Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-08 05:43:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: import MISRA compliance spreadsheet

Browse source 
TF-A aims to comply with MISRA C:2012 Guidelines. We maintain a list of
all rules and directives and whether the project aims to comply with
them or not. A rationale is given for each deviation.

This list used to be provided as an '.ods' spreadsheet file hosted on
developer.trustedfirmware.org. This raises the following issues:

 - The list is not version-controlled under the same scheme as TF-A
   source code. This could lead to synchronization issues between the
   two.

 - The file needs to be open in a separate program, which is not as
   straightforward as reading it from TF-A documentation itself.

 - developer.trustedfirmware.org is deprecated, thus the file cannot be
   safely kept there for any longer.

To address these issues, convert the '.ods' file into a CSV (Comma
Separated Values) file, which we import into TF-A source tree itself.
Make use of Sphinx's ability to process and render CSV files as tables
to display that information directly into the Coding Guidelines
document.

Also make the following minor changes along the way:

 - Remove dead link to MISRA C:2012 Guidelines page. Replace it with a
   link to a Wikipedia page to give a bit of context to the reader.

 - We no longer use Coverity for MISRA compliance checks. Instead, we
   use ECLAIR nowadays. Reflect this in the document.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I422fdd8246f4f9c2498c1be18115408a873b86ac
This commit is contained in:
Sandrine Bailleux 2024-01-26 13:41:27 +01:00
parent 6c74b55637
commit 6c2c8528ac
3 changed files with 184 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/process/coding-guidelines.rst
View file

@ -520,5 +520,3 @@ comply with.
.. _`Procedure Call Standard for the Arm 64-bit Architecture`: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst
.. _`EditorConfig`: http://editorconfig.org/
.. _`Why the “volatile” type class should not be used`: https://www.kernel.org/doc/html/latest/process/volatile-considered-harmful.html
.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods

18
docs/process/coding-style.rst
View file

@ -47,13 +47,13 @@ missing extensions are rarely used, however, and should not pose a problem.
MISRA Compliance
----------------
TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. Coverity
Static Analysis is used to regularly generate a report of current MISRA defects
and to prevent the addition of new ones.
TF-A attempts to comply with the `MISRA C:2012 Guidelines`_. `ECLAIR` static
analysis is used to regularly generate a report of current MISRA defects and to
prevent the addition of new ones.
It is not possible for the project to follow all MISRA guidelines. We maintain
`a spreadsheet`_ that lists all rules and directives and whether we aim to
comply with them or not. A rationale is given for each deviation.
It is not possible for the project to follow all MISRA guidelines. Table 1
below lists all rules and directives and whether we aim to comply with them or
not. A rationale is given for each deviation.
.. note::
Enforcing a rule does not mean that the codebase is free of defects
@ -63,6 +63,9 @@ comply with them or not. A rationale is given for each deviation.
Third-party libraries are not considered in our MISRA analysis and we do not
intend to modify them to make them MISRA compliant.
.. csv-table:: Table 1: MISRA compliance in TF-A code base
:file: misra-compliance.csv
Indentation
-----------
@ -487,5 +490,4 @@ Existing typedefs will be retained for compatibility.
*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
.. _`Linux kernel coding style`: https://www.kernel.org/doc/html/latest/process/coding-style.html
.. _`MISRA C:2012 Guidelines`: https://www.misra.org.uk/Activities/MISRAC/tabid/160/Default.aspx
.. _`a spreadsheet`: https://developer.trustedfirmware.org/file/download/lamajxif3w7c4mpjeoo5/PHID-FILE-fp7c7acszn6vliqomyhn/MISRA-and-TF-Analysis-v1.3.ods
.. _`MISRA C:2012 Guidelines`: https://en.wikipedia.org/wiki/MISRA_C#MISRA_C:2012

174
docs/process/misra-compliance.csv Normal file
View file

@ -0,0 +1,174 @@
Seq,Dir / Rule,Number,Source,Category,Checker Enabled,Enforced,Comments
1,D,1.1,MISRA C 2012,Required,N/A,Yes,
2,D,2.1,MISRA C 2012,Required,N/A,Yes,
3,D,3.1,MISRA C 2012,Required,N/A,No,It cant be done retroactively.
