Fix MISRA violations for Kernel release V11.2.0 (#1251)
* Fix MISRA violations for Kernel release V11.2.0
* Fix formatting
* Remove redundant configASSERT in timers.c
diff --git a/MISRA.md b/MISRA.md
index b594103..87ff4cb 100644
--- a/MISRA.md
+++ b/MISRA.md
@@ -120,8 +120,8 @@
MISRA C-2012 Rule 14.3: Controlling expressions shall not be invariant.
_Ref 14.3_
- - The `configMAX_TASK_NAME_LEN` and `taskRESERVED_TASK_NAME_LENGTH` are
- evaluated to constants at compile time and may vary based on the build
+ - The `configMAX_TASK_NAME_LEN` , `taskRESERVED_TASK_NAME_LENGTH` and `SIZE_MAX`
+ are evaluated to constants at compile time and may vary based on the build
configuration.
#### Rule 18.1
diff --git a/examples/coverity/coverity_misra.config b/examples/coverity/coverity_misra.config
index d80ddb5..6311428 100644
--- a/examples/coverity/coverity_misra.config
+++ b/examples/coverity/coverity_misra.config
@@ -4,6 +4,10 @@
"title": "Coverity MISRA Configuration",
"deviations" : [
{
+ "deviation": "Rule 1.2",
+ "reason": "Allow use of __attribute__ for necessary functions placement in specific memory regions."
+ },
+ {
"deviation": "Rule 3.1",
"reason": "We post HTTP links in code comments which contain // inside comments blocks."
},
diff --git a/queue.c b/queue.c
index 688fb31..e91d9e3 100644
--- a/queue.c
+++ b/queue.c
@@ -513,7 +513,10 @@
/* Check for multiplication overflow. */
( ( SIZE_MAX / uxQueueLength ) >= uxItemSize ) &&
/* Check for addition overflow. */
- ( ( SIZE_MAX - sizeof( Queue_t ) ) >= ( size_t ) ( uxQueueLength * uxItemSize ) ) )
+ /* MISRA Ref 14.3.1 [Configuration dependent invariant] */
+ /* More details at: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/main/MISRA.md#rule-143. */
+ /* coverity[misra_c_2012_rule_14_3_violation] */
+ ( ( SIZE_MAX - sizeof( Queue_t ) ) >= ( size_t ) ( ( size_t ) uxQueueLength * ( size_t ) uxItemSize ) ) )
{
/* Allocate enough space to hold the maximum number of items that
* can be in the queue at any time. It is valid for uxItemSize to be
diff --git a/tasks.c b/tasks.c
index def843f..24cfb26 100644
--- a/tasks.c
+++ b/tasks.c
@@ -2016,7 +2016,7 @@
pxNewTCB->xTaskRunState = taskTASK_NOT_RUNNING;
/* Is this an idle task? */
- if( ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) prvIdleTask ) || ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) prvPassiveIdleTask ) )
+ if( ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) ( &prvIdleTask ) ) || ( ( TaskFunction_t ) pxTaskCode == ( TaskFunction_t ) ( &prvPassiveIdleTask ) ) )
{
pxNewTCB->uxTaskAttributes |= taskATTRIBUTE_IS_IDLE;
}
@@ -3573,7 +3573,7 @@
{
#if ( configNUMBER_OF_CORES == 1 )
{
- pxIdleTaskFunction = prvIdleTask;
+ pxIdleTaskFunction = &prvIdleTask;
}
#else /* #if ( configNUMBER_OF_CORES == 1 ) */
{
@@ -3582,11 +3582,11 @@
* run when no other task is available to run. */
if( xCoreID == 0 )
{
- pxIdleTaskFunction = prvIdleTask;
+ pxIdleTaskFunction = &prvIdleTask;
}
else
{
- pxIdleTaskFunction = prvPassiveIdleTask;
+ pxIdleTaskFunction = &prvPassiveIdleTask;
}
}
#endif /* #if ( configNUMBER_OF_CORES == 1 ) */
@@ -3603,7 +3603,7 @@
* name will contain an incorrect ASCII character. This is
* acceptable as the task name is used mainly for debugging. */
