Rule 0.1.1

[Merge]

Hi,

I was made aware of the following by a colleague.
In one of the official examples for rule 0.1.1 MISRA C++ 2023 states, quote:

Code:

m = 10; // Non-compliant - when looping, overwrites incremented value

However, I would argue that during the last loop iteration, the value is being read (and modified) by the increment before being returned. In the rule amplification, it is stated that an object is considered observed if it has been observed in any iteration, which I would therefore consider being the case here.

In other words, `m` is observed in this line, so it should not be a violation as per the rule amplification. Am I missing something?

I'll admit that the example is not the cleanest code for expressing the particular functionality (e.g., statement could be moved out of the loop), but we have to keep in mind that this is merely a simple example for illustration purposes and a real-world example might look comparatively more complex.

I would appreciate a second opinion :-)

Best regards,
Daniel "Merge" Merget

[misra cpp]

We agree the description of the example could be better and having 'm' as a parameter of the function just complicates things further.
Our plan is to reword example 'f3' as:

The following example focuses on loops, and the following:
  * Since 'j' is only written to through increments, all writes are preceded by a read.
    Additionally, since 'j' is observed withing the loop, it is considered observed at
    the end of the loop, after the write that happens in the last iteration. So all
    write accesses to 'j' are necessary.
  * Similarly, for 'k', there is also a read between two writes. However the variable
    is never observed, therefore all writes are unnecessary.
  * For 'm', the situation is different. The value written to 'm' during the increment
    at the end of the first iteration will be overwritten, without having been read, when
    assigning 10 to 'm' at the start of the second iteration of the loop (and on all
    subsequent iterations). This write is therefore unnecessary. Note: If it were
    possible for the loop to have a single iteration, the code would be compliant, because
    there would be a feasible path where the unnecessary overwrite does not occur.


int32_t f3()
{
  int32_t j = 0;
  int32_t k = 0;
  int32_t m;
  for ( int32_t i = 0; i < 10; ++i )  // Compliant - i is observed in i < 10
  {
    m = 10;        // Compliant - value read during the increment
    ++k;            // Non-compliant - k is never observed

    use( j );      // Observation of j inside of the loop

    ++j;            // Compliant - observation above is sufficient for final write</code>

    ++m;            // Non-compliant - observed in the return, but not read before
                    //                being overwritten in the next iteration
  }                // j is considered observed here as it was observed in the loop

  return m;
}

[Merge]

Thanks a lot for this detailed answer, it is much clearer now. I will let you know if I have further questions but at this point in time all good, thanks again :-)

[misra cpp]

Thread now closed - please post any follow-up as a new thread