4,D,4.1,MISRA C 2012,Required,N/A,Yes,
5,D,4.2,MISRA C 2012,Advisory,N/A,Yes,
6,D,4.3,MISRA C 2012,Required,Yes,Yes,
7,D,4.4,MISRA C 2012,Advisory,Yes,Yes,
8,D,4.5,MISRA C 2012,Advisory,Yes,Yes,
9,D,4.6,MISRA C 2012,Advisory,No,No,We use a mix of both. It would be too disruptive for the project to change.
10,D,4.7,MISRA C 2012,Required,Yes,Yes,
11,D,4.8,MISRA C 2012,Advisory,No,No,Fixing all instances would involve invasive changes to the codebase for no good reason.
12,D,4.9,MISRA C 2012,Advisory,No,No,"We mustnt introduce new macros unless strictly needed, but this affects assert(), INFO(), etc. It creates too much noise in the report for little gain."
13,D,4.10,MISRA C 2012,Required,Yes,Yes,
14,D,4.11,MISRA C 2012,Required,Yes,Yes,
15,D,4.12,MISRA C 2012,Required,Yes,Yes,
16,D,4.13,MISRA C 2012,Advisory,Yes,Yes,
17,D,4.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
18,R,1.1,MISRA C 2012,Required,Yes,Yes,
19,R,1.2,MISRA C 2012,Advisory,Yes,Optional,It bans __attribute__(()) and similar helpers.
20,R,1.3,MISRA C 2012,Required,N/A,Yes,
21,R,2.1,MISRA C 2012,Required,Yes,Yes,
22,R,2.2,MISRA C 2012,Required,Yes,Yes,
23,R,2.3,MISRA C 2012,Advisory,Yes,Optional,It prevents the usage of CASSERT().
24,R,2.4,MISRA C 2012,Advisory,No,No,Header files may use enumerations instead of defines to group sets of values.
25,R,2.5,MISRA C 2012,Advisory,No,No,We define many headers with macros that are unused in the project but may be used by non-upstream code or may be desirable for completeness.
26,R,2.6,MISRA C 2012,Advisory,Yes,Yes,
27,R,2.7,MISRA C 2012,Advisory,No,No,Doesn't allow for simple implementations of porting functions that don't require all parameters.
28,R,3.1,MISRA C 2012,Required,Yes,Yes,
29,R,3.2,MISRA C 2012,Required,Yes,Yes,
30,R,4.1,MISRA C 2012,Required,Yes,Yes,
31,R,4.2,MISRA C 2012,Advisory,Yes,Yes,
32,R,5.1,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
33,R,5.2,MISRA C 2012,Required,Yes,Yes,
34,R,5.3,MISRA C 2012,Required,Yes,Yes,
35,R,5.4,MISRA C 2012,Required,Yes,Yes,
36,R,5.5,MISRA C 2012,Required,Yes,Yes,
37,R,5.6,MISRA C 2012,Required,Yes,Yes,
38,R,5.7,MISRA C 2012,Required,Yes,Optional,Fixing all existing defects is problematic because of compatibility issues.
39,R,5.8,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
40,R,5.9,MISRA C 2012,Advisory,Yes,Yes,
41,R,6.1,MISRA C 2012,Required,Yes,Yes,
42,R,6.2,MISRA C 2012,Required,Yes,Yes,
43,R,7.1,MISRA C 2012,Required,Yes,Yes,
44,R,7.2,MISRA C 2012,Required,Yes,Yes,
45,R,7.3,MISRA C 2012,Required,Yes,Yes,
46,R,7.4,MISRA C 2012,Required,Yes,Yes,
47,R,8.1,MISRA C 2012,Required,Yes,Yes,
48,R,8.2,MISRA C 2012,Required,Yes,Yes,
49,R,8.3,MISRA C 2012,Required,Yes,Yes,
50,R,8.4,MISRA C 2012,Required,Yes,Yes,
51,R,8.5,MISRA C 2012,Required,Yes,Yes,
52,R,8.6,MISRA C 2012,Required,No,No,We use weak symbols that prevent us from complying with this rule.
