5 Specific MISRA C:2012 Deviations

Member DIAG_MSG (msg, val, info)

Advisory: misra-c2012-20.10  

Justification: It is generally agreed that the hash and double-hash preprocessor operands must not be used when such macros will affect the behaviour of the compiled code. However, since the these operands are only used to print messages during compilation, in this case, it is deemed safe. Finally, while it is generally not possible to always predict the result of a macro expansion using these operands, the library requires the usage of a specific compiler version in which the functionality is deterministic and thoroughly tested.

Member DIAG_SRAM_MARCH_ALT_CLK_FRQ

Advisory: misra-c2012-2.5  

Justification: False positive - The tool does not recognize that DIAG_SRAM_MARCH_DEFAULT_CLK_FRQ is used as an argument when calling ccp_write_io() in DIAG_SRAM_MarchStartup().

Member DIAG_SRAM_MARCH_CLK_FRQ_REG

Advisory: misra-c2012-2.5  

Justification: False positive - The tool does not recognize that DIAG_SRAM_MARCH_CLK_FRQ_REG is used as an argument when calling ccp_write_io() in DIAG_SRAM_MarchStartup().

Member DIAG_SRAM_MARCH_DEFAULT_CLK_FRQ

Advisory: misra-c2012-2.5  

Justification: False positive - The tool does not recognize that DIAG_SRAM_MARCH_DEFAULT_CLK_FRQ is used as an argument when calling ccp_write_io() in DIAG_SRAM_MarchStartup().

Member DIAG_SRAM_MarchCMinus (register volatile uint8_t *startAddress, register uint16_t length, register diag_sram_march_mode_t mode)

Advisory: misra-c2012-8.7  

Justification: False positive - The term "referenced" includes both the call of a function and its definition. A function which is defined in one translation unit and called in a different one is compliant with this rule. See the declaration of function R_8_7_2 and its usage in the R_08_07.h, R_08_07_1.c and R_08_07_1.c files in the MISRA-Example-Suite repository on GitHub.

Advisory: misra-c2012-15.1  

Justification: To adhere to misra-c2012-15.5, a goto statement is used instead of having an additional return statement when detecting invalid input parameters. This is done because the implementation of this function requires the usage of goto statements regardless. This is because the diagnostic function needs to return as soon as an error is detected, without having multiple return statements, and some cleanup is neccesary before exiting when using the SRAM_MARCH_STARTUP mode. Avoiding the use of goto would require either creating a separate cleanup function, which would be called whenever an error is detected (which is not possible since this function cannot call another function), or having multiple additional checks which would add overhead, diminish the code readability and require defaulting the test result to DIAG_PASS. The latter is deemed less safe than only assigning the result to DIAG_PASS when all March elements have run and detected no error. Finally, as misra-c2012-15.2 and misra-c2012-15.3 (regarding the usage of goto) is adhered to, the deviation is deemed safe.