Questions tagged [misra]

Use this tag for questions about code that must conform to the coding guidelines called MISRA-C and MISRA-C++.

Document full titles:

Guidelines for the use of the C language in critical systems
Guidelines for the use of the C++ language in critical systems

Originally written by-and-for the automotive industry, now more widely used, including in the aerospace and defence industries.

Three editions of the C guidelines exist:

MISRA-C:1998 - 1^st Edition (informally MISRA C1).
Compatible with C90 only.
MISRA-C:2004 - 2^nd Edition (informally MISRA C2).
Compatible with C90 only.
MISRA C:2012 - 3^rd Edition (informally MISRA C3).
Released at Embedded World 2013. Compatible with C90 and C99.

An updated MISRA C:2012, 3^rd Edition, 1^st Revision (informally MISRA C3.1) was released at Embedded World 2019, incorporating Amendment 1 and Technical Corrigendum 1.

MISRA C:2012 Amendment 2 (published February 2020) brings C11 and C17 into scope (albeit with some restrictions).

MISRA C:2012 is the current industry de facto standard and the one recommended to use. The older ones are still available, but not recommended for new projects.

MISRA-C++ only exists in its current revision, MISRA-C++:2008.

Tag usage: Use this tag for all questions related to MISRA C and MISRA C++. It shall always be used together with either the c or the c++ tag.

When asking about the MISRA rules, please specify exactly which version you are using: C:1998, C:2004, C:2012 or C++:2008.

421 questions

votes

2 answers

Rationale for comment rules in MISRA

Rule 2.2 in MISRA states that "source code shall only use /* ... */ style comments". Does any one know what is the rationale for this rule? what is wrong with // style comments?

coding-style misra

asked Mar 02 '12 at 18:36

Kamyar Souri

1,871
19
29

votes

4 answers

Why did my tool throw a MISRA error here?

What can I do to avoid MISRA giving this error for the code below? I tried casting with (unit16_t). But then it didn't allow an explicit conversion. Illegal implicit conversion from underlying MISRA type "unsigned char" to "unsigned int" in complex…

c misra

asked Jun 15 '11 at 14:33

Ammamon

votes

4 answers

Expression assigned to a wider essential type

I get the following warning from our analysis tool Composite expression assigned to a wider essential type This is the code: uint32_t result; uint8_t resolution; result = 1U << resolution; I tried the following: #define SHIFT_BY_ONE…

c lint misra

asked Oct 24 '17 at 11:01

homeGrown

votes

3 answers

MISRA-C error in struct array initialization

I have the following: typedef struct { uint8_t BlockID; uint32_t Copies; uint16_t Size; }NVMM_ConfigType; const NVMM_ConfigType NvmmCnf_Layout[6] = { { 1, 1, 4}, { 2, 3, 4}, { 5, 5, 16}, { 10, 1, 4}, { 11, 2, …

c misra array-initialization

asked Jul 30 '15 at 14:43

m4l490n

1,592
2
25
46

votes

2 answers

Does MISRA C 2012 say not to use bool

I am in the early stages of framing stuff out on a new project. I defined a function with a return type of "bool" I got this output from PC-Lint Including file sockets.h (hdr) bool sock_close(uint8_t socket_id); ^ "LINT: sockets.h (52, 1) Note…

c language-lawyer c99 misra pc-lint

asked Jun 02 '15 at 22:08

Nick

1,361
1
14
42

votes

2 answers

Is MISRA-C applicable to Linux applications

I understand that MISRA-C standards are intended for embedded firmware. When embedded Linux is your product platform, can/should your embedded applications be developed to be MISRA-C compliant? Has anyone ever considered such an exercise? My general…

c embedded embedded-linux misra

asked Apr 29 '15 at 18:23

Andrew W.

votes

3 answers

Pure virtual function overridding virtual function

Suppose following code is given. class A { public: virtual void someMethod() { std::cout << "class A" << std::endl; } }; class B : public A { public: ... virtual void someMethod() = 0; ... }; Class B overrides someMethod…

c++ inheritance polymorphism c++98 misra

asked Sep 28 '13 at 10:20

deimus

9,565
12
63
107

votes

4 answers

Is there a printf specifier that requires float not double?

I'm getting MISRA type errors when I use "%f" specifier for snprintf with a parameter of type float. According to my research, MISRA is correct because "%f" expectes a type of double. Is there a floating point specifier or modifier that will use…

c++ c format-specifiers promotions misra

asked Jan 09 '13 at 01:38

Thomas Matthews

56,849
17
98
154

votes

3 answers

thoughts on unions in C, with regards to MISRA

Misra says to ban all unions. I also know that deviations are allowed as long as they are discussed and documented thoroughly. We have a microcontroller and an external eeprom to store statistical data (event/error logging, parameter settings and…

c misra

asked Aug 09 '12 at 11:57

Daan Timmer

14,771
6
34
66

votes

1 answer

MISRA Violation 12.5 when using && and || in if-statement

I'm working on a project where we are appling MISRA 2004. On most of the violations I got the reason, but one I don't understand: Its in the if-statement with && and || operations. Example: uint8 getValue() { // Some algorithm, simplified with…

c if-statement boolean-logic misra

asked Mar 24 '22 at 09:38

Simon Garfunkel

votes

3 answers

MISRA 10.3 issue about AUTOSAR booleans

In my firm project, the AUTOSAR platform defines booleans like this typedef unsigned char boolean; plus #ifndef TRUE #define TRUE 1 #endif #ifndef FALSE #define FALSE 0 #endif This is not modifiable. Then we get the MISRA 10.3 error…

c misra autosar

asked Nov 25 '20 at 18:34

Oli

votes

2 answers

Is Misra-C compatible with X-macros?

It could be argued that in many cases X-macros increase safety, because it makes easier to make sure that generated arrays are the same length for example. However, Misra C (from 2004 reference) rules seem to have a lot of preprocessor rules that…

c misra x-macros

asked Sep 27 '18 at 08:01

user694733

15,208
2
42
68

votes

3 answers

MISRA 2012 violation - Type mismatch (Rules 10.1, 10.4)

I'm facing MISRA C 2012 violation that I can't understand. Following is the code: #define I2C_CCRH_FS ((uint8_t)0x80) #define I2C_CCRH_DUTY ((uint8_t)0x40) #define I2C_CCRH_CCR ((uint8_t)0x0F) typedef struct I2C_struct { volatile…

c implicit-conversion type-mismatch misra pc-lint

asked Jun 07 '18 at 08:29

Salahuddin

1,617
3
23
37

votes

3 answers

MISRA C++ 2008 Rule 5-2-7 violation: An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly

In the following example: void bad_function() { char_t * ptr = 0; // MISRA doesn't complains here, it allows cast of char* to void* pointer void* p2 = ptr; // the following 2 MISRA violations are reported in each of the casts bellow (two…

c++ pointers misra system-requirements

asked Dec 09 '15 at 15:14

Baj Mile

votes

2 answers

Why there shall be no more than one read access with volatile-qualified type within one sequence point?

Given the following code: static volatile float32_t tst_mtr_dutycycle; static volatile uint8_t tst_mtr_direction; static volatile uint32_t tst_mtr_update; void TST_MTR_Task(void) { if (tst_mtr_update == 1U) { tst_mtr_update = 0; …

c volatile misra

asked Aug 06 '15 at 15:53

m4l490n

1,592
2
25
46

Prev 1

…

28 29 Next