Page 1 of 1

Dir 4.7 Unclear exactly what the critera is?

Posted: Thu Jan 31, 2019 6:57 pm
by chuck.cannon
What does it mean to be "tested in a meaningful manner"?

Is there any requirement on what is done once tested? For example, if there is no corrective action is it sufficient to just log the error?

Does returning the error to the caller qualify? In an API, the implementation of a API function may call subsequent functions that return an error. If only one such function is called then the only thing to do with the error is return it to the original caller.

err_t func1(void)
{
}

err_t func2(void)
{
return func1();
}

In our project, almost the entire code base running on the uC is a library exposed via an IPC link. All errors are just propagated back up and eventually sent back across the link to the caller.

Re: Dir 4.7 Unclear exactly what the critera is?

Posted: Thu Feb 14, 2019 12:30 pm
by misra-c
Directive 4.7 is about ensuring that the software does not neglect error conditions that may arise, but handles them as required. What is required is not specified by Directive 4.7, but rather should be specified as part of the software development process (see section 5.2 of the MISRA C 2012 Guidelines).

Static analysis tools may assist with the enforcement of Directive 4.7, by reporting situations such as error conditions that do not appear to be properly tested, or where data appears to be relied upon before checking for its validity.
However, it is ultimately down to manual review to assess whether potential errors are handled as intended.