PM
» Replies: 0
» Views: 108
MISRA AC GMG:2023 release...
Forum: MISRA AC GMG discussions
Last Post: misra-ac
25-03-2024, 06:01 PM
» Replies: 2
» Views: 457