datasheets.com EBN.com EDN.com EETimes.com Embedded.com PlanetAnalog.com TechOnline.com  
Events
UBM Tech
UBM Tech

Design Article

Using MISRA C and C++ for security and reliability. Part II

Greg Davis, director of engineering, Compiler Development

8/15/2012 8:41 AM EDT

This next rule is specific to MISRA C.
. Functions shall have prototype declarations and the prototype shall be visible at both the function definition and call. (C Rule 8.1/required)

Consider the following code:



This code may look OK, but it will not work as expected with most compilers. C has some rather dangerous rules that assume that type of a function when the function has not been declared. In File2.c, GetMaxTemp is called, but never declared A conforming ANSI/ISO C compiler will assume that GetMaxTemp() returns an int. In reality, GetMaxTemp will return a double. Depending on the architecture and compiler different things will happen, but this code will rarely work the right way. MISRA C avoids this problem by forcing the user to declare functions before they are used. This rule is absent from MISRA C++ since the C++ language has long required this.

The biggest question that I have about this rule is whether it is necessary to require that a function prototype for a static function be visible at the point where the static function is defined. For example, it seems okay to define and then use a utility function like:




At the top of a file before it is ever used. Of course, the requirement that a global function be declared before it is used helps ensure that the declaration of a function matches the definition.

Next: In fact, another rule states:


Please sign in to post comment

Navigate to related information

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)