MISRA C:2012 Compliance Summary Tables
MathWorks® evaluates C code generated by Embedded Coder® from Simulink® models and Stateflow® charts against the MISRA™ C:2012 coding standards. The results from this effort are available in these compliance summary tables. These tables also identify methods used to obtain compliance and describe ways in which generated code can deviate from compliance:
Compliant - Compliance with the rule or directive is achieved through adherence to the code generation process, modeling recommendations, or Model Advisor checks. When applicable, the tables list explanatory notes that provide information relevant to compliance methods or actions that you can perform to satisfy the directive or rule.
Deviation - The rule or directive is not compliant.
You can use these tables when preparing the MISRA C:2012 compliance statement for your project, as required by section 5.3 of the MISRA C:2012 Guidelines for the Use of C Language in Critical Systems document. These tables align with the published MISRA C:2012 Main Document, MISRA C:2012 Amendment 1, MISRA C:2012 Amendment 2, and MISRA C:2012 Amendment 3. The tables do not include MISRA C:2012 Amendment 4 because Embedded Coder does not generate code that includes multithreading and atomic operations.
The categories in the table are based on Appendix E of the MISRA C:2012 guidelines, identified for automatically generated code. They can be used for mandatory and required categories only (not for advisory and readability categories).
Note
The generated code from Embedded Coder is compliant with a large subset of these coding guidelines. The noncompliant status of a rule or directive in these tables does not come under mandatory and required categories identified for automatically generated code. The evaluation does not include user-defined functions.
The Implementation
Compilation and Build
Requirements Traceability
Code Design
| Directivea, b | Descriptionc | Category | Compliance |
|---|---|---|---|
| Dir 4.1 | Run-time failures shall be minimized. | Required | Compliant:
|
| Dir 4.3 | Assembly language shall be encapsulated and isolated. | Required | Compliant:
|
| Dir 4.6 | typedefs that indicate size and signedness should be used in place of the basic numerical types. | Advisory | Not Applicable. |
| Dir 4.7d | If a function returns error information, then that error information shall be tested. | Required | Compliant:
Deviation:
|
| Dir 4.10 | Precautions shall be taken in order to prevent the contents of a header file being included more than once. | Required | Compliant |
| Dir 4.11 | The validity of values passed to library functions shall be checked. | Required | Compliant:
|
| Dir 4.12 | Dynamic memory allocation shall not be used. | Required | Compliant:
|
| Dir 4.14 | The validity of values received from external sources shall be checked. | Required | Compliant |
| Dir 4.15 | Evaluation of floating-point expressions shall not lead to the undetected generation of infinities and NaNs. | Required | Compliant |
a Directive 4.14 is from MISRA Amendment 1. b Directive 4.15 is from MISRA Amendment 3. c Copyright © The MISRA Consortium Limited, 2022. d Polyspace® Bug Finder™ might report a violation of Directive 4.7 for user-defined functions when there is no knowledge about whether the return value contains error information. | |||
Standard C Environment
| Rulea, b | Descriptionc | Category | Compliance |
|---|---|---|---|
| 1.1 | The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation's translation limits. | Required | Compliant |
| 1.3 | There shall be no occurrence of undefined or critical unspecified behaviour. | Required | Compliant |
| 1.4 | Emergent language features shall not be used. | Required | Compliant |
| 1.5 | Obsolescent language features shall not be used. | Required | Noncompliant |
a Rule 1.4 is from MISRA Amendment 2. b Rule 1.5 is from MISRA Amendment 3. c Copyright © The MISRA Consortium Limited, 2022. | |||
Unused Code
Comments
Character Sets and Lexical Conventions
Identifiers
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 5.1 | External identifiers shall be distinct. | Required | Compliant:
|
| 5.2 | Identifiers declared in the same scope and name space shall be distinct. | Required | Compliant:
|
