Misra C 2012 Compliance

Version 9.4.2 Copyright 2013 LDRA Ltd.
Copies of this document are not to be made or distributed.
MISRA-C:2012 Standards Model Summary for C / C++

The LDRA tool suite is developed and certified to BS EN ISO 9001:2000.
This information is applicable to version 9.4.2 of the LDRA tool suite.
It is correct as of 25th September 2013.
Compliance is measured against
"MISRA C:2012 Guidelines for the use of the C language in critical systems"
2013
Copyright MISRA
Further information is available at http://www.misra.org.uk
Classification
Mandatory
Required
Advisory
Total
Enhanced
Fully
Enforcement Implemented
0
8
9
91
6
27
15
126
Partially
Implemented
2
9
5
16
Not yet
Implemented
0
0
0
0
Not statically
Checkable
0
2
0
2
LDRA Ltd. reserves the right to change any specifications contained within this document without prior notice.
The document was deemed correct at time of distribution.
Total
10
111
38
159

MISRA-C:2012 Standards Model Compliance for C / C++

Rule
Classification
D.1.1
Required
D.2.1
Required
D.3.1
Required
D.4.1
Required
D.4.2
Advisory
D.4.3
Required
D.4.4
Advisory
D.4.5
Advisory
D.4.6
Advisory
D.4.7
Required
Rule Description
Any implementation-defined
behaviour on which the output of the
program depends shall be
All source files shall compile without
any compilation errors
All code shall be traceable to
documented requirements
Run-time failures shall be minimised
All usage of assembly language

should be documented
Assembly language shall be
encapsulated and isolated
Sections of code should not be
'commented out'
Identifiers in the same namespace
with overlapping visibility should be
typographically unambiguous
typedefs that indicate size and
signedness should be used in place
of the basic numerical types
If a function returns error
information, then that error
information shall be tested
LDRA
LDRA Standard Description
Standard
69 S #pragma used.
Remainder of % op could be
584 S
negative.
43 D Divide by 0 found.
Pointer not checked for null before
45 D
use.
Divide by zero in preprocessor
248 S
directive.
629 S Divide by zero found.
17 S Code insert found.
88 S Procedure is not pure assembler.
302 S Comment possibly contains code.
217 S Names only differ by case.
Identifier is typographically
67 X
ambiguous.
90 S Basic type declaration used.
Typedef name has no size
495 S
indication.
91 D
Function return value potentially

unused.

D.4.8
Advisory
D.4.9
Advisory
D.4.10
Required
D.4.11
Required
D.4.12
Required
D.4.13
Advisory
If a pointer to a structure or union is

never dereferenced within a
translation unit, then the
implementation of the object should
be hidden
A function should be used in
preference to a function-like macro
where they are interchangeable
Precautions shall be taken in order
to prevent the contents of a header
file being included more than once
The validity of values passed to
library functions shall be checked
Dynamic memory allocation shall not
be used
Functions which are designed to
provide operations on a resource
should be called in an appropriate
sequence
104 D Structure implementation not hidden.
340 S Use of function like macro.
243 S
44 S Use of banned function or variable.
21 S
145 S
323 S
R.1.1
Required
The program shall contain no

violations of the standard C syntax
and constraints, and shall not
exceed the implementation's
translation limits
Included file not protected with

#define.
345 S
404 S
481 S
580 S
615 S
Number of parameters does not

match.
#if has invalid expression.
Switch has more than one default
case.
Bit operator with floating point
operand.
Array initialisation has too many
items.
Array with no bounds in struct.
Macro redefinition without using
#undef.
Conditional operator has
incompatible types.

R.1.2
Advisory
Language extensions should not be

used
R.1.3
Required
There shall be no occurrence of

undefined or critical unspecified
behaviour
110 S Use of single line comment //.

