 |
MTB CAT1 Peripheral driver library
|
|
MTB CAT1 Peripheral driver library
|
This page describes MISRA-C:2012 compliance and deviations for the PDL.
MISRA stands for Motor Industry Software Reliability Association. The MISRA specification covers a set of 10 mandatory rules, 110 required rules and 39 advisory rules that apply to firmware design and has been put together by the Automotive Industry to enhance the quality and robustness of the firmware code embedded in automotive devices.
There are two types of deviations defined:
Specific deviations are documented in the driver source code, close to the deviation occurrence. For each deviation a macro identifies the relevant rule or directive number, and reason.
This section provides MISRA compliance analysis environment description.
| Component | Name | Version |
|---|---|---|
| Test Specification | MISRA-C:2012 Guidelines for the use of the C language in critical systems | March 2013 |
| MISRA Checking Tool | Coverity Static Analysis Tool | 2022.12.0 |
The list of deviated rules/directives is provided in the table below:
| MISRA Rule/Directive | Deviation Class (Rule/Directive) | Rule Class (Required/Mandatory) | Rule/Directive Description | Description of Deviation(s) |
|---|---|---|---|---|
| 1.1 | D | R | Any implementation-defined behaviour on which the output of the program depends shall be documented and understood. | Violated because PDL supports GCC, IAR and MDK-ARM compilers. Refer to the compiler documentation for the compiler-specific behaviour. |
| 4.1 | D | R | Run-time failures shall be minimized. | Some drivers can contain redundant operations introduced because of generalized implementation approach. |
| 1.3 | R | R | There shall be no occurrence of undefined or critical unspecified behaviour. | This specific behavior is explicitly covered in rules 5.1, 21.1. |
| 2.2 | R | R | There shall be no dead code | PDL has few WEAK functions that can be overwritten. |
| 3.1 | R | R | The character sequences \/* and \/\/ shall not be used within a comment | Allow doxygen-style comments. |
| 5.1 | R | R | External identifiers shall be distinct | This rule applies to ISO:C90 standard. PDL conforms to ISO:C99 that does not require this limitation. |
| 5.4 | R | R | Macro identifiers shall be distinct | This rule applies to ISO:C90 standard. PDL conforms to ISO:C99 that does not require this limitation. |
| 5.5 | R | R | Identifiers shall be distinct from macro names | This rule applies to ISO:C90 standard. PDL conforms to ISO:C99 that does not require this limitation. |
| 5.6 | R | R | A typedef name shall be a unique identifier. | During the code analysis, the same source files are compiled multiple times with device-specific options. All typedef names are actually unique for each specific run. |
| 5.8 | R | R | Identifiers that define objects or functions with external linkage shall be unique. | During the code analysis, the same source files are compiled multiple times with device-specific options. All object and function identifiers are actually unique for each specific run. |
| 8.5 | R | R | An external object or function shall be declared once in one and only one file | Correct prototype is picked based on the device type for which PDL is being built |
| 8.6 | R | R | An identifier with external linkage shall have exactly one external definition | PDL has few functions defined in assembly files and these are not scanned by Coverity |
| 10.8 | R | R | The value of a composite expression shall not be cast to a different essential type category or a wider essential type | In case of deviations, the case to wider type does not have any unintended effect |
| 11.1 | R | R | Conversions shall not be performed between a pointer to a function and any other type | The cast from unsigned int to pointer does not have any unintended effect, as it is a consequence of the definition of a structure based on hardware registers. |
| 11.3 | R | R | A cast shall not be performed between a pointer to object type and a pointer to a different object type | Intentional typecast as PDL initializes the CAT1A device drivers at runtime based on the target device |
| 11.6 | R | R | A cast shall not be performed between pointer to void and an arithmetic type | The cast from unsigned int to pointer does not have any unintended effect, as it is a consequence of the definition of a structure based on hardware registers. |
| 11.8 | R | R | A cast shall not remove any const or volatile qualification from the type pointed to by a pointer | Drivers access hardware register by macro, which is used for both read and write access. In that case remove of const qualification does not have any unintended effect, as it is a consequence of the macro usage. |
| 14.3 | R | R | Controlling expressions shall not be invariant | Deviations as there are few comparisons between MACRO and number |
| 18.1 | R | R | A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | Intentional typecast of message buffer to byte array |
| 18.6 | R | R | The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist | In case of deviation, no valid data expected after function return |
| 21.1 | R | R | #define and #undef shall not be used on a reserved identifier or reserved macro name | PDL header files contain preprocessor guard macros with leading underscores. PDL uses CMSIS macros with leading underscores and therefore inherits its MISRA violations. |
| 21.2 | R | R | A reserved identifier or macro name shall not be declared | PDL header files contain preprocessor guard macros with leading underscores. PDL uses CMSIS macros with leading underscores and therefore inherits its MISRA violations. |