53,R,8.7,MISRA C 2012,Advisory,No,No,"Bans pattern of declaring funcs in private header that are used/defined in separate translation units, which seems over the top."
54,R,8.8,MISRA C 2012,Required,Yes,Yes,
55,R,8.9,MISRA C 2012,Advisory,Yes,Yes,
56,R,8.10,MISRA C 2012,Required,Yes,Yes,
57,R,8.11,MISRA C 2012,Advisory,Yes,Optional,This may not be possible in some interfaces.
58,R,8.12,MISRA C 2012,Required,Yes,Yes,
59,R,8.13,MISRA C 2012,Advisory,Yes,Optional,The benefits of fixing existing code arent worth the effort.
60,R,8.14,MISRA C 2012,Required,Yes,Yes,
61,R,9.1,MISRA C 2012,Mandatory,Yes,Yes,
62,R,9.2,MISRA C 2012,Required,Yes,Yes,
63,R,9.3,MISRA C 2012,Required,Yes,Yes,
64,R,9.4,MISRA C 2012,Required,Yes,Yes,
65,R,9.5,MISRA C 2012,Required,Yes,Yes,
66,R,10.1,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
67,R,10.2,MISRA C 2012,Required,Yes,Yes,
68,R,10.3,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
69,R,10.4,MISRA C 2012,Required,Yes,Optional,Fixing existing code may be counter-productive and introduce bugs.
70,R,10.5,MISRA C 2012,Advisory,Yes,Yes,
71,R,10.6,MISRA C 2012,Required,Yes,Yes,
72,R,10.7,MISRA C 2012,Required,Yes,Yes,
73,R,10.8,MISRA C 2012,Required,Yes,Yes,
74,R,11.1,MISRA C 2012,Required,Yes,Yes,
75,R,11.2,MISRA C 2012,Required,Yes,Yes,
76,R,11.3,MISRA C 2012,Required,Yes,Yes,
77,R,11.4,MISRA C 2012,Advisory,No,No,This would be invasive for TF (e.g. in exported linker script macros). Also bans conversion from uintptr_t.
78,R,11.5,MISRA C 2012,Advisory,No,No,"This seems to preclude the pattern of using void * in interfaces to hide the real object, which we use extensively."
79,R,11.6,MISRA C 2012,Required,Yes,Optional,This is needed in several cases.
80,R,11.7,MISRA C 2012,Required,Yes,Yes,
81,R,11.8,MISRA C 2012,Required,Yes,Yes,
82,R,11.9,MISRA C 2012,Required,Yes,Yes,
83,R,12.1,MISRA C 2012,Advisory,Yes,Yes,
84,R,12.2,MISRA C 2012,Required,Yes,Yes,"This rule is fine, but there are lots of false positives in Coverity."
85,R,12.3,MISRA C 2012,Advisory,Yes,Yes,
86,R,12.4,MISRA C 2012,Advisory,Yes,Yes,
87,R,12.5,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
88,R,13.1,MISRA C 2012,Required,Yes,Yes,
89,R,13.2,MISRA C 2012,Required,Yes,Yes,
90,R,13.3,MISRA C 2012,Advisory,Yes,Yes,
91,R,13.4,MISRA C 2012,Advisory,Yes,Yes,
92,R,13.5,MISRA C 2012,Required,Yes,Yes,
93,R,13.6,MISRA C 2012,Mandatory,Yes,Yes,
94,R,14.1,MISRA C 2012,Required,Yes,Yes,
95,R,14.2,MISRA C 2012,Required,Yes,Yes,
96,R,14.3,MISRA C 2012,Required,Yes,Yes,
97,R,14.4,MISRA C 2012,Required,Yes,Yes,
98,R,15.1,MISRA C 2012,Advisory,No,No,In some cases goto may be useful for readability.
99,R,15.2,MISRA C 2012,Required,Yes,Yes,
100,R,15.3,MISRA C 2012,Required,Yes,Yes,
101,R,15.4,MISRA C 2012,Advisory,Yes,Yes,
102,R,15.5,MISRA C 2012,Advisory,No,No,This has no real value. It may make code less understandable than before.
