MISRA-C 2012规则10.8查询
[英]MISRA-C 2012 Rule 10.8 Query
问题描述
I am getting MISRA-C 2012 Rule 10.5 voilation, below is the sample code : 
我收到MISRA-C 2012 Rule 10.5漏洞,下面是示例代码:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++
typedef long long sint64;
typedef unsigned long long uint64;
typedef unsigned long uint32;
#define ntohll(x) ( ( (uint64)(ntohl( ((x << 32) >> 32) )) << 32) | ntohl( ((uint32)(x >> 32)) ) )
void main()
{
sint64 pul_total;
sint64 a;
pul_total = ntohll(a); /* Rule 10.8 Violation*/
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ to resolve the issue I tried below : ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++解决了我在下面尝试过的问题:
#define ntohll(x) ( ( (uint64)(ntohl( ((x << 32) >>(uint32)32) )) << (uint32)32) | ntohl( ((uint32)(x >>(uint32) 32)) ) )
but still its a voilation 但仍然是一个遗憾
However if I make it like below violation is removed : 但是,如果我像下面这样删除违规行为:
#define ntohll(x) ( ( (uint64)(ntohl( ((x << 32) >> 32) )) << 32) | ntohl( ((uint32)((uint32)x >> 32)) ) )
but as per my understanding casting signed variable to unsigned might not be a good idea in case of shift operation. 但是根据我的理解,在进行移位操作时,将带符号的变量强制转换为无符号可能不是一个好主意。
Need some help for the same... 同样需要一些帮助...
1 个解决方案
解决方案1
1 已采纳 2018-05-16 14:29:57
This whole code is definitely not MISRA-C compliant. 整个代码绝对不符合MISRA-C。
First of all there's some less important nit-picks.
首先是一些不太重要的尼特针。 The Directive 4.9 is saying that function-like macros should be avoided entirely. 指令4.9说应该完全避免类似函数的宏。 And rule 7.2 is saying that you must use usuffix on all integer constants.规则7.2规定您必须在所有整数常量上使用u后缀。What's most serious here is the violation of 10.1 which says "Shift and bitwise operations should only be performed on operands of essentially unsigned type ".
这里最严重的是违反了10.1,它说“移位和按位运算只能在本质上无符号类型的操作数上执行”。 You left shift a signed operand - if that operand is negative your code invokes undefined behavior and you have a severe bug.
您向左移动一个带符号的操作数-如果该操作数为负,则您的代码将调用未定义的行为,并且您将遇到严重的错误。 You then also right shift a signed operand, which invokes implementation-defined behavior if the operand is negative. 然后,您还右移带符号的操作数,如果操作数为负,则该操作数将调用实现定义的行为。 These are not just some false positives but actual bugs you must fix. 这些不仅是一些误报,而且是您必须修复的实际错误。 The easiest fix is to cast xtouint64_tbefore any shifting.最简单的解决方法是在进行任何移位之前将xuint64_t转换为uint64_t。I see no violation of 10.5, which would be casting to an inappropriate type.
我认为没有违反10.5的规定,这会导致类型不正确。 It is fine to cast from signed to unsigned. 可以从有符号转换为无符号。 There is however a violation of 10.8 as your comment indicates - the rule doesn't allow the result of a "composite expression" to be cast to a different type category, in your case from
sint64_ttouint64_toruint32_t.但是,正如您的注释所指出的,违反了10.8-该规则不允许将“复合表达式”的结果sint64_t转换为其他类型类别,在您的情况下是从sint64_t到uint64_t或uint32_t。 This too could be solved by casting touint64_tbefore doing anything else.这也可以通过在执行其他任何操作之前强制转换为uint64_t来解决。The (rather weird) rationale for 10.8 is that some beginners supposedly think that a cast such as
(uint32_t)(u16a + u16b);10.8的(有点怪异)理由是,有些初学者应该认为是诸如(uint32_t)(u16a + u16b);means that the + operation gets carried out onuint32_t, which is incorrect.表示对uint32_t执行+操作,这是不正确的。
Now the real question is what all this shifting is actually trying to achieve to begin with; 现在真正的问题是,这些转变实际上是从一开始就试图实现的。 it isn't clear to me. 我不清楚。 The macro is quite messy. 该宏非常混乱。 If the intention was to clear out some bits of a variable, that should be done with bit masking (bitwise & ). 如果要清除变量的某些位,则应使用位屏蔽(位& )来完成。 And if reasons unknown signed variables must be used and sign must be preserved, the bit mask can simply skip the sign bit. 而且,如果必须使用未知的带符号变量的原因并且必须保留符号,则位掩码可以简单地跳过符号位。
The best way to fix this code is to rewrite that macro entirely. 修复此代码的最佳方法是完全重写该宏。 As it stands, it will never pass MISRA-C, which is a good thing. 就目前而言,它将永远不会超过MISRA-C,这是一件好事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.