MISRA Discussion Forums
Portal

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  

  Incorrect comment in mc2_2001.c
Posted by: william.forbes - 25-07-2008, 11:01 AM - Forum: MISRA-C:2004 Exemplar Suite - Replies (1)

In line 42

Quote:/* 7.13.3 to* where * is a lower case letter */
should read
Quote:/* 7.13.2 to* where * is a lower case letter */
i think.

Bill Forbes.

Print this item

  Preprocessor directives and white space
Posted by: JonM - 25-07-2008, 09:45 AM - Forum: 6.19 Preprocessing Directives - Replies (1)

Rule 19.16 of MISRA C2 requires "In particular, ensure that #else and #endif directives are not followed by any characters other than white-space."

Does this rule apply to the end of the line or just the character following the 'e' or 'f'.

e.g.

Code:
#endif
/* header file exclusion */
vs
Code:
#endif /* header file exclusion */
vs
Code:
#endif/*header file exclusion */

Which of these is allowed / preferred / not allowed by MISRA C

Jonathan

Print this item

  Notional operations Rule 10.1
Posted by: JonM - 25-07-2008, 09:37 AM - Forum: 6.10 Arithmetic Type Conversions - Replies (8)

Page 43 of MISRA C2 states:

The expression u32a + u16b +u16c is compliant but u16a + u16b +u32c is not compliant.

See also examples on page 44.

Surely this assumes the order of evaluation is left to right. Please could you clarify whether the guideline examples are correct?

Many thanks in advance.

Jonathan

Print this item

  Rule 2-10-5 and function overloading
Posted by: pkruk - 23-07-2008, 04:26 PM - Forum: 6.2 Lexical conventions (C++) - Replies (2)

Hello,

does rule 2-10-5 disallows function overloading? What is the definition of "identifier reuse"?
For example:

Code:
class C{};
void foo(int);
void foo(C);      // Not compliant?
void foo(int, C); // Not compliant?
Print this item

  Similarities and differences between Misra C++ and ECPP
Posted by: gfinlay - 22-07-2008, 05:02 PM - Forum: C++ General - No Replies

I would like to hear from the Misra committee about what are some of the similarities and salient differences between the Misra-C++ 2008 standard and the work of the Embedded C++ Technical Committee (http://www.caravan.net/ec2plus/)? Is there any difference in emphasis or goals of the two projects - e.g. safety critical vs tailoring for resource-limited systems? Perhaps this could be added to the Misra-C++ FAQ. I have used ECPP in a couple of projects with the Freescale Codewarrior C++ compiler (Coldfire version has compiler switches which turn on a EC++ subset).

Gord Finlay

Print this item

  MISRA-C:2004+TC1 available
Posted by: david ward - 21-07-2008, 11:24 AM - Forum: Announcements - No Replies

Around this time last year we released a Technical Corrigendum to MISRA-C:2004. We recently needed to reprint hard copies of MISRA C, so we have taken the opportunity to incorporate the text of the Technical Corrigendum into the reprint.

The new edition is available now to purchase from the webstore, and PDF versions purchased from today (21 July 2008) will also deliver the new edition. If you previously purchased MISRA C, we regret that upgrades to single-user PDFs are not available, but the Technical Corrigendum is still available as a standalone document from this Bulletin Board (free registration required). Tool vendors and corporate licensees who wish to upgrade should contact us for details.

Print this item

  Misleading statements in Rule 15–1–3.
Posted by: James Widman - 14-07-2008, 08:21 PM - Forum: 6.15 Exception handling (C++) - Replies (1)

Hi all,

In the Rationale for Rule 15–1–3, we have:

Quote:However, syntactically, there is nothing to prevent throw; being used outside a catch handler, where there is no exception object to re-throw. This may lead to an implementation-defined program termination.
There are a couple of problems with this.

