MISRA C:2012 Technical Corrigendum 1

Similar documents
MISRA C:2012 Addendum 2

Axivion Bauhaus Suite Technical Factsheet MISRA

Motor Industry Software Reliability Association (MISRA) C:2012 Standard Mapping of MISRA C:2012 items to Goanna checks

MISRA-C:2012 Standards Model Summary for C / C++

CODE TIME TECHNOLOGIES. Abassi RTOS MISRA-C:2004. Compliance Report

IAR Embedded Workbench MISRA C:2004. Reference Guide

The New C Standard (Excerpted material)

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

This lists all known errors in The C Programming Language, Second Edition, by Brian Kernighan and Dennis Ritchie (Prentice-Hall, 1988).

Review of the C Programming Language for Principles of Operating Systems

MISRA C Presentation to IPA/SEC

Review of the C Programming Language

Axivion Bauhaus Suite Technical Factsheet AUTOSAR

LESSON 1. A C program is constructed as a sequence of characters. Among the characters that can be used in a program are:

Appendix. Grammar. A.1 Introduction. A.2 Keywords. There is no worse danger for a teacher than to teach words instead of things.

C Language Part 1 Digital Computer Concept and Practice Copyright 2012 by Jaejin Lee

Type Checking. Prof. James L. Frankel Harvard University

Writing an ANSI C Program Getting Ready to Program A First Program Variables, Expressions, and Assignments Initialization The Use of #define and

18-642: Code Style for Compilers

A complex expression to evaluate we need to reduce it to a series of simple expressions. E.g * 7 =>2+ 35 => 37. E.g.

The New C Standard (Excerpted material)

This is a preview - click here to buy the full publication INTERNATIONAL STANDARD. Programming languages - C. Langages de programmation - C

Lecture 3. More About C

XC Specification. 1 Lexical Conventions. 1.1 Tokens. The specification given in this document describes version 1.0 of XC.

Arithmetic Operators. Portability: Printing Numbers

MISRA C:2012 WHITE PAPER

=== Be sure to read this note. === MISRA C Rule Checker SQMlint V.1.03 Release 00B Release Notes

EDIABAS BEST/2 LANGUAGE DESCRIPTION. VERSION 6b. Electronic Diagnostic Basic System EDIABAS - BEST/2 LANGUAGE DESCRIPTION

Programming for Engineers Iteration

Programming languages - C

C Syntax Out: 15 September, 1995

SWEN-250 Personal SE. Introduction to C

MISRA C Technical Clarification 25 th July 2000 Introduction

Expressions and Precedence. Last updated 12/10/18

Name :. Roll No. :... Invigilator s Signature : INTRODUCTION TO PROGRAMMING. Time Allotted : 3 Hours Full Marks : 70

CodeWarrior Development Studio for Microcontrollers V10.0 MISRA-C:2004 Compliance Exceptions for the HC(S)08, RS08 and ColdFire Libraries Reference

by Pearson Education, Inc. All Rights Reserved.

APPENDIX A : Example Standard <--Prev page Next page -->

CprE 288 Introduction to Embedded Systems Exam 1 Review. 1

Data Types and Variables in C language

DETAILED SYLLABUS INTRODUCTION TO C LANGUAGE

Programming in C++ 5. Integral data types

The New C Standard (Excerpted material)

Synopsys Static Analysis Support for SEI CERT C Coding Standard

Character Set. The character set of C represents alphabet, digit or any symbol used to represent information. Digits 0, 1, 2, 3, 9

Computer Science & Information Technology (CS) Rank under AIR 100. Examination Oriented Theory, Practice Set Key concepts, Analysis & Summary

Holtek C and ANSI C Feature Comparison User s Guide

Tokens, Expressions and Control Structures

Constants and Variables

C++ (Non for C Programmer) (BT307) 40 Hours

The Arithmetic Operators. Unary Operators. Relational Operators. Examples of use of ++ and

The Arithmetic Operators

CHAPTER 1 Introduction to Computers and Programming CHAPTER 2 Introduction to C++ ( Hexadecimal 0xF4 and Octal literals 031) cout Object

M4.1-R3: PROGRAMMING AND PROBLEM SOLVING THROUGH C LANGUAGE

18-642: Code Style for Compilers

Systems and Principles Unit Syllabus

Introduction to C. Ayush Dubey. Cornell CS 4411, August 31, Geared toward programmers

Basic C Programming (2) Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island

B.V. Patel Institute of Business Management, Computer & Information Technology, Uka Tarsadia University

Operators and Expressions

Technical Questions. Q 1) What are the key features in C programming language?

