Main Content

Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C Standards

The MISRA C:2012 Compliance Summary Tables identifies modeling guidelines that are relevant to the compliance of generated C code with MISRA C:2012 coding standards. For a list of these guidelines and their corresponding Model Advisor check, see High-Integrity System Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C:2012. For mapping of MISRA C:2012 Model Advisor checks to the MISRA C:2012 rules or directives, see MISRA C:2012 Model Advisor Checks Rationale.

MISRA C:2012 Model Advisor Checks Rationale

This table provides MISRA C:2012 rationale for the MISRA C:2012 Model Advisor checks.

Model Advisor CheckMISRA C:2012 Rule or Directive
Check configuration parameters for MISRA C:2012
 Set Use division for fixed-point net slope computation to On or Use division for reciprocals of integers only.

MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.

Set Inf or NaN block output to warning or error.

MISRA C:2012 Directive 4.1: Run-time failures shall be minimized

Set Model Verification block enabling to Disable All.

General recommendation for embedded systems.

Set Undirected event broadcasts to error.

MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly

Set configuration parameter Wrap on overflow to warning or error.

MISRA C:2012 Directive 4.1: Run-time failures shall be minimized

Set Production hardware signed integer division rounds to to Zero or Floor.

MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.

Clear Shift right on a signed integer as arithmetic shift.

MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.

Set Compile-time recursion limit for MATLAB functions to 0.

MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly

Clear Dynamic memory allocation in MATLAB functions.

MISRA C:2012 Directive 4.12: Dynamic memory allocation shall not be used.

MISRA C:2012 Rule 21.3: The memory allocation and deallocation functions of <stdlib.h> shall not be used.

Clear Enable run-time recursion for MATLAB functions.

MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly

Set Bitfield declarator type specifier to uint_T.

MISRA C:2012 Rule 6.1: Bit-fields shall only be declared with an appropriate type

MISRA C:2012 Rule 6.2: Single-bit named bit fields shall not be of a signed type

Set Casting Modes to Standards Compliant.

MISRA C:2012 Rules 10.x: The essential type model

Set Code replacement library to None or AUTOSAR 4.0

General recommendation for embedded systems.

Clear External mode.

General recommendation for embedded systems.

MISRA C:2012 Directive 4.12 Dynamic memory allocation shall not be used

MISRA C:2012 Rule 21.3 The memory allocation and deallocation functions of <stdlib.h> shall not be used

MISRA C:2012 Rule 21.6 The Standard Library input/output functions shall not be used

Clear Generate shared constants.

MISRA Rule 8.5: An external object or function shall be declared once in one and only one file

Clear MAT-file logging

General recommendation for embedded systems.

Set Maximum identifier length to the implementation-dependent limit. The default is 31.

MISRA C:2012 Rules 5.1-9: Identifiers

Set Parentheses level to Standards(Parentheses for Standards Compliance) or Maximum(Specify precedence with parentheses).

MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit

Select Preserve static keyword in function declarations.

MISRA Rule 8.7: Functions and objects should not be defined with external linkage if they are referenced in only one translation unit

MISRA Rule 8.8: The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage

Clear Replace multiplications by powers of two with signed bitwise shifts.MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type

Set Shared code placement to Shared location

Prerequisite of configuration parameter Generate shared constants

Clear Support continuous time.

General recommendation for embedded systems.

Clear Support non-finite numbers

MISRA C:2012 Directive 4.1: Run-time failures shall be minimized

Clear Support non-inlined S-functions.

General recommendation for embedded systems.

Set System-generated identifiers to Shortened.

MISRA C:2012 5.1: External identifiers shall be distinct

MISRA C:2012 5.2: Identifiers declared in the same scope and name space shall be distinct

MISRA C:2012 5.4: Macro identifiers shall be distinct

MISRA C:2012 5.5: Identifiers shall be distinct from macro names

Set System target file to an ERT-based target.

General recommendation for embedded systems.

Clear Use dynamic memory allocation for model initialization.

Select only when Code Interface Packaging is set to Reusable Function.

MISRA C:2012 Directive 4.12: Dynamic memory allocation shall not be used.

MISRA C:2012 Rule 21.3: The memory allocation and deallocation functions of <stdlib.h> shall not be used.

EnableSignedLeftShifts – off

MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type

Check for blocks not recommended for C/C++ production code deployment

General recommendation for embedded systems.

Check for blocks not recommended for MISRA C:2012
 

Lookup Table blocks using cubic spline interpolation or extrapolation methods.

Specific blocks are:

MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to object type and a pointer to a different object type.

MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to void into pointer to object.

MISRA C:2012 Rule 11.8: A cast shall not remove any const or volatile qualification from the type pointed to by a pointer.

MISRA C:2012 Rule 11.9: The macro NULL shall be the only permitted form of integer null pointer constant.

MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit.

Deprecated Lookup Table blocks.

Specific blocks are:

  • Lookup Table

  • Lookup Table (2-D)

MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to object type and a pointer to a different object type.

MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to void into pointer to object.

MISRA C:2012 Rule 11.8: A cast shall not remove any const or volatile qualification from the type pointed to by a pointer.

MISRA C:2012 Rule 11.9: The macro NULL shall be the only permitted form of integer null pointer constant.

MISRA C:2012 Rule 12.1: The precedence of operators within expressions should be made explicit.

MISRA C:2012 Rule 12.2: The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand.

S-Function Builder blocks

MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an object or function with external linkage is defined.

MISRA C:2012 Rule 8.5: An external object or function shall be declared once in one and only one file.

From Workspace blocks

MISRA C:2012 Rule 18.4: The +, -, += and -= operators should not be applied to an expression of pointer type.