cIdleName[ xIdleTaskNameIndex ] = ( char ) ( xCoreID + '0' );
- cIdleName[ xIdleTaskNameIndex + 1 ] = '\0';
+ cIdleName[ xIdleTaskNameIndex + 1U ] = '\0';
}
#endif /* if ( configNUMBER_OF_CORES > 1 ) */
diff --git a/timers.c b/timers.c
index 03765fe..1bc40bc 100644
--- a/timers.c
+++ b/timers.c
@@ -257,7 +257,7 @@
configSTACK_DEPTH_TYPE uxTimerTaskStackSize;
vApplicationGetTimerTaskMemory( &pxTimerTaskTCBBuffer, &pxTimerTaskStackBuffer, &uxTimerTaskStackSize );
- xTimerTaskHandle = xTaskCreateStaticAffinitySet( prvTimerTask,
+ xTimerTaskHandle = xTaskCreateStaticAffinitySet( &prvTimerTask,
configTIMER_SERVICE_TASK_NAME,
uxTimerTaskStackSize,
NULL,
@@ -273,7 +273,7 @@
}
#else /* if ( configSUPPORT_STATIC_ALLOCATION == 1 ) */
{
- xReturn = xTaskCreateAffinitySet( prvTimerTask,
+ xReturn = xTaskCreateAffinitySet( &prvTimerTask,
configTIMER_SERVICE_TASK_NAME,
configTIMER_TASK_STACK_DEPTH,
NULL,
@@ -292,7 +292,7 @@
configSTACK_DEPTH_TYPE uxTimerTaskStackSize;
vApplicationGetTimerTaskMemory( &pxTimerTaskTCBBuffer, &pxTimerTaskStackBuffer, &uxTimerTaskStackSize );
- xTimerTaskHandle = xTaskCreateStatic( prvTimerTask,
+ xTimerTaskHandle = xTaskCreateStatic( &prvTimerTask,
configTIMER_SERVICE_TASK_NAME,
uxTimerTaskStackSize,
NULL,
@@ -307,7 +307,7 @@
}
#else /* if ( configSUPPORT_STATIC_ALLOCATION == 1 ) */
{
- xReturn = xTaskCreate( prvTimerTask,
+ xReturn = xTaskCreate( &prvTimerTask,
configTIMER_SERVICE_TASK_NAME,
configTIMER_TASK_STACK_DEPTH,
NULL,
@@ -458,11 +458,9 @@
traceENTER_xTimerGenericCommandFromTask( xTimer, xCommandID, xOptionalValue, pxHigherPriorityTaskWoken, xTicksToWait );
- configASSERT( xTimer );
-
/* Send a message to the timer service task to perform a particular action
* on a particular timer definition. */
- if( xTimerQueue != NULL )
+ if( ( xTimerQueue != NULL ) && ( xTimer != NULL ) )
{
/* Send a command to the timer service task to start the xTimer timer. */
xMessage.xMessageID = xCommandID;
@@ -509,11 +507,9 @@
traceENTER_xTimerGenericCommandFromISR( xTimer, xCommandID, xOptionalValue, pxHigherPriorityTaskWoken, xTicksToWait );
- configASSERT( xTimer );
-
/* Send a message to the timer service task to perform a particular action
* on a particular timer definition. */
- if( xTimerQueue != NULL )
+ if( ( xTimerQueue != NULL ) && ( xTimer != NULL ) )
{
/* Send a command to the timer service task to start the xTimer timer. */
xMessage.xMessageID = xCommandID;
@@ -974,110 +970,117 @@
* software timer. */
pxTimer = xMessage.u.xTimerParameters.pxTimer;
- if( listIS_CONTAINED_WITHIN( NULL, &( pxTimer->xTimerListItem ) ) == pdFALSE )
+ if( pxTimer != NULL )
{
- /* The timer is in a list, remove it. */
- ( void ) uxListRemove( &( pxTimer->xTimerListItem ) );
+ if( listIS_CONTAINED_WITHIN( NULL, &( pxTimer->xTimerListItem ) ) == pdFALSE )
+ {
+ /* The timer is in a list, remove it. */
+ ( void ) uxListRemove( &( pxTimer->xTimerListItem ) );
+ }
+ else
+ {
+ mtCOVERAGE_TEST_MARKER();
+ }
+
+ traceTIMER_COMMAND_RECEIVED( pxTimer, xMessage.xMessageID, xMessage.u.xTimerParameters.xMessageValue );
+
+ /* In this case the xTimerListsWereSwitched parameter is not used, but
+ * it must be present in the function call. prvSampleTimeNow() must be
