Welcome to the MISRA discussion forum

Hello All.

I am running the comercial RTOS Salvo through the MISRA checker as implemented in IAR's EWARM v4.20A tool suite.

I have a struct called ecb which in turn contains a field called tcbP. ecbP is a pointer to the struct ecb. OSeligQP is a pointer to a struct tcb.

The IAR MISRA checker complains about a call to a function

I belong to the Formal Verification group of Bhabha Atomic Research Centre. I wish to promote the use of MISRA C guidelines in my company. A list of companies in various sectors such as aerospace and military, that have accepted MISRA C standards, will help me a lot. May I ask the members of this group to help me.

Babita.

Hi there,

is there any Code Formatter / Beautifyer that reformats C code according to the MISRA rules, e.g. MISRA2 Rule 14.9 or Rule 14.8 or MISRA1 Rule59 ?

I know of artistic style (on sf) but unfortunately it has not the rule

kind regards,
Bernhard.

10.1a prohibits implicit conversions of an integer expression if it is not to a type wider than the underlying type (and of the same signedness). Suppose ints are the same size as shorts on my system, can I implicitly convert an short to an int? Technically, the ints are not wider than shorts, but nominally, they are. Any thoughts?

Our product makes use of a \"service-based\" architecture - and, while it is \"good code\" that runs on 16, 32, and 64 bit environments, it wasn't initially written with MISRA compliance in mind, although we're \"pretty close\". The tricky one is Rule 104...

Anyway, since networking, IPC, and other typical PC-and-up options for doing services aren't often available in constrained embedded environments, we've chosen function pointers and a \"registration\" methodology as our approach. We're an ISV that works with customers who typically write services themselves or use one of several service implementations that we provide. Services are things like file-system API interfaces, flash I/O interfaces, memory management, etc.

So, I have a question about Rule 104: it would seem that Rule 104 disallows this sort of approach, if I read it right: services are ultimately dynamically-created structures that contain arrays of function pointers that execute the different operations of the service.

The only \"get out of jail free\" card that I can see is that these pointers are set only once at registration time and not changed while the instance of the service exists. But the function pointers are initialized at runtime, so it would seem that we're still in violation of Rule 104.

Is \"initialized at runtime\" versus \"initialized at compile-time\" the test for Rule 104 compliance? Or is it \"a function pointer that is changed\", versus one that is initialized once, whether at compile or runtime, and not changed afterward?

I have the following patterns, anybody please kindly give me some advises on them.

/*pattern1*/
int counter;
for (counter = 0; counter < 100; counter++)
{...}
...
counter = a*b;

Hi

Rule 13.5 (required) states: \"The 3 expressions of a for statement shall be concerned only with loop control\", and
\"First expression: initialising the loop counter.
Second expression: shall include testing the loop counter, and optionally other loop control variables.
Third expression: increment or decrement of the loop counter.\"

The implication would appear to be that for() loops should only be used where there is a loop counter. Is that correct, or could you (for example) use a for() loop without a loop counter, in which case there wouldn't be a first expression?

Is the idea to restrict C's for() usage to that of Pascal's ie.

for var := first [ to | downto ] last do ...

? I'm Ok with this, but I feel that either I'm missing something or the rule isn't explicit enough about what for() can and can't be used for.

Regards
John
NEC Technologies (UK)

Can any one tell me how to determine the underlying type of a bit-field? We need to know in order to incorporate testing for MISRA 2 compliance in our product.

You will notice that a few questions have been asked about the rules.

The MISRA C Working Group will review such questions from time to time and, where appropriate, give a considered response. Such a response will be posted under the name \"MISRA Reply\".

Please note that as MISRA is a voluntary activity, we may not be able to respond to every question; nor to guarantee responding to questions within a particular timescale. However, we do intend to post answers to the questions on a semi-regular basis from this time onwards.

We have been asked a number of questions about solutions and workarounds for various things that are prohibited in both MISRA C1 and MISRA C2 such as using malloc, calloc, etc. for dynamic memory allocation.

Neither MISRA or any member of the MISRA C Working Group will give any guidance or approval to any deviation or \"workaround\". Any advice that may be given by any individuals associated with MISRA C is entirely personal and is not to be seen as a comment from MISRA or the MISRA C Working Group. In general the advice we would give is:

Where you have decided it is not possible to comply with a rule you should raise a deviation giving your reasons and justifications for doing so. You will have to take documented responsibility for your own deviations.

Read Section 4 (of MISRA-C:2004) on using MISRA C, specifically section 4.3.2 on deviations which outlines how to use deviations.

In general deviations should be as local as possible and as specific as possible and must be subject to sign-off for each deviation (or class of deviation).

Remember YOU will have to take responsibility for your deviations.