1

As I am working on a topic related to MISRA, I had some doubts about this line of code:

int *a = (int *) malloc( 12 );

as rule 11.5 [A] "A conversion should not be performed from pointer to void into pointer to object" is being raised here.

my question is: is that line of code considered as an explicit cast, or implicit conversion?

Lundin
  • 195,001
  • 40
  • 254
  • 396
Zimo93
  • 31
  • 4
  • 1
    This is an explicit cast: `(int*)`. If you remove that, you will get an implicit conversion. But AFAIR it will not really matter w.r.t. MISRA. – Gerhardh Jan 11 '23 at 14:51
  • 2
    A side note: you should not cast the result of `malloc`, see: https://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc. – wohlstad Jan 11 '23 at 14:54
  • @wohlstad yes you're right. It's just a test triggering some MISRA rules as I am implementing/fixing some bugs – Zimo93 Jan 11 '23 at 14:59
  • @Gerhardh Implicit conversion from `void*` to a pointer to object is also a MISRA C violation actually. And rightly so; the presence of `void*` in a safety-related code base is highly questionable. It does make it a pain in the neck to use certain standard lib functions under MISRA C however. Sometimes a MISRA compliant, verified lib is used over the compiler's standard lib. – Lundin Jan 11 '23 at 15:07
  • @Lundin that is what I meant. MISRA doesn't like the cast and also not the implicit conversion. Changing this detail won't change the result of MISRA check. And, yes. Using some libraries like MCU vendors Flash functions etc. that also take `void*` to define the address is a pain. ;) – Gerhardh Jan 11 '23 at 15:10
  • Although discussing whether or not you should cast the result of malloc in a MISRA application is like discussing if you should remove your shoes or not before jumping down from the Eiffel tower... There's no assessor with mediocre or better C skills which will allow `malloc` and you simply can't argue in favour of a deviation. – Lundin Jan 11 '23 at 15:14
  • @AhmedAbdelkefi Both rules say _conversion_ so that means either implicit conversion during assignment or explicit conversion using casts. Basically they've effectively banned all use of void pointers, if you are to follow every advisory rule of MISRA. Also, the C language in itself allows no other implicit pointer conversions than those allowed under the rules of assignment (void pointers, null pointer constants etc). – Lundin Jan 11 '23 at 15:20

1 Answers1

2

Conversions can be either implicit or explicit. An explicit conversion is done using the (type) cast operator. Thus casts are always explicit and there is no such thing as an "implicit cast".

Also using malloc is a massive MISRA C violation in itself, much more serious than the cast.

Lundin
  • 195,001
  • 40
  • 254
  • 396
  • Thanks for the answer. This is just a test for misra implementation I am doing/fixing. – Zimo93 Jan 11 '23 at 14:57
  • also, Can we say that Rules 11.5 are only addressing explicit conversions? or can also cover implicit ones? – Zimo93 Jan 11 '23 at 15:19
  • @AhmedAbdelkefi Simply view the examples below 11.5. `p16 = p;` where `p` is a void pointer is non-compliant. – Lundin Jan 11 '23 at 15:22
  • R.11.5 states "A conversion..." which covers both implicit and explicit – Andrew Jan 12 '23 at 18:36