103,R,15.6,MISRA C 2012,Required,No,No,This directly contradicts the Linux style guidelines and would require many changes. We would have to remove that rule from checkpatch.
104,R,15.7,MISRA C 2012,Required,Yes,Yes,
105,R,16.1,MISRA C 2012,Required,No,No,Cannot comply with this unless we comply with 16.3
106,R,16.2,MISRA C 2012,Required,Yes,Yes,
107,R,16.3,MISRA C 2012,Required,No,No,Returns within switch statements and fall-throughs can improve readability.
108,R,16.4,MISRA C 2012,Required,Yes,Yes,
109,R,16.5,MISRA C 2012,Required,Yes,Yes,
110,R,16.6,MISRA C 2012,Required,Yes,Yes,
111,R,16.7,MISRA C 2012,Required,Yes,Yes,
112,R,17.1,MISRA C 2012,Required,No,No,This is needed for printf.
113,R,17.2,MISRA C 2012,Required,Yes,Yes,Bans recursion. We consider it acceptable if the max depth is known.
114,R,17.3,MISRA C 2012,Mandatory,Yes,Yes,
115,R,17.4,MISRA C 2012,Mandatory,Yes,Yes,
116,R,17.5,MISRA C 2012,Advisory,Yes,Yes,
117,R,17.6,MISRA C 2012,Mandatory,Yes,Yes,
118,R,17.7,MISRA C 2012,Required,Yes,Optional,In some cases it doesnt add any value to the code (like with memset() or printf()).
119,R,17.8,MISRA C 2012,Advisory,Yes,Optional,It would make some one-line functions grow in size for no reason.
120,R,18.1,MISRA C 2012,Required,Yes,Yes,
121,R,18.2,MISRA C 2012,Required,Yes,Yes,
122,R,18.3,MISRA C 2012,Required,Yes,Yes,
123,R,18.4,MISRA C 2012,Advisory,Yes,Yes,
124,R,18.5,MISRA C 2012,Advisory,Yes,Yes,
125,R,18.6,MISRA C 2012,Required,Yes,Yes,
126,R,18.7,MISRA C 2012,Required,Yes,Yes,
127,R,18.8,MISRA C 2012,Required,Yes,Yes,
128,R,19.1,MISRA C 2012,Mandatory,Yes,Yes,
129,R,19.2,MISRA C 2012,Advisory,Yes,Optional,"Unions can be useful. We almost dont use them, so its ok."
130,R,20.1,MISRA C 2012,Advisory,Yes,Optional,In some files we have assembly-compatible includes followed by assembly-compatible definitions followed by C includes and C declarations. This is done to not have #ifdef in the include list.
131,R,20.2,MISRA C 2012,Required,Yes,Yes,
132,R,20.3,MISRA C 2012,Required,Yes,Yes,
133,R,20.4,MISRA C 2012,Required,Yes,Yes,
134,R,20.5,MISRA C 2012,Advisory,Yes,Yes,
135,R,20.6,MISRA C 2012,Required,Yes,Yes,
136,R,20.7,MISRA C 2012,Required,Yes,Yes,
137,R,20.8,MISRA C 2012,Required,Yes,Optional,We need a new configuration system to fix all defects.
138,R,20.9,MISRA C 2012,Required,Yes,Optional,"We use a mix of #if and #ifdef for boolean macros, which may raise some failures here. We should consistently use one or the other"
139,R,20.10,MISRA C 2012,Advisory,Yes,Optional,"Its good to avoid them, but they are sometimes needed."
140,R,20.11,MISRA C 2012,Required,Yes,Yes,
141,R,20.12,MISRA C 2012,Required,Yes,Yes,
142,R,20.13,MISRA C 2012,Required,Yes,Yes,
143,R,20.14,MISRA C 2012,Required,Yes,Yes,
144,R,21.1,MISRA C 2012,Required,Yes,Yes,
145,R,21.2,MISRA C 2012,Required,Yes,Yes,
146,R,21.3,MISRA C 2012,Required,Yes,Yes,
147,R,21.4,MISRA C 2012,Required,Yes,Yes,
148,R,21.5,MISRA C 2012,Required,Yes,Yes,
149,R,21.6,MISRA C 2012,Required,No,No,This bans printf.