| 5.3 | An identifier declared in an inner scope shall not hide an identifier declared in an outer scope. | Advisory | Noncompliant |
| 5.4 | Macro identifiers shall be distinct. | Required | Compliant:
|
| 5.5 | Identifiers shall be distinct from macro names. | Required | Compliant:
|
| 5.6 | A typedef name shall be a unique identifier. | Required | Compliant:
|
| 5.7 | A tag name shall be a unique identifier. | Required | Compliant:
|
| 5.8 | Identifiers that define objects or functions with external linkage shall be unique. | Required | Compliant:
|
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 5.3 as Required for manually generated code. | |||
Types
| Rulea | Descriptionb | Category | Compliance |
|---|---|---|---|
| 6.1 | Bit-fields shall only be declared with an appropriate type. | Required | Compliant:
|
| 6.2 | Single-bit named bit-fields shall not be of a signed type. | Required | Compliant:
|
| 6.3 | A bit field shall not be declared as a member of a union. | Required | Compliant |
a Rule 6.3 is from MISRA Amendment 3. b Copyright © The MISRA Consortium Limited, 2022. | |||
Literals and Constants
| Rulea | Descriptionb | Categoryc | Compliance |
|---|---|---|---|
| 7.1 | Octal constants shall not be used. | Advisory | Compliant |
| 7.2 | A "u" or "U" suffix shall be applied to all integer constants that are represented in an unsigned type. | Readability | Compliant |
| 7.3 | The lowercase character "l" shall not be used in a literal suffix. | Readability | Compliant |
| 7.4 | A string literal shall not be assigned to an object unless the object's type is "pointer to const-qualified char". | Required | Compliant |
| 7.5 | The argument of an integer constant macro shall have an appropriate form. | Mandatory | Compliant |
a Rule 7.5 is from MISRA Amendment 3. b Copyright © The MISRA Consortium Limited, 2022. c Guideline identifies Rules 7.1, 7.2, and 7.3 as Required for manually generated code. | |||
Declarations and Definitions
| Rulea | Descriptionb | Categoryc | Compliance |
|---|---|---|---|
| 8.1 | Types shall be explicitly specified. | Required | Compliant |
| 8.2 | Function types shall be in prototype form with named parameters. | Required | Compliant:
|
| 8.3 | All declarations of an object or function shall use the same names and type qualifiers. | Required | Compliant |
| 8.4 | A compatible declaration shall be visible when an object or function with external linkage is defined. | Advisory | Noncompliant |
| 8.5 | An external object or function shall be declared once in one and only one file. | Advisory | Noncompliant |
| 8.6 | An identifier with external linkage shall have exactly one external definition. | Required | Compliant |
| 8.8 | The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage. | Required | Compliant |
| 8.10 | An inline function shall be declared with the static storage class. | Required | Compliant |
| 8.12 | Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique. | Required | Compliant:
|
| 8.14 | The restrict type qualifier shall not be used. | Advisory | Compliant |
| 8.15 | All declarations of an object with an explicit alignment specification shall specify the same alignment. | Required | Compliant |
a Rule 8.15 is from MISRA Amendment 3. b Copyright © The MISRA Consortium Limited, 2022. c Guideline identifies Rule 8.4, 8.5, and 8.14 as Required for manually generated code. | |||
Initialization
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 9.1 | The value of an object with automatic storage duration shall not be read before it has been set. | Mandatory | Compliant:
|
| 9.2 | The initializer for an aggregate or union shall be enclosed in braces. | Readability | Noncompliant |
| 9.3 | Arrays shall not be partially initialized. | Readability | Noncompliant |
| 9.4 | An element of an object shall not be initialized more than once. | Required | Compliant |
| 9.5 | Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly. | Readability | Compliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 9.2, 9.3, and 9.5 as Required for manually generated code. | |||
The Essential Type Model
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 10.1 | Operands shall not be of an inappropriate essential type. | Advisory | Noncompliant
|
| 10.2 | Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations. | Advisory | Compliant |
