Transcription
Coverity Support for MISRA Coding StandardsFully ensure the safety,reliability, and securityof software written in Cand C OverviewSoftware is eating the world. Industries that have traditionally relied on mechanical,electronic, and analog control systems are increasingly replacing them with softwaredriven systems. For example, the average car is expected to contain 300 million lines ofcode in the next decade—up from 100 million lines of code today. But with the growthof software comes the growth of software defects—which can manifest themselvesin these systems with tangible and life-threatening consequences. More importantly,malicious actors can deliberately trigger failures for their own purposes.Highly complex industries involve many vendors and suppliers simultaneouslycontributing to the software that goes into the final product. Every participant in thissoftware supply chain must reach consensus on coding standards, defect reportingstructures, and so on. The confluence of these two factors—increasing complexity insoftware systems and longer software supply chains—creates the demand for newtools.The MISRA C and C coding standards are widely used in safety-critical industries,such as automotive, medical, military, and aerospace. The standards provide a set ofbest practices for writing C and C code, facilitating the authorship of safe, secure,and portable code. With Coverity static analysis, Synopsys provides a comprehensivesolution for MISRA standard compliance that is scalable from individual developers allthe way to complex software supply chains. synopsys.com 1
MISRA C:2004MISRA C:2004 rule coverageThe MISRA C:2004 coding standardsupports the C90 language specification.It was first released in 2004 and consistsof 142 rules: 124 required and 18 advisory.Coverity covers the entire MISRA C:2004standard.*SupportedAllPercent 71894.4%* All rules that can be checked by static analysis are supported.MISRA C:2004 contains 12 rules that are not statically checkable,so a total of 130 are implemented (out of 142).MISRA C:2004 supported rulesRuleRule nameCategorySupportedNotesRule 1.1All code shall conform to ISO/IEC 9899:1990 “Programminglanguages — C”, amended and corrected by ISO/IEC 9899/COR1:1995, ISO/IEC 9899/AMD1:1995, and ISO/IEC 9899/COR2:1996.RequiredYesRule 1.2No reliance shall be placed on undefined or unspecifiedbehaviour.RequiredNoRule 1.3Multiple compilers and/or languages shall only be used if thereis a common defined interface standard for object code towhich the languages/compilers/assemblers conform.RequiredNoThis rule is not staticallyverifiable.Rule 1.4The compiler/linker shall be checked to ensure that 31 charactersignificance and case sensitivity are supported for externalidentifiers.RequiredNoThis rule is not staticallyverifiable.Rule 1.5Floating-point implementations should comply with a definedfloating-point standard.RequiredNoThis rule is not staticallyverifiable.Rule 2.1Assembly language shall be encapsulated and isolated.RequiredYesRule 2.2Source code shall only use /* . */ style comments.RequiredYesRule 2.3The character sequence /* shall not be used within a comment.RequiredYesRule 2.4Sections of code should not be “commented out”.AdvisoryYesRule 3.1All usage of implementation-defined behaviour shall bedocumented.RequiredNoThis rule is not staticallyverifiable.Rule 3.2The character set and the corresponding encoding shall bedocumented.RequiredNoThis rule is not staticallyverifiable.Rule 3.3The implementation of integer division in the chosen compilershould be determined, documented and taken into account.AdvisoryNoThis rule is not staticallyverifiable.Rule 3.4All uses of the #pragma directive shall be documented andexplained.RequiredNoThis rule is not staticallyverifiable.Rule 3.5If it is being relied upon, the implementation defined behaviourand packing of bitfields shall be documented.RequiredNoThis rule is not staticallyverifiable.Rule 3.6All libraries used in production code shall be written to complywith the provisions of this document, and shall have beensubject to appropriate validation.RequiredNoThis rule is not staticallyverifiable.Rule 4.1Only those escape sequences that are defined in the ISO Cstandard shall be used.RequiredYesRule 4.2Trigraphs shall not be used.RequiredYes synopsys.com 2