+ * called after the message is received from xTimerQueue so there is no
+ * possibility of a higher priority task adding a message to the message
+ * queue with a time that is ahead of the timer daemon task (because it
+ * pre-empted the timer daemon task after the xTimeNow value was set). */
+ xTimeNow = prvSampleTimeNow( &xTimerListsWereSwitched );
+
+ switch( xMessage.xMessageID )
+ {
+ case tmrCOMMAND_START:
+ case tmrCOMMAND_START_FROM_ISR:
+ case tmrCOMMAND_RESET:
+ case tmrCOMMAND_RESET_FROM_ISR:
+ /* Start or restart a timer. */
+ pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE;
+
+ if( prvInsertTimerInActiveList( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow, xMessage.u.xTimerParameters.xMessageValue ) != pdFALSE )
+ {
+ /* The timer expired before it was added to the active
+ * timer list. Process it now. */
+ if( ( pxTimer->ucStatus & tmrSTATUS_IS_AUTORELOAD ) != 0U )
+ {
+ prvReloadTimer( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow );
+ }
+ else
+ {
+ pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
+ }
+
+ /* Call the timer callback. */
+ traceTIMER_EXPIRED( pxTimer );
+ pxTimer->pxCallbackFunction( ( TimerHandle_t ) pxTimer );
+ }
+ else
+ {
+ mtCOVERAGE_TEST_MARKER();
+ }
+
+ break;
+
+ case tmrCOMMAND_STOP:
+ case tmrCOMMAND_STOP_FROM_ISR:
+ /* The timer has already been removed from the active list. */
+ pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
+ break;
+
+ case tmrCOMMAND_CHANGE_PERIOD:
+ case tmrCOMMAND_CHANGE_PERIOD_FROM_ISR:
+ pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE;
+ pxTimer->xTimerPeriodInTicks = xMessage.u.xTimerParameters.xMessageValue;
+ configASSERT( ( pxTimer->xTimerPeriodInTicks > 0 ) );
+
+ /* The new period does not really have a reference, and can
+ * be longer or shorter than the old one. The command time is
+ * therefore set to the current time, and as the period cannot
+ * be zero the next expiry time can only be in the future,
+ * meaning (unlike for the xTimerStart() case above) there is
+ * no fail case that needs to be handled here. */
+ ( void ) prvInsertTimerInActiveList( pxTimer, ( xTimeNow + pxTimer->xTimerPeriodInTicks ), xTimeNow, xTimeNow );
+ break;
+
+ case tmrCOMMAND_DELETE:
+ #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 )
+ {
+ /* The timer has already been removed from the active list,
+ * just free up the memory if the memory was dynamically
+ * allocated. */
+ if( ( pxTimer->ucStatus & tmrSTATUS_IS_STATICALLY_ALLOCATED ) == ( uint8_t ) 0 )
+ {
+ vPortFree( pxTimer );
+ }
+ else
+ {
+ pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
+ }
+ }
+ #else /* if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) */
+ {
+ /* If dynamic allocation is not enabled, the memory
+ * could not have been dynamically allocated. So there is
+ * no need to free the memory - just mark the timer as
+ * "not active". */
+ pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
+ }
+ #endif /* configSUPPORT_DYNAMIC_ALLOCATION */
+ break;
+
+ default:
+ /* Don't expect to get here. */
+ break;
+ }
}
else
{
mtCOVERAGE_TEST_MARKER();
}
-
- traceTIMER_COMMAND_RECEIVED( pxTimer, xMessage.xMessageID, xMessage.u.xTimerParameters.xMessageValue );
-
