shame on MISRA

Thanks for the tests and results.

Regards,

Michael

Reply to
msg
Loading thread data ...

(excerpt from system header):

As to portability, very few authors of linux-targeted software (which for the most part is claimed to be portable) ever consider an int size < 32 bits unfortunately and never ever consider that their code would be ported beyond their parochial world.

Regards,

Michael

Reply to
msg

I

Not meaning any disrespect: if the patches you submit are of the same type as this one:

I find it hard to blame the recipients for not taking them at face value. There are at least three ways this line might best have been written. You discard all but one for no good reason to be seen.

They're not. The autoconf machinery is for _creating_ the makefile, and as part of that job, it has to set up a generally usable default set of compiler switches. But that's in no way limiting your flexibility in using them. 'make CFLAGS="-g -O2 -Wall -W"' works just fine.

But should this same "space" be used _here_? Or is it maybe those library functions' design that really is at fault here, for having arguments of class "size of something" with a signed type?

So you've just judged all those case in which it would make any difference at all whether you put this cast as "catastrophic" ones, which apparently you're not going to bother with. Why then would you be bothered about getting the cast right?

If "space" really can't be negative, the original comparison without the cast is perfectly OK. You'll have to make up your mind: either you're worried about extreme, "catastrophic" cases, or you're not.

Reply to
Hans-Bernhard Bröker

I should also have mentioned 'and also pass functional and regression tests on my target'.

Actually, this particular one came _from_ the author, not me; I merely provided the diagnostics to him. My references to patches was not related to this issue necessarily and when it is I _do_ take care to analyze the logic and rework where necessary, not just typecast to avoid warnings ;)

The point of my original post was that this issue is hardly considered by authors of many well-known programs developed using GCC, with warning levels in common use, and those authors are usually disinterested in rectifying what they feel is not broken.

Regards,

Michael

Reply to
msg

The point being ?."

The Ada standard with unsuitable aspects prohibited (such as by using pragma Profile (RAVENSCAR); (

formatting link
)) is better than the MISRA standard. (Disclaimer: I claim this without actually having read the MISRA standard.) One can check that the Ada standard is good for free.

" Would you expect to get a usefull book for nothing that someone has spent considerable time and effort to produce,"

Yes: the Ada 2005 standard is available for gratis. I had already stated that and you quoted that.

" or should everything be open source and free ?."

Arguably not everything.

" Of course, including all your own work."

I am paid entirely by taxes as a researcher, so of course all of my current work should be available for no extra charge and subject to peer review and criticism. My tutors do not agree. Other work I had done was for a private former employer which has the right to choose whether or not that work is open source and whether or not that work is free to others. One thing such a former employer can not do is choose for that work to be free to the former employer because I had already been paid.

"Now that it's a sane price, have just downloaded the misra pdf version and am almost disappointed in that there's almost nothing that I can disagree with. Having seen so much controversy about it etc. In fact, it seems a bit lightweight, just good common sense practice that one would expect from any experienced embedded engineer."

So perhaps I have misjudged MISRA standards from rumors.

As you like paying for things so much, may I charge you for reading this post?

"The C++ version should be quite interesting..."

Should a sane embedded engineer use C++?

Reply to
Colin Paul Gloster

In article , Colin Paul Gloster writes

Ada was NOT FREE It cost the US government several million pounds. The only reason it was "Free" is because the US government wanted everyone to use this language on US military projects.

It costs a lot of money to make a standard like MISRA-C are you going to fund it?

That explains a hell of a lot :-)

Available to who for free?

SO you are arguing about something you have not yet seen?

Is this a philosophical, social, engineering or commercial question?

Ask yourself why MISRA is doing a C++ standard

For some years I said "over our dead bodies" Yet one is being done.

Unfortunately I can only ask the question. I can't supply the answer.

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
 Click to see the full signature
Reply to
Chris Hills

It happens somehow that the free cheese exists only in the mouse traps.