RuleRule nameCategorySupportedRule 5.1Identifiers (internal and external) shall not rely on thesignificance of more than 31 characters.RequiredYesRule 5.2Identifiers in an inner scope shall not use the same name as anidentifier in an outer scope, and therefore hide that identifier.RequiredYesRule 5.3A typedef name shall be a unique identifier.RequiredYesRule 5.4A tag name shall be a unique identifier.RequiredYesRule 5.5No object or function identifier with static storage durationshould be reused.AdvisoryYesRule 5.6No identifier in one name space should have the same spellingas an identifier in another name space, with the exception ofstructure member and union member names.AdvisoryYesRule 5.7No identifier name should be reused.AdvisoryYesRule 6.1The plain char type shall be used only for the storage and use ofcharacter values.RequiredYesRule 6.2signed and unsigned char type shall be used only for the storageand use of numeric values.RequiredYesRule 6.3typedefs that indicate size and signedness should be used inplace of the basic numerical types.AdvisoryYesRule 6.4Bit fields shall only be defined to be of type unsigned int orsigned int.RequiredYesRule 6.5Bit fields of signed type shall be at least 2 bits long.RequiredYesRule 7.1Octal constants (other than zero) and octal escape sequencesshall not be used.RequiredYesRule 8.1Functions shall have prototype declarations and the prototypeshall be visible at both the function definition and call.RequiredYesRule 8.2Whenever an object or function is declared or defined, its typeshall be explicitly stated.RequiredYesRule 8.3For each function parameter the type given in the declarationand definition shall be identical, and the return types shall alsobe identical.RequiredYesRule 8.4If objects or functions are declared more than once their typesshall be compatible.RequiredYesRule 8.5There shall be no definitions of objects or functions in a headerfile.RequiredYesRule 8.6Functions shall be declared at file scope.RequiredYesRule 8.7Objects shall be defined at block scope if they are only accessedfrom within a single function.RequiredYesRule 8.8An external object or function shall be declared in one and onlyone file.RequiredYesRule 8.9An identifier with external linkage shall have exactly one externaldefinition.RequiredYesRule 8.10All declarations and definitions of objects or functions at filescope shall have internal linkage unless external linkage isrequired.RequiredYesRule 8.11The static storage class specifier shall be used in definitions anddeclarations of objects and functions that have internal linkage.RequiredYesRule 8.12When an array is declared with external linkage, its size shall bestated explicitly or defined implicitly by initialisation.RequiredYesRule 9.1All automatic variables shall have been assigned a value beforebeing used.RequiredYesNotes synopsys.com 3
RuleRule nameCategorySupportedRule 9.2Braces shall be used to indicate and match the structure in thenon-zero initialisation of arrays and structures.RequiredYesRule 9.3In an enumerator list, the “ ” construct shall not be used toexplicitly initialise members other than the first, unless all itemsare explicitly initialised.RequiredYesRule 10.1The value of an expression of integer type shall not be implicitlyconverted to a different underlying type if: (a) it is not aconversion to a wider integer type of the same signedness, or (b)Requiredsignedness, or the expression is complex, or (c) the expressionis not constant and is a function argument, or (d) the expressionis not constant and is a return expression.YesRule 10.2The value of an expression of floating type shall not be implicitlyconverted to a different type if: (a) it is not a conversion to awider floating type, or (b) the expression is complex, or (c) theexpression is a function argument, or (d) the expression is areturn expression.RequiredYesRule 10.3The value of a complex expression of integer type shall only becast to a type of the same signedness that is no wider than theunderlying type of the expression.RequiredYesRule 10.4The value of a complex expression of floating type shall only becast to a floating type that is narrower or of the same size.RequiredYesRule 10.5If the bitwise operators and are applied to an operand ofunderlying