实例介绍
【实例简介】
MISRA C_2012 Guidelines for the use of the C language in critical systems
MISRA C: 2012 Guidelines for the use of the C language in critical systems March 2013 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I MISRA Mission statement We provide world-leading, best practice guidelines for the safe application of both embedded control systems and standalone sottware MISRA, The Motor Industry Software Reliabi ity Association, is a collaboration between manufacturers, component suppliers and engincering consu tancies which sacks to promote best practice in developing safety-re atec embedded electronic systems and other software-intensive applications To this end, MISRA publishes documents that provide accessible information for engineers and management, and holds events to permit the exchange of experiences between practitioners www.misra.org.uk Disclaimer Adherence to the requirements of this document does not in isel ensure error-free robust sc/ tware or guarantee portability and re-use cmpliance with the requirements cf this document, or any other standard, does not cf itself confer immunity from legal obligations Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Foreword Ar first signt, this third revision of the MISRA C Guidelines may seem somewhat daunting. Since it is roughly twice the size of the previous revision, one might think that it contains twice as many guidelines, and that compliance with those guidelines might take twice as much effort In fact, the increase in the number of guidelines is rclativcly madest at around 10%o Thc rcmaindcr of the in crease in size is cue to improvements in the guidance given, such as Better rationales for guidelines More precise descriptions Code examples, showing compliance and non- compliance, for most of the guidelines More detailed guidance on comp liance checking, and the deviation procedure Check ists that can be used to support a compliance statement Finally, I would like to draw attenticn to the introductory sections of the document. These not only contain practical guidance on how to use MISRA C but, at the same time, have been made more concise than their predecessors. I encourage all users to familiarize themselves with this material Steve Montgomery MA(Cantab), PhD Chairman, MISRA C Working Group Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Acknowledgements The misra consortium would like to thank the following individuals for their significant contribution to the writing of this document Dave banham Rolls-Royce plc (previously of Alstom Grid) Andrew banks Intuitive Consulting Mark Bradbury Aero Engine controls Paul Burden Programming research Ltd Mark Dawson-Butterworth Zytek Automotive Ltd Mike henne‖ LDRA Ltd Chris hills Phaedrus systems Ltd Steve Montgomery Ricardo∪KLtd Chris lapp LDRA Ltd(a so Keylevel Consultants Ltd Liz Whiting LDRA Ltd(previously of QinetiQ plc) The Misra consortium also wishes to acknowledge contributions from the following individuals during the development and review process Roberto bagnara William Forbes Voilmy laurent Koki onoda 」 chn bailey Takao Futagam Fred Long Paulo pinheiro 」 chan bezel Jim gimpel Daniel lundin Mohanraj Ragupath Gunter blache Gilles goula Gavin mccall Paul rigas Michael burke Wolfgang von Hansen Douglas Mearns Andrew scholar Andrew burnard Takahiro hashimoto Svante moller Marco sorich Paul Butler Dave Higham Frederic mondot Takuji Takuma Mirko conrad Shinya Ito Jurgen Mottck Martin Thompson David cozo∩s David Jennings Yannick Moy Takafumi wakita David crocker Peter」esty ∧| carder much David ward Greg davis Grzegorz Konopko Robert mumme Tetsuhiro yamamoto Manoi dwivedi Taneli Korhonen Tadanori Nakagawa Naoki Yoshikawa Carl edmunds Joel Kuehner Greg Newman Achim○ laf zacher Particular thanks are due to David Crocker for his significant contribution towards the development of Appendix h The descriptions of implementation-defined behaviours in appendix g have been reproduced from versions of the iso Standards published by bsi standards Limited; the text is identical to that in the ISO versions. Permission to reproduce extracts from Brit sh Standards is granted by the Bsi Standards Limited (BSl)under LiccnCc No. 2013ET0003 No other use of this material is permitted. British StandardscanbeobtainedinPdforhardcopyformatsfromtheBslonlineshopwww.bsigroup com/Shop or by contacting BSI Customer Services for hard copies ony: Tel: +44 20 8996 9001 Email:cservices@bsigroup.com Dokuwiki was used extensively during the drafting of this document. Our thanks go to all those involved in its development This document was typeset using Open Sans Open Sans is a trademark of Google and may be registered in certa in jurisdictions. Digitized data copyright o 2010-2011, Google Corporation. Licensed under the apache license, version 2.0 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Contents The vision Background to mISra C 1 The popularity of C 2.2 Disadvantages of c Tool selection 1 The C language and its compiler 3.2 Analysis tools 4 Prerequisite knowledge 4.1 Training 4.2 Understanding the compiler 4.3 Understanding the static analysis tools Adopting and using MISra C 5.1 Adoption 5.2 Software development process 2224456666888912 compliance 5. 4 Deviation procedure 5.5 Claiming compliance 6 Introduction to the guidelines 6.1 Guideline classification 13 6.2 Guideline categories 13 6.3 Organization of guidelines 14 6. 