Questions tagged [misra]

Use this tag for questions about code that must conform to the coding guidelines called MISRA-C and MISRA-C++.

Document full titles:

Guidelines for the use of the C language in critical systems
Guidelines for the use of the C++ language in critical systems

Originally written by-and-for the automotive industry, now more widely used, including in the aerospace and defence industries.

Three editions of the C guidelines exist:

MISRA-C:1998 - 1^st Edition (informally MISRA C1).
Compatible with C90 only.
MISRA-C:2004 - 2^nd Edition (informally MISRA C2).
Compatible with C90 only.
MISRA C:2012 - 3^rd Edition (informally MISRA C3).
Released at Embedded World 2013. Compatible with C90 and C99.

An updated MISRA C:2012, 3^rd Edition, 1^st Revision (informally MISRA C3.1) was released at Embedded World 2019, incorporating Amendment 1 and Technical Corrigendum 1.

MISRA C:2012 Amendment 2 (published February 2020) brings C11 and C17 into scope (albeit with some restrictions).

MISRA C:2012 is the current industry de facto standard and the one recommended to use. The older ones are still available, but not recommended for new projects.

MISRA-C++ only exists in its current revision, MISRA-C++:2008.

Tag usage: Use this tag for all questions related to MISRA C and MISRA C++. It shall always be used together with either the c or the c++ tag.

When asking about the MISRA rules, please specify exactly which version you are using: C:1998, C:2004, C:2012 or C++:2008.

421 questions

votes

2 answers

MISRA 2012 Rule 14.2

I have a question related to MISRA 2012 Rule 14.2 "A for loop shall be well-formed" Conside below sample code : int foo (int *ptr) { (*ptr)--; return *ptr; } void main() { int a =20; int i; for (i=0; i< foo(&a) ; i++) { …

c static-analysis misra

asked Jun 05 '18 at 03:34

Prashant Singh

votes

1 answer

How to suppress PC-Lint Note 970 for int main(void) function?

I have a Visual Studio Windows Console application with ANSI C code. The main function definition is something like: int main(void) { // do stuff return 0; } However, PC-Lint reports the below message for the int type Note 970: Use of…

c c99 misra ansi-c pc-lint

asked Feb 15 '18 at 10:43

Cem Polat

votes

2 answers

Alternative to printf with limited number of arguments?

Misra 2004 has the following rule: Rule 16.1: Functions shall not be defined with variable numbers of arguments Therefore, functions like printf can't be used with rule 16.1. uint32_t debug_print(char *format, ...) { int int_ret_val=0; …

c printf variadic-functions misra

asked Feb 09 '18 at 05:05

ransh

1,589
4
30
56

votes

1 answer

MISRA C++ (rule 18-4-1) and Dynamic Memory Allocation - Is std::string permitted?

MISRA C++ rule 18-4-1 says: Dynamic heap memory allocation shall not be used. See: http://dist.sonarsource.com/reports/coverage/misra_c++_2008.html In light of this rule, is std::string permitted under MISRA C++ rules, because std::string does…

c++ embedded heap-memory misra

asked Jan 04 '18 at 06:29

Xofo

1,256
4
18
33

votes

2 answers

MISRA C 2012 Rule 15.4 There should be no more than one break or goto statement used to terminate an any iteration statement

I am trying to get rid of multiple break and goto statement in my code. As the rule suggests we should not use more than one break or goto statement in any iteration statement Sample code: for(int32_t i = 0; i < 10; i++) { if (i == number1) { …

c misra

asked Dec 10 '17 at 17:10

Amardeep

votes

2 answers

MISRA C-2012 Rule 10.3 violation due to adding of two 8 bit variables which resulted in 32 bit

I am getting MISRA C-2012 Rule 10.3 violation: Implicit conversion of "var4 + var5" from essential type signed 32-bit int to different or narrower essential type unsigned 8-bit int" for the below code. int8_t var4 = -10; uint8_t var5 = 15; uint8_t…

c misra

asked Nov 28 '17 at 18:00

Salim

votes

1 answer

Unit test a call to function of instance variable

I have some C++ code similar to the example given below. I would like to write a unit test to verify that mFlashLamp.trigger is called exactly five times. However, up to now I was not able to figure out a good way to do this. I have the following…

c++ unit-testing misra

asked Nov 22 '17 at 21:14

Nikolai

votes

1 answer

How to write a memcpy function full MISRA:2012 compatible?

I wrote this memcpy function, but I still need to disable rules 11.5 and 11.8. Is there a solution to be full MISRA:2012 compatible? #pragma cstat_suppress="MISRAC2012-Rule-21.6" // Uses of stdio.h were found. #include #include…

c void-pointers misra qualifiers

asked Oct 10 '17 at 11:38

nowox

25,978
39
143
293

votes

2 answers

Why function prototypes are they required in MISRA:2012?

I am wondering why function prototypes are required by MISRA:2012. In the example below, the two prototypes aren't really necessary. #include #include // >>> Truly useless in my opinion void display(void); int main(void); //…

c misra

asked Oct 05 '17 at 07:58

nowox

25,978
39
143
293

votes

3 answers

Has anybody built a C-file for verifying the code-checking tools for MISRA-2004?

We are using PC-Lint for code-checking our sources for compliance with MISRA-2004. As this is a safety-relevant project and we're heading for a certificate by TUV, we need to show proof for our confidence in the tool (they don't accept anything like…

verification lint static-code-analysis misra

asked Jan 11 '11 at 10:40

B.S.

votes

2 answers

What is the __builtin_expect() prototype?

To get rid of a static code analysis warning (QA-C), I need to provide a function prototype for __builtin_expect(). I am using the WindRiver Diab compiler for PowerPC. In the compiler manual I have found the following…

c powerpc misra

asked Feb 16 '17 at 18:13

sergej

17,147
6
52
89

votes

1 answer

In MISRA C++ 2008, anyone knows the specialized notion Cvalue expression occured in the rule 5-0-3?

From the concept of the Cvalue, I realized that "An expression that should not undergo further conversions, either implicitly or explicitly, is called a cvalue expression." But with the example presented by this rule. s32 = static_cast < int32_t…

c++ misra

asked Dec 21 '16 at 06:14

Henry Chen

votes

2 answers

Query regarding Misra rule 11.6 (MISRA C:2012)

I am unable to solve misra rule 11.6 warning in this line: uint32_t * delay = (uint32_t *)0x40086D0C ; [FYI: typedef long unsigned int uint32_t;] PC-Lint : Note 923: cast from int to pointer [MISRA 2012 Rule 11.6, required] What I…

c misra

asked Dec 08 '16 at 05:58

Kanji Viroja

votes

2 answers

Both sides have side effects?

I ran static code analysis for MISRA 2004 and MISRA 2012 on the following C code: BOOL_TYPE Strings_Are_Equal(const char *s1, const char *s2) { BOOL_TYPE result = True; const char *str1 = s1; const char *str2 = s2; if (NULL == s1 || NULL ==…

c lint side-effects misra pc-lint

asked Jun 28 '16 at 11:24

Akay

1,092
12
32

votes

2 answers

Issues covered by rule 3.1 of misra c 2004 "Implementation-defined behavior documented"

In this rule you have to go to ISO/IEC 9899:1990 Appendix G and study each case of Implementation defined behavior to document them. It's a difficult task to determine what are the manual checks to do in the code. Is there some kind of list of…

c iso misra

asked Sep 07 '15 at 10:56

luisoran

Prev 1 2 3

…

28 29 Next