150,R,21.7,MISRA C 2012,Required,Yes,Yes,
151,R,21.8,MISRA C 2012,Required,Yes,Yes,
152,R,21.9,MISRA C 2012,Required,Yes,Yes,
153,R,21.10,MISRA C 2012,Required,Yes,Yes,
154,R,21.11,MISRA C 2012,Required,Yes,Yes,
155,R,21.12,MISRA C 2012,Advisory,Yes,Yes,
156,R,21.13,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
157,R,21.14,MISRA C 2012 AMD-1,Required,Yes,Yes,
158,R,21.15,MISRA C 2012 AMD-1,Required,Yes,Yes,
159,R,21.16,MISRA C 2012 AMD-1,Required,Yes,Yes,
160,R,21.17,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
161,R,21.18,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
162,R,21.19,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
163,R,21.20,MISRA C 2012 AMD-1,Mandatory,Yes,Yes,
164,R,22.1,MISRA C 2012,Required,Yes,Yes,
165,R,22.2,MISRA C 2012,Mandatory,Yes,Yes,
166,R,22.3,MISRA C 2012,Required,Yes,Yes,
167,R,22.4,MISRA C 2012,Mandatory,Yes,Yes,
168,R,22.5,MISRA C 2012,Mandatory,Yes,Yes,
169,R,22.6,MISRA C 2012,Mandatory,Yes,Yes,
170,R,22.7,MISRA C 2012 AMD-1,Required,Yes,Yes,
171,R,22.8,MISRA C 2012 AMD-1,Required,Yes,Yes,
172,R,22.9,MISRA C 2012 AMD-1,Required,Yes,Yes,
173,R,22.10,MISRA C 2012 AMD-1,Required,Yes,Yes,
1 Seq Dir / Rule Number Source Category Checker Enabled Enforced Comments
2 1 D 1.1 MISRA C 2012 Required N/A Yes
3 2 D 2.1 MISRA C 2012 Required N/A Yes
4 3 D 3.1 MISRA C 2012 Required N/A No It can’t be done retroactively.
5 4 D 4.1 MISRA C 2012 Required N/A Yes
6 5 D 4.2 MISRA C 2012 Advisory N/A Yes
7 6 D 4.3 MISRA C 2012 Required Yes Yes
8 7 D 4.4 MISRA C 2012 Advisory Yes Yes
9 8 D 4.5 MISRA C 2012 Advisory Yes Yes
10 9 D 4.6 MISRA C 2012 Advisory No No We use a mix of both. It would be too disruptive for the project to change.
11 10 D 4.7 MISRA C 2012 Required Yes Yes
12 11 D 4.8 MISRA C 2012 Advisory No No Fixing all instances would involve invasive changes to the codebase for no good reason.
13 12 D 4.9 MISRA C 2012 Advisory No No We mustn’t introduce new macros unless strictly needed, but this affects assert(), INFO(), etc. It creates too much noise in the report for little gain.
14 13 D 4.10 MISRA C 2012 Required Yes Yes
15 14 D 4.11 MISRA C 2012 Required Yes Yes
16 15 D 4.12 MISRA C 2012 Required Yes Yes
17 16 D 4.13 MISRA C 2012 Advisory Yes Yes
18 17 D 4.14 MISRA C 2012 AMD-1 Required Yes Yes
19 18 R 1.1 MISRA C 2012 Required Yes Yes
20 19 R 1.2 MISRA C 2012 Advisory Yes Optional It bans __attribute__(()) and similar helpers.
21 20 R 1.3 MISRA C 2012 Required N/A Yes
22 21 R 2.1 MISRA C 2012 Required Yes Yes
23 22 R 2.2 MISRA C 2012 Required Yes Yes
24 23 R 2.3 MISRA C 2012 Advisory Yes Optional It prevents the usage of CASSERT().
25 24 R 2.4 MISRA C 2012 Advisory No No Header files may use enumerations instead of defines to group sets of values.
26 25 R 2.5 MISRA C 2012 Advisory No No We define many headers with macros that are unused in the project but may be used by non-upstream code or may be desirable for completeness.
