Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C Standards
The MISRA C:2012 Compliance Summary Tables identifies modeling guidelines that are relevant to the compliance of generated C code with MISRA C:2012 coding standards. For a list of these guidelines and their corresponding Model Advisor check, see High-Integrity System Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C:2012. For mapping of MISRA C:2012 Model Advisor checks to the MISRA C:2012 rules or directives, see MISRA C:2012 Model Advisor Checks Rationale.
MISRA C:2012 Model Advisor Checks Rationale
This table provides MISRA C:2012 rationale for the MISRA C:2012 Model Advisor checks.
Model Advisor Check | MISRA C:2012 Rule or Directive | |
---|---|---|
Check configuration parameters for MISRA C:2012 | ||
Set Use division for fixed-point net slope
computation to On or
Use division for reciprocals of integers
only . | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. | |
Set Inf or NaN block output to
warning or
error . | MISRA C:2012 Directive 4.1: Run-time failures shall be minimized | |
Set Model Verification block enabling to
Disable
All . | General recommendation for embedded systems. | |
Set Undirected event broadcasts to
error . | MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly | |
Set configuration parameter Wrap on overflow to
warning or
error . | MISRA C:2012 Directive 4.1: Run-time failures shall be minimized | |
Set Production hardware signed integer division rounds
to to Zero or
Floor . | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. | |
Clear Shift right on a signed integer as arithmetic shift. | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. | |
Set Compile-time recursion limit for MATLAB
functions to 0 . | MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly | |
Clear Dynamic memory allocation in MATLAB functions. | MISRA C:2012 Directive 4.12: Dynamic memory allocation shall not be used. MISRA C:2012 Rule 21.3: The memory allocation and deallocation functions of <stdlib.h> shall not be used. | |
Clear Enable run-time recursion for MATLAB functions. | MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly | |
Set Bitfield declarator type specifier to
uint_T . | MISRA C:2012 Rule 6.1: Bit-fields shall only be declared with an appropriate type MISRA C:2012 Rule 6.2: Single-bit named bit fields shall not be of a signed type | |
Set Casting Modes to Standards
Compliant . | MISRA C:2012 Rules 10.x: The essential type model | |
Set Code replacement library to
| General recommendation for embedded systems. | |
Clear External mode. | General recommendation for embedded systems. MISRA C:2012 Directive 4.12 Dynamic memory allocation shall not be used MISRA C:2012 Rule 21.3 The memory allocation and deallocation functions of <stdlib.h> shall not be used MISRA C:2012 Rule 21.6 The Standard Library input/output functions shall not be used | |
Clear Generate shared constants. | MISRA Rule 8.5: An external object or function shall be declared once in one and only one file | |
Clear MAT-file logging | General recommendation for embedded systems. | |
Set Maximum identifier length to the
implementation-dependent limit. The default is
31 . | MISRA C:2012 Rules 5.1-9: Identifiers | |
Set Parentheses level to
Standards(Parentheses for Standards
Compliance) or Maximum(Specify precedence
with parentheses) . | MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit | |
Select Preserve static keyword in function declarations. | MISRA Rule 8.7: Functions and objects should not be defined with external linkage if they are referenced in only one translation unit MISRA Rule 8.8: The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage | |
Clear Replace multiplications by powers of two with signed bitwise shifts. | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type | |
Set Shared code placement to
| Prerequisite of configuration parameter Generate shared constants | |
Clear Support continuous time. | General recommendation for embedded systems. | |
Clear Support non-finite numbers | MISRA C:2012 Directive 4.1: Run-time failures shall be minimized | |
Clear Support non-inlined S-functions. | General recommendation for embedded systems. | |
Set System-generated identifiers to
Shortened . | MISRA C:2012 5.1: External identifiers shall be distinct MISRA C:2012 5.2: Identifiers declared in the same scope and name space shall be distinct MISRA C:2012 5.4: Macro identifiers shall be distinct MISRA C:2012 5.5: Identifiers shall be distinct from macro names | |
Set System target file to an ERT-based target. | General recommendation for embedded systems. | |
Clear Use dynamic memory allocation for model initialization. Select only when
