Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rule 9.2 - ISO/IEC reference sought
#1
In the comments about rule 9.2 it says, "[...] all the elements of arrays or structures can be initialised (to zero or NULL) by giving an explicit initialiser for the first element only."

I didn't know this, and have looked and looked for where this is said in the ISO/IEC 9899:1990 standard. (I have looked on several occasions now.) Maybe it was right under my nose, but for the life of me I could not find it. Could someone put me out of my misery and tell me where this is stated? Thank you.
Reply
#2
It is somewhat complex to find this in the standard. First of all, you should know that objects with static duration are initialized to zero unless they are initialized explicitly by the programmer. This is true both for static variables declared at local scope, as well as all variables declared at file scope ("globals").

I can't cite 9899:1990, but here is from 9899:1999 (should be the same except chapter numbers):

Quote:6.7.8 Initialization
/--/

10
If an object that has automatic storage duration is not initialized explicitly, its value is
indeterminate. If an object that has static storage duration is not initialized explicitly,
then:
— if it has pointer type, it is initialized to a null pointer;
— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
— if it is an aggregate, every member is initialized (recursively) according to these rules;
— if it is a union, the first named member is initialized (recursively) according to these
rules.

/--/
19
The initialization shall occur in initializer list order, each initializer provided for a
particular subobject overriding any previously listed initializer for the same subobject; all
subobjects that are not initialized explicitly shall be initialized implicitly the same as
objects that have static storage duration.

So if you write something like

int array[5] = {0};

you can be sure that all elements are zero. If you write

int array[5] = {1,2,3};

you can be sure that the array contains data 1,2,3,0,0.

---

However, most safety-critical embedded system do not (and shall not) rely on static initialization.
The initialization of statics before startup, as enforced by ISO C, is usually removed in such systems, making
them non-standard (such systems therefore need a deviation from the first MISRA-C rule "follow ISO C").
This is done for two reasons:

- Safety-critical systems very often have non-volatile program memory. This means that the static init values
has to be copied down from non-volatile memory to RAM at startup, which steals execution time.

- From the point of startup to the point where the variable is used, days, weeks or years could have passed.
RAM should not be trusted to maintain its values for such long a time. Therefore, relying on static initialization
is frowned upon. Instead, safety-critical systems typically initialize all variables in "run-time" before they are
used, or alternatively copy-down values from flash to RAM repeatedly.
<t></t>
Reply
#3
Thank you Lundin. I see it now, in section 6.5.7 of the 1990 standard:

Quote:If there are fewer initializers in a brace-enclosed list than there are members of an aggregate, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.
Reply
#4
I think that "aggregate" refers to structs. Though the same rule applies to them as well.
<t></t>
Reply
#5
The original question has been answered by lundin.
Posted by and on behalf of the MISRA C Working Group
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)