143 S Curly brackets used in expression.
293 S Non ANSI/ISO construct used.
Use of // comment in macro
632 S
definition.
fsetpos values not generated by
82 D
fgetpos.
83 D Potentially repeated call to ungetc.
84 D No fseek or flush before I/O.
Illegal shared object in signal
87 D
handler.
89 D Illegal use of raise in signal handler.
5 Q File does not end with new line.
Number of parameters does not
21 S
match.
64 S Void procedure used in expression.
65 S Void variable passed as parameter.
113 S Non standard character in source.
main must be int (void) or int
118 S
(int,char*[]).
Non standard escape sequence in
176 S
source.
296 S Function declared at block scope.
Macro call has wrong number of
324 S
parameters.
Operator defined contains illegal
335 S
items.
#if expansion contains define
336 S
operator.
Undefined behaviour, \ before E-O412 S
F.
450 S Wide string and string concatenated.
R.1.3
Required
undefined or critical unspecified

behaviour
465 S
482 S
486 S
487 S
489 S
497 S
573 S
576 S
582 S
587 S
589 S
590 S
608 S
66 X
70 X
71 X
28 D
76 D
R.2.1
Required
A project shall not contain

unreachable code
1J
3J
35 S
8D
65 D
R.2.2
Required
There shall be no dead code
105 D
57 S
Struct/union not completely

specified.
Incomplete structure referenced.
Incorrect number of formats in
output function.
Insufficient space allocated.
Insufficient space for operation.
Type is incomplete in translation
unit.
Macro concatenation of uni char
names.
Function pointer is of wrong type.
const object reassigned.
Const local variable not immediately
initialised.
Format is not appropriate type.
Mode fault in fopen.
Use of explicitly undefined language
feature.
Insufficient array space at call.
Array has insufficient space.
Insufficient space for copy.
Potentially infinite loop found.
Procedure is not called or referenced
in code analysed.
Unreachable Code found.
All internal linkage calls
unreachable.
Static procedure is not explicitly
called in code analysed.
DD data flow anomalies found.
Void function has no side effects.
DU anomaly dead code, variable
value is unused on all paths.
Statement with no side effect.

R.2.3
Advisory
R.2.4
Advisory
R.2.5
Advisory
R.2.6
Advisory
R.2.7
Advisory
R.3.1
Required
R.3.2
Required
R.4.1
Required
R.4.2
Advisory
A project should not contain unused

type declarations
tag declarations
macro declarations
A function should not contain unused
label declarations
There should be no unused
parameters in functions
The character sequences /* and //
shall not be used within a comment
Line-splicing shall not be used in //
comments
Octal and hexadecimal escape
sequences shall be terminated
Trigraphs should not be used
R.5.1
Required
External identifiers shall be distinct
User type declared but not used in

code analysed.
User type declared but not used in
413 S
code analysed.
413 S
628 S Macro not used in translation unit.

610 S Label is unused.
1 D Unused procedure parameter.
15 D Unused procedural parameter.
119 S Nested comment found.
611 S Line splice used in // comment.
176 S
81 S
17 D
61 X
R.5.2
Required
Identifiers declared in the same

scope and name space shall be
distinct
17 D
61 X
17 D
18 D
R.5.3
Required
An identifier declared in an inner

scope shall not hide an identifier
declared in an outer scope
92 S
128 S
131 S
61 X
Non standard escape sequence in

source.
Use of trigraph.
Identifier not unique within ***
characters.
Identifier match in *** chars.
characters.
characters.
Identifier name reused.
Duplicate use of a name in an
enumeration.
Parameter has same name as global
variable.
Name reused in inner scope.

384 S
R.5.4
Required
Macro identifiers shall be distinct
622 S
61 X
383 S
384 S
12 X
21 X
34 X
R.5.5
Required
Identifiers shall be distinct from

macro names
37 X
47 X
Identifier matches macro name in 31

chars.
Macro parameters are not unique
within limits.
Identifier name matches macro
name.
Identifier matches macro name in 31
chars.
Identifier reuse: tag vs macro.
Identifier reuse: typedef vs macro.
Identifier reuse: proc vs macro.
Identifier reuse: persistent var vs
macro.
Identifier reuse: component vs
macro.
48 X Identifier reuse: label vs macro (MR).
R.5.6
Required
A typedef name shall be a unique

identifier
50 X Identifier reuse: var vs macro.