Programming in C - Part 2

Computers Programming Course 6. Iulian Năstac

CSCI 171 Chapter Outlines

MISRA-C. Subset of the C language for critical systems

Introduction to C. Sean Ogden. Cornell CS 4411, August 30, Geared toward programmers

Information Science 1

Programming in C and C++

Rule 1-3: Use white space to break a function into paragraphs. Rule 1-5: Avoid very long statements. Use multiple shorter statements instead.

Operators. Java operators are classified into three categories:

Outline. Performing Computations. Outline (cont) Expressions in C. Some Expression Formats. Types for Operands

Programming Fundamentals (CS 302 ) Dr. Ihsan Ullah. Lecturer Department of Computer Science & IT University of Balochistan

Writing Program in C Expressions and Control Structures (Selection Statements and Loops)

Part I Part 1 Expressions

C/Java Syntax. January 13, Slides by Mark Hancock (adapted from notes by Craig Schock)

C/Java Syntax. Lecture 02 Summary. Keywords Variable Declarations Data Types Operators Statements. Functions. if, switch, while, do-while, for

SECTION II: LANGUAGE BASICS

A flow chart is a graphical or symbolic representation of a process.


Operators and Expressions in C & C++ Mahesh Jangid Assistant Professor Manipal University, Jaipur

Rvalue References as Funny Lvalues

The New C Standard (Excerpted material)

American National Standards Institute Reply to: Josee Lajoie

C OVERVIEW. C Overview. Goals speed portability allow access to features of the architecture speed

C Review. MaxMSP Developers Workshop Summer 2009 CNMAT

This document is a preview generated by EVS

Holiday Autos Affiliate Program Terms & Conditions

Frequently Asked Questions. AUTOSAR C++14 Coding Guidelines

Language Reference Manual simplicity

Chapter 3 Structure of a C Program

CS313D: ADVANCED PROGRAMMING LANGUAGE

Important From Last Time

DEPARTMENT OF MATHS, MJ COLLEGE

Variables Data types Variable I/O. C introduction. Variables. Variables 1 / 14

Variation of Pointers

The New C Standard (Excerpted material)

PHPoC. PHPoC vs PHP. Version 1.1. Sollae Systems Co., Ttd. PHPoC Forum: Homepage:

(heavily based on last year s notes (Andrew Moore) with thanks to Alastair R. Beresford. 1. Types Variables Expressions & Statements 2/23

Introduction to C. Zhiyuan Teo. Cornell CS 4411, August 26, Geared toward programmers

A Fast Review of C Essentials Part I

Transcription:

MISRA C:2012 Technical Corrigendum 1 Technical clarification of MISRA C:2012 June 2017

First published June 2017 by HORIBA MIRA Limited Watling Street Nuneaton Warwickshire CV10 0TU UK www.misra.org.uk HORIBA MIRA Limited, 2017. MISRA, MISRA C and the triangle logo are registered trademarks owned by HORIBA MIRA Ltd, held on behalf of the MISRA Consortium. Other product or brand names are trademarks or registered trademarks of their respective holders and no endorsement or recommendation of these products by MISRA is implied. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical or photocopying, recording or otherwise without the prior written permission of the Publisher. ISBN 978-1-906400-17-0 PDF British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library

MISRA C:2012 Technical Corrigendum 1 Technical clarification of MISRA C:2012 June 2017 i

MISRA Mission Statement We provide world-leading best practice guidelines for the safe and secure application of both embedded control systems and standalone software. MISRA is a collaboration between manufacturers, component suppliers and engineering consultancies which seeks to promote best practice in developing safety- and security-related electronic systems and other software-intensive applications. To this end MISRA publishes documents that provide accessible information for engineers and management, and holds events to permit the exchange of experiences between practitioners. Disclaimer Adherence to the requirements of this document does not in itself ensure error-free robust software or guarantee portability and re-use. Compliance with the requirements of this document, or any other standard, does not of itself confer immunity from legal obligations. ii

Foreword Since the publication of MISRA C:2012 [1] and its adoption by industry and the wider C community, a number of issues have arisen, both from discussions within the MISRA C Working Group and in response to feedback via the MISRA C Forum [2]. This document provides clarification on these issues, and should be read in conjunction with the original MISRA C:2012 document. Andrew Banks FBCS CITP Chairman, MISRA C Working Group iii

Contents 1 Clarification of directives 1 2 Clarification of rules 2 3 Clarification of appendices 13 4 References 15 iv

1 Clarification of directives Dir 4.6 It is unclear whether a typedef is required to be used in place of plain char type. Exception 4 is not relevant to the rule as plain char types are not required to be replaced by a typedef. Add sentence at end of first paragraph of Amplification: The numerical types of char are signed char and unsigned char. These Guidelines do not treat plain char as a numerical type (see section 8.10.2 on essentially character types). Remove Exception 4: 4. For function main a char may be used rather than the typedefs for the input parameter argv. Dir 4.8 The interpretation of this directive is unclear when there is more than one pointer to the same structure or union type. Add sentence at end of Amplification: This directive only applies if all the pointers to a particular structure or union in a translation unit are never dereferenced. Dir 4.11 A correction is required to the C99 references. Replace: Implementation J.3(8-11) with: Implementation J.3.12(8-11) 1

