MISRA Error for Optimized Rte Interface Implemented by a Macro

Issue:
Generated Rte macros (Rte interfaces) are identified to violate MISRA rules during static code analyzes.
Solution:
According to AUTOSAR SWS of the Rte [1] the deviation to MISRA rule 42 is accepted (SRS_BSW_00330). According to the specification, function-like macros are allowed that use the comma operator, because they are required/applied to fulfill efficiency goals.

In general, the Rte API is generated in a way to use macros and generated API functions in order to provide specified access to each end-point of communication (e.g. SWCs). Additionally, not only the standardized APIs, but also runtime and memory efficiency are the goal to archive.
 
Background:
MISRA rule 42 says that comma operator should not be used (with some exceptions) [2]. The reason for this is that it is detrimental for readability of such code fragments, therefore they are harder to maintain. Additionally, the usage of comma operator in manually developed code is highly error-prone, due to the fire-and-forget mechanism of function execution.

The comma operator is a very efficient way to execute functionality, whose intermediate results are not worth to analyze, e.g. #define setPointerRefToOne(data) (*(data)=1, ((Std_ReturnType)E_OK) /*example macro*/). In case of tool-generated macros, the problem of being error-prone does not apply. Additionally, since it is used as macro the readability of the code fragment is not affected as well.
 
Reference:
[1]: AUTOSAR Specification of RTE Software (ASR4.3) - https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_RTE.pdf (accessed on 13th March 2018) 

[2]: MISRA C:2012 Guidelines for the use of the C language in critical systems (March 2013)

 


Article ID: 1050
Last updated: 2018-04-25
Revision: 4
MICROSAR and DaVinci -> Troubleshooting -> MISRA Error for Optimized Rte Interface Implemented by a Macro
https://kb.vector.com/entry/1050/