Goanna 3.2.

4 Standards Data Sheet for MISRA C:2012

misrac2012-datasheet.pdf
Motor Industry Software Reliability Association (MISRA) C:2012 Standard
Mapping of MISRA C:2012 items to Goanna checks
The following table lists all the MISRA C:2012 items that are identied by Goanna.
MISRAC
C:2012 ID
MISRAC C:2012 Description Goanna Checks Goanna Check Description
Dir-1.1 (Required) Any implementation-
dened behaviour on which the output
of the program depends shall be
documented and understood
Document This rule requires manual documentation.
Dir-2.1 (Required) All source les shall com-
pile without any compilation errors
PARSE Parse errors are generated for this rule
Dir-3.1 (Required) All code shall be traceable
to documented requirements
Document This rule requires manual documentation.
Dir-4.1 (Required) Run-time failures shall be
minimized
Static analysis Correct use of Goanna static analysis as-
sists in compliance with this rule
Dir-4.2 (Advisory) All usage of assembly
language should be documented
Document This rule requires manual documentation.
Dir-4.3 (Required) Assembly language shall
be encapsulated and isolated
MISRAC2012-Dir-4.3 Inline asm statements that are not encap-
sulated in functions
Dir-4.4 (Advisory) Sections of code should
not be "commented out"
MISRAC2012-Dir-4.4 To allow comments to contain pseudo-
code or code samples, only comments
that end in ;, , or characters are con-
sidered to be commented-out code.
Dir-4.5 (Advisory) Identiers in the same
name space with overlapping visibility
should be typographically unambigu-
ous
Not implemented This rule requires manual checking.
Dir-4.6
(Advisory) typedefs that indicate size
and signedness should be used in
place of the basic numerical types
MISRAC2012-Dir-4.6_a Uses of basic types char, int, short, long,
double, and oat without typedef
MISRAC2012-Dir-4.6_b Typedefs of basic types with names that
do not indicate size and signedness
Dir-4.7 (Required) If a function returns error
information, then that error informa-
tion shall be tested
Not implemented This rule requires manual checking.
Dir-4.8 (Advisory) If a pointer to a structure or
union is never dereferenced within a
translation unit, then the implementa-
tion of the object should be hidden
Not implemented This rule requires manual checking.
Dir-4.9 (Advisory) A function should be used
in preference to a function-like macro
where they are interchangeable
MISRAC2012-Dir-4.9 Function-like macros
Dir-4.10 (Required) Precautions shall be taken
in order to prevent the contents of a
header le being included more than
once
MISRAC2012-Dir-4.10 Header les without #include guards
Dir-4.11 (Required) The validity of values
passed to library functions shall be
checked
Not implemented This rule requires manual checking.
Dir-4.12 (Required) Dynamic memory alloca-
tion shall not be used
Not implemented This rule requires manual checking.
1
Dir-4.13 (Advisory) Functions which are de-
signed to provide operations on a
resource should be called in an ap-
propriate sequence
Not implemented This rule requires manual checking.
Rule-1.1 (Required) The program shall contain
no violations of the standard C syntax
and constraints, and shall not exceed
the implementations translation limits
PARSE Parse errors are generated for this rule
Rule-1.2 (Advisory) Language extensions
should not be used
Not implemented This rule requires manual checking.
Rule-1.3
(Required) There shall be no oc-
currence of undened or critical
unspecied behaviour
Partly implemented Some cases require manual checking.
ATH-div-0 An expression resulting in 0 is used as a
divisor.
ATH-div-0-assign A variable is assigned the value 0, then
used as a divisor.
ATH-div-0-cmp-aft After a successful comparison with 0, a
variable is used as a divisor.
ATH-div-0-cmp-bef A variable used as a divisor is subse-
quently compared with 0.
ATH-div-0-interval Interval analysis determines a value is 0,
then it is used as a divisor.
ATH-div-0-pos An expression that may be 0 is used as a
divisor.
ATH-div-0-unchk-global A global variable is not checked against 0
before it is used as a divisor.
ATH-div-0-unchk-local A local variable is not checked against 0
before it is used as a divisor.
EXP-main-ret-int The return type of main() should always
be int.
MISRAC2012-Rule-1.3_a An expression resulting in 0 is used as a
divisor.
MISRAC2012-Rule-1.3_b A variable is assigned the value 0, then
used as a divisor.
MISRAC2012-Rule-1.3_c After a successful comparison with 0, a
variable is used as a divisor.
MISRAC2012-Rule-1.3_d A variable used as a divisor is subse-
quently compared with 0.
MISRAC2012-Rule-1.3_e Interval analysis determines a value is 0,
then it is used as a divisor.
MISRAC2012-Rule-1.3_f An expression that may be 0 is used as a
divisor.
MISRAC2012-Rule-1.3_g A global variable is not checked against 0
before it is used as a divisor.
MISRAC2012-Rule-1.3_h A local variable is not checked against 0
before it is used as a divisor.
Rule-2.1
(Required) A project shall not contain
unreachable code
RED-case-reach A case statement within a switch state-
ment is unreachable.
RED-dead In all executions, a part of the program is
not executed.
MISRAC2012-Rule-2.1_a A case statement within a switch state-
ment is unreachable.
MISRAC2012-Rule-2.1_b In all executions, a part of the program is
not executed.
Rule-2.2
(Required) There shall be no dead
code
RED-no-effect A statement that potentially contains no
side effects.
RED-unused-val A variable is assigned a value that is never
used.
MISRAC2012-Rule-2.2_a A statement that potentially contains no
side effects.
MISRAC2012-Rule-2.2_c A variable is assigned a value that is never
used.
Rule-2.3 (Advisory) A project should not con-
tain unused type declarations
Not implemented This rule requires manual checking.
Rule-2.4 (Advisory) A project should not con-
tain unused tag declarations
Not implemented This rule requires manual checking.
Rule-2.5 (Advisory) A project should not con-
tain unused macro declarations
Not implemented This rule requires manual checking.
2
Rule-2.6 (Advisory) A function should not
contain unused label declarations
Not implemented This rule requires manual checking.
Rule-2.7
(Advisory) There should be no un-
used parameters in functions
RED-unused-param A function parameter is declared but not
used.
MISRAC2012-Rule-2.7 A function parameter is declared but not
used.
Rule-3.1 (Required) The character sequences
/* and // shall not be used within a
comment
MISRAC2012-Rule-3.1 The character sequences /* and // shall
not be used within a comment
Rule-3.2 (Required) Line-splicing shall not be
used in // comments
Not implemented This rule requires manual checking.
Rule-4.1 (Required) Octal and hexadecimal es-
cape sequences shall be terminated
Not implemented This rule requires manual checking.
Rule-4.2
(Advisory) Trigraphs should not be
used
Partly implemented Some cases require manual checking.
STR-trigraph Uses of trigraphs (in string literals only)
MISRAC2012-Rule-4.2 Uses of trigraphs (in string literals only)
Rule-5.1 (Required) External identiers shall
be distinct
MISRAC2012-Rule-5.1 An external identier is not unique for the
rst 31 characters but not identical
Rule-5.2 (Required) Identiers declared in the
same scope and name space shall be
distinct
Not implemented This rule requires manual checking.
Rule-5.3
(Required) An identier declared in an
inner scope shall not hide an identier
declared in an outer scope
Partly implemented Some cases require manual checking.
RED-local-hides-global The denition of a local variable hides a
global denition.
RED-local-hides-local The denition of a local variable hides a
previous local denition.
RED-local-hides-param A variable declaration hides a parameter
of the function
MISRAC2012-Rule-5.3_a The denition of a local variable hides a
global denition.
MISRAC2012-Rule-5.3_b The denition of a local variable hides a
previous local denition.
MISRAC2012-Rule-5.3_c A variable declaration hides a parameter
of the function
Rule-5.4
(Required) Macro identiers shall be
distinct
MISRAC2012-Rule-
5.4_c89
Macro names that are not distinct in their
rst 31 characters from their macro pa-
rameters or other macro names
MISRAC2012-Rule-
5.4_c99
Macro names that are not distinct in their
rst 63 characters from their macro pa-
rameters or other macro names
Rule-5.5
(Required) Identiers shall be distinct
from macro names
MISRAC2012-Rule-
5.5_c89
Non-macro identiers that are not distinct
in their rst 31 characters from macro
names
MISRAC2012-Rule-
5.5_c99
Non-macro identiers that are not distinct
in their rst 63 characters from macro
names
Rule-5.6 (Required) A typedef name shall be a
unique identier
MISRAC2012-Rule-5.6 Typedef with this name already declared.
Rule-5.7 (Required) A tag name shall be a
unique identier
MISRAC2012-Rule-5.7 A class, struct, union or enum declaration
that clashes with a previous declaration.
Rule-5.8 (Required) Identiers that dene ob-
jects or functions with external linkage
shall be unique
MISRAC2012-Rule-5.8 External identier names should be
unique
Rule-5.9 (Advisory) Identiers that dene ob-
jects or functions with internal linkage
should be unique
Not implemented This rule requires manual checking.
Rule-6.1 (Required) Bit-elds shall only be
declared with an appropriate type
MISRAC2012-Rule-6.1 Bitelds with plain int type
Rule-6.2
(Required) Single-bit named bit elds
shall not be of a signed type
STRUCT-signed-bit Signed single-bit elds (excluding anony-
mous elds)
MISRAC2012-Rule-6.2 Signed single-bit elds (excluding anony-
mous elds)
Rule-7.1 (Required) Octal constants shall not
be used
MISRAC2012-Rule-7.1 Uses of octal integer constants
3
Rule-7.2 (Required) A "u" or "U" sufx shall be
applied to all integer constants that
are represented in an unsigned type
MISRAC2012-Rule-7.2 A U sufx shall be applied to all constants
of unsigned type.
Rule-7.3 (Required) The lowercase character
"l" shall not be used in a literal sufx
MISRAC2012-Rule-7.3 Lower case character l should not be
used as a sufx.
Rule-7.4
(Required) A string literal shall not be
assigned to an object unless the ob-
jects type is "pointer to const-qualied
char"
MISRAC2012-Rule-7.4_a A string literal is assigned to a variable not
declared as constant
MISRAC2012-Rule-7.4_b Part of string literal is modied via array
subscript operator []
Rule-8.1
(Required) Types shall be explicitly
specied
DECL-implicit-int Whenever an object or function is de-
clared or dened, its type shall be explicitly
stated.
MISRAC2012-Rule-8.1 Whenever an object or function is de-
clared or dened, its type shall be explicitly
stated.
Rule-8.2
(Required) Function types shall be in
prototype form with named parame-
ters
FUNC-no-prototype Functions declared with an empty () pa-
rameter list that does not form a valid pro-
totype
MISRAC2012-Rule-8.2_a Functions declared with an empty () pa-
rameter list that does not form a valid pro-
totype
MISRAC2012-Rule-8.2_b Function prototypes must name all param-
eters
Rule-8.3 (Required) All declarations of an
object or function shall use the same
names and type qualiers
Not implemented This rule requires manual checking.
Rule-8.4 (Required) A compatible declaration
shall be visible when an object or
function with external linkage is de-
ned
Not implemented This rule requires manual checking.
Rule-8.5 (Required) An external object or
function shall be declared once in one
and only one le
Not implemented This rule requires manual checking.
Rule-8.6 (Required) An identier with external
linkage shall have exactly one exter-
nal denition
Not implemented This rule requires manual checking.
Rule-8.7 (Advisory) Functions and objects
should not be dened with external
linkage if they are referenced in only
one translation unit
Not implemented This rule requires manual checking.
Rule-8.8 (Required) The static storage class
specier shall be used in all decla-
rations of objects and functions that
have internal linkage
Not implemented This rule requires manual checking.
Rule-8.9 (Advisory) An object should be de-
ned at block scope if its identier
only appears in a single function
Not implemented This rule requires manual checking.
Rule-8.10 (Required) An inline function shall be
declared with the static storage class
MISRAC2012-Rule-8.10 All inline functions should be declared as
static
Rule-8.11 (Advisory) When an array with exter-
nal linkage is declared, its size should
be explicitly specied
MISRAC2012-Rule-8.11 External arrays declared without size
stated explicitly or dened implicitly by ini-
tialization.
Rule-8.12 (Required) Within an enumerator list,
the value of an implicitly-specied
enumeration constant shall be unique
Not implemented This rule requires manual checking.
Rule-8.13 (Advisory) A pointer should point
to a const-qualied type whenever
possible
Not implemented This rule requires manual checking.
Rule-8.14 (Required) The restrict type qualier
shall not be used
MISRAC2012-Rule-8.14 The use of the restrict type qualier is for-
bidden for function parameters
Rule-9.1
(Mandatory) The value of an object
with automatic storage duration shall
not be read before it has been set
PTR-uninit-pos Possibly dereference of an uninitialized or
NULL pointer.
SPC-uninit-arr-all Checks reads from local buffers are pre-
ceded by writes.
4
SPC-uninit-struct In all executions, a struct has one or more
elds read before they are initialized.
SPC-uninit-struct-eld A eld of a local struct is read before it is
initialized.
SPC-uninit-var-all In all executions, a variable is read before
it is assigned a value.
SPC-uninit-var-some In some execution, a variable is read be-
fore it is assigned a value.
MISRAC2012-Rule-9.1_a Possibly dereference of an uninitialized or
NULL pointer.
MISRAC2012-Rule-9.1_b Checks reads from local buffers are pre-
ceded by writes.
MISRAC2012-Rule-9.1_c In all executions, a struct has one or more
elds read before they are initialized.
MISRAC2012-Rule-9.1_d A eld of a local struct is read before it is
initialized.
MISRAC2012-Rule-9.1_e In all executions, a variable is read before
it is assigned a value.
MISRAC2012-Rule-9.1_f In some execution, a variable is read be-
fore it is assigned a value.
Rule-9.2 (Required) The initializer for an ag-
gregate or union shall be enclosed in
braces
Not implemented This rule requires manual checking.
Rule-9.3 (Required) Arrays shall not be par-
tially initialized
MISRAC2012-Rule-9.3 Arrays shall not be partially initialized
Rule-9.4 (Required) An element of an object
shall not be initialized more than once
Not implemented This rule requires manual checking.
Rule-9.5
(Required) Where designated initial-
izers are used to initialize an array
object the size of the array shall be
specied explicitly
MISRAC2012-Rule-9.5_a Arrays initialized with designated initializ-
ers must have a xed length
MISRAC2012-Rule-9.5_b Flexible array members cannot be inital-
ized with a designated initalizer
Rule-10.1
(Required) Operands shall not be of
an inappropriate essential type
MISRAC2012-Rule-
10.1_R2
An expression of essentially Boolean type
should always be used where an operand
is interpreted as a Boolean value
MISRAC2012-Rule-
10.1_R3
An operand of essentially Boolean type
should noe be used where an operand is
interpreted as a numeric value
MISRAC2012-Rule-
10.1_R4
An operand of essentially character type
should not be used where an operand is
interpreted as a numeric value
MISRAC2012-Rule-
10.1_R5
An operand of essentially enum type
should not be used in an arithmetic op-
eration because an enum object uses an
implementation-dened integer type.
MISRAC2012-Rule-
10.1_R6
Shift and bitwise opearation should only
be performed on operands of essentially
unsigned type.
MISRAC2012-Rule-
10.1_R7
The right hand operand of a shift operator
should be of essentially unsigned type to
ensure that undened behaviour does not
result from a negative shift.
MISRAC2012-Rule-
10.1_R8
An operand of essentially unsigned typed
should not be used as the operand to the
unary minus operator, as the signedness
of the result is determined by the imple-
mentation size of int
Rule-10.2 (Required) Expressions of essentially
character type shall not be used inap-
propriately in addition and subtraction
operations
MISRAC2012-Rule-10.2 Expressions of essentially character type
shall not be used inapproriately in addition
and subtraction operations
Rule-10.3 (Required) The value of an expression
shall not be assigned to an object
with a narrower essential type or of a
different essential type category
MISRAC2012-Rule-10.3 The value of an expression shall not be as-
signed to an object with a narrower essen-
tial type or a different essential type cate-
gory
Rule-10.4 (Required) Both operands of an
operator in which the usual arithmetic
conversions are performed shall have
the same essential type category
MISRAC2012-Rule-10.4 Both operands of an operator in which
the usual arithmetic conversions are per-
formed shall have the same essential type
category
5
Rule-10.5 (Advisory) The value of an expression
should not be cast to an inappropriate
essential type
Not implemented This rule requires manual checking.
Rule-10.6 (Required) The value of a composite
expression shall not be assigned to
an object with wider essential type
MISRAC2012-Rule-10.6 The value of a composite expression shall
not be assigned to an object with wider es-
sential type
Rule-10.7 (Required) If a composite expression
is used as one operand of an op-
erator in which the usual arithmetic
conversions are performed then the
other operand shall not have wider
essential type
MISRAC2012-Rule-10.7 If a composite expression is used as one
operand of an operator in which the usual
arithmetic conversions are performed then
the other operand shall not have wider es-
sential type
Rule-10.8 (Required) The value of a composite
expression shall not be cast to a
different essential type category or a
wider essential type
MISRAC2012-Rule-10.8 The value of a composite expression shall
not be cast to a different essential type
category or a wider essential type
Rule-11.1
(Required) Conversions shall not be
performed between a pointer to a
function and any other type
PARSE Parse errors are generated for this rule
MISRAC2012-Rule-11.1 Conversion shall not be performed be-
tween a pointer to a function and any other
type
Rule-11.2 (Required) Conversions shall not
be performed between a pointer to
an incomplete type and any other type
PARSE Parse errors are generated for this rule
Rule-11.3 (Required) A cast shall not be per-
formed between a pointer to object
type and a pointer to a different object
type
MISRAC2012-Rule-11.3 A pointer to object type is cast to a pointer
to different object type
Rule-11.4 (Advisory) A conversion should not be
performed between a pointer to object
and an integer type
MISRAC2012-Rule-11.4 A cast should not be performed between
a pointer type and an integral type.
Rule-11.5 (Advisory) A conversion should not
be performed from pointer to void into
pointer to object
PARSE Parse errors are generated for this rule
Rule-11.6 (Required) A cast shall not be per-
formed between pointer to void and
an arithmetic type
PARSE Parse errors are generated for this rule
Rule-11.7
(Required) A cast shall not be per-
formed between pointer to object and
a non-integer arithmetic type
PARSE Parse errors are generated for this rule
MISRAC2012-Rule-11.7 A cast shall not be performed between
pointer to object and a non-integer arith-
metic type
Rule-11.8 (Required) A cast shall not remove
any const or volatile qualication from
the type pointed to by a pointer
MISRAC2012-Rule-11.8 Casts that remove any const or volatile
qualication.
Rule-11.9 (Required) The macro NULL shall be
the only permitted form of integer null
pointer constant
MISRAC2012-Rule-11.9 An integer constant is used where the
NULL macro should be
Rule-12.1 (Advisory) The precedence of oper-
ators within expressions should be
made explicit
MISRAC2012-Rule-12.1 Add parentheses to avoid implicit operator
precedence.
Rule-12.2
(Required) The right hand operand of
a shift operator shall lie in the range
zero to one less than the width in bits
of the essential type of the left hand
operand
ATH-shift-bounds Out of range shifts
MISRAC2012-Rule-12.2 Out of range shifts
Rule-12.3 (Advisory) The comma operator
should not be used
MISRAC2012-Rule-12.3 Uses of the comma operator
Rule-12.4
(Advisory) Evaluation of constant ex-
pressions should not lead to unsigned
integer wrap-around
Partly implemented Some cases require manual checking.
MISRAC2012-Rule-12.4 Evaluation of constant expressions should
not lead to unsigned integer wrap-around
Rule-13.1
(Required) Initializer lists shall not
contain persistent side effects
SPC-init-list The initalisation list of an array should not
contain side effects
MISRAC2012-Rule-13.1 The initalisation list of an array should not
contain side effects
Rule-13.2
(Required) The value of an expres-
sion and its persistent side effects
shall be the same under all permitted
evaluation orders
SPC-order Expressions which depend on order of
evaluation
SPC-volatile-reads There shall be no more than one read ac-
cess with volatile-qualied type within one
sequence point
6
SPC-volatile-writes There shall be no more than one modi-
cation access with volatile-qualied type
within one sequence point
MISRAC2012-Rule-13.2_a Expressions which depend on order of
evaluation
MISRAC2012-Rule-13.2_b There shall be no more than one read ac-
cess with volatile-qualied type within one
sequence point
MISRAC2012-Rule-13.2_c There shall be no more than one modi-
cation access with volatile-qualied type
within one sequence point
Rule-13.3 (Advisory) A full expression contain-
ing an increment (++) or decrement
() operator should have no other
potential side effects other than that
caused by the increment or decre-
ment operator
MISRAC2012-Rule-13.3 Uses of increment (++) and decrement ()
operators mixed with other operators in an
expression.
Rule-13.4
(Advisory) The result of an assign-
ment operator should not be used
EXP-cond-assign An assignment may be mistakenly used
as the condition for an if, for, while or
do statement.
MISRAC2012-Rule-13.4_a An assignment may be mistakenly used
as the condition for an if, for, while or
do statement.
MISRAC2012-Rule-13.4_b Assignment in a sub-expression.
Rule-13.5 (Required) The right hand operand of
a logical && or || operator shall not
contain persistent side effects
MISRAC2012-Rule-13.5 Right hand operands of && or || that con-
tain side effects
Rule-13.6 (Mandatory) The operand of the
sizeof operator shall not contain any
expression which has potential side
effects
MISRAC2012-Rule-13.6 The operand of the sizeof operator shall
not contain any expression which has po-
tential side effects
Rule-14.1
(Required) A loop counter shall not
have essentially oating type
MISRAC2012-Rule-14.1_a Floating-point values in the controlling ex-
pression of a for statement.
MISRAC2012-Rule-14.1_b An essentially oat variable, used in the
loop condition, is modied in the loop body
Rule-14.2
(Required) A for loop shall be well-
formed
Partly implemented Some cases require manual checking.
MISRAC2012-Rule-14.2 A for loop counter variable is modied in
the body of the loop.
Rule-14.3
(Required) Controlling expressions
shall not be invariant
RED-cond-always The condition in if, for, while, do-while and
ternary operator will always be met.
RED-cond-never The condition in if, for, while, do-while and
ternary operator will never be met.
MISRAC2012-Rule-14.3_a The condition in if, for, while, do-while and
ternary operator will always be met.
MISRAC2012-Rule-14.3_b The condition in if, for, while, do-while and
ternary operator will never be met.
Rule-14.4
(Required) The controlling expression
of an if statement and the controlling
expression of an iteration-statement
shall have essentially Boolean type
MISRAC2012-Rule-14.4_a Non-boolean termination conditions in do
... while statements.
MISRAC2012-Rule-14.4_b Non-boolean termination conditions in for
loops.
MISRAC2012-Rule-14.4_c Non-boolean conditions in if statements.
MISRAC2012-Rule-14.4_d Non-boolean termination conditions in
while statements.
Rule-15.1 (Advisory) The goto statement should
not be used
MISRAC2012-Rule-15.1 Uses of goto.
Rule-15.2 (Required) The goto statement shall
jump to a label declared later in the
same function
MISRAC2012-Rule-15.2 Goto declared after target label.
Rule-15.3 (Required) Any label referenced by
a goto statement shall be declared
in the same block, or in any block
enclosing the goto statement
MISRAC2012-Rule-15.3 The target of the goto is a nested code
block.
Rule-15.4 (Advisory) There should be no more
than one break or goto statement
used to terminate any iteration state-
ment
MISRAC2012-Rule-15.4 There should be no more than one break
or goto statement used to terminate any
iteration statement
Rule-15.5 (Advisory) A function should have a
single point of exit at the end
MISRAC2012-Rule-15.5 A function shall have a single point of exit
at the end of the function.
7
Rule-15.6
(Required) The body of an iteration-
statement or a selection-statement
shall be acompound-statement
MISRAC2012-Rule-15.6_a Missing braces in do ... while statements
MISRAC2012-Rule-15.6_b Missing braces in for statements
MISRAC2012-Rule-15.6_c Missing braces in if, else, and else if state-
ments
MISRAC2012-Rule-15.6_d Missing braces in switch statements
MISRAC2012-Rule-15.6_e Missing braces in while statements
Rule-15.7 (Required) All if ... else if constructs
shall be terminated with an else
statement
MISRAC2012-Rule-15.7 If ... else if constructs that are not termi-
nated with an else clause.
Rule-16.1 (Required) All switch statements shall
be well-formed
MISRAC2012-Rule-16.1 Switch statements that do not conform to
the MISRA C switch syntax.
Rule-16.2 (Required) A switch label shall only be
used when the most closely-enclosing
compound statement is the body of a
switch statement
MISRAC2012-Rule-16.2 Switch labels in nested blocks.
Rule-16.3 (Required) An unconditional break
statement shall terminate every
switch-clause
MISRAC2012-Rule-16.3 Non-empty switch cases not terminated by
break
Rule-16.4 (Required) Every switch statement
shall have a default label
MISRAC2012-Rule-16.4 Switch statements with no default clause.
Rule-16.5 (Required) A default label shall ap-
pear as either the rst or the last
switch label of a switch statement
MISRAC2012-Rule-16.5 A switchs default label should be either
the rst or last label of the switch
Rule-16.6 (Required) Every switch statement
shall have at least two switch-clauses
MISRAC2012-Rule-16.6 Switch statements with no cases.
Rule-16.7 (Required) A switch-expression shall
not have essentially Boolean type
MISRAC2012-Rule-16.7 A switch expression shall not represent a
value that is effectively boolean.
Rule-17.1 (Required) The features of <stdarg.h>
shall not be used
MISRAC2012-Rule-17.1 The use of the stdarg header is not per-
mitted
Rule-17.2
(Required) Functions shall not call
themselves, either directly or indirectly
MISRAC2012-Rule-17.2_a Functions that call themselves directly.
MISRAC2012-Rule-17.2_b Functions that call themselves indirectly.
Rule-17.3
(Mandatory) A function shall not be
declared implicitly
FUNC-implicit-decl Functions used without prototyping
MISRAC2012-Rule-17.3 Functions used without prototyping
Rule-17.4
(Mandatory) All exit paths from a
function with non-void return type
shall have an explicit return statement
with an expression
SPC-return For some execution, no return statement
is executed in a function with a non-void
return type
MISRAC2012-Rule-17.4 For some execution, no return statement
is executed in a function with a non-void
return type
Rule-17.5 (Advisory) The function argument cor-
responding to a parameter declared
to have an array type shall have an
appropriate number of elements
Not implemented This rule requires manual checking.
Rule-17.6 (Mandatory) The declaration of an
array parameter shall not contain the
static keyword between the [ ]
MISRAC2012-Rule-17.6 Array parameters shall not have the static
keyword between the []
Rule-17.7
(Required) The value returned by a
function having non-void return type
shall be used
RED-unused-return-val Unused function return values (excluding
overloaded operators)
MISRAC2012-Rule-17.7 Unused function return values (excluding
overloaded operators)
Rule-17.8 (Advisory) A function parameter
should not be modied
Not implemented This rule requires manual checking.