| 10.3 | The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category. | Advisory | Compliant
|
| 10.4 | Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category. | Advisory | Noncompliant
|
| 10.6 | The value of a composite expression shall not be assigned to an object with wider essential type. | Advisory | Noncompliant |
| 10.7 | If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type. | Advisory | Noncompliant |
| 10.8 | The value of a composite expression shall not be cast to a different essential type category or a wider essential type. | Advisory | Noncompliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 10.1, 10.2, 10.3, 10.4, 10.6, 10.7, and 10.8 as Required for manually generated code. | |||
Pointer Type Conversion
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 11.1 | Conversions shall not be performed between a pointer to a function and any other type. | Required | Compliant |
| 11.2 | Conversions shall not be performed between a pointer to an incomplete type and any other type. | Required | Compliant |
| 11.3 | A cast shall not be performed between a pointer to object type and a pointer to a different object type. | Required | Compliant:
|
| 11.6 | A cast shall not be performed between pointer to void and an arithmetic type. | Required | Compliant |
| 11.7 | A cast shall not be performed between pointer to object and a non-integer arithmetic type. | Required | Compliant |
| 11.8 | A cast shall not remove any const or volatile qualification from the type pointed to by a pointer. | Required | Compliant:
|
| 11.9 | The macro NULL shall be the only permitted form of
integer null pointer constant. | Readability | Noncompliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 11.9 as Required for manually generated code. | |||
Expressions
| Rulea | Descriptionb | Category | Compliance |
|---|---|---|---|
| 12.2 | The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand. | Required | Compliant:
|
| 12.5 | The sizeof operator shall not have an operand which is a function parameter declared as "array of type". | Mandatory | Compliant |
a Rule 12.5 is from MISRA Amendment 1. b Copyright © The MISRA Consortium Limited, 2022. | |||
Side Effects
| Rule | Descriptiona | Category | Compliance |
|---|---|---|---|
| 13.1 | Initializer lists shall not contain persistent side effects. | Required | Compliant |
| 13.2 | The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders. | Required | Compliant:
|
| 13.5 | The right hand operand of a logical && or
|| operator shall not contain persistent side
effects. | Required | Compliant:
Deviation:
|
| 13.6 | The operand of the sizeof operator shall not contain any expression which has potential side effects. | Required | Compliant |
a Copyright © The MISRA Consortium Limited, 2022. | |||
Control Statement Expressions
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 14.1 | A loop counter shall not have essentially floating type. | Advisory | Noncompliant |
| 14.2 | A for loop shall be well-formed. | Readability | Compliant:
|
| 14.3 | Controlling expressions shall not be invariant. | Required | Compliant:
|
| 14.4 | The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type. | Advisory | Noncompliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 14.1, 14.2, and 14.4 as Required for manually generated code. | |||
Control Flow
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 15.2 | The goto statement shall jump to a label declared later in the same function. | Advisory | Compliant |
| 15.3 | Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement. | Advisory | Compliant |
| 15.6 | The body of an iteration-statement or a selection-statement shall be a compound-statement. | Required | Compliant |
| 15.7 | All if ... else if constructs shall be terminated with an else statement. | Readability | Compliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 15.2, 15.3, and 15.7 as Required for manually generated code. | |||
Switch Statements
| Rule | Descriptiona | Categoryb | Compliance |
|---|---|---|---|
| 16.1 | All switch statements shall be well-formed. | Advisory | Noncompliant |
| 16.2 | A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement. | Advisory | Compliant |
| 16.3 | An unconditional break statement shall terminate every switch-clause. | Advisory | Compliant |
| 16.4 | Every switch statement shall have a default label. | Advisory | Compliant:
|
| 16.5 | A default label shall appear as either the first or the last switch label of a switch statement. | Advisory | Compliant |
| 16.6 | Every switch statement shall have at least two switch-clauses. | Advisory | Compliant |
| 16.7 | A switch-expression shall not have essentially Boolean type. | Advisory | Compliant |
a Copyright © The MISRA Consortium Limited, 2022. b Guideline identifies Rule 16.1, 16.2, 16.3, 16.4, 16.5, 16.6, and 16.7 as Required for manually generated code. | |||
Functions
| Rulea | Descriptionb | Categoryc | Compliance |
|---|---|---|---|
| 17.1 | The features of <stdarg.h> shall not be
used. | Required | Compliant |
| 17.2 | Functions shall not call themselves, either directly or indirectly. | Required | Compliant:
|
| 17.3 | A function shall not be declared implicitly. | Mandatory | Compliant:
|
| 17.4 | All exit paths from a function with non-void return type shall have an explicit return statement with an expression. | Mandatory | Compliant |
| 17.5 | The function argument corresponding to a parameter declared to have an array type shall have an appropriate number of elements. | Required | Compliant |
| 17.6 | The declaration of an array parameter shall not contain the static keyword between the [ ]. | Mandatory | Compliant |
| 17.7 | The value returned by a function having non-void return type shall be used. | Readability | Noncompliant |
| 17.9 | A function declared with a _Noreturn function specifier shall not return to its caller. | Mandatory | Compliant |
| 17.10 | A function declared with a _Noreturn function specifier shall have void return type. | Required | Compliant |
| 17.13 | A function type shall not be type qualified. | Required | Compliant |
a Rule 17.9, 17.10 and 17.13 are from MISRA Amendment 3. b Copyright © The MISRA Consortium Limited, 2022. c Guideline identifies Rule 17.7 as Required for manually generated code. | |||
Pointers and Arrays
| Rulea | Descriptionb | Category | Compliance |
|---|---|---|---|
| 18.1 | A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand. | Required | Compliant |
| 18.2 | Subtraction between pointers shall only be applied to pointers that address elements of the same array. | Required | Compliant |
| 18.3 | The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object. | Required | Compliant |
| 18.6 | The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist. | Required | Compliant |
| 18.7 | Flexible array members shall not be declared. | Required | Compliant |
| 18.8 | Variable-length array types shall not be used. | Required | Compliant |
| 18.9 | An object with temporary lifetime shall not undergo array-to-pointer conversion. | Required | Compliant |
a Rule 18.9 is from MISRA Amendment 1. b Copyright © The MISRA Consortium Limited, 2022. | |||
Overlapping Storage
Preprocessing Directives
| Rule | Descriptiona | Category | Compliance |
|---|---|---|---|
| 20.2 | The ', " or \
characters and the /* or // character
sequences shall not occur in a header file name. | Required | Compliant |
| 20.3 | The #include directive shall be followed by either a
<filename> or "filename"
sequence. | Required | Compliant |
| 20.4 | A macro shall not be defined with the same name as a keyword. | Required | Compliant |
| 20.6 | Tokens that look like a preprocessing directive shall not occur within a macro argument. | Required | Compliant |
| 20.7 | Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses. | Required | Compliant |
| 20.8 | The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1. | Required | Compliant |
| 20.9 | All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define'd before evaluation. | Required | Compliant |
| 20.11 | A macro parameter immediately following a # operator shall not immediately be followed by a ## operator. | Required | Compliant |
| 20.12 | A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators. | Required | Compliant |
| 20.13 | A line whose first token is # shall be a valid preprocessing directive. | Required | Compliant |
| 20.14 | All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are related. | Required | Compliant |
a Copyright © The MISRA Consortium Limited, 2022. | |||
Standard Libraries
| Rulea, b, c | Descriptiond | Category | Compliance |
|---|---|---|---|