Identifier reuse: proc param vs
53 X
macro.
Identifier reuse: macro vs enum
57 X
constant.
112 S Typedef name redeclared.
374 S Name conflict with typedef.
11 X Identifier reuse: tag vs typedef.
16 X Identifier reuse: typedef vs variable.
Identifier reuse: typedef vs label
17 X
(MR).
18 X Identifier reuse: typedef vs typedef.
Identifier reuse: typedef vs
19 X
procedure parameter.
20 X
typedef.
R.5.6
Required
A typedef name shall be a unique

identifier
22 X
23 X
24 X
325 S
4X
5X
6X
7X
R.5.7
Required
A tag name shall be a unique

identifier
8X
9X
10 X
11 X
13 X
14 X
15 X
1S
7X
15 X
20 X
24 X
25 X
26 X

component.
Identifier reuse: typedef vs enum
constant.
procedure.
Inconsistent use of tag.
Identifier reuse: struct/union tag
repeated.
Identifier reuse: struct vs union.
Identifier reuse: struct/union tag vs
enum tag.
Identifier reuse: tag vs procedure.
Identifier reuse: tag vs procedure
parameter.
Identifier reuse: tag vs variable.
Identifier reuse: tag vs label (MR).
Identifier reuse: tag vs typedef.
Identifier reuse: tag vs component.
Identifier reuse: tag vs enum
constant.
tag.
Procedure name reused.
tag.
typedef.
procedure.
Identifier reuse: procedure vs
procedure param.
label (MR).
Identifiers that define objects or

27 X
R.5.8
Required

functions with external linkage shall
be unique
Identifier reuse: persist var vs persist

var.
28 X Identifier reuse: persistent var vs var.

29 X
30 X
31 X
32 X
33 X

procedure.
proc param.
procedure.
Identifier reuse: procedure vs var.
Identifier reuse: procedure vs label
(MR).
35 X Identifier reuse: proc vs component.

36 X
38 X
39 X
1S
7X
15 X
20 X
24 X
25 X
26 X
27 X
Identifier reuse: proc vs enum

constant.
component.
enum constant.
Procedure name reused.
tag.
typedef.
procedure.
procedure param.
label (MR).
Identifier reuse: persist var vs persist
var.
objects contained
or
LDRA Ltd. reserves the right Identifiers
to change that
any define
specifications
within this document without prior notice.
R.5.9
Advisory Thefunctions
with
internal
linkage
should
document was deemed correct at time of distribution.
be unique

R.5.9
Advisory

functions with internal linkage should
be unique
28 X Identifier reuse: persistent var vs var.

29 X
30 X
31 X
32 X
33 X

procedure.
proc param.
procedure.
Identifier reuse: procedure vs var.
Identifier reuse: procedure vs label
(MR).
35 X Identifier reuse: proc vs component.

36 X
38 X
39 X
R.6.1
Required
R.6.2
Required
R.7.1
Required
R.7.2
Required
R.7.3
Required
R.7.4
Required
Bit-fields shall only be declared with

an appropriate type
Single-bit named bit fields shall not
be of a signed type
Octal constants shall not be used
A "u" or "U" suffix shall be applied to
all integer constants that are
represented in an unsigned type
The lowercase character 'l' shall not
be used in a literal suffix
A string literal shall not be assigned
to an object unless the object's type
is "pointer to const-qualified char"
73 S
520 S
Identifier reuse: proc vs enum

constant.
component.
enum constant.
Bit field not signed or unsigned int.
Bit field is not bool or explicit
integral.
72 S Signed bit field less than 2 bits wide.

83 S Octal number found.
331 S Literal value requires a U suffix.
Unsuffixed hex or octal is unsigned,
550 S
add U.
252 S Lower case suffix to literal number.
157 S Modification of string literal.
623 S String assigned to non const object.

R.8.1
Required
Types shall be explicitly specified
R.8.2
Required
Function types shall be in prototype

form with named parameters
R.8.3
Required
All declarations of an object or

function shall use the same names
and type qualifiers
R.8.4
Required
A compatible declaration shall be

visible when an object or function
with external linkage is defined
Required
An external object or function shall

be declared once in one and only
one file
R.8.5
20 S Parameter not declared explicitly.

135 S Parameter list is KR.
326 S Declaration is missing type.
Procedure parameter has a type but
37 S
no identifier.
Empty parameter list to
63 S
procedure/function.
135 S Parameter list is KR.
Prototype and definition name
36 D
mismatch.
Function prototype/defn param type
63 X
mismatch (MR).
Prototype and definition name
36 D
mismatch.
106 D No prototype for non-static function.
Function and prototype return
102 S
inconsistent (MR).
Function and prototype param
103 S
inconsistent (MR).
Declaration types do not match
1X
across a system.
Function prototype/defn return type
62 X
mismatch (MR).
Function prototype/defn param type
63 X
mismatch (MR).
External object should be declared
60 D
only once.
More than one prototype for same
110 D
function.
172 S Variable declared multiply.

