Dir 4.7 Unclear exactly what the critera is?

Moderators: misra-c, david ward

Post Reply
chuck.cannon
Posts: 1
Joined: Tue Jan 29, 2019 7:19 pm
Company: NXP

Dir 4.7 Unclear exactly what the critera is?

Post by chuck.cannon » Thu Jan 31, 2019 6:57 pm

What does it mean to be "tested in a meaningful manner"?

Is there any requirement on what is done once tested? For example, if there is no corrective action is it sufficient to just log the error?

Does returning the error to the caller qualify? In an API, the implementation of a API function may call subsequent functions that return an error. If only one such function is called then the only thing to do with the error is return it to the original caller.

err_t func1(void)
{
}

err_t func2(void)
{
return func1();
}

In our project, almost the entire code base running on the uC is a library exposed via an IPC link. All errors are just propagated back up and eventually sent back across the link to the caller.

misra-c
Posts: 556
Joined: Thu Jan 05, 2006 1:11 pm

Re: Dir 4.7 Unclear exactly what the critera is?

Post by misra-c » Thu Feb 14, 2019 12:30 pm

Directive 4.7 is about ensuring that the software does not neglect error conditions that may arise, but handles them as required. What is required is not specified by Directive 4.7, but rather should be specified as part of the software development process (see section 5.2 of the MISRA C 2012 Guidelines).

Static analysis tools may assist with the enforcement of Directive 4.7, by reporting situations such as error conditions that do not appear to be properly tested, or where data appears to be relied upon before checking for its validity.
However, it is ultimately down to manual review to assess whether potential errors are handled as intended.
---
Posted by and on behalf of
the MISRA C Working Group

bprog
Posts: 1
Joined: Thu Jul 11, 2019 1:04 pm
Company: Honeywell

Re: Dir 4.7 Unclear exactly what the critera is?

Post by bprog » Tue Jul 16, 2019 7:33 am

It would be great if a newer version would address the issue of returning an error value.
If it's up to the development process to design, if returning a value is appropriate handling, the Directives wording "shall check for the indication of an error as soon as the function returns" is misleading. It appears as if returning an error value is not an option and some static checkers treat is as such.

Post Reply

Return to “7.4 Code design”