Welcome to the MISRA discussion forum

Hi,

We are looking to adopt the MISRA guidelines in our company to improve our coding standards. Most of our existing projects contain both C and C++ source files. We like to use the benefits that C++ offers for writing things like a menu system (user interface), where a well-defined class hierarchy can help with modularising our code. However, it is our opinion that C offers a better solution for medium-speed applications such as an LCD display driver (to actually display our C++ based menu system).

In this case, which MISRA standard should we adopt ? Do we use the MISRA C++:2008 guidelines for both our C++ and C source files or do we check C++ files against this standard and use the MISRA-C:2004 guidelines for our C source code ?

Regards,

Vance

In Section 6.11 of the MISRA-C:2004 document, after the specification of Rule 11.5, the following example is reported:

Rule says not to use any functionality of and it is a Required rule.

How to use POSIX compliant timer APIs like timer_create, timer_settime etc is also defined in this header file?

Hi Folks,

We appreciate the MISRA-C compliance.

We are making our application code into the MISRA-C compliance and can you please clarify below questions.

1./Rule 14.7: This rule says that array indexing is only allowed for pointer arithmetic. We understand that if we manipulate the pointer we may end up some cases accessing the non existing memory but suppose even if we access through the index and index is beyond the size of array declaration here also we end accessing the non existing memory , We have the below code and I think it is safe away of using? Can you please let us know the motivation of this rule and how indexing can avoid the error? Also let us know that the below code is acceptable or not?

void awe_vecAbs(
const float * src,
int srcInc,
float * dst,
int dstInc,
int blockSize)
{
int i;

for (i = 0; i < blockSize; i++)
{
*dst = fabsf (*src);
src = src + srcInc;
dst = dst + dstInc;
}

)
2./ Rule 14.7 says that the function should have the only one single exit but in some cases it is very difficult to compliance with this especially when we check for the error concealment. Please have a look at below code we still can use if ,else conditions but we end up having more checks like this which will degrade the system performance, Can you please let us know what way we can do this in better and motivation of this Rule?
if (currentObject == NULL)
{
return (E_NOT_OBJECT_POINTER);
}
id = awe_fwGetClassType(currentObject);
if (!IsClassValid(id))
{
return (E_NOT_OBJECT_POINTER);
}
*pObject = currentObject->pNextInstance;
if (*pObject == NULL)
{
return (E_NO_MORE_IOPINS);
}
*pClassID = awe_fwGetClassType(*pObject);
return (0);


Best regards,
Kishore.

Please help me understand the reason for rule 18.1. In the context of an "opaque pointer", one can properly make and use such a pointer to an incompletely typed structure. Having the full structure declaration is not needed. The committee has endorsed this in a previous post.

What coding practice is left that might cause a problem? If the type is incomplete, a compile error will result from any attempt to create an object of that type or refer to its members.

OK, but even so, why not require it? In header files, I like to code:
struct something; /* with a forward declaration, I can create pointers. */

void foo (struct something *pointerToSomething);

The prototype is valid even though "something" is of incomplete type. If the #including .c file does not need anything other than the pointer, why require #including yet another header merely to get the (unused) full declaration and satisfy the rule?

One of the examples given for rule 13.2 is:

I agree that one should not write code like

Please consider the following test program:

While the issue about the ~ operator in rule 10.5 is obviously handled by an immediate cast, I've been wondering, what the immediate cast of a shift left (

Is there a MISRA preferred route for accessing individual bit(s) in an SFR in an embedded micro? In MISRA C1 Rule 110 stated that "unions shall not be used to access the sub-parts of larger data types" and in the explanatory text said that the preferred method was the use of unsigned integer types and masks. However in C2 the rule has changed to "no unions" and this particular recommendation doesn't seem to have made it into the text anywhere.

Notwithstanding rule 18.4, on a micro I am working with at present the compiler writer provides access in the header file to each SFR through a union which overlays both a bitfield structure for the SFR and an unsigned object covering the whole width of the SFR. So if I want to extract (say) a 12-bit A/D value from an SFR location that contains the result as well as some other info e.g. status bits I can access this either as ADCchan.B.RESULT (where RESULT is a bitfield 12 bits wide) or ADCchan.U & 0x00000fffU.