27 26 R 2.6 MISRA C 2012 Advisory Yes Yes
28 27 R 2.7 MISRA C 2012 Advisory No No Doesn't allow for simple implementations of porting functions that don't require all parameters.
29 28 R 3.1 MISRA C 2012 Required Yes Yes
30 29 R 3.2 MISRA C 2012 Required Yes Yes
31 30 R 4.1 MISRA C 2012 Required Yes Yes
32 31 R 4.2 MISRA C 2012 Advisory Yes Yes
33 32 R 5.1 MISRA C 2012 Required No No We use weak symbols that prevent us from complying with this rule.
34 33 R 5.2 MISRA C 2012 Required Yes Yes
35 34 R 5.3 MISRA C 2012 Required Yes Yes
36 35 R 5.4 MISRA C 2012 Required Yes Yes
37 36 R 5.5 MISRA C 2012 Required Yes Yes
38 37 R 5.6 MISRA C 2012 Required Yes Yes
39 38 R 5.7 MISRA C 2012 Required Yes Optional Fixing all existing defects is problematic because of compatibility issues.
40 39 R 5.8 MISRA C 2012 Required No No We use weak symbols that prevent us from complying with this rule.
41 40 R 5.9 MISRA C 2012 Advisory Yes Yes
42 41 R 6.1 MISRA C 2012 Required Yes Yes
43 42 R 6.2 MISRA C 2012 Required Yes Yes
44 43 R 7.1 MISRA C 2012 Required Yes Yes
45 44 R 7.2 MISRA C 2012 Required Yes Yes
46 45 R 7.3 MISRA C 2012 Required Yes Yes
47 46 R 7.4 MISRA C 2012 Required Yes Yes
48 47 R 8.1 MISRA C 2012 Required Yes Yes
49 48 R 8.2 MISRA C 2012 Required Yes Yes
50 49 R 8.3 MISRA C 2012 Required Yes Yes
51 50 R 8.4 MISRA C 2012 Required Yes Yes
52 51 R 8.5 MISRA C 2012 Required Yes Yes
53 52 R 8.6 MISRA C 2012 Required No No We use weak symbols that prevent us from complying with this rule.
54 53 R 8.7 MISRA C 2012 Advisory No No Bans pattern of declaring funcs in private header that are used/defined in separate translation units, which seems over the top.
55 54 R 8.8 MISRA C 2012 Required Yes Yes
56 55 R 8.9 MISRA C 2012 Advisory Yes Yes
57 56 R 8.10 MISRA C 2012 Required Yes Yes
58 57 R 8.11 MISRA C 2012 Advisory Yes Optional This may not be possible in some interfaces.
59 58 R 8.12 MISRA C 2012 Required Yes Yes
60 59 R 8.13 MISRA C 2012 Advisory Yes Optional The benefits of fixing existing code aren’t worth the effort.
61 60 R 8.14 MISRA C 2012 Required Yes Yes
62 61 R 9.1 MISRA C 2012 Mandatory Yes Yes
63 62 R 9.2 MISRA C 2012 Required Yes Yes
64 63 R 9.3 MISRA C 2012 Required Yes Yes
65 64 R 9.4 MISRA C 2012 Required Yes Yes
66 65 R 9.5 MISRA C 2012 Required Yes Yes
67 66 R 10.1 MISRA C 2012 Required Yes Optional Fixing existing code may be counter-productive and introduce bugs.
68 67 R 10.2 MISRA C 2012 Required Yes Yes
69 68 R 10.3 MISRA C 2012 Required Yes Optional Fixing existing code may be counter-productive and introduce bugs.
70 69 R 10.4 MISRA C 2012 Required Yes Optional Fixing existing code may be counter-productive and introduce bugs.
71 70 R 10.5 MISRA C 2012 Advisory Yes Yes
72 71 R 10.6 MISRA C 2012 Required Yes Yes
73 72 R 10.7 MISRA C 2012 Required Yes Yes
74 73 R 10.8 MISRA C 2012 Required Yes Yes
75 74 R 11.1 MISRA C 2012 Required Yes Yes
76 75 R 11.2 MISRA C 2012 Required Yes Yes
77 76 R 11.3 MISRA C 2012 Required Yes Yes
78 77 R 11.4 MISRA C 2012 Advisory No No This would be invasive for TF (e.g. in exported linker script macros). Also bans conversion from uintptr_t.