2 Clarification of rules Rule 2.2 It is unclear whether the term dead code includes initialization. Add extra Note: Note: Initialization is not the same as an assignment operation and is therefore not a candidate for dead code. Rule 2.5 It is unclear whether undefining a macro is considered to be a use of the macro. Add an Amplification: #undef of a macro is considered to be a use of a macro. Rule 5.9 It is unclear whether the Amplification only applies to identifiers that define objects or functions with internal linkage. Replace: The identifier should be unique with An identifier name that defines objects or functions with internal linkage should be unique. Rule 8.4 An exception is required for function main. 2 Add Exception. The function main need not have a separate declaration.

Rule 10.1 The list of prohibited operators does not include objects with pointer type. Add following paragraph after paragraph starting Under this rule : In addition, the rule prohibits the use of logical operators (! && ) on an operand with pointer type. Rule 10.1 A correction is required to the C99 references. Replace: Implementation J3.4(2, 5), J3.5(5), J3.9(6) with: Implementation J.3.4(2, 5), J.3.5(5), J.3.9(6) Rule 10.3 An exception is required to cover switch statements' case labels. Add Exception 3. A switch statement's case label that is a non-negative integer constant expression of essentially signed type is permitted when the controlling expression is of essentially unsigned type and the value can be represented in that type. Rule 10.3 A correction is required to the C99 references. Replace: Implementation 3.5(4) with: Implementation J.3.5(4) 3Section 2: Clarification of rules

Rule 10.3 A correction is required to Exception 1. Replace: A non-negative integer constant expression of essentially signed type may be assigned to an object of essentially unsigned type if its value can be represented in that type. with: 4Section 2: Clarification of rules An essentially signed integer constant expression, with a rank no greater than signed int, may be assigned to an object of essentially unsigned type if its value can be represented in that type. Rule 10.4 A correction is required to show which rule an example violates. Remove example from non-compliant section: u8a += cha /* unsigned and char */ Add new paragraph after cha += u8a example: The following is compliant by exception 1, but violates Rule 10.3 u8a += cha /* unsigned and char */ Rule 10.4 A correction is required to the C99 references. Replace: Implementation 3.6(4) with: Implementation J.3.6(4)

Rule 10.5 It is unclear whether the exception applies to expressions with essentially enum type or to just those with an essentially signed or essentially unsigned type. Replace: An integer constant expression with the value 0 or 1 of either signedness with: An integer constant expression with the value 0 or 1 and either essentially signed or essentially unsigned type Section 8.10.3 The list of composite operators is not complete. Replace: Bitwise (&,, ^) with: Bitwise (&,, ^, ~) Replace: with: The result of a compound assignment operator is not a composite expression; The results of the following operators are not composite expressions: Assignment and compound assignment Postfix and prefix increment and decrement Cast Add between 2nd and 3rd items in the Note list: A unary + or unary - expression whose operand is a composite expression is also a composite expression. 5Section 2: Clarification of rules

Rule 10.8 The wording in the rationale is not correct. Change the Rationale line: On a 16-bit machine the addition will be performed in 16-bits with the result wrapping modulo-2 before it is cast to 32-bits. 6Section 2: Clarification of rules On a 16-bit machine the addition will be performed in 16-bits with the result wrapping modulo-2^16 before it is cast to 32-bits. Rule 11.2 It is unclear whether this rule applies to the unqualified types that are pointed to by the pointers. Add a final paragraph to the Amplification: This rule applies to the unqualified types that are pointed to by the pointers. Rule 11.4 It is unclear whether this rule only applies to object pointers. Note: Other rules cover the other pointer types. Change the Amplification lines: A pointer should not be converted into an integer. An integer should not be converted into a pointer. An object pointer should not be converted into an integer. An integer should not be converted into an object pointer.

