Polyspace
Code Prover™ can check your code against most MISRA® C:2012 coding rules and some directives. The subgroups listed map to the different subsets outlined in the MISRA C®:2012 guidelines. You can activate different subsets of the rules using the Check MISRA C:2012 (-misra3) analysis option.
MISRA C:2012 Dir 1.1 | Any implementation-defined behavior on which the output of the program depends shall be documented and understood |
MISRA C:2012 Dir 2.1 | All source files shall compile without any compilation errors |
MISRA C:2012 Dir 4.1 | Run-time failures shall be minimized |
MISRA C:2012 Dir 4.3 | Assembly language shall be encapsulated and isolated |
MISRA C:2012 Dir 4.4 | Sections of code should not be "commented out" |
MISRA C:2012 Dir 4.5 | Identifiers in the same name space with overlapping visibility should be typographically unambiguous |
MISRA C:2012 Dir 4.6 | typedefs that indicate size and signedness
should be used in place of the basic numerical types |
MISRA C:2012 Dir 4.8 | If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden |
MISRA C:2012 Dir 4.9 | A function should be used in preference to a function-like macro where they are interchangeable |
MISRA C:2012 Dir 4.10 | Precautions shall be taken in order to prevent the contents of a header file being included more than once |
MISRA C:2012 Dir 4.11 | The validity of values passed to library functions shall be checked |
MISRA C:2012 Dir 4.12 | Dynamic memory allocation shall not be used |
MISRA C:2012 Rule 1.1 | The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation’s translation limits |
MISRA C:2012 Rule 1.2 | Language extensions should not be used |
MISRA C:2012 Rule 1.3 | There shall be no occurrence of undefined or critical unspecified behaviour |
MISRA C:2012
Rule 1.4 | Emergent language features shall not be used |
MISRA C:2012 Rule 2.1 | A project shall not contain unreachable code |
MISRA C:2012 Rule 2.2 | There shall be no dead code |
MISRA C:2012 Rule 2.3 | A project should not contain unused type declarations |
MISRA C:2012 Rule 2.4 | A project should not contain unused tag declarations |
MISRA C:2012 Rule 2.5 | A project should not contain unused macro declarations |
MISRA C:2012 Rule 2.6 | A function should not contain unused label declarations |
MISRA C:2012 Rule 2.7 | There should be no unused parameters in functions |
MISRA C:2012 Rule 3.1 | The character sequences /* and // shall
not be used within a comment |
MISRA C:2012 Rule 3.2 | Line-splicing shall not be used in // comments |
MISRA C:2012 Rule 4.1 | Octal and hexadecimal escape sequences shall be terminated |
MISRA C:2012 Rule 4.2 | Trigraphs should not be used |
MISRA C:2012 Rule 5.1 | External identifiers shall be distinct |
MISRA C:2012 Rule 5.2 | Identifiers declared in the same scope and name space shall be distinct |
MISRA C:2012 Rule 5.3 | An identifier declared in an inner scope shall not hide an identifier declared in an outer scope |
MISRA C:2012 Rule 5.4 | Macro identifiers shall be distinct |
MISRA C:2012 Rule 5.5 | Identifiers shall be distinct from macro names |
MISRA C:2012 Rule 5.6 | A typedef name shall be a unique identifier |
MISRA C:2012 Rule 5.7 | A tag name shall be a unique identifier |
MISRA C:2012 Rule 5.8 | Identifiers that define objects or functions with external linkage shall be unique |
MISRA C:2012 Rule 5.9 | Identifiers that define objects or functions with internal linkage should be unique |
MISRA C:2012 Rule 6.1 | Bit-fields shall only be declared with an appropriate type |
MISRA C:2012 Rule 6.2 | Single-bit named bit fields shall not be of a signed type |
MISRA C:2012 Rule 7.1 | Octal constants shall not be used |
MISRA C:2012 Rule 7.2 | A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type |
MISRA C:2012 Rule 7.3 | The lowercase character “l” shall not be used in a literal suffix |
MISRA C:2012 Rule 7.4 | A string literal shall not be assigned to an object unless the object’s type is “pointer to const-qualified char” |