First, it't not quite right to refer to a *place* where an exception object can be re-thrown so much as it is to refer to a *time* when such an object can be re-thrown. Refer to 15.1 except.throw. For example, this program:

Code:
extern "C" int printf( const char*, ... );

struct A
    {
    A() { (void)printf( "::A::A()\n" ); }
    ~A() { (void)printf( "::A::~A()\n" ); }
    };

void rethrow() { throw; }

void f(  ) {
    try {
        throw A();
    }
    catch (A& p) {
        (void)printf( "entering f()'s handler...\n" );
        rethrow();
        (void)printf( "exiting f()'s handler without throwing...\n" );
    }
}

int main (void) {
    try {
        f();
    }
    catch( A& p ) {
        (void)printf( "exiting main()'s handler...\n" );
    }
    return 0;
}

... yields this output:
Code:
::A::A()
entering f()'s handler...
exiting main()'s handler...
::A::~A()
(This is specified in the Standard; this is not implementation-defined behavior.)

So the text "where there is no exception object to re-throw" should be changed to something like, "where control could pass at a time when there is no exception object to re-throw".

Second, the rationale text ends with, "This may lead to an implementation-defined program termination."

When you squint at the standardese in just the right way, this sentence is true: it *may* lead to implementation-defined behavior, but only if the non-libary part of the program does not set a terminate_handler. But given the normative text in 15.5.1 except.terminate, it would be much better to change this sentence to:
Quote:If an empty throw is used at a time when there is no exception object to re-throw, std::terminate() is implicitly called. (The stack is not unwound before this call.)
Print this item

  Overloaded operators and MISRA C++
Posted by: James Widman - 10-07-2008, 05:43 PM - Forum: 6.7 Declarations (C++) - Replies (1)

I notice that MISRA C++ does not seem to say much about overloaded operators, and that surprises me a little. I half-expected MISRA to refer to the Boost operators header.

Basically, it works like this:

Code:
//////////////////////////////////
// Boost operator header contains:
namespace boost {
    template
        struct addable1
        {
            friend T operator +( const T& x, const T& y )
                { T t( x ); t += y; return t; }
        };
}

/////////////////////////
// Project code contains:
struct B
    : boost::addable1
{
    B& operator+=( const B& );
};

B f( B &c, B& d )
{
    return c + d; // uses the implicitly-insatntiated friend of
                  // 'boost::addable1', which in turn uses
                  // 'B::operator+='.
}
Compared to the rest of Boost, it's very easy to understand. And it greatly simplifies the construction of a complete set of overloaded operators that behave in a canonical fashion. So I think it could make a lot of sense to introduce an advisory rule that recommends the use of this header.

But note that this whole scheme depends on the friend operator not being instantiated until its first use, and there is a defect report relevant to this: issue 329 (which has been resolved since late 2003). The change given in the DR was not voted into the ISO C++ Working Paper until just after ISO C++2003 released. However, the change to the standard was introduced to match the existing practice of compilers, so very few people (if any) are going to have a problem here. And to find out whether you're one of those few, you only need to feed the above example to your compiler.

Also note, the above example is in violation of rule 14–6–2 because B::operator+= is declared after its use in the friend. But, as I wrote before, I think that rule should probably be removed from MISRA C++.

Print this item

  Problems with Rule 14–6–2
Posted by: James Widman - 09-07-2008, 08:30 PM - Forum: 6.14 Templates (C++) - Replies (4)

Hi all,

The second example in 14–6–2 is:

Code:
template  
void f ( T const & t )
{
   t == t;                       // Non-compliant - Calls NS::operator==
                                 // declared after f
   ::operator ==( t, t );        // Compliant - Calls built-in operator==
   ( operator ==  ) ( t, t ); // Compliant - Calls built-in operator==
}

namespace NS
{
   struct A
   {
      operator int32_t ( ) const;
   };
   bool operator== ( A const &, A const & );
}

int main ( )
{
   NS::A a;
   f ( a );
}
One problem is that the expression '::operator==(t,t)' renders the program ill-formed at template definition time (which means that, if your compiler conforms to ISO C++ 2003, it will issue an error at template definition time and refuse to generate code). This is given by ISO C++ in 14.6 temp.res, which contains this bit of normative text:
Quote:If a name does not depend on a template-parameter (as defined in 14.6.2), a declaration (or set of declarations) for that name shall be in scope at the point where the name appears in the template definition; the name is bound to the declaration (or declarations) found at that point and this binding is not affected by declarations that are visible at the point of instantiation.
Because of the way 'operator==' is written, we know that it is not a dependent name. So unqualified name lookup searches for 'operator==' and finds nothing because there is no declaration of that operator before f (either in this example or in the previous example). So the program is ill-formed (diagnostic required).

Likewise, 'operator==' would also render the program ill-formed (if it were not ill-formed already) because there is no operator== template in scope, so the '

Print this item

  Rule 14–8–1 and dissimilar overloaded templates
Posted by: James Widman - 03-07-2008, 11:15 PM - Forum: 6.14 Templates (C++) - Replies (1)

Hi all,

I suspect that the net cast by rule 14–8–1 is too wide. For example, I don't think it's helpful to label the following as "non-compliant":

Code:
template  void f ( T );  // #1
template  void f ( T*, T ); // #2

template  void f ( int32_t* ); // non-compliant with 14–8–1

In this case, the specialization of #1 cannot get you into trouble.

In the actual example given for 14–8–1, it is helpful to claim that the specialization is suspect because there is another template that would have been a better match if only the explicit template argument list had not been given, and a user (especially someone writing a call to the template) may not have an understanding of the type deduction rules sufficient to know which template would be selected when there are multiple matches and only one match is selected by partial ordering.

But who, without the assistance of medication, would not just assume that #1 (in the example above) is being specialized in the explicit-specialization? Likewise, who, in the absence of default arguments and in the absence of any other overload, would not just assume that #1 would be called when the call expression contains only one argument?

I recommend changing the wording of the rule to:

Quote:An overloaded function template shall not be explicitly
specialized if, in the absence of an explicit
template-argument-list, at least one template other than
the selected template would succeed at type deduction against
the function type given by the explicit specialization.
Print this item

Search Forums

(Advanced Search)

Forum Statistics
» Members: 6,171
» Latest member: stephanmuench
» Forum threads: 998
» Forum posts: 2,752

Full Statistics

Online Users
There are currently 237 online users.
» 0 Member(s) | 235 Guest(s)
Bing, Google

Latest Threads
Rule 6.2.1: non-inline co...
Forum: 4.6 Basic concepts
Last Post: cgpzs
22-11-2024, 10:11 AM
» Replies: 0
» Views: 36
Rule 0.1.2
Forum: 4.0 Language independent issues
Last Post: stephanmuench
21-11-2024, 01:12 PM
» Replies: 0
» Views: 46
A18-9-4
Forum: AUTOSAR C++:2014 rules
Last Post: cgpzs
23-10-2024, 12:04 PM
» Replies: 2
» Views: 399
A8-4-5: are partial moves...
Forum: AUTOSAR C++:2014 rules
Last Post: misra cpp
22-10-2024, 02:03 PM
» Replies: 1
» Views: 339
model information blocks ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:27 PM
» Replies: 1
» Views: 4,459
MISRA AL SLSF - Rule 043I
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
22-10-2024, 01:11 PM
» Replies: 1
» Views: 8,875
MISRA AC EC guidelines
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:21 AM
» Replies: 4
» Views: 15,523
News on future releases
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 08:05 AM
» Replies: 1
» Views: 5,707
Signal naming convention ...
Forum: MISRA AC SLSF discussions
Last Post: misra-ac
21-10-2024, 07:57 AM
» Replies: 1
» Views: 7,258
Rule 7.0.2: operator cons...
Forum: 4.7 Standard conversions
Last Post: karos
14-10-2024, 08:52 PM
» Replies: 2
» Views: 449