MISRA C:1998 Rule 104 and rule 105

[Jonas Hansryd]

First, good idea to set up the forum, hope it will be frequently visited by engineers working with Misra C. Nice to be one of the first users of the forum :-)

As there is no section specifically dedicated to Misra C:1998 I place my question in the general question section.

What is the intended interpretation of Misra C:1998 rules 104 and 105?

Misra C:1998 rule 104 reads \"Non-constant pointers to functions shall not be used\"
One may interpret this rule as that the only allowed use and declaration of a function pointer is as in the example below

Example:

Code:

typedef U16_t( *const MyFuncPointer_t) (U16_t);

U16_t MyFunc(U16_t MyInput)
{
  return (MyInput + 2u);
}

MyFuncPointer_t MyFuncPointer = MyFunc;

void main(void)
{
     printf(\"\\nReturn: %i\\n\\n\",MyFuncPointer(4u));
}

If the above interpretation is correct, then the function pointer should always be declared as a constant and can never point at another function during runtime.

Rule 105 reads: \"All the functions pointed to by a single pointer to function shall be identical in the number and type of parameters and the return type\".

We interpret rule 105 as it is allowed for one single function pointer to point at diffferent functions during runtime. But with the conservative interpretation of rule 104, a function pointer may never change the function it points at during runtime and thus conflicts with rule 105, i.e. rule 105 would be superfluous.

What would be the correct way to interpret rule 104 and rule 105?

[vgl]

Misra C:1998 rule 104 reads "Non-constant pointers to functions shall not be used"
One may interpret this rule as that the only allowed use and declaration of a function pointer is as in the example below

Example:

Code:

typedef U16_t( *const MyFuncPointer_t) (U16_t);

U16_t MyFunc(U16_t MyInput)
{
  return (MyInput + 2u);
}

MyFuncPointer_t MyFuncPointer = MyFunc;

void main(void)
{
     printf("\\nReturn: %i\\n\\n",MyFuncPointer(4u));
}

If the above interpretation is correct, then the function pointer should always be declared as a constant and can never point at another function during runtime.

Rule 105 reads: "All the functions pointed to by a single pointer to function shall be identical in the number and type of parameters and the return type".

We interpret rule 105 as it is allowed for one single function pointer to point at diffferent functions during runtime. But with the conservative interpretation of rule 104, a function pointer may never change the function it points at during runtime and thus conflicts with rule 105, i.e. rule 105 would be superfluous.

What would be the correct way to interpret rule 104 and rule 105?

Rule 105 may be interpreted in another way. See this example:

Code:

#include

typedef int (*const FuncPtrType1)(int);
typedef int (*const FuncPtrType2)(double);

int bar()
{
    return 7;
}

FuncPtrType1 funcPtr1 = (FuncPtrType1)bar;
FuncPtrType2 funcPtr2 = (FuncPtrType2)bar;

int main(void)
{
    printf("Return: %i\\n", funcPtr1(4));
    printf("Return: %i\\n", funcPtr2(5.0));
    return 0;
}

Rule 105 is violated since there are two pointers to the function "bar" (both of them single pointers to that function) that are not identical in the type of parameters.

Volker Glave

[Erik Leitner]

Hi Volker,

my question may be due to my lack of proper english (got a bit rusty).
What would be according to your interpretation a not-single pointer ro function ?

Thanks,
Erik

[derek_farn]

> What is the intended interpretation of Misra C:1998 rules 104 and 105?

Although the wording does not say so, I think the intent of these rules
is to apply to objects declared to have a pointer to function type.

> Misra C:1998 rule 104 reads \"Non-constant pointers to functions shall
> not be used\"

As written this rule prohibits the use of identifiers declared as functions.
For instance, in:

Code:

void f(void)
{ /* ... */ }

void g(void)
{
f(); /* this violates rule 104 since f has a non-constant pointer to function
       * type
       */
}

> Rule 105 reads: \"All the functions pointed to by a single pointer to
> function shall be identical in the number and type of parameters and
> the return type\".

I think the intent was to say:

\"All functions pointed to by an object having a pointer to function
type shall ...\"

> We interpret rule 105 as it is allowed for one single function pointer to
> point at diffferent functions during runtime. But with the conservative
> interpretation of rule 104, a function pointer may never change the
> function it points at during runtime and thus conflicts with rule 105, i.e.
> rule 105 would be superfluous.

Rule 105 is needed to stop me writing:

Code:

extern int f(int, long);
extern char g(float);

/* ... */
some_call((int (* const)(int))f);
some_call((int (* const)(int))g);

Rule 104 only requeries the use of const, it does not
say anything about or parameter types.

[brenault]

Rule 105 forbid explicit function pointers casts

[keylevel]

Rule 104:

This is there to prevent the address of a function from being calculated at run time. i.e. the use of pointer arithmetic to calculate the value of a pointer to function is prohibited.

The reason is that an error in the calculation of the address could lead to a system failure.

Rule 105:

This is to ensure that a function pointer is only used to access functions that have the same return value type and formal parameter list. i.e. the type of the function pointer and the function to which it points must be the same.

The reason for this is to keep the use of the pointer consistent. If it is not, it is possible for the programmer to supply the wrong number of parameters when a function call is made, as it might not be clear which function the pointer is pointing at.

So, you can have a function pointer that points to different function at run time, provided that:
a) The addresses of the functions are not calculated at run time (they may be retrieved from a table).
b) The functions pointed to are of the same type.