Search code examples
carraysstatic-initializationmisra

MISRA 9.2 initializing float and unsigned arrays


In the following lines, I'm getting different issues reported from the Parasoft C/C++ Test static analysis tool and from the IAR Embedded Workbench MISRA checker:

[1] static unsigned int array_a[30] = {0U};
[2] static float array_b[20] = {0.0f};

Parasoft Static Analysis says:

Not all elements of variable ‘array_a’ are initialized.
Not all elements of variable ‘array_b’ are initialized.

IAR Embedded Workbench has no problems with the above statements (and its MISRA checker is on).

I can make the message for variable ‘array_b’ go away with:

[3] static float array_b[20] = {0};

However, the same trick doesn’t work for ‘array_a’:

[4] static unsigned int array_a[30] = {0};

Now the IAR Embedded Workbench MISRA checker is complaining because a signed integer constant, 0, is being assigned to an unsigned integer:

Error[Pm127]: a 'U' suffix shall be applied to all constants of 'unsigned' type (MISRA C 2004 rule 10.6)

The Parasoft Static Analysis is not showing any issues for line 4 above.

I believe this comes down to the interpretation of “zero” for MISRA rule 9.2:
EXCEPTIONS

"All the elements of arrays or structures can be initialized (to zero or NULL)
by giving an explicit initializer for the first element only. If this method
of initialization is chosen then the first element should be initialized
to zero (or NULL), and nested braces need not be used."

Which checker is correct?


Solution

  • Parasoft Static Analysis says:

    Not all elements of variable ‘array_a’ are initialized.

    This is not correct. All elements are initialized and the code does not violate MISRA-C 9.2, which explicitly allows zero initialization with just one item of the array set to zero.

    static float array_b[20] = {0};

    Strictly speaking this is not MISRA compliant, since all integer literals have to be unsigned as they were in your first code. Change to 0u or 0U or indeed 0.0f (the latter makes most sense).

    static unsigned int array_a[30] = {0};

    Same here, not MISRA compliant.

    The Parasoft Static Analysis is not showing any issues for line 4 above.

    It would appear that Parasoft is incorrect in all the mentioned cases. You should report this as bugs in their MISRA checker.

    IAR appears to be correct in all the mentioned cases.