Using MISRA C and C++ for security and reliability. Part II

The final two rules that I will survey are perhaps the most controversial.
. Dynamic heap memory allocation shall not be used. (C Rule 20.4/C++ Rule 18-4-1/Required)

. Functions shall not call themselves, either directly or indirectly. (C Rule 16.2/C++ Rule 7-5-4/Required under MISRA C, Advisory under MISRA C++)

One problem with dynamic memory is that it needs to be used carefully in order to avoid memory leaks that could cause a system to run out of memory. Also, since implementations of malloc() may vary, heap fragmentation may not be the same between different toolchains.

Likewise, recursion needs to be used carefully or otherwise a system could easily exceed the amount of available stack space.

Part One introduced MISRA and the taxonomy of rules
Part Three will be about applying MISRA C and C++

----------------------
If you found this article to be of interest, visit Military/Aerospace Designline where you will find the latest and greatest design, technology, product, and news articles with regard to all aspects of military, defense and aerospace. And, to register to our weekly newsletter, click here.