Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Misra rule 20.3
#1
Code:
#define MAX_BUF_LEN 20
#define MAX_ID_LEN    40

typedef struct
{
uint8_t  sno[MAX_BUF_LEN];
uint8_t  ID[MAX_ID_LEN ];'
} xdata_t;

typedef {
uint8_t   time;
uint32_t vol;
uint8_t ID[MAX_ID_LEN ];
}xpf_t

xdata_t  testdata;
xpf_t      pfdata
....
memcpy(pfdata.ID, testdata.ID, MAX_ID_LEN );  // Misra not compliant
......

I am using parasoft tool for checking misra compliance. for the above memcpy line I am getting the following misra non compliance

Values is "ID" passed to library function "memcpy" without being checked

I am using statically declared array. Why is it throwing this misra compliance? Can any one point how to make thsi line compliant

TIA
Narendra
<t></t>
Reply
#2
Rule 20.3 requires parameter checking for library functions, although memcpy is not explicitly mentioned.
The behaviour of memcpy is undefined, if the memory regions overlap.
However, in your example it is provable by static analysis that this can never be the case.
Excerpt from Rule 20.3:
Quote:Demonstrate statically that the input parameters never can take invalid values
So, long story short: false positive, contact tool vendor.
<t></t>
Reply
#3
dg1980 has correctly pointed out that there are various ways to satisfy this rule. In MISRA-C:2012 this rule has become a directive (4.11), which highlights that the MISRA-C team is not mandating exactly what a tool should be checking for. Therefore tools will vary in how they perform this check.

In this particular case it CAN BE statically demonstrated that there are no issues of undefined behaviour since the input parameters are valid.
Posted by and on behalf of the MISRA C Working Group
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)