4 Redundancy in the guidelines 14 ecidabil ity of rules 6.6 Scope of analysis 6.7 Multi-organization projects 15 6.8 Automatically generated code 6.9 Presentation of guidelines 6.10 Understanding the source references 18 Directives 21 7.1 The implementation 2 compilation and build 23 7.3 Requirements traceability 23 7.4 Code design 24 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Rules 37 8.1 A standard c environment 7 8.2∪ mused code 8.3 Comments 45 8 4 Character sets and lexical conventions 46 8.5 identifiers 8.6 Types 58 8.7 Literals and constants 59 8. 8 Declarations and definitions 8.9 Initialization 75 8.10 The essential type model 81 8.11 Pointer type conversions 93 8.12 Expressions 103 8.13 Side effects 108 8.14 Control statement expressions 115 8.15 Control flow 122 8.16 Switch statements 130 8.17 Functions 136 8.18 Pointers and arrays 143 8.19 Overlapping storage 153 8.20 Preprocessing directives 155 8.21 Standard libraries 165 8.22 Resources 172 References 178 Appendix a Summary of guidelines 180 Appendix b Guideline attributes 189 Appendix Type safety issues with C 193 Appendix d Essential types 196 Appendix e Applicability to automatically generated code 202 Appendix F Process and tools checklist 205 Appendix Implementation-defined behaviour checklist 206 Appendix H Undefined and critical unspecified behaviour 210 Appendix I Example deviation record 220 Appendi」 Glossary 223 V Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 1 The vision The misra C guidelines define a subset of the c language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require or recommend, the use of a lang age subset, and this can also be used to develop any application with high integrity or high reliabil ty requirements As well as defining this subset, these MISRa C Guide ines provide Educational material for those developing C programs: Reference material for tool developers Previous editions of misra c have been based on the 1990 iso definition of c as the 1999 iso definition has now been adopted, in varying degrees, by embedded implementations it was considered that the time was right to publish a new edition of mIsRa C which recognized the 1999 iSo definition Each aspect of the guidance presented in the previous edition has been comprehensively reviewed and improved where appropriate. This third edition also incorporates material created in response to the feedback that has been provided by users of earlier editions of the Guidelines A major change in this third ed tion is the development of the second edition's conceot of underlying type into the essential type. Using the new essential type concept, it has been possible to develop a set of guidelines that bring stronger typing to the C language The vision for the third edition of misra c is therefore to Adopt the 1999 Iso definition of the C language, whilc retaining support for the older 1990 definition Correct any known issues with the second edition Add new guidelines for which there is a strong rationale Improve the specification and the rationale for cxisting guidelines Remove any guide ines for which the rationale is insufficient; Increase the number of guidelines that can be processed by static analysis tools Provide guidance on the applicability of the guidelines to automatically-generated code Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 2 Background to MIsRa C 2.1 The popularity of C The C programming language is popular because C compilers are readily avai able for many processors C programs can be compiled to efficient machine code. It is defined by an international standard It provides mechanisms to access the input/output capabil ities of the target processor, whether directly or by means of language extensions, There is a considerable body of experience with using C in critical systems, It is wide y supported by static analysis and test tools 2.2 Disadvantages of c While popular, the language has several drawbacks which are discussec in the following sub-sections 2.2.1 Language definition The iso Standard does not specify the language completely but places some aspects under the control of an implementation. This is intentional, partly because ot the desire to support many pre existing implementations for widely different target processors As a result there are areas of the language in which The behaviour is undefined The behaviour is unspecified An implementation is free to choose its own behaviour provided that it is documented A program that relies on undefined or unspecified behaviour is not necessarily guaranteed to behave in a predictable manner. A program that places excessive reliance on implementation -defined behaviour may be ditticult to port to a different target. The presence of implementation-defined behaviour may also hinder stati analysis if it is not possible to configure the analyser to handle it 2.2.2 Language misuse While c programs can be laid out in a structured and comprehensible manner, C makes it easy for programmers to write obscure code that is difficult to understand The specification of the operators makes it difficult for programming errors to be detected hy a compiler. For example, the following two fragments of code are both perfectly legal so it is impossible for a compiler to know whether cne has been mistakenly used in place of the other b)/* tests whether a and b are equal f b /* assigns b to a and tests whether a is non-zero * Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 【实例截图】
【核心代码】
MISRA C_2012 Guidelines for the use of the C language in critical systems