Rule 11.9 An exception is required to permit the use of { 0 } to initialize aggregates or unions containing pointers. Add Exception: The initializer { 0 } may be used to initialize an aggregate or union type containing pointers. Rule 11.9 The example comment needs improvement. Change: /* Could also be stdio.h, stdlib.h and others */ #include <stddef.h> #include <stddef.h> /* To obtain macro NULL */ /* Could also be stdio.h, stdlib.h and others in hosted environments */ Rule 12.4 It is unclear whether this rule applies just to expressions that do not violate the constraints of a constant expression or whether it also applies to expressions which exhibit undefined behaviour. The example with const uint16_t c was included to reinforce this point. Change the Amplification line: This rule applies to expressions that satisfy the constraints for a constant expression, whether or not they appear in a context that requires a constant expression. This rule applies to expressions that satisfy the constraints and semantics for a constant expression, whether or not they appear in a context that requires a constant expression. 7Section 2: Clarification of rules

Change the Example line: This rule does not apply to the expression c + 1 in the following compliant example as it accesses an object and therefore does not satisfy the constraints for a constant expression. This rule does not apply to the expression c + 1 in the following compliant example as it accesses an object and therefore does not satisfy the semantics for a constant expression. Rule 13.2 There is an incorrect space between the macro name and the ( in the definition of COPY_ELEMENT. 8Section 2: Clarification of rules Change the Example line: #define COPY_ELEMENT ( index ) ( a[( index )] = b[( index )] ) #define COPY_ELEMENT( index ) ( a[( index )] = b[( index )] ) Rule 14.2 The meaning of the phrase assign a value to the loop counter is unclear. In particular, confirmation is required that the following is compliant. int index; for ( set_val(&index) ; index < 10 ; index++) /* set_val assigns to index */ Change the second bullet point from: Shall assign a value to the loop counter, or Shall be an expression whose only persistent side effect is to set the value of the loop counter, or

Rule 15.6 The if.. else if example is not compliant with rule 15.7. Add a comment to the final else statement else { ; /* no action */ } Rule 15.7 It is unclear whether all function calls are to be considered as having a side effect for the purposes of this rule. Add a second paragraph to the Amplification A function call is considered to be a side effect for the purposes of this rule. Rule 16.1 The font is incorrect on opt in C90 syntax of switch-clause. Change: C90: { declaration-list opt statement-listopt break; } C90: { declaration-list opt statement-list opt break; } 9Section 2: Clarification of rules

Section 2: Clarification of rules Rule 19.1 The assignment a = b is marked as compliant due to exception 1, but rule 19.1 does not apply since the objects are not overlapping. Remove reference to b from the example. Replace: } a = { 0 }, b = { 1 }; a.j = a.i; /* Non-compliant */ a = b; /* Compliant - exception 1 */ with: } a = { 0 }; a.j = a.i; /* Non-compliant */ Rule 21.1 There is a missing cross-reference to rule 20.5. Add a cross-reference to 20.5 to the See Also section Rule 21.2 The headline of this rule is inconsistent with that of rule 21.1. Change: A reserved identifier or macro name shall not be declared A reserved identifier or reserved macro name shall not be declared 10

Rule 21.2 The example _BUILTIN_sqrt is marked as non-compliant with this rule, but is actually non-compliant with rule 21.1. Change: #define _BUILTIN_sqrt( x ) ( x ) /* Non-compliant */ static double _BUILTIN_sqrt ( double x ) /* Non-compliant */ { return x * x; } Section 2: Clarification of rules Rule 21.7 The wording of the headline is inconsistent with other rules. Change headline: The atof, atoi, atol and atoll functions of <stdlib.h> shall not be used The Standard Library functions atof, atoi, atol and atoll of <stdlib.h> shall not be used Rule 21.8 The wording of the headline is inconsistent with other rules. Change headline: The library functions abort, exit, getenv and system of <stdlib.h> shall not be used The Standard Library functions abort, exit, getenv and system of <stdlib.h> shall not be used 11

Section 2: Clarification of rules Rule 21.9 The wording of the headline is inconsistent with other rules. Change headline: The library functions bsearch and qsort of <stdlib.h> shall not be used The Standard Library functions bsearch and qsort of <stdlib.h> shall not be used 12

3 Clarification of appendices Appendix D.3 It is unclear in some contexts where the STLR and UTLR should be used. Add after last paragraph: Note: The STLR and UTLR of an integer constant expression is only applied to those operators listed in D.7. Appendix D.7 The parenthesis operator is missing from the list of operators in Appendix D.7. Add: Parenthesis ( ( ) ) The essential type of the result is the essential type of the operand. Appendix G The first entry for J.3.11 does not exist in the original C99 document. It should be retained as an unnumbered item with the remaining items for J.3.11 being renumbered. Renumber entries for J.3.11 from: 1, 2, 3, 4, 5, 6, 7, 9, 10, 11 *, 1, 2, 3, 4, 5, 6, 8, 9, 10 13

Section 3: Clarification of appendices Appendix J It is unclear whether a function is considered to have a persistent side effect if only some paths through the function cause a persistent side effect. Add to paragraph before example: The determination of whether a function has persistent side effects takes no consideration of the possible values for parameters or other non-local objects. 14

4 References [1] MISRA C:2012 Guidelines for the use of the C language in critical systems, ISBN 978-1-906400-10- X, MIRA, March 2013 [2] MISRA Web Forum at https://www.misra.org.uk/forum 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback