diff options
| author | chinglee-iot <61685396+chinglee-iot@users.noreply.github.com> | 2023-12-06 04:51:52 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-06 04:51:52 +0300 |
| commit | 84c0047ccd8bfa1936eace051be9f72f950372ab (patch) | |
| tree | 0156b98a87cbe4ec42736c362f834eed150e9d6b /MISRA.md | |
| parent | cd5c774b2bda6eeec55862f79e164843508e96d9 (diff) | |
Suppress MISRA C:2012 rule 11.5 deviations (#878)
* Suppress MISRA C:2012 rule 11.5 deviations by comment also remove this rule in global config
---------
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Ubuntu <ubuntu@ip-172-31-34-245.ap-northeast-1.compute.internal>
Co-authored-by: Rahul Kar <karahulx@amazon.com>
Co-authored-by: Soren Ptak <ptaksoren@gmail.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
Diffstat (limited to 'MISRA.md')
| -rw-r--r-- | MISRA.md | 82 |
1 files changed, 58 insertions, 24 deletions
@@ -20,34 +20,72 @@ grep 'MISRA Ref 8.4.1' . -rI #### Rule 8.4 +MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an + object or function with external linkage is defined. + _Ref 8.4.1_ -- MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an - object or function with external linkage is defined. - This rule requires that a compatible declaration is made available - in a header file when an object with external linkage is defined. - pxCurrentTCB(s) is defined with external linkage but it is only - referenced from the assembly code in the port files. Therefore, adding - a declaration in header file is not useful as the assembly code will - still need to declare it separately. +- This rule requires that a compatible declaration is made available + in a header file when an object with external linkage is defined. + pxCurrentTCB(s) is defined with external linkage but it is only + referenced from the assembly code in the port files. Therefore, adding + a declaration in header file is not useful as the assembly code will + still need to declare it separately. #### Rule 11.3 +MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to +object type and a pointer to a different object type. + _Ref 11.3.1_ + - This rule prohibits casting a pointer to object into a pointer to a + different object because it may result in an incorrectly aligned pointer, + leading to undefined behavior. Even if the casting produces a correctly + aligned pointer, the behavior may be still undefined if the pointer is + used to access an object. FreeRTOS deliberately creates external aliases + for all the kernel object types (StaticEventGroup_t, StaticQueue_t, + StaticStreamBuffer_t, StaticTimer_t and StaticTask_t) for data hiding + purposes. The internal object types and the corresponding external + aliases are guaranteed to have the same size and alignment which is + checked using configASSERT. + + +#### Rule 11.5 + +MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to +void into pointer to object. +This rule prohibits conversion of a pointer to void into a pointer to +object because it may result in an incorrectly aligned pointer leading +to undefined behavior. -- MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to - object type and a pointer to a different object type. - This rule prohibits casting a pointer to object into a pointer to a - different object because it may result in an incorrectly aligned pointer, - leading to undefined behavior. Even if the casting produces a correctly - aligned pointer, the behavior may be still undefined if the pointer is - used to access an object. FreeRTOS deliberately creates external aliases - for all the kernel object types (StaticEventGroup_t, StaticQueue_t, - StaticStreamBuffer_t, StaticTimer_t and StaticTask_t) for data hiding - purposes. The internal object types and the corresponding external - aliases are guaranteed to have the same size and alignment which is - checked using configASSERT. +_Ref 11.5.1_ + - The memory blocks returned by pvPortMalloc() are guaranteed to meet the + architecture alignment requirements specified by portBYTE_ALIGNMENT. + The casting of the pointer to void returned by pvPortMalloc() is, + therefore, safe because it is guaranteed to be aligned. + +_Ref 11.5.2_ + - The conversion from a pointer to void into a pointer to EventGroup_t is + safe because it is a pointer to EventGroup_t, which is returned to the + application at the time of event group creation for data hiding + purposes. + +_Ref 11.5.3_ + - The conversion from a pointer to void in list macros for list item owner + is safe because the type of the pointer stored and retrieved is the + same. + +_Ref 11.5.4_ + - The conversion from a pointer to void into a pointer to EventGroup_t is + safe because it is a pointer to EventGroup_t, which is passed as a + parameter to the xTimerPendFunctionCallFromISR API when the callback is + pended. + +_Ref 11.5.5_ + - The conversion from a pointer to void into a pointer to uint8_t is safe + because data storage buffers are implemented as uint8_t arrays for the + ease of sizing, alignment and access. ### MISRA configuration @@ -81,10 +119,6 @@ Copy below content to `misra.conf` to run Coverity on FreeRTOS-Kernel. { deviation: "Rule 8.7", reason: "API functions are not used by the library outside of the files they are defined; however, they must be externally visible in order to be used by an application." - }, - { - deviation: "Rule 11.5", - reason: "Allow casts from `void *`. List owner, pvOwner, is stored as `void *` and are cast to various types for use in functions." } ] } |