MISRA C

What is Misra C

Motor Industries Software Reliability Association

This Standard originally developed for the Automotive Industry

It produces safe and robust C.

MISRA C includes 127 rules. 93 of these are required and the remaining 34 are advisory. All rules apply to the source code and not to the object code generated by the compiler.

MISRA C 2004

121 RULES REQUIRED

20 RULES ADVISORY

21 Categories

 

MISRA C 2004 Categories

In the group ‘Conversions’, the use of implicit type conversions as well as redundant explicit casts are prohibited.

In the group ‘Expressions’, a rule describes floating-point variables are not to be tested for exact equality or inequality.

In the group ‘Control Flow’, the use of goto, break and continue is prohibited. Also a number of constraints on the use of the if, else, switch, and case constructs is defined.

The group ‘Pointers and Arrays’ prohibits the use of non-constant pointers to functions and discourages the use of pointer arithmetic at all.

The group ‘Structures and Unions’ requires that all structure/ union members are named and referred to by name only.

Rules of Misra c

Rule 3

Assembly code and C should not be mixed.

Real time behavior, size and other issues may require the use of assembly code.

In this case, the mixing of the codes should be via a well defined interface.

RULE 6

Character and string literal shall only contain that map to the subset of ISO 10646. Because characters are not portable between implementations.

Rule 9

Nested Comments should flag as an error

Example

/*Comment

Perform_critical_thing(X);

/* Safe functionality */

Rule 13 and 17

In the group ‘Types’, the basic types char, int, short, long, float and double should be replaced with typedefs indicating the specific length (e.g., SI_16 for a 16 bit signed integer) and the type char shall always be declared as either unsigned char or signed char.

Typedefs should not be reused as other typedefs for any other purpose within the same project.

Eg:

typedef int int_16a;

#define int int_16a

(both should not be declared)

Rule 19 violation:

Octal Constants (other than zero) shall not be used

A = 111;

B = 101;

C = 011;

Rule 20 (required):

All object and function identifiers shall be declared before use.

Rule 35 and 36

Assignment operators shall not be used in Boolean expressions

if ((x = y) != 0)

bitwise operators shall not be used inboolean expressions

Rule 40

If the sizeof operator is used on an expression, it should not contain any side effects

Eg:

int x,y;

y=sizeof(x=1234);

// y should be assigned the value of sizeof(i) which is an integer and it is not like 1234 is assigned to i

rule 43 violation:

MY_UCHAR uc;

MY_SHORT si;

...

uc=si;

Don’t use implicit conversions which may result in information loss

MISRA C rule 50 violation:

if (EF==0)

Floating Point variables shall not be tested for exact equality or inequality

Rule 63

The switch statement should not be used for only two cases, in that case if else should be used

rule 65 violation:

for (F=0.0; F<10.0; F++)

Floating Point variables shall not be used as loop counters

Rule 83

Functions with non void return type shall not be terminated with implicit return type. It shall have an explicit return statement

Rule 118

Use of calloc, malloc and realloc is strictly banned.

Comments

Popular Posts