Double casting to bypass 11.4?

Double casting to bypass 11.4? - Printable Version

+- MISRA Discussion Forums (https://forum.misra.org.uk)
+-- Forum: MISRA C (https://forum.misra.org.uk/forumdisplay.php?fid=4)
+--- Forum: MISRA-C: 2004 rules (https://forum.misra.org.uk/forumdisplay.php?fid=17)
+---- Forum: 6.11 Pointer Type Conversions (https://forum.misra.org.uk/forumdisplay.php?fid=38)
+---- Thread: Double casting to bypass 11.4? (/showthread.php?tid=676)

Double casting to bypass 11.4? - exoson - 04-09-2009

I ran into an issue with a static analysis tool the other day.

In my example:
pool_ptr->list = *((UCHAR **) work_ptr); /*violates MISRA 11.4 */
Both pointers are UCHAR *. The first location in the buffer is being used to hold another pointer.

Adding an intermediate cast to void * clears the warning.
pool_ptr -> tx_list = *((UCHAR **) (void *)work_ptr);

Regardless that this clears the message, I believe it is still a violation of the intent of MISRA 11.4. Do you agree?
-----------------------------------------------------------------------
Scott Nowell
Validated Software Corporation

Re: Double casting to bypass 11.4? - William Forbes - 05-09-2009

Rule 11.4 uses the word "cast" when in reality the problem is the conversion (and the subsequent dereferencing).

Maybe Rule 11.4 could read:
The value of a pointer to an object type shall not be assigned the value of a pointer to an object of a different type.

William Forbes

Re: Double casting to bypass 11.4? - William Forbes - 07-09-2009

Does anybody have any comments on the following (as far as I can tell) MISRA compliant code:

Code:
uint8_t    u8           = 0U ;

    uint8_t  * ptr_u8       = &u8 ;

    void     * ptr_nothing  = ptr_u8 ;       /* Rule 11.2 compliant */

    uint16_t * ptr_u16      = ptr_nothing ;  /* Rule 11.4 compliant - no cast */

    uint16_t   u16          = *ptr_u16 ;     /* What value is u16 ? !! */

I also think there is a typo in the second bullet point of paragraph 2 in section 6.11 which confuses the issue.
I think the 0 is missing from the definition of a null pointer constant, unless it is talking about a pointer to void!

Bill Forbes

Re: Double casting to bypass 11.4? - misra-c - 09-09-2009

Conversion of a pointer to object to a pointer to different object via a pointer to void is permitted by the MISRA C rules. While this style of coding is questionable, the MISRA C Working Group felt unable to prevent it given the extensive use of pointers to void in the C library.

We acknowledge the typographical error in the 2nd paragraph of 6.11. It should indeed have said (void *)0.

Tracker Id: 41