Misra rule 19.7 : function like macro

佐手、 提交于 2019-12-20 04:13:21
问题 I have a warning regarding Misra rule 19.7 : A function should be used in preference to a function-like macro in the below line : #define gOFFSETOF(type, mem) (gOFFSET)((size_t) ((char *)&((type *) 0)->mem - (char *)((type *) 0))) how should I solve this ? 回答1: Rule 19.7 (advisory): A function should be used in preference to a function-like macro. While macros can provide a speed advantage over functions, functions provide a safer and more robust mechanism. This is particularly true with

MISRA 2012 rule 8.10 static inline

↘锁芯ラ 提交于 2019-12-20 02:59:13
问题 Why does MISRA recommends a inline function to be declared with static storage class? While the keyword inline is a hint to compiler to replace all function calls with actual function body and compiler may or may not perform it, how does giving a internal linkage (static) or external linkage (extern) to a function affect the inline operation by the compiler? 回答1: MISRA C:2012 gives the rationale for rule 8.10 as: Rationale If an inline function is declared with external linkage but not

MISRA C 2012 Rule 9.1 Reading uninitialized value [duplicate]

泪湿孤枕 提交于 2019-12-14 03:27:43
问题 This question already has answers here : (Why) is using an uninitialized variable undefined behavior? (7 answers) Closed last year . I am facing scenario where rule 9.1 getting violated. I want to read an auto variable(having garbage value while declaring) before initialization and to assign null if it is not null. If it is null, then with different value. Sample code: { int8_t reg_num; uint64_t var1[NUM]; for (reg_num = 0; reg_num < NUM; reg_num++) { if (var1[reg_num] != VAR_NULL) { var1

MISRA Violation Rule 10.1 and Enums

有些话、适合烂在心里 提交于 2019-12-13 21:04:48
问题 First off, this is similar to: How are integer types converted implicitly? but with a different MISRA warning. The compiler does not generate a MISRA error, but the static analysis tool does. I have a ticket with the tool manufacturer in progress. Given: #include <stdio.h> enum Color {RED, VIOLET, BLUE, GREEN, YELLOW, ORANGE}; int main(void) { enum Color my_color; my_color = BLUE; if (my_color == YELLOW) // Generates MISRA violation, see below. { printf("Color is yellow.\n"); } else { printf(

State Machine with no function pointer

徘徊边缘 提交于 2019-12-13 11:35:24
问题 I have implemented a complex state machine with numerous state transitions for a safety SIL 4 system. The back bone for this implementation was done using function pointers. When all was sailing smoothly, the V&V opposed the use of function pointers in a SIL 4 system. Reference- Rule 9 NASA.Misra C 2004 however doesnt say that function pointers cant be used. Is there any other way to implement complex state machines without any function pointers? 回答1: First of all, that NASA document is not

Misra C Rule 12.2 - false positive warning?

南楼画角 提交于 2019-12-13 02:58:17
问题 My CCS 6.1 ARM compiler (for LM3Sxxxx Stellaris) throws a warning : "MISRA Rule 12.2. The value of an expression shall be the same under any order of evaluation that the standard permits" for following code: typedef struct { ... uint32_t bufferCnt; uint8_t buffer[100]; ... } DIAG_INTERFACE_T; static DIAG_INTERFACE_T diagInterfaces[1]; ... DIAG_INTERFACE_T * diag = &diagInterfaces[0]; uint8_t data = 0; diag->bufferCnt = 0; diag->buffer[diag->bufferCnt++] = data; // line where warning is issued

Reading a value from raw memory (MISRA compliant)

落花浮王杯 提交于 2019-12-13 01:23:44
问题 I'm trying to read the value of a variable previously write on NVM flash. My code is: uintptr_t address = getAddress(); //[MISRA C++ Rule 5-2-8] cast from unsigned int to pointer uint16_t value = *(reinterpret_cast<uint16_t*>(address)); The problem is the cast from uintptr_t to pointer is not allowed in MISRA. Do anyone knows a way to access this memory? I'm breaking one of the big rules of MISRA. Using dynamic memory (the contents of flash is dynamic so the address of data is variable). Only

MISRA C 2012 Rule 20.5 #undef should not be used

自闭症网瘾萝莉.ら 提交于 2019-12-12 20:53:32
问题 I am trying to get rid of violation of Rule 20.5 Sample code: #define VAL 2 int32_t func(void) { int32_t n1 = VAL; #undef VAL #define VAL(x) (x*x) return VAL(n1); } Is there any work around for undef here without changing any other lines ? 回答1: No, there is no work-around. The code is badly written, there is no justification for using the pre-processor like this. It is just obfuscation - get rid of it. Use plain variables instead. There exists almost no scenario where the use of #undef is

Why do I have to cast an enum element when assigning it to a same enum variable type in C?

这一生的挚爱 提交于 2019-12-12 13:15:00
问题 I have the following: typedef enum { FLS_PROG_SUCCESS, FLS_PROG_FAIL, FLS_ERASE_SUCCESS2U, FLS_ERASE_FAIL, FLS_READ_SUCCESS, FLS_READ_FAIL, FLS_FORMAT_SUCCESS, FLS_FORMAT_FAIL }FLS_JobResult_t; void Foo(void) { FLS_JobResult_t ProgramStatus; /* Then I try to initialize the variable value */ ProgramStatus = FLS_PROG_SUCCESS; ... } Innocent uh, but when compiling MISRA C gives the error: The value of an expression shall not be assigned to an object with a narrower essential type or of a

Bitwise operation with (signed) enum value

谁说我不能喝 提交于 2019-12-11 03:52:54
问题 I am using enumerator values for flags: typedef enum { a = 0x00, b = 0x01u, // the u has no influence, as expected c = 0x02u, // the u has no influence, as expected ... } enum_name; volatile unsigned char* reg = SomeAddress; *reg |= b; According to MISRA-C:2004 bitwise operations shall not be done with a signed type. Unfortunately, My compiler IAR use signed int (or short or char) as underlying type of enums, and the only option I can find relates to the size, not the signedness ("--enum-is