Double casting to bypass 11.4?

6.11 Pointer Type Conversions

Moderators: misra-c, david ward

Post Reply
exoson
Posts: 3
Joined: Mon Jul 23, 2007 3:53 pm
Location: Colorado, USA

Double casting to bypass 11.4?

Post by exoson » Fri Sep 04, 2009 11:48 pm

I ran into an issue with a static analysis tool the other day.

In my example:
pool_ptr->list = *((UCHAR **) work_ptr); /*violates MISRA 11.4 */
Both pointers are UCHAR *. The first location in the buffer is being used to hold another pointer.

Adding an intermediate cast to void * clears the warning.
pool_ptr -> tx_list = *((UCHAR **) (void *)work_ptr);

Regardless that this clears the message, I believe it is still a violation of the intent of MISRA 11.4. Do you agree?
-----------------------------------------------------------------------
Scott Nowell
Validated Software Corporation

William Forbes
Posts: 29
Joined: Wed Dec 17, 2008 9:48 pm
Company: TRW Automotive

Re: Double casting to bypass 11.4?

Post by William Forbes » Sat Sep 05, 2009 9:07 pm

Rule 11.4 uses the word "cast" when in reality the problem is the conversion (and the subsequent dereferencing).

Maybe Rule 11.4 could read:
The value of a pointer to an object type shall not be assigned the value of a pointer to an object of a different type.

William Forbes

William Forbes
Posts: 29
Joined: Wed Dec 17, 2008 9:48 pm
Company: TRW Automotive

Re: Double casting to bypass 11.4?

Post by William Forbes » Mon Sep 07, 2009 9:53 pm

Does anybody have any comments on the following (as far as I can tell) MISRA compliant code:

Code: Select all

    uint8_t    u8           = 0U ;
    uint8_t  * ptr_u8       = &u8 ;

    void     * ptr_nothing  = ptr_u8 ;       /* Rule 11.2 compliant */
    
    uint16_t * ptr_u16      = ptr_nothing ;  /* Rule 11.4 compliant - no cast */
    uint16_t   u16          = *ptr_u16 ;     /* What value is u16 ? !! */
I also think there is a typo in the second bullet point of paragraph 2 in section 6.11 which confuses the issue.
I think the 0 is missing from the definition of a null pointer constant, unless it is talking about a pointer to void!

Bill Forbes

misra-c
Posts: 566
Joined: Thu Jan 05, 2006 1:11 pm

Re: Double casting to bypass 11.4?

Post by misra-c » Wed Sep 09, 2009 11:25 am

Conversion of a pointer to object to a pointer to different object via a pointer to void is permitted by the MISRA C rules. While this style of coding is questionable, the MISRA C Working Group felt unable to prevent it given the extensive use of pointers to void in the C library.

We acknowledge the typographical error in the 2nd paragraph of 6.11. It should indeed have said (void *)0.

Tracker Id: 41
---
Posted by and on behalf of
the MISRA C Working Group

Post Reply

Return to “6.11 Pointer Type Conversions”