type unsigned char or unsigned short, the result shallbe immediately cast to the underlying type of the operand.RequiredYesRule 10.6A “U” suffix shall be applied to all constants of unsigned type.RequiredYesRule 11.1Conversions shall not be performed between a pointer to afunction and any type other than an integral type.RequiredYesRule 11.2Conversions shall not be performed between a pointer to objectand any type other than an integral type, another pointer toobject type or a pointer to void.RequiredYesRule 11.3A cast should not be performed between a pointer type and anintegral type.AdvisoryYesRule 11.4A cast should not be performed between a pointer to object typeand a different pointer to object type.AdvisoryYesRule 11.5A cast shall not be performed that removes any const or volatilequalification from the type addressed by a pointer.RequiredYesRule 12.1Limited dependence should be placed on C’s operatorprecedence rules in expressions.AdvisoryYesRule 12.2The value of an expression shall be the same under any order ofevaluation that the standard permits.RequiredYesRule 12.3The sizeof operator shall not be used on expressions thatcontain side effects.RequiredYesRule 12.4The right-hand operand of a logical && or operator shall notcontain side effects.RequiredYesRule 12.5The operands of a logical && or shall be primary‑expressions.RequiredYesRule 12.6The operands of logical operators (&&, and !) should beeffectively Boolean. Expressions that are effectively Booleanshould not be used as operands to operators other than (&&, , !, , , ! and ?:).AdvisoryYesRule 12.7Bitwise operators shall not be applied to operands whoseunderlying type is signed.RequiredYesNotes synopsys.com 4
RuleRule nameRule 12.8The right-hand operand of a shift operator shall lie between zeroand one less than the width in bits of the underlying type of theleft-hand operand.RequiredYesRule 12.9The unary minus operator shall not be applied to an expressionwhose underlying type is unsigned.RequiredYesRequiredYesRule 12.10 The comma operator shall not be used.CategorySupportedRule 12.11Evaluation of constant unsigned integer expressions should notlead to wrap-around.AdvisoryYesRule 12.12The underlying bit representations of floating-point values shallnot be used.RequiredYesRule 12.13The increment ( ) and decrement (- -) operators should not bemixed with other operators in an expression.AdvisoryYesRule 13.1Assignment operators shall not be used in expressions that yieldRequireda Boolean value.YesRule 13.2Tests of a value against zero should be made explicit, unless theoperand is effectively Boolean.AdvisoryYesRule 13.3Floating-point expressions shall not be tested for equality orinequality.RequiredYesRule 13.4The controlling expression of a for statement shall not containany objects of floating type.RequiredYesRule 13.5The three expressions of a for statement shall be concernedonly with loop control.RequiredYesRule 13.6Numeric variables being used within a for loop for iterationcounting shall not be modified in the body of the loop.RequiredYesRule 13.7Boolean operations whose results are invariant shall not bepermitted.RequiredYesRule 14.1There shall be no unreachable code.RequiredYesRule 14.2All non-null statements shall either: (a) have at least one sideeffect however executed, or (b) cause control flow to change.RequiredYesRule 14.3Before preprocessing, a null statement shall only occur on aline by itself; it may be followed by a comment provided thatthe first character following the null statement is a white-spacecharacter.RequiredYesRule 14.4The goto statement shall not be used.RequiredYesRule 14.5The continue statement shall not be used.RequiredYesRule 14.6For any iteration statement there shall be at most one breakstatement used for loop termination.RequiredYesRule 14.7A function shall have a single point of exit at the end of thefunction.RequiredYesRule 14.8The statement forming the body of a switch, while, do . while orfor statement shall be a compound statement.RequiredYesRule 14.9An if (expression) construct shall be followed by a compoundstatement. The else keyword shall be followed by either acompound statement, or another if statement.RequiredYesRule 14.10 All if . else if constructs shall be terminated with an else clause.RequiredYesRule 15.0The MISRA C switch syntax shall be used.RequiredYesRule 15.1A switch label shall only be used when the most closelyenclosing compound statement is the body of a switchstatement.RequiredYesRule 15.2An unconditional break statement shall terminate every nonempty switch clause.RequiredYesNotes synopsys.com 5
