• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 53 subscribers
  • Views 3350 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

How to circumvent MISRA warning 10.1?

Helge Kruse
Intellectual 435 points

My code needs to multiply two values. I did not succeed to suppress the warning with any cast. How do I safely multiply by 60?

typedef struct { uint8_t uHour, uMinute, uSecond } STime;
const uint8_t MinutesPerHour = 60u;
STime Time = { 0u, 0u, 0u };
uint16_t u;
u = Time.uHour;
u = MinutesPerHour;
u = (Time.uHour * MinutesPerHour);
u = (uint16_t)(Time.uHour * MinutesPerHour);

I get the MISRA warning 10.1 for the last two lines.

  • 0
    Mastermind 6240 points

    Helge,

    Try casting the two variables that are multiplied:

    u = ((uint16_t)Time.uHour * (uint16_t)MinutesPerHour);
    u = ((uint16_t)Time.uHour * (uint16_t)MinutesPerHour);

    Or cast everything:

    u = (uint16_t) ((uint16_t)Time.uHour * (uint16_t)MinutesPerHour);
    u = (uint16_t) ((uint16_t)Time.uHour * (uint16_t)MinutesPerHour);

    This way the Misra warning should disappear

    Regards

  • 0 in reply to Johannes
    Intellectual 435 points

    Yes I can do so. Indeed only one cast is necessary to remove the MISRA warning. The uint8_t uHour must be cast to uint16_t:

    u = ((uint16_t)Time.uHour * MinutesPerHour);

    This avoids the implicit conversion from 8 bit unsigned to 16 bit unsigned. The conversion is necessary to perform the 16 bit multiplication. So I would say this MISRA 10.1 helped to discover a potential problem. 

    I have a new 10.1 problem that I could not resolve by myself. When I pass the integer literal to the ScaleDown function it will remove the MISRA error. But the intention is to get some value and scale down the measurement value to a stored value:

    uint8_t ScaleDown(uint16_t uRawValue)
    {
        return (uint8_t)(uRawValue >> 4);
    }
    uint8_t ScalingTest(void)
    {
        uint16_t uValue;
        uint8_t uResult;
        uValue = 123u;
        uResult = ScaleDown(uValue);
        return uResult;
    }

    The call to ScaleDown() always gives a MISRA 10.1. But I pass a uint16_t that is perfect compatible to the prototype. What's wrong with this line? Or is this another compiler bug?

     

  • 0 in reply to Helge Kruse
    TI__Guru* 84285 points

    What version of the compiler are you using?   (This is not the same as the CCS version.)

  • 0 in reply to Archaeologist
    Intellectual 435 points

    The version of the compiler is v4.0.0 It's part of the CodeComposerStudio 5.2.0.00071.

  • 0 in reply to Helge Kruse
    TI__Guru* 84285 points

    I can reproduce the behavior you are seeing with MSP430 compiler version 4.0.2, but not with 4.1.0. 

    Defect reports SDSCM00042327, SDSCM00042444, and SDSCM00042600 all report a similar problem with MISRA rule 10.1.  However, these defect reports are not marked closed.  My guess is that it was a bug, and did get fixed, but the defect reports were not updated.

    If you can upgrade to 4.1.0, the diagnostic message will go away.  In the meantime, the only workaround is to ignore it.