Rule-18.1
(Required) A pointer resulting from
arithmetic on a pointer operand shall
address an element of the same array
as that pointer operand
ARR-inv-index Array access is out of bounds.
ARR-inv-index-pos Array access may be out of bounds, de-
pending on which path is executed.
ARR-inv-index-ptr A pointer to an array is used outside the
array bounds
ARR-inv-index-ptr-pos A pointer to an array is potentially used
outside the array bounds
MISRAC2012-Rule-18.1_a Array access is out of bounds.
MISRAC2012-Rule-18.1_b Array access may be out of bounds, de-
pending on which path is executed.
MISRAC2012-Rule-18.1_c A pointer to an array is used outside the
array bounds
8
MISRAC2012-Rule-18.1_d A pointer to an array is potentially used
outside the array bounds
Rule-18.2 (Required) Subtraction between
pointers shall only be applied to
pointers that address elements of the
same array
Not implemented This rule requires manual checking.
Rule-18.3 (Required) The relational operators >,
>=, < and <= shall not be applied to
objects of pointer type except where
they point into the same object
Not implemented This rule requires manual checking.
Rule-18.4 (Advisory) The +, -, += and -= op-
erators should not be applied to an
expression of pointer type
Not implemented This rule requires manual checking.
Rule-18.5 (Advisory) Declarations should con-
tain no more than two levels of pointer
nesting
MISRAC2012-Rule-18.5 The declaration of objects should contain
no more than two levels of pointer indirec-
tion.
Rule-18.6
(Required) The address of an object
with automatic storage shall not be
copied to another object that persists
after the rst object has ceased to
exist
MEM-stack May return address on the stack.
MEM-stack-global Store a stack address in a global pointer.
MEM-stack-global-eld Store a stack address in the eld of a
global struct.
MEM-stack-param Store stack address outside function via
parameter.
MISRAC2012-Rule-18.6_a May return address on the stack.
MISRAC2012-Rule-18.6_b Store a stack address in a global pointer.
MISRAC2012-Rule-18.6_c Store a stack address in the eld of a
global struct.
MISRAC2012-Rule-18.6_d Store stack address outside function via
parameter.
Rule-18.7 (Required) Flexible array members
shall not be declared
MISRAC2012-Rule-18.7 Flexible array members shall not be de-
clared
Rule-18.8 (Required) Variable-length array types
shall not be used
MISRAC2012-Rule-18.8 Arrays shall not be declared with a vari-
able length
Rule-19.1
(Mandatory) An object shall not be
assigned or copied to an overlapping
object
UNION-overlap-assign Assignments from one eld of a union to
another.
MISRAC2012-Rule-19.1 Assignments from one eld of a union to
another.
Rule-19.2 (Advisory) The union keyword should
not be used
MISRAC2012-Rule-19.2 All unions
Rule-20.2 (Required) The , or \ characters and
the /* or // character sequences shall
not occur in a header le name
MISRAC2012-Rule-20.2 Illegal characters in header le names
Rule-20.3 (Required) The #include directive
shall be followed by either a <le-
name> or "lename" sequence
PARSE Parse errors are generated for this rule
Rule-20.4
(Required) A macro shall not be
dened with the same name as a
keyword
MISRAC2012-Rule-
20.4_c89
A macro shall not be dened with the
same name as a keyword.
MISRAC2012-Rule-
20.4_c99
A macro shall not be dened with the
same name as a keyword.
Rule-20.5 (Advisory) #undef should not be used MISRAC2012-Rule-20.5 All #undefs
Rule-20.6 (Required) Tokens that look like a
preprocessing directive shall not
occur within a macro argument
Not implemented This rule requires manual checking.
Rule-20.7 (Required) Expressions resulting from
the expansion of macro parameters
shall be enclosed in parentheses
Not implemented This rule requires manual checking.
Rule-20.8 (Required) The controlling expression
of a #if or #elif preprocessing directive
shall evaluate to 0 or 1
Not implemented This rule requires manual checking.
Rule-20.9 (Required) All identiers used in the
controlling expression of #if or #elif
preprocessing directives shall be
#dened before evaluation
Not implemented This rule requires manual checking.
9
Rule-20.10 (Advisory) The # and ## preprocessor
operators should not be used
MISRAC2012-Rule-20.10 # or ## operator used in a macro denition
Rule-20.11 (Required) A macro parameter im-
mediately following a # operator shall
not immediately be followed by a ##
operator
Not implemented This rule requires manual checking.
Rule-20.12 (Required) A macro parameter used
as an operand to the # or ## opera-
tors, which is itself subject to further
macro replacement, shall only be
used as an operand to these opera-
tors
Not implemented This rule requires manual checking.
Rule-20.13 (Required) A line whose rst token
is # shall be a valid preprocessing
directive
Not implemented This rule requires manual checking.
