Misra 2012背后的基本原理不允许在不同的指针之间进行强制转换 [英] rationale behind Misra 2012 not allowing cast between different pointers
问题描述
我目前正在从事一个项目,该项目要求代码与Misra 2012兼容.在整个项目中,我们有很多要求的错误警告,告诉我们我们不能将一种类型的指针转换为另一种类型的指针.像void *memcpy(void *to, const void *from, size_t n)这样简单的事情会产生两个Misra Required警告,因为to和from都需要分别类型转换为void *和const void *.
从void *转换为指向任何其他类型的指针也会产生Misra警告.
I am currently working on a project which requires the code to be Misra 2012 compliant. Throughout the project we have lots of required misra warnings telling us we cant convert pointer to one type to a pointer to another type. Things as simple as void *memcpy(void *to, const void *from, size_t n) produce two Misra Required warnings since both to and from need to be type-casted to void* and const void* respectively.
Conversion from void* to a pointer to any other type also gives a Misra warning.
我的问题是Misra如何期望malloc和其他所有东西在不引发任何警告的情况下工作?即使将void *缓冲区转换为uint8_t *缓冲区以逐字节解析缓冲区并填满结构结构的所有元素,也会引发许多警告吗?
My question is how does Misra expect malloc and everything else to work without any warnings being thrown? Even converting a void* buffer to uint8_t* buffer to parse abuffer byte by byte and fill up all the elements of a structure structure will throw numerous warnings?
除了这些警告以外,它还不能仅仅显示注释或信息来要求我们仔细检查包装,对齐和其他可能出问题的地方吗?
Instead of these warnings could it not just show use a note or info asking us to double check packing, alignment and anything else that might go wrong?
推荐答案
我想回到OP的要求,并弄清楚一些事情. 首先,调用void * memcpy(void * to,const void * from,size_t n)没有问题,因为将对象的指针转换为void指针不会违反任何MISRA-C:2012准则.换句话说,任何对此产生违规行为的工具都是错误的.
I would like to go back to what the OP asked and get a few things straight. First of all, there is no problem in calling void *memcpy(void *to, const void *from, size_t n), as a conversion of a pointer to object to a void pointer does not violate any MISRA-C:2012 guideline. In other words, any tool producing violations for that is simply buggy.
第二,在得出任何结论之前,重要的是要阅读规则11.5,即相关的MISRA-C:2012指南的实际内容,即:
Secondly, before coming to any conclusion it is important to read what Rule 11.5, the relevant MISRA-C:2012 guideline, actually says, that is:
Rule 11.5
A conversion should not be performed from pointer to void into
pointer to object
Category Advisory
Analysis Decidable, Single Translation Unit
Applies to C90, C99
Rationale
Conversion of a pointer to void into a pointer to object may result
in a pointer that is not correctly aligned, resulting in undefined
behaviour. It should be avoided where possible but may be necessary,
for example when dealing with memory allocation functions. If
conversion from a pointer to object into a pointer to void is used,
care should be taken to ensure that any pointers produced do not
give rise to the undefined behaviour discussed under Rule 11.3.
观察:
- 这是一个咨询性规则(即既不是必需的也不是强制性的),因此可以被偏离,而MISRA定义了正确的偏离过程;
- 将指向对象的指针转换为指向void的指针很好:这是有问题的另一种方法;
- 基本原理明确提到了内存分配功能(是的,可以使使用动态内存分配的程序符合MISRA-C:2012的规定);
- 基本原理提供了有关将指针转换为对象,将指针转换为void时的操作指导,这完全符合OP希望的操作(信息要求我们仔细检查包装,对齐方式以及其他可能出错的地方).
这篇关于Misra 2012背后的基本原理不允许在不同的指针之间进行强制转换的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
