Main Content

MISRA C:2012 Rule 17.9

A function declared with a _Noreturn function specifier shall not return to its caller

Since R2024a

expand all in page

Description

Rule Definition

A function declared with a _Noreturn function specifier shall not return to its caller.

This rule comes from MISRA C™: 2012 Amendment 3.

Rationale

A function declared with a _Noreturn specifier is not supposed to return to its caller. If there is a return path from this function to its caller, it typically indicates an error in the program control flow, and can result in undefined behavior.

Polyspace Implementation

The rule checker reports a violation if a function is declared with a _Noreturn specifier but has a return path to its caller.

This checker reports a rule violation only if you specify the C language standard as C11 or later for the Bug Finder analysis. For more information, see C standard version (-c-version).

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

In this example:

  • The function checkID() is declared with a _Noreturn specifier but can return to its caller if the argument ID is greater than or equal to 0. Therefore, the function violates the rule.

  • The function verifyID() has the same body, but is not declare with a _Noreturn specifier and does not violate the rule.

#include <stdlib.h>

_Noreturn void checkID(int32_t ID) // Noncompliant
{
    if (ID < 0)
    {
        abort();
    }
}


void verifyID(int32_t ID) // Compliant
{
    if (ID < 0)
    {
        abort();
    }
}

Check Information

Group: Functions
Category: Mandatory
AGC Category: Mandatory

Version History

Introduced in R2024a

See Also

| |

Topics