| 21.1 | #define and #undef shall not be used on a reserved identifier or reserved macro name. | Required | Compliant:
|
| 21.2 | A reserved identifier or reserved macro name shall not be declared. | Required | Compliant:
|
| 21.3 | The memory allocation and deallocation functions of
<stdlib.h> shall not be used. | Required | Compliant:
|
| 21.4 | The standard header file <setjmp.h> shall not be
used. | Required | Compliant |
| 21.5 | The standard header file <signal.h> shall not be
used. | Required | Compliant |
| 21.6 | The Standard Library input/output functions shall not be used. | Required | Compliant:
|
| 21.7 | The Standard Library functions atof, atoi, atol and atoll of <stdlib.h> shall not be used. | Required | Compliant |
| 21.8 | The Standard Library termination functions of
<stdlib.h> shall not be used. | Required | Compliant |
| 21.9 | The Standard Library functions bsearch and qsort of
<stdlib.h> shall not be used. | Required | Compliant |
| 21.10 | The Standard Library time and date functions shall not be used. | Required | Compliant |
| 21.12 | The standard header file <fenv.h> shall not be
used. | Required | Compliant |
| 21.13 | Any value passed to a function in <ctype.h>
shall be representable as an unsigned char or be the value
EOF. | Mandatory | Compliant |
| 21.14 | The Standard Library function memcmp shall not be used to compare null terminated strings. | Required | Compliant |
| 21.15 | The pointer arguments to the Standard Library functions memcpy, memmove and memcmp shall be pointers to qualified or unqualified versions of compatible types. | Required | Compliant |
| 21.16 | The pointer arguments to the Standard Library function memcmp shall point to either a pointer type, an essentially signed type, an essentially unsigned type, an essentially Boolean type or an essentially enum type. | Required | Compliant |
| 21.17 | Use of the string handling functions from
<string.h> shall not result in accesses beyond
the bounds of the objects referenced by their pointer parameters. | Mandatory | Compliant |
| 21.18 | The size_t argument passed to any function in
<string.h> shall have an appropriate
value. | Mandatory | Compliant |
| 21.19 | The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type. | Mandatory | Compliant |
| 21.20 | The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, getenv, setlocale or strerror shall not be used following a subsequent call to the same function. | Mandatory | Compliant |
| 21.21 | The Standard Library function system of
<stdlib.h> shall not be used. | Required | Compliant |
| 21.22 | All operand arguments to any type-generic macros declared in
<tgmath.h> shall have an appropriate essential
type. | Mandatory | Compliant |
| 21.23 | All operand arguments to any multi-argument type-generic macros declared
in <tgmath.h> shall have the same standard
type. | Required | Compliant |
| 21.24 | The random number generator functions of <stdlib.h>
shall not be used. | Required | Noncompliant |
a Rule 21.13, 21.14, 21.15, 21.16, 21.17, 21.18, 21.19, 21.20 is from MISRA Amendment 1. b Rule 21.21 is from MISRA Amendment 2. c Rule 21.12, 21.22, 21.23 and 21.24 are from MISRA Amendment 3. d Copyright © The MISRA Consortium Limited, 2022. | |||
Resources
| Rulea | Descriptionb | Category | Compliance |
|---|---|---|---|
| 22.1 | All resources obtained dynamically by means of Standard Library functions shall be explicitly released. | Required | Compliant |
| 22.2 | A block of memory shall only be freed if it was allocated by means of a Standard Library function. | Mandatory | Compliant |
| 22.3 | The same file shall not be open for read and write access at the same time on different streams. | Required | Compliant |
| 22.4 | There shall be no attempt to write to a stream which has been opened as read-only. | Mandatory | Compliant |
| 22.5 | A pointer to a FILE object shall not be
dereferenced. | Mandatory | Compliant |
| 22.6 | The value of a pointer to a FILE shall not be used
after the associated stream has been closed. | Mandatory | Compliant |
| 22.7 | The macro EOF shall only be compared with the
unmodified return value from any Standard Library function capable of
returning EOF. | Required | Compliant |
| 22.8 | The value of errno shall be set to zero prior to a
call to an errno-setting-function. | Required | Compliant |
| 22.9 | The value of errno shall be tested against zero after
