05-12-2014, 08:41 AM
The following discussion assumes that you have checked that the default can not be reached by any path through your program. This would include checking that the switch controlling expression with an essentially enum type could only have a value which is a member of the enumeration set.
You have the following options depending on the requirements of your code.
1. A default is required for defensive programming purposes.
Option 1a: Write a deviation for rule 2.1 that confirms that the default is not optimised out by your compiler.
Option 1b: Make the switch controlling expression volatile.
This prevents the compiler from possibly removing the default statement because it is now reachable.
2. No defensive programming is intended. This means that you are not concerned with rogue values being injected into your program including as a result of hardware faults etc.
Option 2a: Write a deviation for rule 2.1 that confirms that the behaviour of the program is not dependent on whether the default is removed by the compiler or not.
Option 2b. Write a deviation for rule 16.4 that confirms why the default is not required.
Option 2c: Construct the default so that it does not contain executable code (which should include a comment stating why). For example:
This means that it does not matter if the compiler removes the default path or not.
3. Restructure your code so that all code can be reached. For example by making the default include a path that is reached.
You have the following options depending on the requirements of your code.
1. A default is required for defensive programming purposes.
Option 1a: Write a deviation for rule 2.1 that confirms that the default is not optimised out by your compiler.
Option 1b: Make the switch controlling expression volatile.
Code:
switch ( * ( volatile enum light *) & c )
2. No defensive programming is intended. This means that you are not concerned with rogue values being injected into your program including as a result of hardware faults etc.
Option 2a: Write a deviation for rule 2.1 that confirms that the behaviour of the program is not dependent on whether the default is removed by the compiler or not.
Option 2b. Write a deviation for rule 16.4 that confirms why the default is not required.
Option 2c: Construct the default so that it does not contain executable code (which should include a comment stating why). For example:
Code:
default:
/* no default required as not concerned with .... */
break;
3. Restructure your code so that all code can be reached. For example by making the default include a path that is reached.
Posted by and on behalf of the MISRA C Working Group