79 78 R 11.5 MISRA C 2012 Advisory No No This seems to preclude the pattern of using void * in interfaces to hide the real object, which we use extensively.
80 79 R 11.6 MISRA C 2012 Required Yes Optional This is needed in several cases.
81 80 R 11.7 MISRA C 2012 Required Yes Yes
82 81 R 11.8 MISRA C 2012 Required Yes Yes
83 82 R 11.9 MISRA C 2012 Required Yes Yes
84 83 R 12.1 MISRA C 2012 Advisory Yes Yes
85 84 R 12.2 MISRA C 2012 Required Yes Yes This rule is fine, but there are lots of false positives in Coverity.
86 85 R 12.3 MISRA C 2012 Advisory Yes Yes
87 86 R 12.4 MISRA C 2012 Advisory Yes Yes
88 87 R 12.5 MISRA C 2012 AMD-1 Mandatory Yes Yes
89 88 R 13.1 MISRA C 2012 Required Yes Yes
90 89 R 13.2 MISRA C 2012 Required Yes Yes
91 90 R 13.3 MISRA C 2012 Advisory Yes Yes
92 91 R 13.4 MISRA C 2012 Advisory Yes Yes
93 92 R 13.5 MISRA C 2012 Required Yes Yes
94 93 R 13.6 MISRA C 2012 Mandatory Yes Yes
95 94 R 14.1 MISRA C 2012 Required Yes Yes
96 95 R 14.2 MISRA C 2012 Required Yes Yes
97 96 R 14.3 MISRA C 2012 Required Yes Yes
98 97 R 14.4 MISRA C 2012 Required Yes Yes
99 98 R 15.1 MISRA C 2012 Advisory No No In some cases goto may be useful for readability.
100 99 R 15.2 MISRA C 2012 Required Yes Yes
101 100 R 15.3 MISRA C 2012 Required Yes Yes
102 101 R 15.4 MISRA C 2012 Advisory Yes Yes
103 102 R 15.5 MISRA C 2012 Advisory No No This has no real value. It may make code less understandable than before.
104 103 R 15.6 MISRA C 2012 Required No No This directly contradicts the Linux style guidelines and would require many changes. We would have to remove that rule from checkpatch.
105 104 R 15.7 MISRA C 2012 Required Yes Yes
106 105 R 16.1 MISRA C 2012 Required No No Cannot comply with this unless we comply with 16.3
107 106 R 16.2 MISRA C 2012 Required Yes Yes
108 107 R 16.3 MISRA C 2012 Required No No Returns within switch statements and fall-throughs can improve readability.
109 108 R 16.4 MISRA C 2012 Required Yes Yes
110 109 R 16.5 MISRA C 2012 Required Yes Yes
111 110 R 16.6 MISRA C 2012 Required Yes Yes
112 111 R 16.7 MISRA C 2012 Required Yes Yes
113 112 R 17.1 MISRA C 2012 Required No No This is needed for printf.
114 113 R 17.2 MISRA C 2012 Required Yes Yes Bans recursion. We consider it acceptable if the max depth is known.
115 114 R 17.3 MISRA C 2012 Mandatory Yes Yes
116 115 R 17.4 MISRA C 2012 Mandatory Yes Yes
117 116 R 17.5 MISRA C 2012 Advisory Yes Yes
118 117 R 17.6 MISRA C 2012 Mandatory Yes Yes
119 118 R 17.7 MISRA C 2012 Required Yes Optional In some cases it doesn’t add any value to the code (like with memset() or printf()).
120 119 R 17.8 MISRA C 2012 Advisory Yes Optional It would make some one-line functions grow in size for no reason.