MISRA C:2012 Rule 8.1 | Types shall be explicitly specified |
MISRA C:2012 Rule 8.2 | Function types shall be in prototype form with named parameters |
MISRA C:2012 Rule 8.3 | All declarations of an object or function shall use the same names and type qualifiers |
MISRA C:2012 Rule 8.4 | A compatible declaration shall be visible when an object or function with external linkage is defined |
MISRA C:2012 Rule 8.5 | An external object or function shall be declared once in one and only one file |
MISRA C:2012 Rule 8.6 | An identifier with external linkage shall have exactly one external definition |
MISRA C:2012 Rule 8.7 | Functions and objects should not be defined with external linkage if they are referenced in only one translation unit |
MISRA C:2012 Rule 8.8 | The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage |
MISRA C:2012 Rule 8.9 | An object should be defined at block scope if its identifier only appears in a single function |
MISRA C:2012 Rule 8.10 | An inline function shall be declared with the static storage class |
MISRA C:2012 Rule 8.11 | When an array with external linkage is declared, its size should be explicitly specified |
MISRA C:2012 Rule 8.12 | Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique |
MISRA C:2012 Rule 8.13 | A pointer should point to a const-qualified type whenever possible |
MISRA C:2012 Rule 8.14 | The restrict type qualifier shall not be used |
MISRA C:2012 Rule 9.1 | The value of an object with automatic storage duration shall not be read before it has been set |
MISRA C:2012 Rule 9.2 | The initializer for an aggregate or union shall be enclosed in braces |
MISRA C:2012 Rule 9.3 | Arrays shall not be partially initialized |
MISRA C:2012 Rule 9.4 | An element of an object shall not be initialized more than once |
MISRA C:2012 Rule 9.5 | Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly |
MISRA C:2012 Rule 10.1 | Operands shall not be of an inappropriate essential type |
MISRA C:2012 Rule 10.2 | Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations |
MISRA C:2012 Rule 10.3 | The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category |
MISRA C:2012 Rule 10.4 | Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category |
MISRA C:2012 Rule 10.5 | The value of an expression should not be cast to an inappropriate essential type |
MISRA C:2012 Rule 10.6 | The value of a composite expression shall not be assigned to an object with wider essential type |
MISRA C:2012 Rule 10.7 | If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type |
MISRA C:2012 Rule 10.8 | The value of a composite expression shall not be cast to a different essential type category or a wider essential type |
MISRA C:2012 Rule 11.1 | Conversions shall not be performed between a pointer to a function and any other type |
MISRA C:2012 Rule 11.2 | Conversions shall not be performed between a pointer to an incomplete type and any other type |
MISRA C:2012 Rule 11.3 | A cast shall not be performed between a pointer to object type and a pointer to a different object type |
MISRA C:2012 Rule 11.4 | A conversion should not be performed between a pointer to object and an integer type |
MISRA C:2012 Rule 11.5 | A conversion should not be performed from pointer to void into pointer to object |
MISRA C:2012 Rule 11.6 | A cast shall not be performed between pointer to void and an arithmetic type |
MISRA C:2012 Rule 11.7 | A cast shall not be performed between pointer to object and a non-integer arithmetic type |
MISRA C:2012 Rule 11.8 | A cast shall not remove any const or volatile qualification from the type pointed to by a pointer |
MISRA C:2012 Rule 11.9 | The macro NULL shall be the only permitted form of integer null pointer constant |
MISRA C:2012 Rule 12.1 | The precedence of operators within expressions should be made explicit |
MISRA C:2012 Rule 12.2 | The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand |
MISRA C:2012 Rule 12.3 | The comma operator should not be used |
