misra-c | MISRA-C:2004 simplest rules | Plugin library

 by   keleshev C Version: Current License: No License

kandi X-RAY | misra-c Summary

kandi X-RAY | misra-c Summary

misra-c is a C library typically used in Plugin applications. misra-c has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.

This project is an attempt to implement a small command-line tool for checking the conformance of programs written in C with some of the rulse of [MISRA-C:2004] software development standard.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              misra-c has a low active ecosystem.
              It has 21 star(s) with 10 fork(s). There are 2 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              misra-c has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of misra-c is current.

            kandi-Quality Quality

              misra-c has 0 bugs and 0 code smells.

            kandi-Security Security

              misra-c has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              misra-c code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              misra-c does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              misra-c releases are not available. You will need to build from source code and install.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of misra-c
            Get all kandi verified functions for this library.

            misra-c Key Features

            No Key Features are available at this moment for misra-c.

            misra-c Examples and Code Snippets

            No Code Snippets are available at this moment for misra-c.

            Community Discussions

            QUESTION

            Why is using a reserved identifier name in constexpr context not diagnosed?
            Asked 2021-Dec-06 at 15:23

            Based on the following two rules:

            • Using an identifier starting with "_" + capital letter, or containing double underscore, is undefined behavior.
            • Undefined behavior is not allowed in constexpr expressions -> compiler should not compile.

            Then why aren't compilers complaining about this?

            ...

            ANSWER

            Answered 2021-Dec-06 at 12:21

            Undefined behavior is not allowed in constexpr expressions -> compiler should not compile

            It's a bit more narrow than this; as per [expr.const]/5, /5.7 in particular:

            An expression E is a core constant expression unless the evaluation of E, following the rules of the abstract machine ([intro.execution]), would evaluate one of the following:

            • [...]
            • /5.7 an operation that would have undefined behavior as specified in [intro] through [cpp];

            Now, [intro] through [cpp] includes:

            Source https://stackoverflow.com/questions/70244992

            QUESTION

            Dependency of MISRA-C coding rules checker to the compiler
            Asked 2021-Oct-15 at 09:30

            I have started using a tool allowing to check the compliancy to MISRA-C 2012. The tool is Helix QAC. During the configuration it requests to select one compiler. My understanding is that MISRA-C (and coding rules in general) are not linked to a compiler toolchain, since one of their objective is portability. Moreover one rule of MISRAC is to not use language extensions (obviously this rule may be disabled or there may be exceptions to it). Helix documentation or support is rather vague about this (still trying to get more info from them) and just mention the need to know the integer type length or the path of standard includes. But the rules analysis should be independant from int size and the interface of standard includes is standard so the actual files should not be needed.

            What are the dependencies between a MISRA-C rules checker and the compiler ?

            ...

            ANSWER

            Answered 2021-Oct-12 at 11:21

            There is one thing every MISRA-C checker needs to know and that's what type you use as bool. This is necessary since MISRA-C:2012 still supports C90 which didn't have standard support for a boolean type. (C99 applications should use _Bool/bool, period.) It also needs to know which constants that false and true correspond to, in case stdbool.h with false and true is unavailable. This could be the reason why it asks which compiler that is used. Check Appendix D - Essential types for details.

            Type sizes of int etc isn't relevant for the MISRA checker to know. Though it might be nice with some awareness of non-standard extensions. We aren't allowed to use non-standard extensions or implementation-defined behavior without documenting them. The usual suspects being inline assembler, interrupts, memory allocation at specific places and so on. But once we have documented them in our deviation to Dir 1.1/Rule 1.1, we might want to disable warnings about using those specific, allowed deviations. If the MISRA checker is completely unaware of a certain feature, then how can you disable the warning caused by it?

            Source https://stackoverflow.com/questions/69539494

            QUESTION

            MISRA C: Type casting and <<, & bit-wise operators error
            Asked 2021-Apr-06 at 09:09

            I've been having a lot of trouble with MISRA when doing << and & operations.

            Definitions of types for context

            ...

