1

I need someone who has more experience with MISRA to help me to solve this. I have the following code:

byte* buf = new(std::nothrow) byte[bufferSize];

.....
for (uint32_t i = 0; i < bufferSize; i+=4)
{

..............
                        {
buf[ i+0 ] = b;
buf[ i+1 ] = g;
buf[ i+2 ] = r;

(1) Event misra_violation:  [Required] MISRA C++-2008 Rule 5-0-15 violation: Array indexing shall be the only form of pointer arithmetic.
buf[ i+3 ] = a;

}

MISRA Rule 5-0-15 doesn't allow also ptr++ or ptr--. What should be the approach here to increment/decrement and assign values using pointers created by new?

My MISRA checker is Coverity 7.0.3.3.

Baj Mile
  • 750
  • 1
  • 8
  • 17
  • 1
    It looks like a bug in your MISRA checker. – n. m. could be an AI Dec 01 '15 at 08:20
  • Please name which tool you are using so they get shamed in public. Seems like the best way to force all these crappy tools to either improve or get forced off the market. – Lundin Dec 01 '15 at 08:30
  • 2
    Your loop runs off the end of the buffer, unless `bufferSize` is a multiple of 4 – M.M Dec 01 '15 at 08:34
  • What are `b,g,r,a`? Perhaps `a` is not what you think it is. – M.M Dec 01 '15 at 08:36
  • To confirm whether the bug is in the code or the analyzer , post a [MCVE](http://stackoverflow.com/help/mcve) that shows the same problem – M.M Dec 01 '15 at 08:37
  • I am using Coverity 7.0.3.3, I guess it is a little old. – Baj Mile Dec 01 '15 at 08:55
  • Coverity is a bug checking tool, but I guess every tool and its mother is claiming MISRA these days. Get a real MISRA checking tool. – Veriloud Dec 01 '15 at 13:16
  • 1
    The error clearly points out the array indexing as the MISRA violation, but there is no violation of the array indexing rule here. There's no need to post another example to see that. It could of course be that the tool found another error but displays the wrong message, but none the less the tool is still broken. – Lundin Dec 01 '15 at 14:12

3 Answers3

2

There is no problem with your code. It uses array indexing as required. Your static analyser is broken.

Lundin
  • 195,001
  • 40
  • 254
  • 396
2

I feel the "for" should have condition with "i+3".

for (uint32_t i = 0; i+3 < bufferSize; i+=4)

This could solve the problem. Let me know if it solves.

Gladvin
  • 21
  • 5
  • Could explain your solution?) – Rocketq Mar 24 '17 at 07:24
  • 1
    Inside the "for" loop, we are accessing the element i+3, (also we are incrementing the loop "i+=4") this means we should be checking if i+3 is satisfying the bufferSize. Apologies for the delay. – Gladvin Jul 18 '18 at 11:08
-1

Ok, I found a way this to work:

byte* buf = new(std::nothrow) byte[bufferSize];
.....
for (uint32_t i = 0; i < bufferSize; i+=4)
{
  ..............           
  uint32_t k = i;
  buf[k] = b;
  k++;
  buf[k] = g;
  k++;
  buf[k] = r;
  k++;
  buf[k] = a;
}

It seems that MISRA does not likes the index arithmetic to be inside the [] brackets. I am not sure if this is not a bug in the tool, maybe it is fixed in the newer Coverity tools.

The following DO NOT work ( MISRA again complains with Rule 5-0-15 violation):

byte* buf = new(std::nothrow) byte[bufferSize];
.....
for (uint32_t i = 0; i < bufferSize; i+=4)
{
  ..............           
  uint32_t k = i;
  buf[k++] = b;
  buf[k++] = g;
  buf[k++] = r;
  buf[k++] = a;
}
Baj Mile
  • 750
  • 1
  • 8
  • 17
  • 1
    Your original code was fine, there was no need to change anything. The 2nd example in this answer violates another (very sound) MISRA rule: never mix the `++` operator with other operators in the same expression. – Lundin Dec 01 '15 at 14:08
  • 5
    In particular: _do not change the code unless you actually understand the MISRA rule yourself_. To blindly follow the warnings of a crappy static analyser tool will cause more bugs, more dangerous practice and worse code than what you originally had. Trust me, I've seen this happen many times. Read and understand the MISRA rule before making code changes. If you don't understand the rule, ask another question on Stack Overflow. – Lundin Dec 01 '15 at 14:17
  • "It seems that MISRA does not likes the index arithmetic to be inside the [] brackets" Obviously you don't have the standard, its $40 bucks at misra-c.com. Rule 5-0-15 says "Array indexing is the only acceptable form of pointer arithmetic." This rule is about avoiding explicit calculation of pointer values. – Veriloud Dec 01 '15 at 16:45
  • I have /MISRA-Cpp-2008.pdf, it is free, I know that MISRA disallows pointer arithmetic. Thus *(ptr + 5) should be replaced with ptr[5]. Also *ptr++ and *ptr-- are disallowed by MISRA. But I am not using this and I don't understand why the Coverity prints this for expressions inside the brackets []. I was already answered that there is no problem with the 5-0-15 of the above code but I am waiting at Coverity to confirm this. Generally it works quite well but such unclear prints loses the developers too much time to investigate. – Baj Mile Dec 02 '15 at 16:23