Rule-20.14 (Required) All #else, #elif and #endif
preprocessor directives shall reside
in the same le as the #if, #ifdef or
#ifndef directive to which they are
related
Not implemented This rule requires manual checking.
Rule-21.1 (Required) #dene and #undef shall
not be used on a reserved identier or
reserved macro name
MISRAC2012-Rule-21.1 #dene or #undef of a reserved identier
in the standard library
Rule-21.2 (Required) A reserved identier or
macro name shall not be declared
MISRAC2012-Rule-21.2 A library function is being overridden.
Rule-21.3 (Required) The memory alloca-
tion and deallocation functions of
<stdlib.h> shall not be used
MISRAC2012-Rule-21.3 All uses of malloc, calloc, realloc, and free
Rule-21.4 (Required) The standard header le
<setjmp.h> shall not be used
MISRAC2012-Rule-21.4 All uses of <setjmp.h>
Rule-21.5 (Required) The standard header le
<signal.h> shall not be used
MISRAC2012-Rule-21.5 All uses of <signal.h>
Rule-21.6 (Required) The Standard Library
input/output functions shall not be
used
MISRAC2012-Rule-21.6 All uses of <stdio.h>
Rule-21.7 (Required) The atof, atoi, atol and
atoll functions of <stdlib.h> shall not
be used
MISRAC2012-Rule-21.7 All uses of atof, atoi, atol and atoll
Rule-21.8 (Required) The library functions abort,
exit, getenv and system of <stdlib.h>
shall not be used
MISRAC2012-Rule-21.8 All uses of abort, exit, getenv, and system
Rule-21.9 (Required) The library functions
bsearch and qsort of <stdlib.h> shall
not be used
MISRAC2012-Rule-21.9 (Required) The library functions bsearch
and qsort of <stdlib.h> shall not be used.
Rule-21.10 (Required) The Standard Library time
and date functions shall not be used
MISRAC2012-Rule-21.10 All uses of <time.h> functions: asctime,
clock, ctime, difftime, gmtime, localtime,
mktime, strftime, and time
Rule-21.11 (Required) The standard header le
<tgmath.h> shall not be used
MISRAC2012-Rule-21.11 The use of the tgmath header is not per-
mitted
Rule-21.12 (Advisory) The exception handling
features of <fenv.h> should not be
used
Not implemented This rule requires manual checking.
Rule-22.1
(Required) All resources obtained
dynamically by means of Standard
Library functions shall be explicitly
released
MEM-lose-assign A memory leak due to improper dealloca-
tion.
RESOURCE-no-close All le pointers obtained dynamically by
means of Standard Library functions shall
be explicitly released
MISRAC2012-Rule-22.1_a A memory leak due to improper dealloca-
tion.
MISRAC2012-Rule-22.1_b All le pointers obtained dynamically by
means of Standard Library functions shall
be explicitly released
10
Rule-22.2
(Mandatory) A block of memory shall
only be freed if it was allocated by
means of a Standard Library function
MEM-double-free Freeing a memory location more than
once.
MEM-double-free-some Freeing a memory location more than
once on some paths but not others.
MEM-free-variable A stack address is possibly freed.
MISRAC2012-Rule-22.2_a Freeing a memory location more than
once.
MISRAC2012-Rule-22.2_b Freeing a memory location more than
once on some paths but not others.
MISRAC2012-Rule-22.2_c A stack address is possibly freed.
Rule-22.3 (Required) The same le shall not be
open for read and write access at the
same time on different streams
Not implemented This rule requires manual checking.
Rule-22.4
(Mandatory) There shall be no at-
tempt to write to a stream which has
been opened as read-only
RESOURCE-write-ronly-
le
A le opened as read-only is written to
MISRAC2012-Rule-22.4 A le opened as read-only is written to
Rule-22.5
(Mandatory) A pointer to a FILE object
shall not be dereferenced
RESOURCE-deref-le A pointer to a FILE object shall not be
dereferenced
RESOURCE-implicit-
deref-le
A le pointer is implicitly derefrenced by a
library function
MISRAC2012-Rule-22.5_a A pointer to a FILE object shall not be
dereferenced
MISRAC2012-Rule-22.5_b A le pointer is implicitly derefrenced by a
library function
Rule-22.6
(Mandatory) The value of a pointer
to a FILE shall not be used after the
associated stream has been closed
RESOURCE-le-use-
after-close
A le pointer is used after it has been
closed.
MISRAC2012-Rule-22.6 A le pointer is used after it has been
closed.
For more information:
http://redlizards.com
mailto:info@redlizards.com
c 20082014 Red Lizard Software Pty Ltd.
11