            ANSWER

            Answered 2021-Apr-05 at 12:58

            I have never used Misra but I find your code hard to read with all that noise of typedefs, casts and parenthesis. My suggestion would be to simplify and split the problem into smaller parts along these lines:

            Source https://stackoverflow.com/questions/66928541

            QUESTION

            Could variable zero-initialization reduce performances?
            Asked 2021-Mar-10 at 04:59

            I am correcting static analysis (MISRA-C-2012) violations, one rule of which (rule 9.3) states that variables shall be initialized before use.

            For instance:

            ...

            ANSWER

            Answered 2021-Mar-09 at 16:30

            Variables defined inside of a function without the static keyword have automatic storage duration. These variables are typically created on the stack when they come into scope.

            This means that if such variables are initialized then there is a cost at runtime to initialize them.

            Only variables with static storage duration, i.e. variables declared at file scope or with the static keyword, are typically defined in either .data if explicitly initialized or .bss if not.

            When compiling this code under gcc 4.8.5 with -O0, defining MISRA_VIOLATION_DISABLED resulting in the following additional code:

            Source https://stackoverflow.com/questions/66550603

            QUESTION

            string concatenation, log4cplus, and MISRA compliance
            Asked 2021-Jan-17 at 09:10

            I am using log4cplus, and my misra-checks for something as innocent-looking as

            ...

            ANSWER

            Answered 2021-Jan-17 at 09:10

            I had a look at LOG4CPLUS_INFO and that is a macro defined as:

            Source https://stackoverflow.com/questions/65758234

            QUESTION

            MISRA-C rule 10.5
            Asked 2020-Nov-20 at 15:26

            I have the following static analysis report that the code is not compliant for MISRA-C rule 10.5 :

            Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type

            The code is :

            ...

            ANSWER

            Answered 2020-Nov-20 at 15:26

            The concept underlying type was used in the older MISRAs, nowadays deprecated and replaced with essential type categories. The definition of underlying type is the type that each of the operands in an expression would have if not for implicit type promotion.

            In the expression ~0U, the type of the integer constant 0U is unsigned int. It is not a small integer type, so no integer promotion takes place upon ~. The underlying type is the same as the actual C language type, unsigned int.

            unsigned val = ... assigns an unsigned int to an unsigned int. No lvalue conversion through assignment or other such implicit assignment takes place. The underlying type remains unsigned int.

            Thus if your tool gives a warning about no cast to underlying type on the line unsigned val = ~0U;, your tool is simply broken.

            From what i understand, the idea is to have to maximum value of an unsigned int

            Very likely.

            However, i would like to know if there is something wrong with this code.

            No, nothing is wrong with your code. However, other MISRA rules require you to replace the default "primitive types" with types from stdint.h (or equivalent on pre-C99 compilers). So in case this is a 32 bit system, the MISRA compliant version of your code is uint32_t val.

            uint16_t val2 = (uint16_t)(~0U);

            This is MISRA compliant code. The underlying type of the assignment expression is uint16_t. Casting to uint16_t is correct and proper practice. Again, your tool is broken.

            Source https://stackoverflow.com/questions/64931563

            QUESTION

            Does MISRA check if array index out of bounds?
            Asked 2020-Nov-12 at 09:40

            In the MISRA-C standard 2012 I could not find an explicit rule that says that the implementer needs to check that the array is not accessed with an index out of bounds.

            So an array out of index / boundaries could be there.

            Maybe this is nothing MISRA-C cares about or maybe I missed something?

            ...

            ANSWER

            Answered 2020-Nov-12 at 09:36

            In MISRA-C:2012 there is the advisory rule 17.5 which requires that array parameters to functions should have bounds specified, to enable out-of-bounds checking of the array inside that function.

            There was a rule in earlier MISRA-C that favoured the use of array syntax notation (int []) over pointer notation (int*) for function parameters, but it was a bit misguided since all array parameters get adjusted ("decay") into pointers to the first element anyhow, so the array syntax in itself doesn't add anything unless the bounds are specified. That rule was rewritten into what's currently advisory rule 17.5.

            Rule 18.1 (required) says that any pointer arithmetic should result in a pointer that points at the same array as the original operand. This should (arguably) be used to cover the out of bounds case too, since arr[i] is equivalent to *(arr+i) and you can't actually access an array with the array subscripting [] operator, only a pointer (see Do pointers support "array style indexing"?).

            There's also the general rule 1.3 stating that the program should not contain any form of undefined behavior, which is meant to cover all cases of UB that aren't handled by other more specific rules.

