B MISRA C

Supported and unsupported MISRA C rules

1. no language extensions shall be used

* 2. other languages should only be used with an interface standard

3. inline assembly is only allowed in dedicated C functions

* 4. provision should be made for appropriate run-time checking

5. only use characters defined by the C standard

* 6. character values shall be restricted to a subset of ISO 106460-1

7. trigraphs shall not be used

8. multibyte characters and wide string literals shall not be used

9. comments shall not be nested

* 10. sections of code should not be "commented out"

11. identifiers shall not rely on significance of more than 31 characters

12. the same identifier shall not be used in multiple name spaces

13. specific-length typedefs should be used instead of the basic types

14. use 'unsigned char' or 'signed char' instead of plain 'char'

* 15. floating point implementations should comply with a standard

* 16. the bit representation of floating point numbers shall not be used

17. typedef names should not be reused

* 18. numeric constants should be suffixed to indicate type

19. octal constants (other than zero) shall not be used

20. all object and function identifiers shall be declared before use

21. identifiers shall not hide identifiers in an outer scope

22. declarations should be at function scope where possible ("static variable")

* 23. all declarations at file scope should be static where possible

24. identifiers shall not have both internal and external linkage

* 25. identifiers with external linkage shall have exactly one definition

26. multiple declarations for objects or functions shall be compatible

* 27. external objects should not be declared in more than one file

28. the 'register' storage class specifier should not be used

29. the use of a tag shall agree with its declaration

30. all automatics shall be initialized before being used

31. braces shall be used in the initialization of arrays and structures

32. only the first, or all enumeration constants may be initialized

33. the right hand side of && or || shall not contain side effects

34. the operands of a logical && or || shall be primary expressions

35. assignment operators shall not be used in Boolean expressions

* 36. logical operators should not be confused with bitwise operators

37. bitwise operations shall not be performed on signed integers

38. a shift count shall be between 0 and the operand width minus 1

39. the unary minus shall not be applied to an unsigned expression

40. 'sizeof' should not be used on expressions with side effects

* 41. the implementation of integer division should be documented

42. the comma operator shall only be used in a 'for' condition

43. don't use implicit conversions which may result in information loss

44. redundant explicit casts should not be used

45. type casting from any type to/from pointers shall not be used

46. the value of an expression shall be evaluation order independent

* 47. no dependence should be placed on operator precedence rules

* 48. mixed arithmetic should use explicit casting

* 49. tests of a (non-Boolean) value against 0 should be made explicit

50. F.P. variables shall not be tested for exact equality or inequality

* 51. constant unsigned integer expressions should not wrap-around

52. there shall be no unreachable code

53. all non-null statements shall have a side-effect

54. a null statement shall only occur on a line by itself

55. labels should not be used

56. the 'goto' statement shall not be used

57. the 'continue' statement shall not be used

58. the 'break' statement shall not be used (except in a 'switch')

59. an 'if' or loop body shall always be enclosed in braces

60. all 'if', 'else if' constructs should contain a final 'else'

61. every non-empty 'case' clause shall be terminated with a 'break'

62. all 'switch' statements should contain a final 'default' case

63. a 'switch' expression should not represent a Boolean case

64. every 'switch' shall have at least one 'case'

65. floating point variables shall not be used as loop counters

* 66. a "for" should only contain expressions concerning loop control

* 67. iterator variables should not be modified in a "for" loop

68. functions shall always be declared at file scope

69. functions with variable number of arguments shall not be used

70. functions shall not call themselves

71. function prototypes shall be visible at the definition and call

72. the function prototype of the declaration shall match the definition

73. identifiers shall be given for all prototype parameters or for none

74. parameter identifiers shall be identical for declaration/definition

75. every function shall have an explicit return type

76. functions with no parameters shall have a 'void' parameter list

* 77. an actual parameter type shall be compatible with the prototype

78. the number of actual parameters shall match the prototype

79. the values returned by 'void' functions shall not be used

80. void expressions shall not be passed as function parameters

* 81. "const" should be used for reference parameters not modified

82. a function should have a single point of exit

83. every exit point shall have a 'return' of the declared return type

84. for 'void' functions, 'return' shall not have an expression

85. function calls with no parameters should have empty parentheses

* 86. if a function returns error information, it should be tested

87. #include shall only be preceded by another directives or comments

88. non-standard characters shall not occur in #include directives

89. #include shall be followed by either <filename> or "filename"

90. plain macros shall only be used for constants/qualifiers/specifiers

91. macros shall not be defined/undefined within a block

92. '#undef' should not be used

* 93. a function should be used in preference to a function-like macro

94. a function-like macro shall not be used without all arguments

* 95. macro arguments shall not contain pre-preprocessing directives

96. macro definitions/parameters should be enclosed in parentheses

97. don't use undefined identifiers in pre-processing directives

98. a macro definition shall contain at most one # or ## operator

* 99. all uses of the #pragma directive shall be documented

100. 'defined' shall only be used in one of the two standard forms

101. pointer arithmetic should not be used

102. no more than 2 levels of pointer indirection should be used

* 103. no relational operators between pointers to different objects

104. non-constant pointers to functions shall not be used

105. functions assigned to the same pointer shall be of indentical type

106. an automatic address may not be assigned to a longer lived object

* 107. the null pointer shall not be de-referenced

* 108. all struct/union members shall be fully specified

* 109. overlapping variable storage shall not be used

* 110. unions shall not be used to access the sub-parts of larger types

111. bit fields shall have type 'unsigned int' or 'signed int'

112. bit fields of type 'signed int' shall be at least 2 bits long

113. all struct/union members shall be named

114. reserved and standard library names shall not be redefined

115. standard library function names shall not be reused

* 116. production libraries shall comply with the MISRA C restrictions

* 117. the validity of library function parameters shall be checked

118. dynamic heap memory allocation shall not be used

119. 'errno' should not be used

120. the macro 'offsetof()' shall not be used

121. <locale.h> and the 'setlocale' function shall not be used

122. the 'setjmp' and 'longjmp' functions shall not be used

123. the signal handling facilities of <signal.h> shall not be used

124. the <stdio.h> library shall not be used in production code

125. the functions atof/atoi/atol shall not be used

126. the functions abort/exit/getenv/system shall not be used

127. the time handling functions of library <time.h> shall not be used

* = Not supported by the TASKING TriCore C compiler


Copyright © 2002 Altium BV