MISRA C: 2012 Guidelines for the use of the C language in critical systems March 2013 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I MISRA Mission statement We provide world-leading, best practice guidelines for the safe application of both embedded control systems and standalone sottware MISRA, The Motor Industry Software Reliabi ity Association, is a collaboration between manufacturers, component suppliers and engincering consu tancies which sacks to promote best practice in developing safety-re atec embedded electronic systems and other software-intensive applications To this end, MISRA publishes documents that provide accessible information for engineers and management, and holds events to permit the exchange of experiences between practitioners www.misra.org.uk Disclaimer Adherence to the requirements of this document does not in isel ensure error-free robust sc/ tware or guarantee portability and re-use cmpliance with the requirements cf this document, or any other standard, does not cf itself confer immunity from legal obligations Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Foreword Ar first signt, this third revision of the MISRA C Guidelines may seem somewhat daunting. Since it is roughly twice the size of the previous revision, one might think that it contains twice as many guidelines, and that compliance with those guidelines might take twice as much effort In fact, the increase in the number of guidelines is rclativcly madest at around 10%o Thc rcmaindcr of the in crease in size is cue to improvements in the guidance given, such as Better rationales for guidelines More precise descriptions Code examples, showing compliance and non- compliance, for most of the guidelines More detailed guidance on comp liance checking, and the deviation procedure Check ists that can be used to support a compliance statement Finally, I would like to draw attenticn to the introductory sections of the document. These not only contain practical guidance on how to use MISRA C but, at the same time, have been made more concise than their predecessors. I encourage all users to familiarize themselves with this material Steve Montgomery MA(Cantab), PhD Chairman, MISRA C Working Group Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Acknowledgements The misra consortium would like to thank the following individuals for their significant contribution to the writing of this document Dave banham Rolls-Royce plc (previously of Alstom Grid) Andrew banks Intuitive Consulting Mark Bradbury Aero Engine controls Paul Burden Programming research Ltd Mark Dawson-Butterworth Zytek Automotive Ltd Mike henne‖ LDRA Ltd Chris hills Phaedrus systems Ltd Steve Montgomery Ricardo∪KLtd Chris lapp LDRA Ltd(a so Keylevel Consultants Ltd Liz Whiting LDRA Ltd(previously of QinetiQ plc) The Misra consortium also wishes to acknowledge contributions from the following individuals during the development and review process Roberto bagnara William Forbes Voilmy laurent Koki onoda 」 chn bailey Takao Futagam Fred Long Paulo pinheiro 」 chan bezel Jim gimpel Daniel lundin Mohanraj Ragupath Gunter blache Gilles goula Gavin mccall Paul rigas Michael burke Wolfgang von Hansen Douglas Mearns Andrew scholar Andrew burnard Takahiro hashimoto Svante moller Marco sorich Paul Butler Dave Higham Frederic mondot Takuji Takuma Mirko conrad Shinya Ito Jurgen Mottck Martin Thompson David cozo∩s David Jennings Yannick Moy Takafumi wakita David crocker Peter」esty ∧| carder much David ward Greg davis Grzegorz Konopko Robert mumme Tetsuhiro yamamoto Manoi dwivedi Taneli Korhonen Tadanori Nakagawa Naoki Yoshikawa Carl edmunds Joel Kuehner Greg Newman Achim○ laf zacher Particular thanks are due to David Crocker for his significant contribution towards the development of Appendix h The descriptions of implementation-defined behaviours in appendix g have been reproduced from versions of the iso Standards published by bsi standards Limited; the text is identical to that in the ISO versions. Permission to reproduce extracts from Brit sh Standards is granted by the Bsi Standards Limited (BSl)under LiccnCc No. 2013ET0003 No other use of this material is permitted. British StandardscanbeobtainedinPdforhardcopyformatsfromtheBslonlineshopwww.bsigroup com/Shop or by contacting BSI Customer Services for hard copies ony: Tel: +44 20 8996 9001 Email:cservices@bsigroup.com Dokuwiki was used extensively during the drafting of this document. Our thanks go to all those involved in its development This document was typeset using Open Sans Open Sans is a trademark of Google and may be registered in certa in jurisdictions. Digitized data copyright o 2010-2011, Google Corporation. Licensed under the apache license, version 2.0 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Contents The vision Background to mISra C 1 The popularity of C 2.2 Disadvantages of c Tool selection 1 The C language and its compiler 3.2 Analysis tools 4 Prerequisite knowledge 4.1 Training 4.2 Understanding the compiler 4.3 Understanding the static analysis tools Adopting and using MISra C 5.1 Adoption 5.2 Software development process 2224456666888912 compliance 5. 4 Deviation procedure 5.5 Claiming compliance 6 Introduction to the guidelines 6.1 Guideline classification 13 6.2 Guideline categories 13 6.3 Organization of guidelines 14 6. 4 Redundancy in the guidelines 14 ecidabil ity of rules 6.6 Scope of analysis 6.7 Multi-organization projects 15 6.8 Automatically generated code 6.9 Presentation of guidelines 6.10 Understanding the source references 18 Directives 21 7.1 The implementation 2 compilation and build 23 7.3 Requirements traceability 23 7.4 Code design 24 Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I Rules 37 8.1 A standard c environment 7 8.2∪ mused code 8.3 Comments 45 8 4 Character sets and lexical conventions 46 8.5 identifiers 8.6 Types 58 8.7 Literals and constants 59 8. 