calling an errno-setting-function. | Required | Compliant |
| 22.10 | The value of errno shall only be tested when the last
function to be called was an errno-setting-function. | Required | Compliant |
a Rule 22.7, 22.8, 22.9, and 22.10 is from MISRA Amendment 1. b Copyright © The MISRA Consortium Limited, 2022. | |||
Generic Selections
| Rulea | Descriptionb | Category | Compliance |
|---|---|---|---|
| 23.2 | A generic selection that is not expanded from a macro shall not contain potential side effects in the controlling expression. | Required | Compliant |
| 23.4 | A generic association shall list an appropriate type. | Required | Compliant |
| 23.6 | The controlling expression of a generic selection shall have an essential type that matches its standard type. | Required | Compliant |
| 23.8 | A default association shall appear as either the first or the last association of a generic selection. | Required | Compliant |
a Rule 23.2, 23.4, 23.6, and 23.8 are from MISRA Amendment 3. b Copyright © The MISRA Consortium Limited, 2022. | |||
Explanatory Notes
Explanatory Note for Directive 1.1
Information about the implementation-defined behavior for Embedded Coder is available in Configure Run-Time Environment Options. Compiler documentation is out of scope.
Manage character set encoding by using the
SavedCharacterEncoding model parameter. For additional
information, see slCharacterEncoding.
Configure the integer division method in the Model Configuration Parameters dialog box, on the Hardware Implementation pane. For additional information, see Configure Run-Time Environment Options
Embedded Coder generates pragmas when you:
Select the use of memory sections. See, Selects the use of memory sections
In both instances, you are responsible for documenting the intended use of the pragma. For more information, see Control Data and Function Placement in Memory by Inserting Pragmas.
To enable the generation of bitfields:
Select at least one of these model configuration parameters:
Pack Boolean data into bitfields. This parameter is available only for ERT-based system target files.
Create a custom storage class with defined bitfields. See Create Storage Classes by Using the Custom Storage Class Designer for more information.
If your model uses conversion of one datatype to another, Polyspace Bug Finder might report a violation of Directive 1.1.
Explanatory Note for Directive 3.1
You can link requirements model elements. These links are included in the generated C code to provide traceability from a requirements document, to the model elements, and to the generated code. For additional information, see View Requirements Toolbox Links Associated with Model Elements and View and Link Requirements in Simulink (Requirements Toolbox).
Explanatory Note for Directive 4.1
You can use Polyspace Bug Finder to identify run-time errors and Polyspace Code Prover™ to prove the absence of run-time errors. For information, see:
Configure and Run Analysis (Polyspace Code Prover)
Configure and Run Analysis (Polyspace Bug Finder)
You can use Simulink Design Verifier to detect design errors at the model level. For more information, see Analyze Models for Design Errors (Simulink Design Verifier).
To handle the overflow violations, see Handle Overflows in Simulink Models (Fixed-Point Designer).
Explanatory Note for Directive 4.3
Embedded Coder does not directly call assembly language code. You can add calls to assembly language functions through S-functions, code replacement libraries, Stateflow, and MATLAB® blocks. These calls are documented as calls to External C Functions. In these cases, you are responsible for encapsulation.
For additional information, see:
Explanatory Note for Directive 4.6
Embedded Coder provides three options that are compatible with Directive 4.6. You can:
Use typedefs that use specified-width integer data types defined in the generated
rtwtypes.hfile, such as,uint8_T.Use specified-width integer data types from
stdint.h, such as,uint8_t.Specify custom names for fixed-width integer data types.
With the first and second options, the generated code can contain integers that
are not specified-width, such as, int_T or int
in a generated main file or Stateflow counter variable. To replace the integers with specified-width
integers, use data type replacement.
