Rule 15.2: MISRA warning is not generated

6.15 Switch Statements

Moderators: misra-c, david ward

Post Reply
vastrad

Rule 15.2: MISRA warning is not generated

Post by vastrad » Mon Sep 27, 2010 11:47 am

Hi All,

The Rule 15.2 says:
"An unconditional break statement shall terminate every non-empty switch clause"
i.e. The last statement in every switch clause shall be a break statement, or if the switch clause is a compound statement, then the last statement in the compound statement shall be a break statement.

I understand this as:
"In a switch clause, whatever be the path traversed by the code, there shall be one break statement at the end of every path"

In a project I have the following code for which I am not getting any MISRA warning (for case 1). If my understanding is incorrect, then somebody please correct me.

Code: Select all

switch (variable_1)
{
  case 0: 
    {
        // some code here;
        break;
    }
  case 1:
    {
        // some code here;
        if (variable_2 == 0)
        {
            break;
        }
    }
    default:
        break;
}
Best Regards,
Vinay Vastrad

William Forbes
Posts: 29
Joined: Wed Dec 17, 2008 9:48 pm
Company: TRW Automotive

Re: Rule 15.2: MISRA warning is not generated

Post by William Forbes » Mon Sep 27, 2010 7:50 pm

The section at the beginning of the section 6.15 is considered normative and is known by Rule 15.0.
Here, I think you'll find that your example breaks the rule for the syntax of a "case-clause".
Note that the only legal terminating token sequences are

Code: Select all

 break ;
or

Code: Select all

 break ; }
Your example has

Code: Select all

break ; } }
and thus does not comply (with Rule 15.0).

vastrad

Re: Rule 15.2: MISRA warning is not generated

Post by vastrad » Tue Sep 28, 2010 8:06 am

William Forbes wrote:The section at the beginning of the section 6.15 is considered normative and is known by Rule 15.0.
Here, I think you'll find that your example breaks the rule for the syntax of a "case-clause".
Note that the only legal terminating token sequences are

Code: Select all

 break ;
or

Code: Select all

 break ; }
Your example has

Code: Select all

break ; } }
and thus does not comply (with Rule 15.0).
If we understand the reply as "Whatever be the number of paths we traverse within a case statement, finally the case statement should end with an explicit break. It is not acceptable to have three break statements from three different paths", then should we not get a MISRA warning when we write a break statement within an if/else block?

William Forbes
Posts: 29
Joined: Wed Dec 17, 2008 9:48 pm
Company: TRW Automotive

Re: Rule 15.2: MISRA warning is not generated

Post by William Forbes » Tue Sep 28, 2010 7:23 pm

Hi,
I don't quite understand your last question.
However, I can say that a break statement within an if-else construct by itself is not a violation of a MISRA rule as it may be being used to break out of an iteration statement (see rule 14.6).
The grammar of the C language is extended by Rule 15.0 such that not terminating the added "case-clause" as indicated means that the code does not comply with the extended grammar and hence not compliant with Rule 15.0.
The reason you don't get a warning is probably because your MISRA checker is broken. What are you using?

Lundin
Posts: 70
Joined: Mon Dec 10, 2007 1:57 pm

Re: Rule 15.2: MISRA warning is not generated

Post by Lundin » Wed Sep 29, 2010 7:57 am

You can have as many break statements you like inside your case, as long as it ends with one. The MISRA rules regarding break are there to ban "fall-through" between case statements.

But come to think of it, this actually seems to be a flaw in the MISRA rules. MISRA doesn't allow more than one break inside loops (14.6) nor more than one return inside functions (14.7). But it doesn't mention multiple breaks in a switch statement.

Which one of these examples is "most spaghetti"?

Code: Select all

while(something)
{
  if(x)
  {
    ...
    break; /* non-compliant to 14.6 */
  }
  else
  {
    ...
    break; /* non-compliant to 14.6 */
  }
}

Code: Select all

int func ()
{
  if(x)
  {
    ...
    return x; /* non-compliant to 14.7 */
  }
  else
  {
    ...
    return x; /* non-compliant to 14.7 */
  }
}

Code: Select all

switch(something)
{
  case 0:
    if(x)
    {
      ...
      break; /* compliant? */
    }
    else
    {
      ...
      break; /* compliant? */
    }

    break; /* as long as this break is here to prevent fall-through */
}
I think the switch spaghetti is even less readable than the two non-compliant examples. Perhaps a rule similar to 14.6 should be added, to disallow more than one break in each case, ie ban more than one exit point from each case statement? For the same reason rules 14.6 and 14.7 exist.

William Forbes
Posts: 29
Joined: Wed Dec 17, 2008 9:48 pm
Company: TRW Automotive

Re: Rule 15.2: MISRA warning is not generated

Post by William Forbes » Wed Sep 29, 2010 7:35 pm

I personally feel that MISRA-C: 1998 had this sorted with Rule 58.
I think good code and design does not need break statements (except in switch statements).
If you desperately need one then you can always invoke the deviation procedure!

misra-c
Posts: 560
Joined: Thu Jan 05, 2006 1:11 pm

Re: Rule 15.2: MISRA warning is not generated

Post by misra-c » Wed Nov 03, 2010 9:02 am

The code example originally posted violates Rules 15.0 and 15.2 so a MISRA C checker would be expected to produce diagnostic messages.
---
Posted by and on behalf of
the MISRA C Working Group

Post Reply

Return to “6.15 Switch Statements”