Inspirel banner

Generating MISRA-C compliant code

The FMT tool was created with critical systems in mind and it is expected that in some projects the final generated code will be subject to strict coding standards like MISRA-C or MISRA-C++.

Most of the rules defined by these standards will be complied with as a result of how the core modeling language is constructed. For example, since dynamically allocated memory is not part of the modeling language, the rule forbidding its use is trivially met. Similarly, since no macros are produced by code generators, the rules concerning macros are automatically fulfilled as well. Undefined behaviour and run-time failures are avoided by means of formal correctness proofs. Still, in some other areas the modeling language and code generators do not impose any particular constraints and careless use can lead to models that are correct as far as FMT is concerned, but the generated code will not be coding-standard compliant - one example of such area is the limitation on the identifier length, which is defined by MISRA-C, but not controlled by FMT.

The following list highlights those rules that need additional attention if MISRA-C 2012 compliance is required.

Considering the fact that MISRA-C is one of the most rigorous standards that got wide industrial acceptance and that most other standards are to large extent inspired by it, compliance to those standards can be achieved as well, with similar points and issues to consider.

Previous: Customization, next: Grammar tags

See also Table of Contents.