26 D
R.8.6
Required
An identifier with external linkage

shall have exactly one external
definition
33 D
34 D
63 D
R.8.7
Advisory
Functions and objects should not be

defined with external linkage if they
are referenced in only one
27 D
Variable should be defined once in

only one file.
No real declaration for external
variable.
Procedure name re-used in different
files.
No definition in system for
prototyped procedure.
Variable should be declared static.
61 D Procedure should be declared static.

27 D Variable should be declared static.
R.8.8
Required
R.8.9
Advisory
R.8.10
Required
R.8.11
Required
R.8.12
Required
R.8.13
Advisory
R.8.14
Required
The static storage class specifier

shall be used in all declarations of
objects and functions that have
internal linkage
61 D Procedure should be declared static.

461 S Identifier with ambiguous linkage.
Function and proto should both be
553 S
static.
Linkage differs from previous
575 S
declaration.
An object should be defined at block

scope if its identifier only appears in
a single function
An inline function shall be declared
with the static storage class
When an array with external linkage
is declared, its size should be
explicitly specified
612 S
Within an enumerator list, the value

of an implicitly-specified enumeration
constant shall be unique
630 S Duplicated enumeration value.
A pointer should point to a constqualified type whenever possible

The restrict type qualifier shall not be
used
25 D Scope of variable could be reduced.

inline function should be declared
static.
127 S Array has no bounds specified.
62 D
Pointer parameter should be

declared const.
613 S Use of restrict keyword.

The value of an object with
automatic storage duration shall not
be read before it has been set
R.9.1
Mandatory
R.9.2
Required
The initializer for an aggregate or

union shall be enclosed in braces
R.9.3
Required
Arrays shall not be partially initialized
R.9.4
Required
An element of an object shall not be

initialised more than once
Required
Where designated initialisers are

used to initialize an array object the
size of the array shall be specified
explicitly
R.9.5
53 D Attempt to use uninitialised pointer.

UR anomaly, variable used before
69 D
assignment.
631 S Declaration not reachable.
105 S Initialisation brace { } fault.
Initialiser both positional and
627 S
designational.
Array initialisation has insufficient
397 S
items.
627 S
designational.
620 S Initialisation designator duplicated.
627 S
designational.
127 S Array has no bounds specified.
50 S Use of shift operator on signed type.

52 S
93 S
96 S
114 S
120 S
123 S
136 S
R.10.1
Required
Operands shall not be of an

inappropriate essential type
249 S
329 S
389 S
402 S
Unsigned expression negated.

Value is not of appropriate type.
Use of mixed mode arithmetic.
Expression is not Boolean.
Use of bit operator on signed type.
Use of underlying enum
representation value.
Bit operator with boolean operand.
Operation not appropriate to boolean
type.
Operation not appropriate to plain
char.
Bool value
incremented/decremented.
Comparison of booleans.

403 S
433 S
624 S
R.10.2
Required
Expressions of essentially character

type shall not be used
inappropriately in addition and
96 S
329 S
93 S
96 S
101 S
104 S
276 S
330 S
331 S
345 S
411 S
R.10.3
Required
The value of an expression shall not

be assigned to an object with a
narrower essential type or of a
different essential type category
431 S
432 S
433 S
434 S
435 S
445 S
Negative (or potentially negative)

shift.
Type conversion without cast.
Inappropriate use of floating point
type.
Operation not appropriate to plain
char.
Function return type inconsistent.
Struct field initialisation incorrect.
Case is not part of switch
enumeration.
Implicit conversion of underlying
type.
Literal value requires a U suffix.
Bit operator with floating point
operand.
Inappropriate value assigned to
enum.
Char used instead of (un)signed
char.
Inappropriate type - should be plain
char.
Signed/unsigned conversion without
cast.
Float/integer conversion without
cast.
Narrower float conversion without
cast.
446 S Narrower int conversion without cast.

