Search code examples
cembeddedmisra

How to make C code to MISRA C:2012 compliance?


I am validating MISRA C:2012 standard to my MCU code using PC-Lint. I got following errors.Here I posted a sample code where I got errors on condition statements.

1] unsigned integer literal without a 'U' suffix [MISRA 2012 Rule 7.2, required] S_LCB_100,

2] side effects on right hand of logical operator, '&&' [MISRA 2012 Rule 13.5, required] while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))

3] : a signed value and an unsigned value cannot be used together as operands to != [MISRA 2012 Rule 10.4, required] while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))

4] : a signed value and an unsigned value cannot be used together as operands to != [MISRA 2012 Rule 10.4, required] while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))

5] an unsigned value and a signed value cannot be used together as operands to == [MISRA 2012 Rule 10.4, required] if ( List[Loop] == 0x00000000 )

How can I make it MISRA C:2012 compliance?

typedef unsigned char UINT8;
typedef unsigned char BYTE;  
typedef unsigned long int UINT32; 
#define S_LCB_100 0xF0BB12DE;
#define MULTI 0x1A;
volatile static BYTE Counter = 0;
static UINT8 Loop = 0;    
static UINT32 List[]=  
{
    S_LCB_100,
    0x00000000,
};
while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))
{
 .......some code
}
if ( List[Loop] == 0x00000000 )
{
.....some code
} 

Solution

  • General remarks:

    • Before worrying about MISRA-C compliance, get the code to compile on a C compiler.
    • Then make sure you have the MISRA-C:2012 document available or you simply cannot work with MISRA.
    • Get rid of nonsense like "Yoda conditions".
    • Get rid of custom typedefs and use stdint.h. If you are on C90 then typedef with the names used by stdint.h.

    1] unsigned integer literal without a 'U' suffix [MISRA 2012 Rule 7.2, required] S_LCB_100,

    Pretty self-explaining. Add U or u to integer constants that should be unsigned. Read rule 7.2 for details.

    2] side effects on right hand of logical operator, '&&' [MISRA 2012 Rule 13.5, required] while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))

    Counter is voltatile-qualified and accessing it is a side-effect. So it should not exist inside complex expressions in general, and particularly not on the right hand side of a boolean && expression - that's quite questionable code. In this case you could simply rewrite the code as this:

    uint32_t count = (uint32_t)Counter;
    
    while((count != 0u) && (List[Loop] != 0u))
    {
      ...
      count = (uint32_t)Counter; // read volatile variable in an expression of its own
    }
    

    3] a signed value and an unsigned value cannot be used together as operands to != [MISRA 2012 Rule 10.4, required] while(( 0x00000000 != List[Loop] ) && ( 0 != Counter ))

    This is because Counter is declared as BYTE. Drop all such home-brewed crap types and declare it as uint8_t instead. Then use the while form as shown above. Use u suffix. This should fix 2) to 5).