I don't mind using Ada, but where are the compilers? This looks like another perfectly designed still born thing.

It is not a question. The sane embedded engineer must use C++.

VLV

Reply to
Vladimir Vassilevsky

By design, C is the assembler of higher level. And C++ is the macro assembler. Then what is going to be used as the main application development language after C++ ? I guess that would be an interpeter like LabView.

Vladimir Vassilevsky

DSP and Mixed Signal Design Consultant

formatting link

Reply to
Vladimir Vassilevsky

Those in industry, or in fact anywhere outside a sheltered environment will know there is no such thing as a free lunch.

This is the other point there are many languages "better" than C but without wide spread tool support they will not gain wide spread use. So these languages are not universally available for many hosts or targets.

Please expand... this is not a troll but I am interested in your reasoning though I am assuming you are not suggesting C++ for PIC's and

8051's etc
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
 Click to see the full signature
Reply to
Chris Hills

Ada is available as part of GCC.

You can either use a FSF distribution of GCC, which has no restrictions on what you can use the Ada compiler for, or you can use a packaged distribution from ACT, which is restricted to GPL only projects.

See

formatting link
for the packaged version. Note that I've no experience with this distribution because I prefer to use the FSF distributions so that I'm not restricted in what I can use the compiler for.

Note also that the RTEMS RTOS has support for using Ada, but the support level appears to vary by architecture.

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980's technology to a 21st century world
Reply to
Simon Clubley

  1. The performance of the today's low end 8-bitter is comparable to that of the desktop computer about 15 years ago. The speed and size are rarely the issue; geting the project done on time and for good is more important.
  2. The marketing requirements are growing at every year. Although the substantial part of, say, PID regulator is not too different from what it was 50 years before, now they want a lot of bells and whistles around. The development of interfaces and other non essential things takes the majority of the effort.
  3. Therefore any project consists of a conceptual part, which should be done right, and a big pile of rather trivial legwork. The backbone of the application has to be set by a master, whereas the routine can be left to the apprentices. Masters are rare and expensive; apprentices are likely to screw up. The C++ helps avoiding many dumb mistakes of the apprentice level.
  4. Aside from the development of features, there is another big part: handling of errors and miscellaneous special cases. The C++ philosophy helps here too (This is not only about the exceptions).
  5. So far C++ seems to be the best compromise between the convenience and the efficiency. The particularly good property of C++ is that if you don't like a feature, you don't have to use it.

Vladimir Vassilevsky

DSP and Mixed Signal Design Consultant

formatting link

Reply to
Vladimir Vassilevsky

In article , Simon Clubley writes

And this is suitable for safety critical projects?

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
 Click to see the full signature
Reply to
Chris Hills

I'm not going to make any judgement on that because I don't have any safety critical experience. You would have to, for example, talk to ACT about what they recommend in that situation.

I was just addressing Vladimir's comments that no Ada compilers appeared to exist.

Simon.

--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980's technology to a 21st century world
Reply to
Simon Clubley

To a meaningful degree, there is. To name just one -- the atmosphere

-- where various gases are dumped without taking into fair account their attendant costs. Basically any uncontrolled commons resource represents a free lunch in the sense that folks today can nearly completely discount the much greater costs some substantial time later. That looks 'free lunch' to me, if not entirely moral.

Jon

Reply to
Jonathan Kirwan

How can you make any comparison if you have no knowledge of the standard. To put this into perspective, it costs only approx 10.00 uk pounds, less that you would pay for a round of beers. Isn't such an effort worth something in terms of professional development ?.

In any case, your logic is flawed. It doesn't follow that because one object in a class of objects is available at no cost, all the rest of the objects in that class should be free, which in effect is what you are arguing.