458 S
488 S
93 S
96 S
107 S
R.10.4
Required
Both operands of an operator in

which the usual arithmetic
conversions are performed shall
have the same essential type
category
330 S
331 S
433 S
434 S
435 S
488 S
R.10.5
R.10.6
R.10.7
Advisory
The value of an expression should

not be cast to an inappropriate
essential type
Required
The value of a composite expression

shall not be assigned to an object
with wider essential type
Required
If a composite expression is used as

one operand of an operator in which
the usual arithmetic conversions are
performed then the other operand
Implicit conversion: actual to formal

param.
Value outside range of underlying
type.
Type mismatch in ternary
expression.
Implicit conversion of underlying
type.
Literal value requires a U suffix.
Signed/unsigned conversion without
cast.
Float/integer conversion without
cast.
Value outside range of underlying
type.
93 S Value is not of appropriate type.

No cast for widening complex float
expression.
No cast for widening complex int
452 S
expression.
No cast for widening complex float
451 S
expression.
No cast for widening complex int
452 S
expression.
451 S

332 S
R.10.8
Required
The value of a composite expression

shall not be cast to a different
essential type category or a wider
essential type
333 S
441 S
442 S
443 S
Required
Conversions shall not be performed

between a pointer to a function and
any other type
R.11.2
Required
Conversions shall not be performed

between a pointer to incomplete and
any other type
R.11.3
Required
R.11.4
Advisory
R.11.5
Advisory
R.11.6
Required
R.11.7
Required
R.11.1
A cast shall not be performed

between a pointer to object type and
a pointer to a different object type
A conversion should not be
performed between a pointer to
A conversion should not be
performed from pointer to void into
pointer to object
between pointer to void and an
between pointer to object and a noninteger arithmetic type
444 S
93 S
94 S
95 S
440 S
606 S
94 S
95 S
439 S
440 S
554 S
94 S
95 S
554 S
439 S
440 S
Widening cast on complex integer

expression.
Widening cast on complex float
expression.
Float cast to non-float.
Signed integral type cast to
unsigned.
Unsigned integral type cast to
signed.
Integral type cast to non-integral.
Casting operation on a pointer.
Casting operation to a pointer.
Cast from integral type to pointer.
Cast involving function pointer.
Cast from pointer to integral type.
Cast to an unrelated type.
Cast to an unrelated type.
95 S Casting operation to a pointer.

439 S
440 S
94 S
95 S
439 S
440 S


R.11.8
Required
R.11.9
Required
R.12.1
Advisory
R.12.2
Required
R.12.3
Advisory
R.12.4
Advisory
A cast shall not remove any const or

volatile qualification from the type
The macro NULL shall be the only
permitted form of integer null pointer
constant
The precedence of operators within
expressions should be made explicit
The right hand operand of a shift
operator shall lie in the range zero to
one less than the width in bits of the
The comma operator should not be
used
Evaluation of constant expressions
should not lead to unsigned integer
203 S Cast on a constant value.

344 S Cast on volatile value.
531 S Literal zero used in pointer context.
49 S Logical conjunctions need brackets.
361 S Expression needs brackets.
51 S Shifting value too far.
Negative (or potentially negative)
403 S
shift.
53 S Use of comma operator.
493 S Numeric overflow.
494 S Numeric underflow.
35 D Expression has side effects.
Call has execution order dependant
1Q
side effects.
9 S Assignment operation in expression.
R.13.1
Required
Initialiser lists shall not contain

persistent side effects
30 S
132 S
134 S
22 D
35 D
72 D
R.13.2
Required
The value of an expression and its

persistent side effects shall be the
same under all permitted evaluation
orders
74 D
1Q
Deprecated usage of ++ or -operators found.

Assignment operator in boolean
expression.
Volatile variable in complex
expression.
Function has global variable side
effects.
Expression has side effects.
Potential side effect problem in
expression.
Potential side effect from repeated
function call.
side effects.
R.13.2
Copyrightand
2013
The Version
value of 9.4.2
an expression
its LDRA Ltd.
Copies
of
this
document
are
not
to
be
Required
persistent side effects shall be the made or distributed.
same under all permitted evaluation
orders
Volatile variable in complex
134 S
expression.
30 S
R.13.3
R.13.4
Advisory
A full expression containing an

increment (++) or decrement (--)
operator should have no other
potential side effects other than that
caused by the increment or
decrement operator
Advisory
The result of an assignment operator

should not be used
30 S

132 S
35 D
R.13.5
Required
The right hand operand of a logical

&& or || operator shall not contain
persistent side effects
1Q
406 S
408 S
R.13.6
Mandatory
R.14.1
Required
The operand of the sizeof operator

shall not contain any expression
which has potential side effects
A loop counter shall not have
essentially floating type
Assignment operator in boolean

expression.
Expression has side effects.
side effects.
Use of ++ or -- on RHS of && or ||
operator.
Volatile variable accessed on RHS of
&& or ||.
54 S Sizeof operator with side effects.