- /* In this case the xTimerListsWereSwitched parameter is not used, but
- * it must be present in the function call. prvSampleTimeNow() must be
- * called after the message is received from xTimerQueue so there is no
- * possibility of a higher priority task adding a message to the message
- * queue with a time that is ahead of the timer daemon task (because it
- * pre-empted the timer daemon task after the xTimeNow value was set). */
- xTimeNow = prvSampleTimeNow( &xTimerListsWereSwitched );
-
- switch( xMessage.xMessageID )
- {
- case tmrCOMMAND_START:
- case tmrCOMMAND_START_FROM_ISR:
- case tmrCOMMAND_RESET:
- case tmrCOMMAND_RESET_FROM_ISR:
- /* Start or restart a timer. */
- pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE;
-
- if( prvInsertTimerInActiveList( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow, xMessage.u.xTimerParameters.xMessageValue ) != pdFALSE )
- {
- /* The timer expired before it was added to the active
- * timer list. Process it now. */
- if( ( pxTimer->ucStatus & tmrSTATUS_IS_AUTORELOAD ) != 0U )
- {
- prvReloadTimer( pxTimer, xMessage.u.xTimerParameters.xMessageValue + pxTimer->xTimerPeriodInTicks, xTimeNow );
- }
- else
- {
- pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
- }
-
- /* Call the timer callback. */
- traceTIMER_EXPIRED( pxTimer );
- pxTimer->pxCallbackFunction( ( TimerHandle_t ) pxTimer );
- }
- else
- {
- mtCOVERAGE_TEST_MARKER();
- }
-
- break;
-
- case tmrCOMMAND_STOP:
- case tmrCOMMAND_STOP_FROM_ISR:
- /* The timer has already been removed from the active list. */
- pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
- break;
-
- case tmrCOMMAND_CHANGE_PERIOD:
- case tmrCOMMAND_CHANGE_PERIOD_FROM_ISR:
- pxTimer->ucStatus |= ( uint8_t ) tmrSTATUS_IS_ACTIVE;
- pxTimer->xTimerPeriodInTicks = xMessage.u.xTimerParameters.xMessageValue;
- configASSERT( ( pxTimer->xTimerPeriodInTicks > 0 ) );
-
- /* The new period does not really have a reference, and can
- * be longer or shorter than the old one. The command time is
- * therefore set to the current time, and as the period cannot
- * be zero the next expiry time can only be in the future,
- * meaning (unlike for the xTimerStart() case above) there is
- * no fail case that needs to be handled here. */
- ( void ) prvInsertTimerInActiveList( pxTimer, ( xTimeNow + pxTimer->xTimerPeriodInTicks ), xTimeNow, xTimeNow );
- break;
-
- case tmrCOMMAND_DELETE:
- #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 )
- {
- /* The timer has already been removed from the active list,
- * just free up the memory if the memory was dynamically
- * allocated. */
- if( ( pxTimer->ucStatus & tmrSTATUS_IS_STATICALLY_ALLOCATED ) == ( uint8_t ) 0 )
- {
- vPortFree( pxTimer );
- }
- else
- {
- pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
- }
- }
- #else /* if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) */
- {
- /* If dynamic allocation is not enabled, the memory
- * could not have been dynamically allocated. So there is
- * no need to free the memory - just mark the timer as
- * "not active". */
- pxTimer->ucStatus &= ( ( uint8_t ) ~tmrSTATUS_IS_ACTIVE );
- }
- #endif /* configSUPPORT_DYNAMIC_ALLOCATION */
- break;
-
- default:
- /* Don't expect to get here. */
- break;
- }
}
}
}