If you are a researcher, perhaps you would care to comment further on the outrageous charges for online research reports these days, both current and historical. Much of the work originally funded by the taxpayer, but being openly sold at prices that make them inaccessable to all but well heeled individuals or large organisations. $25 to $50 per report, or several thousand dollars per annum is not unusual, for stuff that has already been paid for. The results of publicly finded research should be available at cost to anyone who wishes to access it, but that's far from the case now. The Nasa tech reports server is a shining exception, however and there are other organisations with altruistic rather than a greedy, grasping attitude.

No, because one would assume that you have already accepted the culture of usenet, where anything posted is expected to be read by a worldwide audience.

Open to debate I guess. C++ may have a role for consumer electronics applications, where recovery is usually power off and reboot, but is it really ready or appropriate for mission critical work ?...

Chris

Reply to
ChrisQuayle

A fear of savages before a steam locomotive?

VLV

Reply to
Vladimir Vassilevsky

In article , ChrisQuayle writes

The US Joint Strike Fighter uses C++ not Ada

Incidentally JSF++ is based on MISRA-C:1998

--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
 Click to see the full signature
Reply to
Chris Hills

Thought I'd check them out to see if they enabled anything I hadn't already. It looks like there have been a few changes introduced that slipped by me. There is only a significant effect on the first test cases so I'll just repost those

void test(const char *mess) { extern unsigned char variable1; extern unsigned int variable2; extern int space; extern size_t space2;

variable1 = variable1 + 1; /* test2.c 44 Note 960: Violates MISRA 2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsigned

*/

variable1 = (unsigned char)(variable1 + 1); /* test2.c 46 Note 960: Violates MISRA 2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsigned

*/

variable2 = (unsigned char)(variable2 + 1); /* test2.c 48 Note 960: Violates MISRA 2004 Required Rule 10.1, Prohibited Implicit Conversion: Signed versus Unsigned

test2.c 48 Note 960: Violates MISRA 2004 Required Rule 10.1, Prohibited Implicit Conversion: Converting complex expression

*/

variable1++;

variable2++;

Note: this is after turning off the check for rule 6.3 which essentially prohibits dirrct use of C's native types. It produces way too much noise in this example.

Robert

--
Posted via a free Usenet account from http://www.teranews.com
Reply to
Robert Adsett

In news:+ snipped-for-privacy@phaedsys.demon.co.uk timestamped Sun, 1 Apr

2007 14:04:23 +0100, Chris Hills posted: "In article , Colin Paul Gloster writes

Ada was NOT FREE It cost the US government several million pounds. The only reason it was "Free" is because the US government wanted everyone to use this language on US military projects."

The Ada standard did not cost me several million dollars. I never said that the Ada standard did not "cost the US government several million" dollars. It "is available for gratis" to someone who is not the US government, as I had said.

"It costs a lot of money to make a standard like MISRA-C are you going to fund it?"

No. I have no need of MISRA-C.

"[..]

That explains a hell of a lot :-) "

:)

"> so of course all of my

w

Available to who for free?"

Available to tax payers in an imaginary universe in which academia is accountable to tax payers and in which refereed journals actually conducted science by checking claims in submissions instead of taking them on faith.

">So perhaps I have misjudged MISRA standards from rumors.

SO you are arguing about something you have not yet seen?

[..]"

Yes. If you want, I can provide you with legal copies of the Ada standard and the two most recent Ada ex-standards at no expense to you if you provide me with a legal copy of the MISRA C standard and a legal copy of the MISRA C ex-standard, both at no cost to me.

Reply to
Colin Paul Gloster

In news: snipped-for-privacy@phaedsys.demon.co.uk timestamped Sun, 1 Apr

2007 16:17:51 +0100, Chris Hills posted: "In article , Vladimir Vassilevsky writes [..]

Please expand... this is not a troll but I am interested in your reasoning though I am assuming you are not suggesting C++ for PIC's and

8051's etc"

You have been aware that vendors claim to support some of C++ for PIC's and 8051's.

Reply to
Colin Paul Gloster

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.