1

I get this error in PC-Lint (au-misra-cpp.lnt):

error 1960: (Note -- Violates MISRA C++ 2008 Required Rule 5-2-12, Array type passed to function expecting a pointer)

On this code:

_IDs["key"] = "value";

The _IDs is declared as:

std::map<std::string,std::string> _IDs;

also tried changing to:

_IDs.insert("key","value");

But get the same error.

How do I get the code to be misra compliant?

MathiasWestin
  • 251
  • 4
  • 18
  • Does MISRA have anything to say about not using [reserved names](http://stackoverflow.com/questions/228783/)? If not, the C++ standard certainly does. – Mike Seymour May 31 '13 at 08:52
  • Yes, it dislikes the underscores. Violates MISRA C++ 2008 Required Rule 17-0-2, Re-use of C++ identifier pattern. – MathiasWestin May 31 '13 at 09:23

2 Answers2

6

The violated rule is calling std::string::string(const CharT* s, const Allocator& alloc = Allocator()), which will decay from char const [] to a char pointer.

The solution, I think, is to cast explicitely to a pointer type:

_IDs[static_cast<char const *>("key")] = static_cast<char const *>("value");

However, I would suggest not using (or at least upgrading) a linter that warns when you actually use std::string.

Also note that you can't call std::map::insert the way you try to do it. There is no overload which takes the key and the value directly, instead there is an overload which takes a pair consisting of the key and the value. See here overload number 1.

Stephan Dollberg
  • 32,985
  • 16
  • 81
  • 107
slaphappy
  • 6,894
  • 3
  • 34
  • 59
  • 5
    It's obvious how following MISRA produces easier-to-read and easier-to-maintain code :-P – Angew is no longer proud of SO May 31 '13 at 08:42
  • 1
    @Angew: The purpose of MISRA is to make code *harder* to read and maintain. That way, it's less likely that a maintainer will think they understand the code, and make breaking changes based on incomplete knowledge. By transforming the code into gibberish, MISRA forces a complete analysis before making even the smallest change. Hence, more stable code. – Mike Seymour May 31 '13 at 08:49
  • @MikeSeymour Interesting approach. However, I'd say it also makes code much harder to review/verify in the first place. Still, I (kind of) see the point you raise. – Angew is no longer proud of SO May 31 '13 at 09:14
  • The static cast handles the violation of 5-2-12. – MathiasWestin May 31 '13 at 09:16
  • @Angew: Again, by making these things harder, the obfuscation caused by MISRA forces reviewers to analyse the code in excruciating detail. There is no temptation to gloss over the parts that are "obviously" correct, since nothing is obvious. That would be insane for most software development; but for safety-critical code, you need to treat every line as potentially hostile, and making every line unreadable is one way to achieve that. – Mike Seymour May 31 '13 at 10:28
  • @MikeSeymour: I'm confused - you weren't being sarcastic? – Michael Burr May 31 '13 at 15:24
  • @MichaelBurr: I was begin half sarcastic; but this seems to be the only real justification for claiming that a pile of insanely restrictive rules can improve software reliability. (Of course, it also serves to bludgeon any potential creativity out of developers, which might also lead to fewer bugs.) Disclaimer: I don't write safety-critical code, and have never experienced rules like this first-hand. – Mike Seymour May 31 '13 at 15:29
3
// a template function that takes an array of char 
//  and returns a std::string constructed from it
//
// This function safely 'converts' the array to a pointer
//  to it's first element, just like the compiler would
//  normally do, but this should avoid diagnostic messages
//  from very restrictive lint settings that don't approve
//  of passing arrays to functions that expect pointers.
template <typename T, size_t N>
std::string str( T (&arr)[N])
{
    return std::string(&arr[0]);
}

Using the above template function, you should be able to get past the linter like so:

_IDs[str("key")] = str("value");

As an aside - I'm surprised lint isn't complaining that _IDs is a reserved name - you should avoid leading underscores in C or C++, especially when used along with caps.

Michael Burr
  • 333,147
  • 50
  • 533
  • 760