MISRA Discussion Forums

Welcome, Guest

You have to register before you can post on our site.

Do not use the sizeof() operator

Posted by: hanthen - 03-08-2009, 01:13 PM - Forum: 6.20 Standard Libraries - Replies (8)

I would suggest a new rule for MISRA C.
"Do not use the sizeof() operator".
Output seems to be compiler dependent, e.g. TI compiler for TMS320C2x/C2xx/C5x series returns the number of 16bit units.

They (TI) claim, that there is an ambiguity in the ANSI C definition:
- sizeof() shall return the number of bytes
- sizeof(char) shall return 1
As they implement a char as 16 bit, their solution of the dilemma is to define a byte as 16 bit.

This sounds problematic and will cause issues while porting code, which uses the sizeof() operator.

Rule 5.5 and unused extern declarations

Posted by: roberto - 03-06-2009, 12:30 PM - Forum: 6.5 Identifiers - Replies (3)

Suppose file f.c contains

Code:
extern int a;

extern int f(int x);

but never defines or references that externally-declared identifiers.
Suppose also that the whole program is constituted by f.c and g.c, where g.c contains

Code:
static int a = 3;

static int f(int x) {

  return x+a;

}

Note that there are no other files in the program and that the program is valid C.
In particular, no compilation unit defines or uses the identifiers declared in f.c.

Is this code violating rule 5.5?
Thanks,

Roberto

Welcome

Posted by: Steve Montgomery - 01-06-2009, 11:30 AM - Forum: MISRA AC SLSF discussions - No Replies

This new forum has been set up for asking questions about and discussing MISRA's "Modelling design and style guidelines for the application of Simulink and Stateflow" (otherwise known as MISRA AC SLSF).

The Working Group responsible for the MISRA AC SLSF document will consider questions posted here and if appropriate give an official response (which will be posted by the "MISRA Reply" user). Any other comments and responses from any posters shall not be considered an official MISRA position.

We expect to respond to questions on an approximately monthly basis so if you don't hear from us, please be patient.

Steve Montgomery
MISRA Autocode Guidelines Project Leader

Welcome

Posted by: Steve Montgomery - 01-06-2009, 11:28 AM - Forum: MISRA AC GMG discussions - No Replies

This new forum has been set up for asking questions about and discussing MISRA's "Generic modelling design and style guidelines" (otherwise known as MISRA AC GMG).

The Working Group responsible for the MISRA AC GMG document will consider questions posted here and if appropriate give an official response (which will be posted by the "MISRA Reply" user). Any other comments and responses from any posters shall not be considered an official MISRA position.

We expect to respond to questions on an approximately monthly basis so if you don't hear from us, please be patient.

Steve Montgomery
MISRA Autocode Guidelines Project Leader

Rule 9.2 - ISO/IEC reference sought

Posted by: Renishug - 26-05-2009, 12:56 PM - Forum: 6.9 Initialisation - Replies (4)

In the comments about rule 9.2 it says, "[...] all the elements of arrays or structures can be initialised (to zero or NULL) by giving an explicit initialiser for the first element only."

I didn't know this, and have looked and looked for where this is said in the ISO/IEC 9899:1990 standard. (I have looked on several occasions now.) Maybe it was right under my nose, but for the life of me I could not find it. Could someone put me out of my misery and tell me where this is stated? Thank you.

Rule 8.1 and static functions

Posted by: Renishug - 22-05-2009, 12:47 PM - Forum: 6.8 Declarations and Definitions - Replies (4)

Rule 8.1 states, "Functions shall have prototype declarations and the prototype shall be visible at both the function definition and call."

My question concerns a subset situation of this rule: why should functions marked static have prototype declarations visible at the function definition?

Here is an example of the scenario, all in the same .c file:

static int8_t my_function( void );

...

float64_t my_other_function( void )
{
...
my_int8_var = my_function();
...
}

static int8_t my_function( void )
{
...
}

Elsewhere in the file there my be other calls of my_function too. This file conforms to rule 8.1. If I re-arrange the textual order of the file to make sure that the definition of my_function occurs before any calls of it, then the prototype effectively becomes redundant:

static int8_t my_function( void );

static int8_t my_function( void )
{
...
}

...

float64_t my_other_function( void )
{
...
my_int8_var = my_function();
...
}

Realistically, the prototype for my_function, usually placed towards the top of the .c file, is done by copy and paste from the function definition, with a semicolon added to the end of it. To me, as long as the textual order is right, the prototype just becomes something with no value to maintain, e.g. if you were to alter the function signature you would have to do so in two places rather than just one.

I have tried to work out why MISRA would want the rule as it is, inclusive of static functions. (I'm ok with the rule otherwise.) I reckon that it might be for this reason: the prototype for static functions are there for the day when someone does some maintenance on the .c file and adds a call to a static function textually before the definition of the function. With a prototype there, the call would be checked for consistency; without a prototype there, if the maintainer forgets to alter the textual order of the function definitions, the function call is unchecked and so has a risk of being in error.

Have I answered my own question?

Use of STL, friend, reinterpret_cast etc..