If you configure the model to generate AUTOSAR code, Embedded Coder generates code that uses only specified-width integer data types.
For more information, see:
Explanatory Note for Directive 4.11
To satisfy the requirements of this directive, you can “Demonstrate
statically that the input parameters can never
take invalid values”.
You can use Polyspace Code Prover to analyze parameter ranges and prove the absence of run-time errors caused by out-of-range values. For additional information, see Run Polyspace Analysis on Code Generated with Embedded Coder (Polyspace Code Prover).
Explanatory Note for Rule 2.1
Polyspace Bug Finder might report a violation for user-defined functions from the Stateflow.
Explanatory Note for Rules 5.1, 5.2, 5.4, 5.5, 5.6, 5.7, and 5.8
Embedded Coder is configurable to limit the number of characters imposed by the implementation. For additional information, see Maximum identifier length.
To ensure unique names for different types of variables ( such as local scope variables, global scope variables, macros, and so on), implement a naming convention. For additional information, see Model Configuration Parameters: Code Generation Symbols.
In case of long identifiers, it is recommended to use shared utilities. For more information, see Generate Shared Utility Code
Explanatory Note for Rule 8.2
The code generated using Send or Receive blocks inside a Model Reference may contain function declarations without argument names. For example:
typedef struct {
void *host;
void (*RecvData)(void *, real_T *, int32_T, int32_T *);
} RecvData_real_T;Explanatory Note for Rule 8.12
Embedded Coder supports the use of enumerated data. The file used to define the enumeration can be either manually or automatically generated. Files defining enumerations generated by Embedded Coder are compliant with MISRA C:2012 Rule 8.12 by design. If you manually create the definition file, you are responsible for ensuring compliance. For additional information, see Use Enumerated Data in Simulink Models.
Explanatory Note for Rule 9.1
Simulink models configured for support packages like Simulink Support Package for Raspberry Pi® Hardware, C2000™ Microcontroller Blockset, or such configurations may generate noncompliant code.
Note
Third-party files such as drivers used with code that is generated using Embedded Coder are not considered in the evaluation.
Explanatory Note for Rule 10.1, 10.3, and 10.4
Usage of functional mockup units (FMUs) version 1.0 may cause noncompliant code.
Explanatory Note for Rule 11.8
If your model uses any storage class with Const or
Volatile qualifiers, Polyspace may show violation of Rule 11.8 from the generated code of the
model.
Explanatory Note for Rule 12.2
If the simulation diagnostic reports an overflow from the Simulink model, the code generator may not generate MISRA compliant code.
Explanatory Note for Rule 13.2
Use of volatile variables may result in noncompliant code.
Explanatory Note for Rule 17.3 and 21.2
When the model configuration parameter Leverage target hardware
instruction set extensions is set to anything other than
None, the generated code may violate MISRA C:2012 rules.
Explanatory Note for Rule 21.1
If Polyspace
Bug Finder reports a violation of Rule 21.1, run set_param(model,
'DataTypeReplacement', 'CDataTypesFixedWidth').
Explanatory Note for Rule 21.2
If the length of an identifier exceeds the limit set by Maximum
identifier length, Embedded Coder does not expand some tokens, which can result in a leading underscore
(_). The resulting identifier is treated as a reserved
identifier and can violate MISRA C:2012 rules.
Version History
MISRA C:2012 Amendment 2 (AMD2) and Amendment 3 (AMD3) Added to Summary Tables
Since R2024b
The summary table includes the compliance status of MISRA C:2012 Amendment 2 (AMD2) and Amendment 3 (AMD3) guidelines.
MISRA C:2012 Summary Tables Include All Mandatory and Required Categories
Since R2023b
The summary table includes the compliance status of all the Mandatory and Required Category guidelines from MISRA C:2012.
See Also
MISRA C:2023 Compliance Summary Tables | CERT C Compliance Summary Tables
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)