RuleRule nameCategorySupportedRule 15.3The final clause of a switch statement shall be the defaultclause.RequiredYesRule 15.4A switch expression shall not represent a value that is effectivelyBoolean.RequiredYesRule 15.5Every switch statement shall have at least one case clause.RequiredYesRule 16.1Functions shall not be defined with a variable number ofarguments.RequiredYesRule 16.2Functions shall not call themselves, either directly or indirectly.RequiredYesRule 16.3Identifiers shall be given for all of the parameters in a functionprototype declaration.RequiredYesRule 16.4The identifiers used in the declaration and definition of afunction shall be identical.RequiredYesRule 16.5Functions with no parameters shall be declared and defined withRequiredthe parameter list void.YesRule 16.6The number of arguments passed to a function shall match thenumber of parameters.RequiredYesRule 16.7A pointer parameter in a function prototype should be declaredas pointer to const if the pointer is not used to modify theaddressed object.RequiredYesRule 16.8All exit paths from a function with non-void return type shallhave an explicit return statement with an expression.RequiredYesRule 16.9A function identifier shall only be used with either a preceding &,or with a parenthesised parameter list, which may be empty.RequiredYesRule 16.10If a function returns error information, then that errorinformation shall be tested.RequiredYesRule 17.1Pointer arithmetic shall only be applied to pointers that addressan array or array element.RequiredYesRule 17.2Pointer subtraction shall only be applied to pointers that addresselements of the same array.RequiredYesRule 17.3 , , , shall not be applied to pointer types exceptwhere they point to the same array.RequiredYesRule 17.4Array indexing shall be the only allowed form of pointerarithmetic.RequiredYesRule 17.5The declaration of objects should contain no more than 2 levelsof pointer indirection.AdvisoryYesRule 17.6The address of an object with automatic storage shall not beassigned to another object that may persist after the first objecthas ceased to exist.RequiredYesRule 18.1All structure and union types shall be complete at the end of atranslation unit.RequiredYesRule 18.2An object shall not be assigned to an overlapping object.RequiredYesRule 18.3An area of memory shall not be reused for unrelated purposes.RequiredNoRule 18.4Unions shall not be used.RequiredYesRule 19.1#include statements in a file should only be preceded by otherpreprocessor directives or comments.AdvisoryYesRule 19.2Non-standard characters should not occur in header file namesin #include directives.AdvisoryYesRule 19.3The #include directive shall be followed by either a filename or″filename″ sequence.RequiredYesNotesThis rule is not staticallyverifiable. synopsys.com 6
RuleRule 19.4Rule nameC macros shall only expand to a braced initialiser, a constant,a string literal, a parenthesised expression, a type qualifier, astorage class specifier, or a do-while-zero construct.CategoryRequiredSupportedYesRule 19.5Macros shall not be #define’d or #undef’d within a block.RequiredYesRule 19.6#undef shall not be used.RequiredYesRule 19.7A function should be used in preference to a function-like macro. AdvisoryYesRule 19.8A function-like macro shall not be invoked without all of itsarguments.RequiredYesRule 19.9Arguments to a function-like macro shall not contain tokens thatlook like preprocessing directives.RequiredYesIn the definition of a function-like macro each instance of aRule 19.10 parameter shall be enclosed in parentheses unless it is used asthe operand of # or ##.RequiredYesAll macro identifiers in preprocessor directives shall be definedRule 19.11 before use, except in #ifdef and #ifndef preprocessor directivesand the defined() operator.RequiredYesRequiredYesAdvisoryYesRule 19.12There shall be at most one occurrence of the # or ## operatorsin a single macro definition.Rule 19.13 The # and ## operators should not be used.Rule 19.14The