[SystemSafety] Candidates for the firing squad

David Haworth david.haworth at elektrobit.com
Fri Sep 21 08:12:04 CEST 2018


On 2018-09-20 17:31:17 +0100, Chris Hills wrote:
> 
>    I recalled that we discussed some of this in the MISRA-C WG re setting
>    compiler warnings to max and removing all errors and/or warnings. (that
>    was a fun discussion)
> 
> 
>    My view was that  if the tool translating the source to binary has a
>    problem,  i.e. a warning or error, it meant, no matter what the C
>    standard, or a static analyser, said was correct for the source, the
>    binary the compiler produced was suspect.   That needs to be resolved.

The only minor problem with that is that, if you are developing
software that has to be compiled with a wide range of compilers
and processor architectures you're almost bound to find some
warnings that you can't get rid of unless you build compiler
detection into the code.

Typical example: a range check on an enumerated type. Because
the signedness is implementation-defined, if you test for < 0
you'll get a warning (expression is always true) sometimes.
But you can't leave it out ...

We use a static analyser that comes with a MISRA-C checker.
The part that does the MISRA-C rules assumes one of the choices
and the part that does the call tree and path analysis
assumes the other ... :-)

And don't start me on "possible endless loop" for
"while (1) {}" - although I have to say that some compilers
that warn about this don't seem to care about "for (;;) {}"

Dave

-- 
David Haworth   OS Kernel Developer              david.haworth at elektrobit.com
Elektrobit Automotive GmbH                            Tel: +49 9131 7701-6154
Am Wolfsmantel 46, 91058 Erlangen, Germany            Fax: +49 9131 7701-6333
Geschäftsführer: Alexander Kocher, Gregor Zink     Amtsgericht Fürth HRB 4886


More information about the systemsafety mailing list