String blocks were found in the model or subsystem.

Specific blocks are:

MISRA C:2012 Directive 4.7: If a function returns error information, then that error information shall be tested

MISRA C:2012 Rule 17.7: The value returned by a function having non-void return type shall be used

MISRA C:2012 Rule 21.6: The Standard Library input/output functions shall not be used

Check for unsupported block names (Simulink Check)

MISRA C:2012 Rule 3.1: The character sequences /* and // shall not be used within a comment.

Check usage of Assignment blocksMISRA C:2012 Rule 9.1: The value of an object with automatic storage duration shall not be read before it has been set.
Check for switch case expressions without a default caseMISRA C:2012 Rule 16.4: Every switch statement shall have a default label.
Check for missing error ports for AUTOSAR receiver interfaces (Simulink Check)

MISRA C:2012 Directive 4.7 If a function returns error information, then that error information shall be tested.

MISRA C:2012 Rule 17.7: The value returned by a function having non-void return type shall be used.

Check for bitwise operations on signed integersMISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.
Check for recursive function calls (Simulink Check)MISRA C:2012 Rule 17.2: Functions shall not call themselves, either directly or indirectly.
Check for equality and inequality operations on floating-point valuesMISRA C:2012 Directive 1.1: Any implementation-defined behaviour on which the output of the program depends shall be documented and understood.
Check for missing const qualifiers in model functions (Simulink Check)MISRA C:2012 Rule 8.13: A pointer should point to a const-qualified type whenever possible.
Check integer word lengthsMISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.
Check bus object names that are used as bus element names (Simulink Check)

MISRA C:2012 Rule 10.1: Operands shall not be of an inappropriate essential type.

MISRA C:2012 Rule 5.6: A typedef name shall be a unique identifier.

High-Integrity System Modeling Guidelines and Model Advisor Checks for Verifying Compliance with MISRA C:2012

To augment the modeling guidelines developed by the bat365 Advisory Board (MAB), bat365® has published a set of modeling guidelines that focus on high-integrity applications.

Many high-integrity modeling guidelines have Model Advisor checks that you can use to verify adherence of your model to the guideline. This table identifies the high-integrity modeling guidelines and provides the corresponding Model Advisor check. Not all modeling guidelines have a corresponding Model Advisor check.

High-Integrity GuidelineModel Advisor Check
hisl_0001: Usage of Abs blockCheck usage of Abs blocks (Simulink Check)
hisl_0002: Usage of remainder and reciprocal operationsCheck usage of remainder and reciprocal operations (Simulink Check)
hisl_0005: Usage of Product blocksNot applicable
hisl_0006: Usage of While Iterator blocksCheck usage of While Iterator blocks (Simulink Check)
hisl_0008: Usage of For Iterator BlocksCheck usage of For Iterator blocks (Simulink Check)
hisl_0010: Usage of If blocks and If Action Subsystem blocksCheck usage of If blocks and If Action Subsystem blocks (Simulink Check)
hisl_0011: Usage of Switch Case blocks and Action Subsystem blocksCheck usage of Switch Case blocks and Switch Case Action Subsystem blocks (Simulink Check)
hisl_0016: Usage of blocks that compute relational operatorsCheck relational comparisons on floating-point signals (Simulink Check)
hisl_0017: Usage of blocks that compute relational operators (2)Check usage of Relational Operator blocks (Simulink Check)
hisl_0018: Usage of Logical Operator blockCheck usage of Logical Operator blocks (Simulink Check)
hisl_0019: Usage of bitwise operationsCheck usage of bit operation blocks (Simulink Check)
hisl_0020: Blocks not recommended for MISRA C:2012 compliance

Check for blocks not recommended for C/C++ production code deployment (Simulink Check)

Check for blocks not recommended for MISRA C:2012

hisl_0029: Usage of Assignment blocksCheck usage of Assignment blocks (Simulink Check)
hisl_0032: Model element namesCheck model object names (Simulink Check)
hisl_0045: Configuration Parameters > Math and Data Types > Implement logic signals as Boolean data (vs. double)Check safety-related optimization settings for logic signals (Simulink Check)
hisl_0053: Configuration Parameters > Code Generation > Optimization > Remove code from floating-point to integer conversions that wraps out-of-range valuesCheck safety-related optimization settings for data type conversions (Simulink Check)
hisl_0054: Configuration Parameters > Code Generation > Optimization > Remove code that protects against division arithmetic exceptionsCheck safety-related optimization settings for division arithmetic exceptions (Simulink Check)
hisl_0060: Configuration parameters that improve MISRA C:2012 complianceCheck configuration parameters for MISRA C:2012
hisl_0061: Unique identifiers for clarityCheck Stateflow charts for uniquely defined data objects (Simulink Check)
hisl_0062: Global variables in graphical functionsCheck global variables in graphical functions (Simulink Check)
hisl_0063: Length of user-defined object names to improve MISRA C:2012 complianceCheck for length of user-defined object names (Simulink Check)
hisl_0101: Prevent operations that result in dead logic to improve code complianceNot applicable
hisl_0102: Data type of loop control variables to improve MISRA C:2012 complianceCheck data type of loop control variables (Simulink Check)
hisl_0314: Configuration Parameters > Diagnostics > Data Validity > SignalsCheck safety-related diagnostic settings for signal data (Simulink Check)
hisf_0004: Protect against recursive function calls to improve code complianceNot applicable
hisf_0065: Type cast operations in Stateflow to improve code complianceCheck assignment operations in Stateflow Charts (Simulink Check)
hisf_0211: Protect against use of unary operators in Stateflow Charts to improve code complianceCheck Stateflow charts for unary operators (Simulink Check)

See Also

|