defined preprocessor operator shall only be used in one ofthe two standard forms.RequiredYesRule 19.15Precautions shall be taken in order to prevent the contents of aheader file being included twice.RequiredYesRule 19.16Preprocessing directives shall be syntactically meaningful evenwhen excluded by the preprocessor.RequiredYesRequiredYesAll #else, #elif and #endif preprocessor directives shall resideRule 19.17 in the same file as the #if or #ifdef directive to which they arerelated.Rule 20.1Reserved identifiers, macros and functions in the standardlibrary, shall not be defined, redefined or undefined.RequiredYesRule 20.2The names of standard library macros, objects and functionsshall not be reused.RequiredYesRule 20.3The validity of values passed to library functions shall bechecked.RequiredYesRule 20.4Dynamic heap memory allocation shall not be used.RequiredYesRule 20.5The error indicator errno shall not be used.RequiredYesRule 20.6The macro offsetof, in library stddef.h , shall not be used.RequiredYesRule 20.7The setjmp macro and the longjmp function shall not be used.RequiredYesRule 20.8The signal handling facilities of signal.h shall not be used.RequiredYesRule 20.9The input/output library stdio.h shall not be used in productionRequiredcode.YesRule 20.10The library functions atof, atoi and atol from library stdlib.h shall not be used.RequiredYesRule 20.11The library functions abort, exit, getenv and system from library stdlib.h shall not be used.RequiredYesRule 20.12 The time handling functions of library time.h shall not be used. RequiredYesRule 21.1Minimisation of run-time failures shall be ensured by the use ofat least one of (a) static analysis tools/techniques; (b) dynamicRequiredanalysis tools/techniques; (c) explicit coding of checks to handlerun-time faults.NotesNoNo checker, but successfulanalysis run confirmscompliance. synopsys.com 7
MISRA C :2008MISRA C :2008 rule coverageThe MISRA C :2008 coding standardsupports the C programming languageas defined by the C 03 languagespecification. It was first released inJune 2008 and consists of 228 rules: 198required, 18 advisory, and 12 document.Coverity covers the full MISRA C :2008standard.**SupportedAllPercent 818100.0%Document0120.0%* All rules that can be checked by static analysis are supported.MISRA C :2008 contains 14 rules that are not staticallycheckable, so a total of 214 are implemented (out of 228).MISRA C :2008 supported rulesRuleRule nameCategorySupportedNotesRule 0-1-1A project shall not contain unreachable code.RequiredYesRule 0-1-2A project shall not contain infeasible paths.RequiredYesRule 0-1-3A project shall not contain unused variables.RequiredYesRule 0-1-4A project shall not contain non-volatile POD variables having onlyone use.RequiredYesRule 0-1-5A project shall not contain unused type declarations.RequiredYesRule 0-1-6A project shall not contain instances of non-volatile variablesbeing given values that are never subsequently used.RequiredYesRule 0-1-7The value returned by a function having a non-void return typethat is not an overloaded operator shall always be used.RequiredYesRule 0-1-8All functions with void return type shall have external sideeffect(s).RequiredYesRule 0-1-9There shall be no dead code.RequiredYesRule 0-110Every defined function shall be called at least once.RequiredYesRule 0-111There shall be no unused parameters (named or unnamed) innon-virtual functions.RequiredYesRule 0-112There shall be no unused parameters (named or unnamed) inthe set of parameters for a virtual function and all the functionsthat override it.RequiredYesRule 0-2-1An object shall not be assigned to an overlapping object.RequiredYesRule 0-3-1Minimization of run-time failures shall be ensured by the use ofat least one of: (a) static analysis tools/techniques; (b) dynamicanalysis tools/techniques; (c) explicit coding of checks to handlerun-time faults.DocumentNoRule 0-3-2If a function generates error information, then that errorinformation shall be tested.RequiredYesRule 0-4-1Use of scaled-integer or fixed-point arithmetic shall bedocumented.DocumentNoDocumentation cannot beprogrammatically analyzed.NoCompiler and librarybehaviors in regard tofloating-point arithmeticsare out of the scope ofstatic analysis.Rule 0-4-2Use of floating-point arithmetic shall be documented.DocumentStatic analysis cannotdetermine whether thecode was written inaccordance to a particulardevelopment process. synopsys.com 8