121 120 R 18.1 MISRA C 2012 Required Yes Yes
122 121 R 18.2 MISRA C 2012 Required Yes Yes
123 122 R 18.3 MISRA C 2012 Required Yes Yes
124 123 R 18.4 MISRA C 2012 Advisory Yes Yes
125 124 R 18.5 MISRA C 2012 Advisory Yes Yes
126 125 R 18.6 MISRA C 2012 Required Yes Yes
127 126 R 18.7 MISRA C 2012 Required Yes Yes
128 127 R 18.8 MISRA C 2012 Required Yes Yes
129 128 R 19.1 MISRA C 2012 Mandatory Yes Yes
130 129 R 19.2 MISRA C 2012 Advisory Yes Optional Unions can be useful. We almost don’t use them, so it’s ok.
131 130 R 20.1 MISRA C 2012 Advisory Yes Optional In some files we have assembly-compatible includes followed by assembly-compatible definitions followed by C includes and C declarations. This is done to not have #ifdef in the include list.
132 131 R 20.2 MISRA C 2012 Required Yes Yes
133 132 R 20.3 MISRA C 2012 Required Yes Yes
134 133 R 20.4 MISRA C 2012 Required Yes Yes
135 134 R 20.5 MISRA C 2012 Advisory Yes Yes
136 135 R 20.6 MISRA C 2012 Required Yes Yes
137 136 R 20.7 MISRA C 2012 Required Yes Yes
138 137 R 20.8 MISRA C 2012 Required Yes Optional We need a new configuration system to fix all defects.
139 138 R 20.9 MISRA C 2012 Required Yes Optional We use a mix of #if and #ifdef for boolean macros, which may raise some failures here. We should consistently use one or the other
140 139 R 20.10 MISRA C 2012 Advisory Yes Optional It’s good to avoid them, but they are sometimes needed.
141 140 R 20.11 MISRA C 2012 Required Yes Yes
142 141 R 20.12 MISRA C 2012 Required Yes Yes
143 142 R 20.13 MISRA C 2012 Required Yes Yes
144 143 R 20.14 MISRA C 2012 Required Yes Yes
145 144 R 21.1 MISRA C 2012 Required Yes Yes
146 145 R 21.2 MISRA C 2012 Required Yes Yes
147 146 R 21.3 MISRA C 2012 Required Yes Yes
148 147 R 21.4 MISRA C 2012 Required Yes Yes
149 148 R 21.5 MISRA C 2012 Required Yes Yes
150 149 R 21.6 MISRA C 2012 Required No No This bans printf.
151 150 R 21.7 MISRA C 2012 Required Yes Yes
152 151 R 21.8 MISRA C 2012 Required Yes Yes
153 152 R 21.9 MISRA C 2012 Required Yes Yes
154 153 R 21.10 MISRA C 2012 Required Yes Yes
155 154 R 21.11 MISRA C 2012 Required Yes Yes
156 155 R 21.12 MISRA C 2012 Advisory Yes Yes
157 156 R 21.13 MISRA C 2012 AMD-1 Mandatory Yes Yes
158 157 R 21.14 MISRA C 2012 AMD-1 Required Yes Yes
159 158 R 21.15 MISRA C 2012 AMD-1 Required Yes Yes
160 159 R 21.16 MISRA C 2012 AMD-1 Required Yes Yes
161 160 R 21.17 MISRA C 2012 AMD-1 Mandatory Yes Yes
162 161 R 21.18 MISRA C 2012 AMD-1 Mandatory Yes Yes
163 162 R 21.19 MISRA C 2012 AMD-1 Mandatory Yes Yes
164 163 R 21.20 MISRA C 2012 AMD-1 Mandatory Yes Yes
165 164 R 22.1 MISRA C 2012 Required Yes Yes
166 165 R 22.2 MISRA C 2012 Mandatory Yes Yes
167 166 R 22.3 MISRA C 2012 Required Yes Yes
168 167 R 22.4 MISRA C 2012 Mandatory Yes Yes
169 168 R 22.5 MISRA C 2012 Mandatory Yes Yes
170 169 R 22.6 MISRA C 2012 Mandatory Yes Yes
171 170 R 22.7 MISRA C 2012 AMD-1 Required Yes Yes
172 171 R 22.8 MISRA C 2012 AMD-1 Required Yes Yes
173 172 R 22.9 MISRA C 2012 AMD-1 Required Yes Yes
174 173 R 22.10 MISRA C 2012 AMD-1 Required Yes Yes