Rule 11.3 Access to registers or memory

6.11 Pointer Type Conversions

Moderators: misra-c, david ward

barbara.seyfarth
Posts: 2
Joined: Thu Sep 26, 2013 2:03 pm
Company: NewTec GmbH System-Entwicklung und Beratung

Rule 11.3 Access to registers or memory

Postby barbara.seyfarth » Thu Mar 27, 2014 10:31 am

A cast should not be performed between a pointer type and an integral type, this casts from type "unsigned int" to "uint32_t volatile *" (MISRA C 2004 rule 11.3)
In two cases this error occurs on my system (ARM Cortex M3 with IAR workbench and MISRA check from IAR):
1. Access to registers.
2. Access to RAM (during a cyclic RAM test).

Is there any way conform to MISRA C2004 for the following code?

Code: Select all

    register uint32_t address; /* during the critical section no RAM access other than the test access may occur */
    register uint32_t pattern;

    ...
    *(volatile uint32_t *)address = pattern;

barbara.seyfarth
Posts: 2
Joined: Thu Sep 26, 2013 2:03 pm
Company: NewTec GmbH System-Entwicklung und Beratung

Re: Rule 11.3 Access to registers or memory

Postby barbara.seyfarth » Fri Mar 28, 2014 9:21 am

Another solution is, to use the following code. But then I get a violation of MISRA C2004 rule 17.4 Pointer arithmetic should not be used.

Code: Select all

    register uint32_t *address = ANY_RAM_ADDRESS;
    register uint32_t pattern = ANY_PATTERN;

    *(volatile uint32_t *)address = pattern;
    address += 1; /* violating rule 17.4 */


So I tried to eliminate this error... and came back to rule 11.3:

Code: Select all

      address = (uint32_t)p_memory;
      address += sizeof(uint32_t);
      p_memory = (uint32_t *)address;


Perhaps I should not ask "how to eliminate the violation" but "which violation is the least problematic violation"?

misra-c
Posts: 547
Joined: Thu Jan 05, 2006 1:11 pm

Re: Rule 11.3 Access to registers or memory

Postby misra-c » Fri Apr 11, 2014 8:44 am

The MISRA-C Guidelines recognise that, in some situations, it is unreasonable or even impossible to comply with a coding rule and that it is necessary to deviate. Your example of casting an integer to a pointer is a situation where a deviation would be reasonable.

It is important that such deviations are properly recorded and authorized. The deviation procedure should be formalized within the software development process. No process is imposed by MISRA C because methods used will vary between organizations, for example:
    * The physical methods used to raise, review and approve a deviation;
    * The degree of review and evidence required, which may vary according to the guideline in question, before a deviation can be approved.
A deviation record should include:
    * The guideline being deviated;
    * The circumstances in which the deviation is permitted;
    * Justification for the deviation, including an assessment of the risks associating with deviating compared with other possibilities;
    * Demonstration of how safety is assured, for example a proof that an unsafe condition cannot occur, together with any additional reviews or tests that are required;
    * Potential consequences of the deviation and any mitigating actions that have been taken.
A worked example of a deviation is given in Appendix I of the MISRA C:2012 guidelines.
---
Posted by and on behalf of
the MISRA C Working Group


Return to “6.11 Pointer Type Conversions”

Who is online

Users browsing this forum: No registered users and 0 guests