MISRA C:2012 Dir-4.1 4.6 Code design

2791 Definite: Right hand operand of shift operator is negative or too large.

移位操作过大或者是负数

void f1(unsigned long ul, int si)
{
    if (si > 40)
    {
        ul = ul << si;                /* 2791 */
    }
}

void f2(unsigned long ul, int si)
{
    if (si < 0)
    {
        ul = ul << si;                /* 2791 */
    }
}

2845 Constant: Maximum number of characters to be written is larger than the target buffer size.

#include <string.h>

extern char a[10];
extern char b[11];

void foo (void)
{
  strncpy (a, b, sizeof (b));   /* 2845 */
}

字符数组 a 溢出了

 

2871 Infinite loop identified 无限循环

void f1(void)
{
    int i;
    int n = 5;

    for (i = 0; i < n;    )         /* 2871 */
    {

    }
}

void f2(int n)
{
    while (n <= 10)                  /* 2872 */
    {

    }
}

2877 This loop will never be executed more than once.循环不会被执行超过一次

This loop will only be executed once and so the loop mechanism is redundant. Has there been a mistake ?

void foo(void)
{
    int i;
    
    for (i = 0; i < 1; ++i)             /* 2877 */
    {
    }
    

    i = 10;

    while (i <= 10)                     /* 2877 */
    {
        ++i;
    }
    
}

7.4  Advisory Dir-4.6

typedefs that indicate size and signedness should be used in place of the basic numerical types

Amplification

The basic numerical types of char, short, int, long, long long (C99), float, double and long double (C99) should not be used, but specific-length typedefs should be used.

For C99, the types provided by <stdint.h> should be used. For C90, equivalent types should be defined and used.

A type must not be defined with a specific length unless the implemented type is actually of that length.

It is not necessary to use typedefs in the declaration of bit-fields.

For example, on a 32-bit C90 implementation the following definitions might be suitable:

   
   typedef signed   char   int8_t;
   typedef signed   short  int16_t;
   typedef signed   int    int32_t;
   typedef signed   long   int64_t;
   typedef unsigned char   uint8_t;
   typedef unsigned short  uint16_t;
   typedef unsigned int    uint32_t;
   typedef unsigned long   uint64_t;
   typedef          float  float32_t;
   typedef          double float64_t;
   typedef long     double float128_t;

例外

Exception

 

1. The basic numerical types may be used in a typedef to define a specific-length type.
2. For function "main" an int may be used rather than the typedefs as a return type. Therefore int main (void) is permitted.
3. For function "main" an int may be used rather than the typedefs for the input parameter argc.
4. For function "main" a char may be used rather than the typedefs for the input parameter argv.

Therefore int main( int argc, char *argv[] ) is permitted (C99 Section 5.1.2.2.1).

Implemented by QAC messages:

5209	Use of basic type '%s'.

 

3453 使用函数替代类似函数的宏，宏没有类型检查

#define M1(a, b, c)   ((a) + (b) + (c))       /* Message 3453 */
#define M6(A,B)       ((A)[1] + (B)[2])       /* Message 3453 */

This macro appears to be in the form of an expression and could therefore, perhaps, be replaced with a function. It is not always practical or convenient to replace function-like macros with functions; but functions are generally safer than macros because type-checking can be enforced on arguments.

Message 3453 is generated for a function-like macro which ...

• has at least one parameter
• does not contain a # or a ## operator
• does not contain { } ; or any keywords (other than type specifiers or type qualifiers)

 0883 包含文件代码未受到保护以防止重复包含

#ifndef HFILEX_H
#define HFILEX_H
...
...
#endif