Posted by: vijayendra - 07-05-2009, 05:18 PM - Forum: 6.11 Member access control (C++) - Replies (1)

MISRA C++ Guidelines does not clearly mention about the following C++ constructs:
1. Use of STL (cstring, vector etc) which are internally based on dynamic allocations
2. Use of friend keyword to access private members of another class
3. Use of reinterpret_cast
4. Use of struct rather than classes - in case the set of data does not have specific operations on it, hence no need to encapsulate them in a class
5. Casting from struct to byte pointer - usually needed to send set of data like array of struct
6. Use of string functions which are not unbounded, e.g. strncpy, memcpy, bcopy, memset etc. All these functions accept size as an argument and access only the given area in memory.

Can you pl. clarify the guidelines on the above?

Rule 15.3 - question over wording of rule

Posted by: CarlinB - 01-04-2009, 11:53 PM - Forum: 6.15 Switch Statements - Replies (1)

Hello,

Rule 15.3 states that "The final clause of a switch statement shall be the default clause."

Is the point of the rule to dictate where the default clause should be located or only to make sure that every switch statement includes a default clause?

I would agree that every switch statement should have a default clause, but I am not clear on why the rule would dictate where this clause should be located.

The rule description clearly states this is a "defensive programming" action. Being such, it makes sense that many times the end of your clause list is the appropriate place for the default clause (there to catch any unhandled case). However, there are times where the desired default behavior is the same as one of the case clauses. Furthermore, the arrangement of the case clauses is often done in some logical order (i.e. progression through a menu). It seems to me that reordering the list of cases just to satisfy this rule is unnecessary, particularly when it breaks the logical flow of the cases.

As an example, here is a switch statement that might be used to determine the appearance of a list of items displayed to a user. For this example, the desired default behavior is to display the list same as if "case 0" was the selection.

Code:
switch(itemSelected)

{

    default:

    case 0:  

    {  /* show list with first item highlighted */ } break;

    case 1:

    {  /* show list with second item highlighted */ } break;

    case n:

    {  /* show list with n-th item highlighted */ } break;

}

Logically, I feel it makes more sense to locate the default clause with the first case clause rather than moving "case 0" to the end of the clause list or repeating the contents of the "case 0" clause in the default clause.

I realize that in practice a deviation can be recorded for why this rule is not followed. But, if the real intent of the rule is to ensure a default clause is always provided then it seems the rule should be reworded to emphasize the need for a default clause and leave the location of the default clause as advisory. However, if the rule really is meant to dictate where the default clause is located, I would appreciate if someone could provide an explanation of why this location is important enough to be a "required" rule.

Rule 19.2 + TC1

Posted by: William Forbes - 01-04-2009, 08:10 PM - Forum: 6.19 Preprocessing Directives - Replies (3)

Hi,

The Technical Corrigendum 1 now allows the \ character to be used in a file name path without the need for a deviation.
So what file will be included in the following:

Code:
#include "test\x61test.h"

The C standard says that this is undefined.
Rule 1.2 bans undefined language features and thus a deviation is still required!

What is the point in now allowing undefined language features in one rule to avoid the need to deviate when using a system that does not allow one to write compliant code only to need a deviation against another rule. TC1 does not rescind rule 1.2?

William Forbes

Embedded Masterclass - MISRA C++ Workshop

Posted by: embeddedmasterclass - 18-03-2009, 12:21 PM - Forum: C++ Announcements - Replies (1)

	Hi, we'll be running another Embedded Masterclass this year. Cambridge and Bristol 7th and 12th May. www.embedded-masterclass.com One of the workshops will address using UML tools to generate MISRA C++ code See website for more details. regards Richard

Pages (100): « Previous 1 … 75 76 77 78 79 … 100 Next »

Search Forums

(Advanced Search)

Forum Statistics

» Members: 6,171
» Latest member: stephanmuench
» Forum threads: 998
» Forum posts: 2,752

Full Statistics

Online Users

There are currently 277 online users.
» 0 Member(s) | 274 Guest(s)
Applebot, Bing, Google

Latest Threads

Rule 6.2.1: non-inline co...
Forum: 4.6 Basic concepts
Last Post: cgpzs
22-11-2024, 10:11 AM
» Replies: 0
» Views: 36

Rule 0.1.2
Forum: 4.0 Language independent issues
Last Post: stephanmuench
21-11-2024, 01:12 PM
» Replies: 0
» Views: 44

A18-9-4
Forum: AUTOSAR C++:2014 rules
Last Post: cgpzs
23-10-2024, 12:04 PM
» Replies: 2
» Views: 398

A8-4-5: are partial moves...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
22-10-2024, 02:03 PM
» Replies: 1
» Views: 339

model information blocks ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:27 PM
» Replies: 1
» Views: 4,459

MISRA AL SLSF - Rule 043I
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:11 PM
» Replies: 1
» Views: 8,875

MISRA AC EC guidelines
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:21 AM
» Replies: 4
» Views: 15,523

News on future releases
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:05 AM
» Replies: 1
» Views: 5,707

Signal naming convention ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 07:57 AM
» Replies: 1
» Views: 7,258

Rule 7.0.2: operator cons...
Forum: 4.7 Standard conversions
Last Post: karos
14-10-2024, 08:52 PM
» Replies: 2
» Views: 448

Login
Username:
Password:
	Remember me Lost Password?

Welcome to the MISRA discussion forum