39 S Unsuitable type for loop variable.
Modification of loop counter in loop
body.
270 S For loop initialisation is not simple.
For loop incrementation is not
271 S
simple.
55 D
R.14.2
Required
A for loop shall be well-formed
429 S Empty middle expression in for loop.

R.14.2
Required

A for loop shall be well-formed
Inconsistent usage of loop control
variable.
581 S Loop conditions are independent.
139 S Construct leads to infeasible code.
140 S Infeasible loop condition found.
430 S
Required
Controlling expressions shall not be

invariant
R.14.4
Required
The controlling expression of an if

statement and the controlling
expression of an iteration-statement
shall have essentially Boolean type
R.15.1
Advisory
R.15.2
Required
R.15.3
Required
R.15.4
Advisory
R.15.5
Advisory
R.15.6
Required
R.14.3
The goto statement should not be

used
The goto statement shall jump to a
label declared later in the same
function
Any label referenced by a goto
statement shall be declared in the
same block, or in any block
enclosing the goto statement
There should be no more than one
break or goto statement used to
terminate any iteration statement
A function should have a single point
of exit at the end
The body of an iteration-statement
or a selection-statement shall be a
compound statement
114 S Expression is not Boolean.
13 S goto detected.
509 S goto label is backwards.
511 S Jump into nested block.
409 S
More than one break or goto

statement in loop.
Procedure has more than one exit

point.
No brackets to loop body (added by
11 S
Testbed).
No brackets to then/else (added by
12 S
Testbed).
7C
428 S No {} for switch (added by Testbed).

R.15.7
Required
R.16.1
Required
All if . . else if constructs shall be

terminated with an else statement
All switch statements shall be wellformed
59 S Else alternative missing in if.

477 S Empty else clause following else if.
MISRA switch statement syntax
385 S
violation.

R.16.2
Required
R.16.3
Required
R.16.4
Required
R.16.5
Required
R.16.6
Required
R.16.7
Required
R.17.1
Required
R.17.2
Required
R.17.3
Mandatory
R.17.4
R.17.5
Mandatory
Advisory
A switch label shall only be used

when the most closely-enclosing
compound statement is the body of a
switch statement
An unconditional break statement
shall terminate every switch-clause
Every switch statement shall have a
default label
A default label shall appear as either
the first or the last switch label of a
switch statement
Every switch statement shall have at
least two switch-clauses
A switch-expression shall not have
essentially Boolean type
The features of <stdarg.h> shall not
be used
Functions shall not call themselves,
either directly or indirectly
A function shall not be declared
implicitly
All exit paths from a function with
non-void return type shall have an
explicit return statement with an
expression
The function argument
corresponding to a parameter
declared to have an array type shall
have an appropriate number of
elements
245 S Case statement in nested block.
62 S
Switch case not terminated with

break.
48 S No default case in switch statement.

410 S
Switch empty default has no

comment.
322 S Default is not last case of switch.

60 S Empty switch statement.
61 S Switch contains default only.
121 S Use of boolean expression in switch.
6 D Recursion in procedure calls found.
1 U Inter-file recursion found.
Function call with no prior
496 S
declaration.
Function does not return a value on
2D
all paths.
36 S Function has no return statement.
Function with empty return
66 S
expression.
64 X Array bound exceeded at call.

R.17.6
R.17.7
R.17.8
Mandatory
The declaration of an array

parameter shall not contain the static
keyword between the [ ]
Required
The value returned by a function

having non-void return type shall be
used
Advisory
A function parameter should not be

modified
614 S
91 D
382 S
14 D
149 S
47 S
436 S
R.18.1
Required
A pointer resulting from arithmetic on

a pointer operand shall address an
element of the same array as that
pointer operand
567 S
64 X
68 X
Use of static keyword in array

parameter.
Function return value potentially
unused.
(void) missing for discarded return
value.
Attempt to change parameter
passed by value.
Reference parameter to procedure is
reassigned.
Array bound exceeded.
Declaration does not specify an
array.
Pointer arithmetic is not on array.
Array bound exceeded at call.
Parameter indexing array too big at
call.
69 X Global array bound exceeded at use.

