04-10-2018, 09:50 AM
The example correctly produces a rule 2.1 violation as it can be determined that "x" will never have the value of "Err_2". A deeper analysis tool might also give a violation on "Err_1" since the value returned by f(5) will always have the value of "Success".
The proposed deviation is not sufficent as stated as there is nothing to prevent a compiler from "optimising" away the code for "Err_1" and "Err_2" cases. Instead the switch chooser should be accessed by means of a volatile qualified lvalue. For exampleThis makes the code compliant with this rule AND prevents the case branches being optimised away by the compiler.
When writing a deviation you should read the MISRA Compliance document which can be found at https://tinyurl.com/MisraCompliance.
With respect to this question you should consider the advice given in the MISRA C:2004 14.1 B.1 permit of the "MISRA C 2004 Permits" document, which can be found at https://tinyurl.com/MisraPermits2004. This document was written for MISRA-C:2004, but advice given in this permit is relevant to MISRA C:2012.
The proposed deviation is not sufficent as stated as there is nothing to prevent a compiler from "optimising" away the code for "Err_1" and "Err_2" cases. Instead the switch chooser should be accessed by means of a volatile qualified lvalue. For example
Code:
switch ( *( volatile ErrStatus * ) &x )
When writing a deviation you should read the MISRA Compliance document which can be found at https://tinyurl.com/MisraCompliance.
With respect to this question you should consider the advice given in the MISRA C:2004 14.1 B.1 permit of the "MISRA C 2004 Permits" document, which can be found at https://tinyurl.com/MisraPermits2004. This document was written for MISRA-C:2004, but advice given in this permit is relevant to MISRA C:2012.
Posted by and on behalf of the MISRA C Working Group