8 Declarations and definitions 8.9 Initialization 75 8.10 The essential type model 81 8.11 Pointer type conversions 93 8.12 Expressions 103 8.13 Side effects 108 8.14 Control statement expressions 115 8.15 Control flow 122 8.16 Switch statements 130 8.17 Functions 136 8.18 Pointers and arrays 143 8.19 Overlapping storage 153 8.20 Preprocessing directives 155 8.21 Standard libraries 165 8.22 Resources 172 References 178 Appendix a Summary of guidelines 180 Appendix b Guideline attributes 189 Appendix Type safety issues with C 193 Appendix d Essential types 196 Appendix e Applicability to automatically generated code 202 Appendix F Process and tools checklist 205 Appendix Implementation-defined behaviour checklist 206 Appendix H Undefined and critical unspecified behaviour 210 Appendix I Example deviation record 220 Appendi」 Glossary 223 V Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 1 The vision The misra C guidelines define a subset of the c language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require or recommend, the use of a lang age subset, and this can also be used to develop any application with high integrity or high reliabil ty requirements As well as defining this subset, these MISRa C Guide ines provide Educational material for those developing C programs: Reference material for tool developers Previous editions of misra c have been based on the 1990 iso definition of c as the 1999 iso definition has now been adopted, in varying degrees, by embedded implementations it was considered that the time was right to publish a new edition of mIsRa C which recognized the 1999 iSo definition Each aspect of the guidance presented in the previous edition has been comprehensively reviewed and improved where appropriate. This third edition also incorporates material created in response to the feedback that has been provided by users of earlier editions of the Guidelines A major change in this third ed tion is the development of the second edition's conceot of underlying type into the essential type. Using the new essential type concept, it has been possible to develop a set of guidelines that bring stronger typing to the C language The vision for the third edition of misra c is therefore to Adopt the 1999 Iso definition of the C language, whilc retaining support for the older 1990 definition Correct any known issues with the second edition Add new guidelines for which there is a strong rationale Improve the specification and the rationale for cxisting guidelines Remove any guide ines for which the rationale is insufficient; Increase the number of guidelines that can be processed by static analysis tools Provide guidance on the applicability of the guidelines to automatically-generated code Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 2 Background to MIsRa C 2.1 The popularity of C The C programming language is popular because C compilers are readily avai able for many processors C programs can be compiled to efficient machine code. It is defined by an international standard It provides mechanisms to access the input/output capabil ities of the target processor, whether directly or by means of language extensions, There is a considerable body of experience with using C in critical systems, It is wide y supported by static analysis and test tools 2.2 Disadvantages of c While popular, the language has several drawbacks which are discussec in the following sub-sections 2.2.1 Language definition The iso Standard does not specify the language completely but places some aspects under the control of an implementation. This is intentional, partly because ot the desire to support many pre existing implementations for widely different target processors As a result there are areas of the language in which The behaviour is undefined The behaviour is unspecified An implementation is free to choose its own behaviour provided that it is documented A program that relies on undefined or unspecified behaviour is not necessarily guaranteed to behave in a predictable manner. A program that places excessive reliance on implementation -defined behaviour may be ditticult to port to a different target. The presence of implementation-defined behaviour may also hinder stati analysis if it is not possible to configure the analyser to handle it 2.2.2 Language misuse While c programs can be laid out in a structured and comprehensible manner, C makes it easy for programmers to write obscure code that is difficult to understand The specification of the operators makes it difficult for programming errors to be detected hy a compiler. For example, the following two fragments of code are both perfectly legal so it is impossible for a compiler to know whether cne has been mistakenly used in place of the other b)/* tests whether a and b are equal f b /* assigns b to a and tests whether a is non-zero * Licensed to: INtECS PAOLO PANARONI. 26 Mar 2013. Copy I of I 【实例截图】
【核心代码】
标签:
好例子网口号:伸出你的我的手 — 分享!
小贴士
感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。
- 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
- 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
- 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
- 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
关于好例子网
本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明
网友评论
我要评论