72 X
Parameter indexing array too small

at call.
Required
Subtraction between pointers shall

only be applied to pointers that
address elements of the same array
438 S
Pointer subtraction not addressing

one array.
R.18.3
Required
The relational operators >, >=, < and

<= shall not be applied to objects of
pointer type except where they point
into the same object
437 S
< > <= >= used on different object

pointers.
R.18.4
Advisory
The +, -, += and -= operators should

not be applied to an expression of
87 S Use of pointer arithmetic.

567 S Pointer arithmetic is not on array.
R.18.2

Advisory
Declarations should contain no more

than two levels of pointer nesting
R.18.6
Required
The address of an object with

automatic storage shall not be
copied to another object that persists
after the first object has ceased to
exist
R.18.7
Required
R.18.8
Required
R.19.1
Mandatory
An object shall not be assigned or

copied to an overlapping object
R.19.2
Advisory
The union keyword should not be

used
R.20.1
Advisory
#include directives should only be

preceded by preprocessor directives
or comments
R.20.2
Required
R.20.3
Required
R.18.5
Flexible array members shall not be

declared
Variable-length array types shall not
be used
The ', " or \ characters and the /* or //

character sequences shall not occur
in a header file name
The #include directive shall be
followed by either a <filename> or
"filename" sequence
R.20.4
Required
A macro shall not be defined with the

same name as a keyword
R.20.5
Advisory
#undef should not be used
80 S Pointer indirection exceeds 2 levels.

Local pointer returned in function
result.
Local structure returned in function
77 D
result.
71 S Pointer assignment to wider scope.
565 S Assignment to wider scope.
42 D
481 S Array with no bounds in struct.

621 S Variable-length array declared.
String function params access same
variable.
545 S Assignment of overlapping storage.
480 S
74 S Union declared.
Executable code before an included
file.
#include preceded by non preproc
338 S
directives.
75 S
100 S #include filename is non conformant.
427 S Filename in #include not in < > or " ".

86 S Attempt to define reserved word.
Macro redefinition without using
580 S
#undef.
626 S #define of keyword.
68 S #undef used.
426 S #undef used in a block.

R.20.6
Required
R.20.7
Required
R.20.8
Required
R.20.9
Required
R.20.10
Advisory
R.20.11
Required
R.20.12
Required
R.20.13
R.20.14
R.21.1
Tokens that look like a

preprocessing directive shall not
occur within a macro argument
Expressions resulting from the
expansion of macro parameters shall
The controlling expression of a #if or
#elif preprocessing directive shall
evaluate to 0 or 1
All identifiers used in the controlling
expression of #if or #elif
preprocessing directives shall be
#define'd before evaluation
The # and ## preprocessor
operators should not be used
A macro parameter immediately
following a # operator shall not
immediately be followed by a ##
operator
A macro parameter used as an
operand to the # or ## operators,
which is itself subject to further
macro replacement, shall only be
used as an operand to these
operators
Required
A line whose first token is # shall be

a valid preprocessing directive
Required
All #else, #elif and #endif

preprocessor directives shall reside
in the same file as the #if, #ifdef or
Required
#define and #undef shall not be used

on a reserved identifier or reserved
macro name
341 S
Preprocessor construct as macro

parameter.
78 S Macro parameter not in brackets.

361 S Expression needs brackets.
616 S Preprocessor result not 0 or 1.
337 S Undefined macro variable in #if.
125 S Use of ## or # in a macro.
76 S More than one of # or ## in a macro.
125 S Use of ## or # in a macro.
Spurious characters after

preprocessor directive.
Extra chars after preprocessor
342 S
directive.
126 S A #if has no #endif in the same file.
147 S
343 S #else has no #if, etc in the same file.

86 S Attempt to define reserved word.
Use of 'defined' keyword in macro
156 S
body.
219 S User name starts with underscore.

