It would be worth to contact Technical Support with a sample that reproduces the violation 10.3. From my side I can reproduce it only on in.scrc = pga411_crc2(in.frame); but I don't have exact prototype of function pga411_crc2(). Moreover, it would be wortht to provide Polyspace Bug Finder release used as we are improving drastically checkers at each new release.
MISRA C:2012 Rule 10.3 clarification
72 views (last 30 days)
Show older comments
Hello, I need your support on a MISRA violation using polyspace bug finder.
I tried to cast the following variables:
-in.ecbk
-in.datain
-in.stat
-in.scrc
with this lines:
in.ecbk = ((pga411_spi_frame_t*)(&Rxbuff[i]))->ecbk;
in.datain = ((pga411_spi_frame_t*)(&Rxbuff[i]))->datain;
in.stat = ((pga411_spi_frame_t*)(&Rxbuff[i]))->stat;
in.scrc = pga411_crc2(in.frame);
Since I didn't have any warning during the compilation phase with our compiler, I had a MISRA violation for 10.3 rule in polyspace:
MISRA C:2012 10.3 (Required)
The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category.
The expression (of essential type unsigned on 32 bits) is assigned to an object with a narrower essential type (unsigned on 8 bits)
I tried to solve it with this casting :
in.ecbk = (uint32)(((pga411_spi_frame_t*)(&Rxbuff[i]))->ecbk);
Anyway the violation is the same:
MISRA C:2012 10.3 (Required)
The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category.
The expression (of essential type unsigned on 32 bits) is assigned to an object with a narrower essential type (unsigned on 8 bits)
How can I solve the MISRA violation?
Thanks,
I insert more lines of code for your understanding:
static volatile uint32 Rxbuff[PGA411_REG_COUNT+1];
...
typedef union
{
/* outgoing data frame (from master to slave) */
struct
{
/* reverse order in bit-fields, starting from bit 0 */
uint32 mcrc: 6; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 reserved: 2; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 dataout: 16; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 addr: 8; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
};
/* incomming data frame (to master from slave */
struct
{
uint32 scrc: 6; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 stat: 2; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 datain: 16; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
uint32 ecbk: 8; /* polyspace MISRA2012:6.1 [Justified:Low] "Autosar types used for bit fields" */
};
/* and finaly the whole frame */
struct
{
uint32 frame;
};
} pga411_spi_frame_t;
...
static Std_ReturnType CDD_ExtResolver_Processing(void){
pga411_spi_frame_t in;
in.frame = 0x0U;
uint8 i; /*This is Index*/
uint8 process_result=CDD_ExtResolver_E_NO_ERROR;
Std_ReturnType rc=E_NOT_OK;
CDD_ExtResolver_E_element_t element_fault;
for(i = 1U; i < (PGA411_REG_COUNT+1); i++){
in.ecbk = ((pga411_spi_frame_t*)(&Rxbuff[i]))->ecbk;
in.datain = ((pga411_spi_frame_t*)(&Rxbuff[i]))->datain;
pga411_regs[i-1].real_val = (uint16)in.datain;
in.stat = ((pga411_spi_frame_t*)(&Rxbuff[i]))->stat;
in.scrc = pga411_crc2(in.frame);
...
Answers (1)
Matt Rhodes
on 19 Mar 2024
The flag for MISRA C:2012 Rule 10.3 in this context is highlighting a potential issue with implicit conversion and loss of data. The eckb field of this struct is an 8 bit element, per the bitfield definition provided.
Using a cast to uint8_t makes the conversion explicit and indicates that any narrowing is intentional, which is more in line with MISRA's guidelines for safe and portable code.
Clearly, it can be confusing with the struct field using the uint32_t specifier in this code. And it can be more confusing since uint8_t would not be an allowed type for the field itself (it is usually an unsigned char underlying, and only integer types are allowed (and _Bool since C99)). In any case, the type in the bitfield definition is only used for storage/alignment purposes - the bits allocated define the actual size. But on assignment, the size needs to be explicit, per the MISRA rule, and so uint8_t would be the appropriate cast.
0 Comments
See Also
Categories
Find more on Run Settings in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)