RuleRule nameCategorySupportedNotesCompiler and librarybehaviors in regard tofloating-point arithmeticsare out of the scope ofstatic analysis.Rule 0-4-3Floating-point implementations shall comply with a definedfloating-point standard.DocumentNoRule 1-0-1All code shall conform to ISO/IEC 14882:2003 “The C Standard Incorporating Technical Corrigendum 1”.RequiredNoRule 1-0-2Multiple compilers shall only be used if they have a common,defined interface.DocumentNoCompiler and linkerbehaviors are out of thescope of static analysis.Rule 1-0-3The implementation of integer division in the chosen compilershall be determined and documented.DocumentNoDocumentation cannot beprogrammatically analyzed.Rule 2-2-1The character set and the corresponding encoding shall bedocumented.DocumentNoDocumentation cannot beprogrammatically analyzed.Rule 2-3-1Trigraphs shall not be used.RequiredYesRule 2-5-1Digraphs should not be used.AdvisoryYesRule 2-7-1The character sequence /* shall not be used within a C-stylecomment.RequiredYesRule 2-7-2Sections of code shall not be “commented out” using C-stylecomments.RequiredYesRule 2-7-3Sections of code should not be “commented out” using C comments.AdvisoryYesRule2-10-1Different identifiers shall be typographically unambiguous.RequiredYesRule2-10-2Identifiers declared in an inner scope shall not hide an identifierdeclared in an outer scope.RequiredYesRule2-10-3A typedef name (including qualification, if any) shall be a uniqueidentifier.RequiredYesRule2-10-4A class, union or enum name (including qualification, if any) shallbe a unique identifier.RequiredYesRule2-10-5The identifier name of a non-member object or function withstatic storage duration should not be reused.AdvisoryYesRule2-10-6If an identifier refers to a type, it shall not also refer to an objector a function in the same scope.RequiredYesRule2-13-1Only those escape sequences that are defined in ISO/IEC14882:2003 shall be used.RequiredYesRule2-13-2Octal constants (other than zero) and octal escape sequences(other than “\0”) shall not be used.RequiredYesRule2-13-3A “U” suffix shall be applied to all octal or hexadecimal integerliterals of unsigned type.RequiredYesRule2-13-4Literal suffixes shall be upper case.RequiredYesRule2-13-5Narrow and wide string literals shall not be concatenated.RequiredYesRule 3-1-1It shall be possible to include any header file in multipletranslation units without violating the One Definition Rule.RequiredYesRule 3-1-2Functions shall not be declared at block scope.RequiredYesRule 3-1-3When an array is declared, its size shall either be stated explicitlyor defined implicitly by initialization.RequiredYesRule 3-2-1All declarations of an object or function shall have compatibletypes.RequiredYes synopsys.com 9
RuleRule nameCategorySupportedRule 3-2-2The One Definition Rule shall not be violated.RequiredYesRule 3-2-3A type, object or function that is used in multiple translationunits shall be declared in one and only one file.RequiredYesRule 3-2-4An identifier with external linkage shall have exactly onedefinition.RequiredYesRule 3-3-1Objects or functions with external linkage shall be declared in aheader file.RequiredYesRule 3-3-2If a function has internal linkage then all re-declarations shallinclude the static storage class specifier.RequiredYesRule 3-4-1An identifier declared to be an object or type shall be defined in ablock that minimizes its visibility.RequiredYesRule 3-9-1The types used for an object, a function return type, or a functionparameter shall be token-for-token identical in all declarationsRequiredand re-declarations.YesRule 3-9-2typedefs that indicate size and signedness should be used inplace of the basic numerical types.AdvisoryYesRule 3-9-3The underlying bit representations of floating-point values shallnot be used.RequiredYesRule 4-5-1Expressions with type bool shall not be used as operands tobuilt-in operators other than the assignment operator , thelogical operators &&, , !, the equality operators and! , the unary & operator, and the conditional operator.RequiredYesRule 4-5-2Expressions with type enum shall not be used as operands tobuilt-in