2 Specific MISRA C:2012 Deviations

Global DIAG_MSG (msg, val, info)

Advisory: misra-c2012-20.10  

Justification: It is generally agreed that the hash and double-hash preprocessor operands should not be used when such macros will affect the behaviour of the compiled code. However, since the these operands are only used to print messages during compilation, in this case, it is deemed safe. Finally, while it is generally not possible to always predict the result of a macro expansion using these operands, the library requires the usage of a specific compiler version in which the functionality is deterministic and thoroughly tested.

Global DIAG_MSG ("\\n Required linker option: '-Wl, -Tbss=<addr>' \\ where <addr>=", BSS_ADDR, "[calculate sum, no brackets, no suffix]") static diag_result_t CheckerboardDiagnostic(register uint8_t *address

Advisory: misra-c2012-15.1  

Justification: This deviation regarding the usage of goto statements is partly because the diagnostic function should return as soon as a Fault is detected, but should not have multiple return statements (in adherence with misra-c2012-15.5), in addition to some necessary cleanup before exiting (restoring the data in the backupBuffer). Avoiding the use of goto would require either creating a separate cleanup function, which would be called whenever a Fault is detected, which is not possible since this function cannot call another function due to it having potentially overwritten the stack, or having multiple additional checks which would add overhead, diminish code readability and would require defaulting the test result to DIAG_PASS. The latter is deemed less safe than only assigning the result to DIAG_PASS when all steps have run and detected no error. Finally, as misra-c2012-15.2 and misra-c2012-15.3 is followed, the deviation is deemed safe.

Advisory: misra-c2012-18.4  

Justification: The address pointer input parameter is used to access the entire region in the SRAM on the device under test, which is necessary when performing SRAM testing. The subtraction between pointers is thus compliant with misra-c2012-18.2, since the pointers being subtracted are in the same array. Moreover, since subtraction is only used to find an offset to calculate the correct index for data access with array notation, and not to access data directly, the deviation is deemed safe.