MISRA C:2012 Rule 12.4 | Evaluation of constant expressions should not lead to unsigned integer wrap-around |
MISRA C:2012 Rule 12.5 | The sizeof operator shall not have
an operand which is a function parameter declared as “array
of type” |
MISRA C:2012 Rule 13.1 | Initializer lists shall not contain persistent side effects |
MISRA C:2012 Rule 13.2 | The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders |
MISRA C:2012 Rule 13.3 | A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator |
MISRA C:2012 Rule 13.4 | The result of an assignment operator should not be used |
MISRA C:2012 Rule 13.5 | The right hand operand of a logical && or || operator shall not contain persistent side effects |
MISRA C:2012 Rule 13.6 | The operand of the sizeof operator shall not contain any expression which has potential side effects |
MISRA C:2012 Rule 14.1 | A loop counter shall not have essentially floating type |
MISRA C:2012 Rule 14.2 | A for loop shall be well-formed |
MISRA C:2012 Rule 14.3 | Controlling expressions shall not be invariant |
MISRA C:2012 Rule 14.4 | The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type |
MISRA C:2012 Rule 15.1 | The goto statement should not be used |
MISRA C:2012 Rule 15.2 | The goto statement shall jump to a label declared later in the same function |
MISRA C:2012 Rule 15.3 | Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement |
MISRA C:2012 Rule 15.4 | There should be no more than one break or goto statement used to terminate any iteration statement |
MISRA C:2012 Rule 15.5 | A function should have a single point of exit at the end |
MISRA C:2012 Rule 15.6 | The body of an iteration-statement or a selection-statement shall be a compound statement |
MISRA C:2012 Rule 15.7 | All if … else if constructs shall be terminated with an else statement |
MISRA C:2012 Rule 16.1 | All switch statements shall be well-formed |
MISRA C:2012 Rule 16.2 | A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement |
MISRA C:2012 Rule 16.3 | An unconditional break statement shall terminate every switch-clause |
MISRA C:2012 Rule 16.4 | Every switch statement shall have a default label |
MISRA C:2012 Rule 16.5 | A default label shall appear as either the first or the last switch label of a switch statement |
MISRA C:2012 Rule 16.6 | Every switch statement shall have at least two switch-clauses |
MISRA C:2012 Rule 16.7 | A switch-expression shall not have essentially Boolean type |
MISRA C:2012 Rule 17.1 | The features of <stdarg.h> shall not be used |
MISRA C:2012 Rule 17.2 | Functions shall not call themselves, either directly or indirectly |
MISRA C:2012 Rule 17.3 | A function shall not be declared implicitly |
MISRA C:2012 Rule 17.4 | All exit paths from a function with non-void return type shall have an explicit return statement with an expression |
MISRA C:2012 Rule 17.5 | The function argument corresponding to a parameter declared to have an array type shall have an appropriate number of elements |
MISRA C:2012 Rule 17.6 | The declaration of an array parameter shall not contain the static keyword between the [ ] |
MISRA C:2012 Rule 17.7 | The value returned by a function having non-void return type shall be used |
MISRA C:2012 Rule 17.8 | A function parameter should not be modified |
MISRA C:2012 Rule 18.1 | A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand |
MISRA C:2012 Rule 18.2 | Subtraction between pointers shall only be applied to pointers that address elements of the same array |
MISRA C:2012 Rule 18.3 | The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object |
MISRA C:2012 Rule 18.4 | The +, -, += and -= operators should not be applied to an expression of pointer type |
MISRA C:2012 Rule 18.5 | Declarations should contain no more than two levels of pointer nesting |
MISRA C:2012 Rule 18.6 | The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist |
MISRA C:2012 Rule 18.7 | Flexible array members shall not be declared |
