Back to main page

STM32F10x Standard Peripherals Drivers MISRA-C 2004 Compliance

 

Copyright 2010 STMicroelectronics

 

TheC programming language is growing in importance and use for embeddedsystems, but when it comes to developing code for safety-criticalsystems, the language has many drawbacks. There are severalunspecified, implementation-defined, and undefined aspects of the Clanguage that make it unsuited for use when developing safety-critical systems.
The Motor Industry Software Reliability Association’s Guidelines for the use of the C language in critical systems MISRA-C 2004 [1] describe a subset of C, suited for use when developing safety-critical systems.
The STM32F10x Standard Peripherals Drivers ( STM32F10x_StdPeriph_Driver ) has been developed to be MISRA-C 2004 compliant .


The following section details how the
StdPeriph_Driver complies with MISRA-C 2004 (as described in section 4.4 Claiming compliance of the standard [1]):

  • A compliance matrix has been completed which shows how compliance has been enforced.
  • All the STM32F10x_StdPeriph_Driver C code is compliant with the rules of MISRA-C 2004 or subject documented deviations.
  • Alist of all instances of rules not being followed is being maintained,and for each instance there is an appropriately signed-off deviation. 
  • All issues listed in the section "4.2 The programming language and coding context of the standard" [1], that has to be checked during the phase of the firmwaredevelopment process, have been addressed during the development of the STM32F10x Standard Peripherals Drivers and appropriate measures have been taken.

Contents

  1. STM32F10x Standard Peripherals Drivers Compliance
  2. How to check your code for MISRA-C 2004 Compliance?

STM32F10x Standard Peripherals Drivers Compliance

The STM32F10x Standard Peripherals Drivers ( STM32F10x_StdPeriph_Driver )has been checked for MISRA-C 2004 compliance using the IAR C/C++Compiler for ARM. MISRA compliancy applies only to STM32F10x Standard Peripherals Drivers source file, examples and project files are not MISRA compliant.


For the checking tool two options are available:

  • The compiler: IAR C/C++ Compiler for ARM V5.50
  • Manual Checking (code review)

The following table lists the MISRA-C 2004 rules that are violated frequently in the code.

MISRA-C 2004
Rule No
Required/Advisory
Summary
Reason
1.1
Required Compiler is configured to allow extensions - all code shall conform to ISO 9899 standard C, with no extensions permitted
IAR compiler extensions are enabled. This was allowed to support new CMSIS types.
5.1
Required Identifiers (internal and external) shall not rely on significance of more than 31 characters
Some long parameters names are defined for code readability.
5.4
Required Enumerated type mixed with another type - the use of a tag shall agree with its declaration.

8.1
Required Noprototype seen - functions shall always have prototype declarations and the prototype shall be visible at both the function definition This rule is violated as there is no functions prototypes for __WFI and __WFE macros in the CMSIS layer.
10.1
Required
The value of an expression of integer type shall not be implicitly converted to a different underlying type.
Complexity
10.6
Required A 'U' suffix shall be applied to all constants of 'unsigned' type
The "stdint.h" defined types are used to be CMSIS compliant.
11.2
Required
Conversionsshall not be performed between a pointer to object and any type otherthan an integral type, another pointer to object type or a pointer to void.
Needed when addressing memory mapped registers
11.3
Advisory
A cast should not be performed between a pointer type and an integral type.
Needed when addressing memory mapped registers
16.7
Advisory
Apointer parameter in a function prototype should be declared as pointer to const if the pointer is not used to modify the addressed object.

19.1
Advisory #include statements in a file shall only be preceded by other preprocessor directives or comments
This rule was violated to be inline with the CMSIS architecture.

How to check your code for MISRA-C 2004 Compliance?

Thedefault IAR project template provided with the STM32F10x StandardPeripherals Library is already pre-configured for MISRA-C 2004 Compliance. Then, user has to enable the MISRA-C 2004 checker if needed.

Toenable the IAR MISRA-C 2004 Checker, go to Project->Options (ALT+F7)and then in "General Options" Category select the "MISRA-C:2004" tab andcheck the "Enable MISRA-C" box. With the default EWARM template project, all violated rules described above are unchecked.

To check your code for MISRA-C 2004 compliance using the IAR MISRA-C Checker, please follow the following steps

Enable the IAR MISRA-C 2004 Checker

Inside the  core_cm3.h file add the following directive " #pragma system_include " to prevent the MISRA-C checker to check this file.

Uncomment the "USE_FULL_ASSERT" inside the stm32f10x_conf.h file

Note: Only the STM32F10x Standard Peripherals Drivers are MISRA-C 2004 Compliant.

Back to Top

[1]MISRA-C 2004 Guidelines for the use of the C language in critical systems, Motor Industry Software Reliability Association, October 2004

 

 

Forcomplete documentation on STM32(CORTEX M3) 32-bit Microcontrollers platform visit  www.st.com/STM32