A reserved identifier or macro name
shall not be declared
The memory allocation and
deallocation functions of <stdlib.h>
shall not be used
The standard header file <setjmp.h>
shall not be used
The standard header file <signal.h>
shall not be used
The Standard Library input/output
routines shall not be used.
R.21.2
Required
R.21.3
Required
R.21.4
Required
R.21.5
Required
R.21.6
Required
R.21.7
Required
The atof, atoi, atol and atoll functions

of <stdlib.h> shall not be used
R.21.8
Required
The library functions abort, exit,

getenv and system of <stdlib.h>
R.21.9
Required
The library functions bsearch and

qsort of <stdlib.h> shall not be used
R.21.10
Required
R.21.11
Required
R.21.12
Advisory
R.22.1
R.22.2
The Standard Library time and date

routines shall not be used
The standard header file <tgmath.h>
shall not be used
The exception handling features of
<fenv.h> should not be used
Required
All resources obtained dynamically

by means of Standard Library
functions shall be explicitly released
Mandatory
A block of memory shall only be

freed if it was allocated by means of
a Standard Library function
218 S Name is used in standard libraries.

219 S User name starts with underscore.
43 S Use of setjmp/longjmp.
130 S Included file is not permitted.
122 S Use of abort, exit, etc.
49 D File pointer not closed on exit.
Memory not freed after last
50 D
reference.
Attempt to open file pointer more
75 D
than once.
51 D Attempt to read from freed memory.
407 S free used on string.
483 S free parameter is not heap item.
484 S Attempt to use already freed object.

R.22.3
Required
R.22.4
Mandatory
R.22.5
Mandatory
R.22.6
Mandatory
The same file shall not be open for

read and write access at the same
time on different streams
There shall be no attempt to write to
a stream which has been opened as
read-only
A pointer to a FILE object shall not
be dereferenced
The value of a pointer to a FILE shall
not be used after the associated
stream has been closed
103 D File opened both read and write.
98 D
Attempt to write to file opened read

only.
591 S Inappropriate use of file pointer.
48 D Attempt to write to unopened file.

Misra C 2012 Compliance

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Misra C 2012 Compliance

Uploaded by

Copyright:

Available Formats

Version 9.4.2 Copyright 2013 LDRA Ltd.

Copies of this document are not to be made or distributed.

MISRA-C:2012 Standards Model Summary for C / C++

Version 9.4.2 Copyright 2013 LDRA Ltd.

MISRA-C:2012 Standards Model Compliance for C / C++

Run-time failures shall be minimised

All usage of assembly language

Function return value potentially

Version 9.4.2 Copyright 2013 LDRA Ltd.

If a pointer to a structure or union is

104 D Structure implementation not hidden.

340 S Use of function like macro.

44 S Use of banned function or variable.

The program shall contain no

Included file not protected with

Number of parameters does not

Version 9.4.2 Copyright 2013 LDRA Ltd.

Language extensions should not be

There shall be no occurrence of

110 S Use of single line comment //.

undefined or critical unspecified

A project shall not contain

There shall be no dead code

Struct/union not completely

Version 9.4.2 Copyright 2013 LDRA Ltd.

A project should not contain unused

External identifiers shall be distinct

User type declared but not used in

628 S Macro not used in translation unit.

Identifiers declared in the same

An identifier declared in an inner

Non standard escape sequence in

Version 9.4.2 Copyright 2013 LDRA Ltd.

Macro identifiers shall be distinct

Identifiers shall be distinct from

Identifier matches macro name in 31

48 X Identifier reuse: label vs macro (MR).

A typedef name shall be a unique

50 X Identifier reuse: var vs macro.

A typedef name shall be a unique

A tag name shall be a unique

Identifier reuse: typedef vs

Version 9.4.2 Copyright 2013 LDRA Ltd.

Identifiers that define objects or

Identifier reuse: persist var vs persist

28 X Identifier reuse: persistent var vs var.

Identifier reuse: persistent var vs

35 X Identifier reuse: proc vs component.

Identifier reuse: proc vs enum

Version 9.4.2 Copyright 2013 LDRA Ltd.

Identifiers that define objects or

28 X Identifier reuse: persistent var vs var.

Identifier reuse: persistent var vs

35 X Identifier reuse: proc vs component.

Bit-fields shall only be declared with

Identifier reuse: proc vs enum

72 S Signed bit field less than 2 bits wide.

Version 9.4.2 Copyright 2013 LDRA Ltd.

Types shall be explicitly specified

Function types shall be in prototype

All declarations of an object or

A compatible declaration shall be

An external object or function shall