2

According to Autosar_SWS the boolean must be unsigned char. But I am having lots of MISRA violation in my compositions, like MISRA rule 10.1 (conversion violation), Rule 12.6 (effective boolean).

I would like to know if I redefine the BOOLEAN for my application like below:

#ifdefine BOOLEAN_T
#undefine BOOLEAN_T

typedef struct {
                 unsigned char TRUE  : 1;
                 unsigned char FALSE : 1;
               } BOOLEAN_T;    

#define TRUE 1;
#define False 0;

#endif

What will be the safety concerns and the consequences?

Paul Roub
  • 36,322
  • 27
  • 84
  • 93
user3285192
  • 93
  • 2
  • 12
  • 2
    What is the purpose of defining BOOLEAN_T as a struct, rather than as unsigned char? – Markku K. Feb 07 '14 at 19:17
  • Well its functional safety software . I would like to strict the boolean value to 0,1 .. not to 0 and non-zero. and avoid any misra violations – user3285192 Feb 07 '14 at 19:42

3 Answers3

1

If you use a 2 bit struct to represent a single bit quantity, a random bit flip has a 50% chance of changing the true/false value to a value that is neither true nor false.

Please spend some more time studying the C language before attempting to write safety critical software.

markgz
  • 6,054
  • 1
  • 19
  • 41
  • A **single** random bit flip has a 100% chance of changing a valid content to neither true nor false. Making a single bitflip detectable that way could be considered a feature... But if starting something like that, an ECC would be even more useful. – Yunnosch Jan 12 '18 at 09:45
1

By your above method,there is a possibility of MISRA Warnings for using bifields over unsigned char.

I would suggest you to leave the definition of boolean to the platform guys of AUTOSAR (platform types) and concentrate on using boolean as an unsigned char.

Roberto Caboni
  • 7,252
  • 10
  • 25
  • 39
DarkKnight
  • 131
  • 10
-1

For safety you can use for example a bit pattern:

unsigned char data = 0x55 << (input_bit & 1);

switch (data):/* instead of if() */
 case 0xaa:
  /*true*/
  break;
 case 0x55:
  /*false*/
  break;
 case default:
  /*exception*/
  break;
}
nopsoft
  • 922
  • 7
  • 10
  • 1
    It would make a lot more sense to use an error correcting code to protect the data value against random bit flips. http://en.wikipedia.org/wiki/Error-correcting_code – markgz Feb 07 '14 at 19:42
  • It is usually true but if you don't have hardware ECC a software ECC/CRC is effective (speed of code) for data blocks - not for a single variable. – nopsoft Feb 07 '14 at 19:47
  • thanks .. my question not to stick to 1 bit. but more to strict to 0 and 1 #ifdefine BOOLEAN_T #undefine BOOLEAN_T typedef struct { unsigned char TRUE ; unsigned char FALSE ; } BOOLEAN_T; #define TRUE 1; #define False 0; #endif – user3285192 Feb 07 '14 at 19:47
  • @nopsoft: ECC can be easily implemented in software. An ECC code can be defined to protect a value of any size B bits from N errors for any values of B and N. – markgz Feb 07 '14 at 19:50
  • It is possible but let's notice code overhead for a single variable. It depends on your application. FEC is usually implemented in hardware (eg. DVBT). – nopsoft Feb 07 '14 at 19:53
  • Anyways thanks guys for the quick answers!! . There were too many different ways of defining the Boolean type in common usage, and no generally accepted single definition. Even MISRA-2004 don't have any clear definition. – user3285192 Feb 07 '14 at 20:02