Code Interface Packaging is set to
| MISRA C:2012 Directive 4.12: Dynamic memory allocation shall not be used. MISRA C:2012 Rule 21.3: The memory allocation and deallocation functions of <stdlib.h> shall not be used. | |
EnableSignedLeftShifts – off | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type | |
Check for blocks not recommended for C/C++ production code deployment | General recommendation for embedded systems. | |
Check for blocks not recommended for MISRA C:2012 | ||
Lookup Table blocks using cubic spline interpolation or extrapolation methods. Specific blocks are:
| MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to object type and a pointer to a different object type. MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to void into pointer to object. MISRA C:2012 Rule 11.8: A cast shall not remove any const or volatile qualification from the type pointed to by a pointer. MISRA C:2012 Rule 11.9: The macro NULL shall be the only permitted form of integer null pointer constant. MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit. | |
Deprecated Lookup Table blocks. Specific blocks are:
| MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to object type and a pointer to a different object type. MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to void into pointer to object. MISRA C:2012 Rule 11.8: A cast shall not remove any const or volatile qualification from the type pointed to by a pointer. MISRA C:2012 Rule 11.9: The macro NULL shall be the only permitted form of integer null pointer constant. MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit. MISRA C:2012 Rule 12.2: The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand. | |
S-Function Builder blocks | MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined. MISRA C:2012 Rule 8.5: An external object or function shall be declared once in one and only one file. | |
From Workspace blocks | MISRA C:2012 Rule 18.4: The +, -, += and -= operators should not be applied to an expression of pointer type. | |
String blocks were found in the model or subsystem. Specific blocks are:
| MISRA C:2012 Directive 4.7: If a function returns error information, then that error information shall be tested MISRA C:2012 Rule 17.7: The value returned by a function having non-void return type shall be used MISRA C:2012 Rule 21.6: The Standard Library input/output functions shall not be used | |
Check for unsupported block names (Simulink Check) | MISRA C:2012 Rule 3.1: The character sequences /* and // shall not be used within a comment. | |
Check usage of Assignment blocks | MISRA C:2012 Rule 9.1: The value of an object with automatic storage duration shall not be read before it has been set. | |
Check for switch case expressions without a default case | MISRA C:2012 Rule 16.4: Every switch statement shall have a default label. | |
Check for missing error ports for AUTOSAR receiver interfaces (Simulink Check) | MISRA C:2012 Directive 4.7 If a function returns error information, then that error information shall be tested. MISRA C:2012 Rule 17.7: The value returned by a function having non-void return type shall be used. | |
Check for bitwise operations on signed integers | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. | |
Check for recursive function calls (Simulink Check) | MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly. | |
Check for equality and inequality operations on floating-point values | MISRA C:2012 Directive 1.1: Any implementation-defined behaviour on which the output of the program depends shall be documented and understood. | |
Check for missing const qualifiers in model functions (Simulink Check) | MISRA C:2012 Rule 8.13: A pointer should point to a const-qualified type whenever possible. | |
Check integer word lengths | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. | |
Check bus object names that are used as bus element names (Simulink Check) | MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type. MISRA C:2012 Rule 5.6: A typedef name shall be a unique identifier. |
High-Integrity System Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C:2012
To augment the modeling guidelines developed by the bat365 Advisory Board (MAB), bat365® has published a set of modeling guidelines that focus on high-integrity applications.
Many high-integrity modeling guidelines have Model Advisor checks that you can use to verify adherence of your model to the guideline. This table identifies the high-integrity modeling guidelines and provides the corresponding Model Advisor check. Not all modeling guidelines have a corresponding Model Advisor check.
See Also
MISRA C | Model Advisor Checks for Verifying Compliance with Secure Coding Standards