operators other than the subscript operator [ ], theassignment operator , the equality operators and ! , theunary & operator, and the relational operators , , , .RequiredYesRule 4-5-3Expressions with type (plain) char and wchar t shall not be usedas operands to built-in operators other than the assignmentoperator , the equality operators and ! , and the unary &operator.RequiredYesRule4-10-1NULL shall not be used as an integer value.RequiredYesRule4-10-2Literal zero (0) shall not be used as the null-pointer-constant.RequiredYesRule 5-0-1The value of an expression shall be the same under any order ofevaluation that the standard permits.RequiredYesRule 5-0-2Limited dependence should be placed on C operatorprecedence rules in expressions.AdvisoryYesRule 5-0-3A cvalue expression shall not be implicitly converted to adifferent underlying type.RequiredYesRule 5-0-4An implicit integral conversion shall not change the signednessof the underlying type.RequiredYesRule 5-0-5There shall be no implicit floating-integral conversions.RequiredYesRule 5-0-6An implicit integral or floating-point conversion shall not reducethe size of the underlying type.RequiredYesRule 5-0-7There shall be no explicit floating-integral conversions of a cvalueRequiredexpression.YesRule 5-0-8An explicit integral or floating-point conversion shall not increaseRequiredthe size of the underlying type of a cvalue expression.YesRule 5-0-9An explicit integral conversion shall not change the signednessof the underlying type of a cvalue expression.YesRequiredNotes synopsys.com 10
RuleRule nameCategorySupportedRule 5-010If the bitwise operators and are applied to an operand withan underlying type of unsigned char or unsigned short, the resultshall be immediately cast to the underlying type of the operand.RequiredYesRule 5-011The plain char type shall only be used for the storage and use ofcharacter values.RequiredYesRule 5-012signed char and unsigned char type shall only be used for thestorage and use of numeric values.RequiredYesRule 5-013The condition of an if-statement and the condition of an iterationstatement shall have type bool.RequiredYesRule 5-014The first operand of a conditional-operator shall have type bool.RequiredYesRule 5-015Array indexing shall be the only form of pointer arithmetic.RequiredYesRule 5-016A pointer operand and any pointer resulting from pointerarithmetic using that operand shall both address elements ofthe same array.RequiredYesRule 5-017Subtraction between pointers shall only be applied to pointersthat address elements of the same array.RequiredYesRule 5-018 , , , shall not be applied to objects of pointer type,except where they point to the same array.RequiredYesRule 5-019The declaration of objects shall contain no more than two levelsof pointer indirection.RequiredYesRule 5-020Non-constant operands to a binary bitwise operator shall havethe same underlying type.RequiredYesRule 5-021Bitwise operators shall only be applied to operands of unsignedunderlying type.RequiredYesRule 5-2-1Each operand of a logical && or shall be a postfix-expression.RequiredYesRule 5-2-2A pointer to a virtual base class shall only be cast to a pointer toa derived class by means of dynamic cast.RequiredYesRule 5-2-3Casts from a base class to a derived class should not beperformed on polymorphic types.AdvisoryYesRule 5-2-4C-style casts (other than void casts) and functional notationcasts (other than explicit constructor calls) shall not be used.RequiredYesRule 5-2-5A cast shall not remove any const or volatile qualification fromthe type of a pointer or reference.RequiredYesRule 5-2-6A cast shall not convert a pointer to a function to any otherpointer type, including a pointer to function type.RequiredYesRule 5-2-7An object with pointer type shall not be converted to anunrelated pointer type, either directly or indirectly.RequiredYesRule 5-2-8An object with integer type or pointer to void type shall not beconverted to an object with
The MISRA C and C coding standards are widely used in safety-critical industries, such as automotive, medical, military, and aerospace. The standards provide a set of best practices for writing C and C code, facilitating the authorship of safe, secure, and portable code. With Coverity static analysis, Synopsys provides a comprehensive
