MISRA 17.12 fixes, justifications for other reporting issues. (#1372)
* [8.6] Suppress declaration without definitions warnings
This is expected from the portable header as it is
implemented by the port.
* [21.3] Document unsupressed deviation
Deviations which are unsupressed should be
documented for user awareness.
* [2.2] Disclose dead code warning
* [2.1] Justify unreachable code in example
* [17.12] Add addressing operator to callback function
This is required to disambiguate a function call and a
function to-be called
* [4.12] Explain deviation for dynamic allocation
* [8.6] Remove suppression, instead explain reporting
* Suppress false null dereference
Coverity provides a false positive
of pxQueueSetContainer being null.
diff --git a/MISRA.md b/MISRA.md
index 87ff4cb..5016e7b 100644
--- a/MISRA.md
+++ b/MISRA.md
@@ -19,6 +19,7 @@
```
#### Dir 4.7
+
MISRA C:2012 Dir 4.7: If a function returns error information, then that error
information shall be tested.
@@ -143,3 +144,90 @@
- The Standard Library function snprintf is used in vTaskListTasks and
vTaskGetRunTimeStatistics APIs, both of which are utility functions only and
are not considered part of core kernel implementation.
+
+### Unsuppressed Deviations
+
+Certain deviating code is left unsuppressed for awareness. These violations
+will be reported when audited by a MISRA-checking static analysis tool.
+
+Some of these unsuppressed exceptions correspond to example code provided
+either for demonstration or verification of the FreeRTOS kernel. This code
+is not considered part of the kernel implementation and should not be used
+in an application.
+
+Other unsuppressed violations are left present in the kernel implementation
+as implementations, code, or other missing functionality being flagged for
+violations will be present with the porting layer provided by the
+application. The presence of these errors after providing a port indicates
+a valid MISRA issue.
+
+#### Rule 2.1
+
+MISRA C:2012 Dir 2.1: A project shall not contain unreachable code
+
+_Ref 2.1_
+ - Simplified example contains unreachable code for demonstration of
+ FreeRTOS scheduler. A production implementation should not contain
+ this.
+
+ Affected Files:
+ - examples/cmake_example/main.c
+
+#### Rule 2.2
+
+MISRA C:2012 Dir 2.2: There shall be no dead code.
+
+_Ref 2.2_
+ - `vPortEndScheduler` is erroneously determined to be dead code due to
+ the use of a simplified verification port.
+
+ Affected Files:
+ - tasks.c
+
+#### Dir 4.12
+
+MISRA C:2012 Dir 4.12: Dynamic allocation shall not be used
+
+_Ref 4.12_
+ - Heap memory solutions utilize pvPortMalloc/vPortFree to provide heap
+ memory for dynamic object allocation. These functions may rely upon
+ the malloc/free of the underlying port. Static allocation is recommended
+ for MISRA compliant applications.
+
+ Affected Files:
+ - portable/MemMang/heap_*.c
+
+
+#### Rule 8.6
+
+MISRA C:2012 Rule 8.6: An identifier with external linkage shall have exactly
+one external definition.
+
+_Ref 8.6.1_
+ - Port layer function declarations are provided without corresponding
+ implementations to provide for ease of porting to a device. These definitions
+ cannot be implemented until a port is selected.
+
+#### Rule 21.3
+
+MISRA C-2012 Rule 21.3: The memory allocation and deallocation functions of
+<stdlib.h> shall not be used.
+
+_Ref 21.3_
+ - See justification from Directive 4.12
+
+ Affected Files:
+ - portable/MemMang/heap_*.c
+
+#### Rule 21.6
+
+MISRA C-2012 Rule 21.6: The Standard Library input/output functions shall not
+be used.
+
+_Ref 21.6.1_
+ - The Standard Library function `printf` is used in examples to provide a
+ simple getting started demonstration. This example is not considered part
+ of the kernel implementation.
+
+ Affected Files:
+ - examples/cmake_example/main.c
diff --git a/event_groups.c b/event_groups.c
index 7c5c15d..c69b965 100644
--- a/event_groups.c
+++ b/event_groups.c
@@ -511,7 +511,7 @@
traceENTER_xEventGroupClearBitsFromISR( xEventGroup, uxBitsToClear );
traceEVENT_GROUP_CLEAR_BITS_FROM_ISR( xEventGroup, uxBitsToClear );
- xReturn = xTimerPendFunctionCallFromISR( vEventGroupClearBitsCallback, ( void * ) xEventGroup, ( uint32_t ) uxBitsToClear, NULL );
+ xReturn = xTimerPendFunctionCallFromISR( &vEventGroupClearBitsCallback, ( void * ) xEventGroup, ( uint32_t ) uxBitsToClear, NULL );
traceRETURN_xEventGroupClearBitsFromISR( xReturn );
@@ -823,7 +823,7 @@
traceENTER_xEventGroupSetBitsFromISR( xEventGroup, uxBitsToSet, pxHigherPriorityTaskWoken );
traceEVENT_GROUP_SET_BITS_FROM_ISR( xEventGroup, uxBitsToSet );
- xReturn = xTimerPendFunctionCallFromISR( vEventGroupSetBitsCallback, ( void * ) xEventGroup, ( uint32_t ) uxBitsToSet, pxHigherPriorityTaskWoken );
+ xReturn = xTimerPendFunctionCallFromISR( &vEventGroupSetBitsCallback, ( void * ) xEventGroup, ( uint32_t ) uxBitsToSet, pxHigherPriorityTaskWoken );
traceRETURN_xEventGroupSetBitsFromISR( xReturn );
diff --git a/examples/cmake_example/main.c b/examples/cmake_example/main.c
index 96a2abf..4b7ad5c 100644
--- a/examples/cmake_example/main.c
+++ b/examples/cmake_example/main.c
@@ -69,7 +69,7 @@
( void ) printf( "Example FreeRTOS Project\n" );
- ( void ) xTaskCreateStatic( exampleTask,
+ ( void ) xTaskCreateStatic( &exampleTask,
"example",
configMINIMAL_STACK_SIZE,
NULL,
diff --git a/queue.c b/queue.c
index a967839..25613bf 100644
--- a/queue.c
+++ b/queue.c
@@ -3343,6 +3343,8 @@
configASSERT( pxQueueSetContainer ); /* LCOV_EXCL_BR_LINE */
configASSERT( pxQueueSetContainer->uxMessagesWaiting < pxQueueSetContainer->uxLength );
+ /* pxQueue->pxQueueSetContainer is verified to be non-null by caller. */
+ /* coverity[dereference] */
if( pxQueueSetContainer->uxMessagesWaiting < pxQueueSetContainer->uxLength )
{
const int8_t cTxLock = pxQueueSetContainer->cTxLock;
