The MISRA C coding standard was developed to preserve the features of C, while eliminating some of the pitfalls that could result in safety and security issues. The rules and directives imposed by the MISRA standard create a restricted subset of the C language. In this article, it will be discussed how applying this coding standard impacts signal processing algorithms, and how they should be coded in order to be compliant with MISRA. The image below shows an example code for a FIR filter.
This generates the following errors and warnings:
“MISRA(2012) Rule 10.7(Req): If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type.”
“MISRA(2012) Rule 13.3(Adv): A full expression containing an increment(++) or decrement(–) operator could have no other potential side effects other than that caused by the increment or decrement operator.”
Both of these apply to the temp64 += *ptemp++ * *coef++; line. The intention of Rule 10.7 is to eliminate confusion on which type is being applied to the integer(s) being evaluated. In this example, what the type of the result of the multiplication? The intention of Rule 13.3 was to eliminate any potential undefined behavior, and improve the readability of the code by using the (++) and (–) operators in isolation. In this case, the side effects are predictable, and the risk of undefined behavior is low, but MISRA does not create corner cases for rules. To make this filtering routine compliant the code needs to be change to as follows:
Note, when isolating (++) and (–) involving pointers, one should take care to evaluate the generated assembly code and ensure the compiler efficiently executes the memory accesses.
VOCAL has 35 plus experiencing developing software modules with a code base written in C. Our software is MISRA compliant with limited deviations.