misra

问题 I am wondering why function prototypes are required by MISRA:2012. In the example below, the two prototypes aren't really necessary. #include <stdio.h> #include <stdlib.h> // >>> Truly useless in my opinion void display(void); int main(void); // <<< void display(void) { printf("Hello World!\n"); } int main() { display(); return EXIT_SUCCESS; } The rationale I can read on SO such as here isn't very clear to me. For instance, if main tries to access display before it is declared, the compiler

问题 This question relates to coding in ISO C99 following the MISRAC:2012 guidelines. I am looking for guidance on Dir 4.8 “If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden” in conjunction with Dir 4.12 “Dynamic memory allocation shall not be used”. When implementing an Abstract Data Type in C it is common to refer to the ADT using a handle that is a pointer to a structure describing the internal state of

问题 I'm getting MISRA type errors when I use "%f" specifier for snprintf with a parameter of type float . According to my research, MISRA is correct because "%f" expectes a type of double . Is there a floating point specifier or modifier that will use a float type parameter and not a double ? I'm working on an embedded system and don't want to convert from 32-bit float to 64-bit double just to please the snprintf function. The code prints to the debug / console port and this is the only place

问题 Is Warning 1573 ("Name of generic function template declared in namespace associated with type") really relevant when the namespace is an anonymous namespace? Most of the helper functions I have for tests go in unnamed namespace and it breaks the above rule. Example: namespace { template <typename T> T template_func(T arg) { return arg; } class foo {}; } int main() { return template_func(0); } How do I get around in the above, to satisfy the rule? 回答1: As state in their example, you might use

问题 MISRA 14.5 says continue statement must not be used. Can anyone explain the reason? Thank you. 回答1: It is because of the ancient debate about goto, unconditional branching and spaghetti code, that has been going on for 40 years or so. goto , continue , break and multiple return statements are all considered more or less equally bad. The consensus of the world's programming community has roughly ended up something like: we recognize that you can use these features of the language without

问题 This question might be too broad, or opinion-biased, but I know this site to be full of experienced programmers, and I think it might encourage a good discussion. I am implementing an embedded application in C, in which I use a linked list , containing structures: struct my { uint16_t x; uint16_t y; char *text; struct my *next; struct my *prev; }; It worked fine in general, however in the project right now I'm shifting towards the MISRA-C programming guidelines. MISRA precludes the use of any

问题 Rule 2.2 in MISRA states that "source code shall only use /* ... */ style comments". Does any one know what is the rationale for this rule? what is wrong with // style comments? 回答1: MISRA 1998 and 2004 only support the C90 standard ("ANSI C"). In that standard, // comments are not allowed and code containing them will not compile on C90 compilers. MISRA 2012 supports the C99 standard and // comments. 回答2: Further to Lundin 's reply, MISRA-C:2012 (which covers C99) DOES allow // style

问题 This question already has answers here : MISRA C:2004, error with bit shifting (3 answers) Closed 5 years ago . We are using Parasoft Static Analysis with MISRA C 2004 checker turned on. The software is an embedded system. We like to describe constants as follows: [1] #define MOTOR_ON (1 << 9) This would show that the 9th bit in the register should be a 1 to turn on the motor. The expression is failing MISRA, so we changed it: [2] #define MOTOR_ON (1U << 9U) The changes convert to unsigned

问题 In the following example: bool bad_function() { char_t * ptr = 0; // MISRA doesn't complains here, it allows cast of char* to void* pointer void* p2 = ptr; // the following 2 MISRA violations are reported in each of the casts bellow (two per code line) // (1) Event misra_violation: [Required] MISRA C++-2008 Rule 5-2-7 violation: An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly // (1) Event misra_violation: [Required] MISRA C++-2008

问题 I switched to fixed-length integer types in my projects mainly because they help me think about integer sizes more clearly when using them. Including them via #include <inttypes.h> also includes a bunch of other macros like the printing macros PRIu32 , PRIu64 ,... To assign a constant value to a fixed length variable I can use macros like UINT32_C() and INT32_C() . I started using them whenever I assigned a constant value. This leads to code similar to this: uint64_t i; for (i = UINT64_C(0);