MISRA C:2012 Rule 18.8 | Variable-length array types shall not be used |
MISRA C:2012 Rule 19.1 | An object shall not be assigned or copied to an overlapping object |
MISRA C:2012 Rule 19.2 | The union keyword should not be used |
MISRA C:2012 Rule 20.1 | #include directives should only be preceded by preprocessor directives or comments |
MISRA C:2012 Rule 20.2 | The ', " or \ characters and the /* or // character sequences shall not occur in a header file name |
MISRA C:2012 Rule 20.3 | The #include directive shall be followed by either a <filename> or "filename" sequence |
MISRA C:2012 Rule 20.4 | A macro shall not be defined with the same name as a keyword |
MISRA C:2012 Rule 20.5 | #undef should not be used |
MISRA C:2012 Rule 20.6 | Tokens that look like a preprocessing directive shall not occur within a macro argument |
MISRA C:2012 Rule 20.7 | Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses |
MISRA C:2012 Rule 20.8 | The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1 |
MISRA C:2012 Rule 20.9 | All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define’d before evaluation |
MISRA C:2012 Rule 20.10 | The # and ## preprocessor operators should not be used |
MISRA C:2012 Rule 20.11 | A macro parameter immediately following a # operator shall not immediately be followed by a ## operator |
MISRA C:2012 Rule 20.12 | A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators |
MISRA C:2012 Rule 20.13 | A line whose first token is # shall be a valid preprocessing directive |
MISRA C:2012 Rule 20.14 | All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are related |
MISRA C:2012 Rule 21.1 | #define and #undef shall not be used on a reserved identifier or reserved macro name |
MISRA C:2012 Rule 21.2 | A reserved identifier or reserved macro name shall not be declared |
MISRA C:2012 Rule 21.3 | The memory allocation and deallocation functions of <stdlib.h>
shall not be used |
MISRA C:2012 Rule 21.4 | The standard header file <setjmp.h> shall not be used |
MISRA C:2012 Rule 21.5 | The standard header file <signal.h> shall not be used |
MISRA C:2012 Rule 21.6 | The Standard Library input/output functions shall not be used |
MISRA C:2012 Rule 21.7 | The Standard Library functions atof, atoi,
atol, and atoll functions of
<stdlib.h> shall not be used |
MISRA C:2012 Rule 21.8 | The Standard Library functions of abort, exit,
getnenv and system of
<stdlib.h> shall not be used |
MISRA C:2012 Rule 21.9 | The Standard Library library functions bsearch and
qsort of
<stdlib.h> shall not be
used |
MISRA C:2012 Rule 21.10 | The Standard Library time and date functions shall not be used |
MISRA C:2012 Rule 21.11 | The standard header file <tgmath.h> shall not be used |
MISRA C:2012 Rule 21.12 | The exception handling features of <fenv.h> should
not be used |
MISRA C:2012 Rule 21.15 | The pointer arguments to the Standard Library functions memcpy, memmove and memcmp shall
be pointers to qualified or unqualified versions of compatible types |
MISRA C:2012 Rule 21.16 | The pointer arguments to the Standard Library function memcmp shall
point to either a pointer type, an essentially signed type, an essentially
unsigned type, an essentially Boolean type or an essentially enum
type |
MISRA C:2012 Rule 22.5 | A pointer to a FILE object shall not
be dereferenced |
Polyspace MISRA C:2012 Checkers
See an overview of Polyspace support for the MISRA C:2012 Standard.
Check for Coding Standard Violations
Check for violations of AUTOSAR C++14, CERT® C, CERT C++MISRA C, MISRA C++, JSF AV C++, or ISO-17961 standard with Bug Finder or Code Prover.
Software Quality Objective Subsets (C:2012)
See which MISRA C:2012 rules reduce code complexity and reduce number of unproven checks in Code Prover.
Avoid Violations of MISRA C:2012 Rules 8.x
Avoid conflicting declarations or unintended modification of variables.
Essential Types in MISRA C:2012 Rules 10.x
Learn how MISRA C:2012 rules 10.x treat certain data types as essentially similar.