MISRA.PPARAM.NEEDS.CONSTPointer parameter is not used to modify the addressed object but is not declared as a pointer to const. MISRA C 2012 Rule 8.13: A pointer should point to a const-qualified type whenever possibleCategory: Advisory Analysis: Undecidable, System Applies to: C90, C99 AmplificationA pointer should point to a const-qualified type unless either:
For the purposes of simplicity, this rule is written in terms of pointers and the types that they point to. However, it applies equally to arrays and the types of the elements that they contain. An array should have elements with const-qualified type unless either:
RationaleThis rule encourages best practice by ensuring that pointers are not inadvertently used to modify objects. Conceptually, it is equivalent to initially declaring:
and then removing const-qualification only where it is necessary to comply with the constraints of the language standard. ExampleIn the following non-compliant example, p is not used to modify an object but the type to which it points is not const-qualified.
uint16_t f ( uint16_t *p )
{
return *p;
}
The code would be compliant if the function were defined with: uint16_t g ( const uint16_t *p ) The following example violates a constraint because an attempt is made to use a const-qualified pointer to modify an object. void h ( const uint16_t *p )
{
*p = 0;
}
In the following example, the pointer s is const-qualified but the type it points to is not. Since s is not used to modify an object, this is non-compliant.
#include <string.h>
char last_char ( char * const s )
{
return s[ strlen ( s ) - 1u ];
}
The code would be compliant if the function were defined with: char last_char ( const char * const s ) In this non-compliant example, none of the elements of the array a are modified but the element type is not const-qualified.
uint16_t first ( uint16_t a[ 5 ] )
{
return a[ 0 ];
}
The code would be compliant if the function were defined with: uint16_t first ( const uint16_t a[ 5 ] ) Pointer parameter is not used to modify the addressed object but is not declared as pointer to const. MISRA-C 2004 Rule 16.7 (advisory): A pointer parameter in a function prototype should be declared as pointer to const if the pointer is not used to modify the addressed object.This rule leads to greater precision in the definition of the function interface. The const qualification should be applied to the object pointed to, not to the pointer, since it is the object itself that is being protected. Example
void myfunc( int16_t * param1, const int16_t * param2, int16_t * param3)
/* param1: Addresses an object which is modified - no const
param2: Addresses an object which is not modified - const required
param3: Addresses an object which is not modified - const missing */
{
*param1 = *param2 + *param3;
return;
}
/* data at address param3 has not been changed,
but this is not const therefore not compliant */
MISRA-C++ 2008 Rule 7-1-2 (required): A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified.RationaleThis rule leads to greater precision in the definition of the function interface. The const qualification shall be applied to the object pointed to, not to the pointer, since it is the object itself that is being protected. ExceptionThis rule does not apply if the parameter object is modified by any of the functions in a set of overriding functions. Example
void myfunc( int16_t * param1,
const int16_t * param2,
int16_t * param3,
int16_t * const param4)
// param1: Addresses an object which is modified - Compliant
// param2: Addresses an object which is not modified — Compliant
// param3: Addresses an object which is not modified — Non-compliant
// param4: Addresses an object which is not modified — Non-compliant
{
*param1 = *param2 + *param3 + *param4;
// Data at address param3 and param4 have not been changed
}
|