            But in the end, this will be a quality of implementation matter for the static analyser. When they are able to, most such tools perform out-of-bounds checks anyway, regardless of MISRA-C.

            Unfortunately, MISRA-C is suffering from the same misguided ideas as the C11 committee when it comes to VLA - C11 made VLA optional and MISRA-C bans them completely. Both committees failed to take modern C programming in account, where you can use a pointer to VLA to increase type safety and static analysis possibilities, namely:

            Source https://stackoverflow.com/questions/64800766

            QUESTION

            MISRA2004-12_8-3 rule has static analysis violation for RHS operand (32u - n) even with limits check
            Asked 2020-Sep-17 at 08:25

            I am currently attempting to use parasoft software to fix static analysis violations for my code using MISRA C coding standards. My code initially had this function:

            ...

            ANSWER

            Answered 2020-Sep-17 at 08:25

            As the MISRA-C document says, it is only sensible to check this dynamically at run-time or during code review. Which of course won't stop dysfunctional static analysers from trying to do it during static analysis anyway...

            Why is parasoft software still reporting an error for the right-hand operand being (32u - n) despite the limit check?

            Likely because it is bugged and reports a false positive.

            Unless of course it spotted that some caller-side code is providing an n which is larger than 32. Some static analysers are able to give somewhat smarter warnings when they check the project as whole rather than individual translation units, one at a time.

            What is the correct way to resolve this violation?

            Your original code is fine and apart from 32 -> 32u, it is MISRA compliant. Don't clutter it up with defensive programming just to silence the potentially broken tool. Only add such checks if you have reason to believe that n will actually be zero or larger than 32.

            For MISRA-C compliance, it should be sufficient to state that the case of a variable n will be covered by code review.

            (To be picky, MISRA-C:2004 doesn't allow inline since it doesn't allow C99, you need MISRA-C:2012 for that.)

            Source https://stackoverflow.com/questions/63933713

            QUESTION

            cppcheck, how inline-suppression works with misra add-on
            Asked 2020-Apr-23 at 12:19

            I tried inline suppression with CppCheck and misra add-on:

            My example:

            ...

            ANSWER

            Answered 2020-Apr-23 at 12:19

            It seems like you have found a bug. Your approach looks correct to me.

            For the following C code (here in the file misra_suppression_test.c) the suppression works:

            Source https://stackoverflow.com/questions/61382943

            QUESTION

            MISRA Violation 12.9 Operand of unary minus is unsigned
            Asked 2020-Apr-02 at 14:20

            I'm currently dealing with some MISRA issues and therefore trying to understand the integer conversion rules in C.

            I'm getting a violation of MISRA-C 2004 rule 12.9 The unary minus operator shall not be applied to an expression whose underlying type is unsigned

            in the code line

            ...

            ANSWER

            Answered 2020-Apr-02 at 14:20

            The integer constant "1" however is of the first type in the list int, long int, unsigned long int...

            Correct. Integer constants like 1 are of type int and as far as MISRA-C is concerned, the underlying type is also int. The definition is (MISRA-C:2004 6.10.4)

            The term "underlying type" is defined as describing the type that would be obtained from evaluating an expression if it were not for the effects of integral promotion.

            The line signed long int test = -1; is MISRA-C:2004 (and MISRA-C:2012) compliant.

            • The expression -1 contains no implicit promotions in itself. Integral promotion does not apply.
            • Thus -1 has underlying type signed int and upon assignment, it is implicitly converted to a wider integer type with the same signedness, which is fine.
            • The intention is to create a signed variable, so the rule about u suffix does not apply.
            • Furthermore, the rule 10.1 against implicit conversions from a so-called "complex expression" into different a type does not apply either, since -1 is a constant expression, not a complex expression (see MISRA-C:2004 6.10.5).

            So this is yet another tool bug. The tool seems to picking the wrong underlying type of an expression, which would be a severe bug.

            signed long int test = -1L; is not necessary for compliance, although it is also compliant code.

            Source https://stackoverflow.com/questions/60989517

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install misra-c

            You can download it from GitHub.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/keleshev/misra-c.git

          • CLI

            gh repo clone keleshev/misra-c

          • sshUrl

            git@github.com:keleshev/misra-c.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link