What case does assigning -1 work that ~0U not? Are you thinking maybe of sign extension?
One of the reasons I'm reluctant to use 6.3, besides the noise on existing libraries is that it seems to lead to people using uint16_t when the underlying code doesn't in fact depend on having an unsigned 16 bit number. In the name of robustness it actually leads to code that is more difficult to maintain. The spirit I think was to have typedefs describe the usage (such as say SMALL_COUNTER or ENGINE_RPM) and thus catch assignments of ENGINE_RPM types to SMALL_COUNTER types. If both end up instead declared as uint16_t you lose that check and gain a more obscure type name.
Robert
--
Posted via a free Usenet account from http://www.teranews.com
Hi Robert... All books back in the house... still in boxes this is taking longer than anticipated. :-(.
I need to dig out the information anyway so please give me another ping in 10 days. I will have the furniture in the office by then and the books back on the shelves.
I do have the table C1 in 61508-7 which says C is HR for SIL1-4 the same as Ada but that has no other information with it.... I must look at the new Committee drafts of 61508 to see if that has changed.
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
To sum it up- according to ANSI-C the -1 converted to unsigned will always be all ones, whilst with ~0 it is not guaranteed. So I should be perfectly safe using -1U. Nice :).
Will you be so kind and put some info here when it's ready? I'd be glad to have a tool that will show me, where my tools are broken. It's better than doing it myself :).
It will be an example suite not a full test suite (the difference is about 8000 tests :-). However it is expected that it will grow in size over time.
There is a problem with a full test suite. One of "certification" and liability.
MISRA-C is for *guidance* and should be used as one small part of a full development procedure including style guide, static testing, version control and a full test spec (along with a proper requirements spec) ...
As they say in all sliming aids ..... "can only help as part of a calorie controlled diet." or in this case "can only help as part of a good development process"
You can now spend the next 2 days and 3K messages discussing what a "good" development process is. :-)
Last time I mentioned on comp.lang,c that MISRA-C2 had just been published I got flamed for being off topic by the net police over there!
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Is it just first attempt? How the tools for MISRA checking were checked then?
Well, it can be said, that a tool is broken if (but not iff) it fails the test.
I agree. But then again- it is a matter of how it is used/applied. It is easier to argue 'deviation' for a rule if a checking tool fails the test for this rule :). Then it comes to hand-check by reviewers who are people and one can argue with them.
Possibly, but w/o the original justification I don't know.
MISRA does seem to rely on a certain amount of 'common sense'.
At a PPOE I set it up with a few blanket deviations (IIRC one rule ws eliminated, a few mandatory rules were made advisory and vice versa) were set up and line deviations were dealt with at code reviews. Blanket or proect deviations were more formal but the idea was if you code convince your peers that a deviation was justified in a particular instance that should be sufficient. MISRA essentially just became an additional item to check and since much of that check was automated there was one less item for reviewers to explicitly check for and they could concentrate more on fit for purpose and less on silly errors that tools could check. We also required a clean lint with PC-Lints strong typing checks turned on.
Robert
--
Posted via a free Usenet account from http://www.teranews.com
They were not checked. There is no one to check them. The same as C compilers There is no official C compiler test. There are the competing commercial Perennial and Plum-Hall suites (which do things differently to each other) but no Official ISO C Compiler Test suite.
The guide was published and people implemented MISRA-C testing as part of their static analysers. Not everyone implemented the tests in the same way. In MISRA-C1 there was plenty of room for different interpretations of the same rule.
This is why I always said if you need MISRA-C conformance you should specify the tool to be used for the conformance test.
Due to their separate histories testing C the tools which test for MISRA-C come from very different starting points and MISRA-C was never designed to be automatically tested by a tool.
It was written in plain English for programmers to read. If you want to know what I mean sit down with ISO9899:1990 + A1+ TC1 and TC2 or the ever popular sequel ISO9899:1999+ TC and read those to your partner... Makes a political manifesto seem positively riveting.
As it was written in plain English for programmers it was less precise that a formal standard. By the time we get to MISRA-C10 it will be in formal notation :-) .
Then MISRA-C has to have much tighter rule definitions and a full test suite for that to happen. It is getting there. The example suite gives examples but it is not exhaustive. That is why I said the difference between and example suite and a test suite is about 8000 tests......
We have already had argum ^H^H^H^H discussions over interpretation between several vendors of MISRA checking tools. None were wrong but just right in different ways.
The problem is who is going to do the testing? Not all the C compilers are tested with on of the two main defacto C test suites now.
There is no body who will do testing and certification. With certification comes liability.
It is envisaged AFAIK that the MISRA-C example suite will be freely available..... which means anyone can run the examples on their MISRA-C tools.
Over time MISRA-Cx will improve as will the example suite. After the launch of the example suite and TC work will start on MISRA-C3
Yes. It is meant to be applied as guidance and the spirit observed. IF yo apply the letter and try to subvert it you deserve all you get.
Point taken but nothing is black and white in this game. There are plenty of times it is justified in deviating. As long as you have thought about it and written down the reasons and "they would stand up in court in 2 years time"
Oh go on..... we can spend hours and hours and days on it :-)
The Purists ONLY discuss PURE C that is: K&R1 K&R2 ANSI 1989 ISO 1990 ISO1999
and get VERY annoyed if you talk about ANYTHING that is not pure portable C from one of those standards mentioned above.
MISRA-C is not one of those standards..... They get quite vicious about it
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Also I usually say write it down and read it to some one else a couple of days later. If it still sounds OK then it probably is. The other rule I give is "if you think it will sound OK in a legal court in 2 years time then it should be OK"
Agreed. MISRA-C can only help as guidance as part of a good development process.
Bloody good idea.!!!!
--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
/\/\/ chris@phaedsys.org www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
I must bring you along next time I talk to my bank manager. So far, he has only accepted these strange "dollar" things from me, but I've got large amounts of "being more professional" accumulated that I'd like to use to pay off my mortgage.
[Chris remains silent]
Those of us not yet financially free do need to watch this point, Chris.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.