Suppress MISRA C:2012 rule 11.5 deviations (#878)

* Suppress MISRA C:2012 rule 11.5 deviations by comment also remove this rule in global config --------- Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> Co-authored-by: Ubuntu <ubuntu@ip-172-31-34-245.ap-northeast-1.compute.internal> Co-authored-by: Rahul Kar <karahulx@amazon.com> Co-authored-by: Soren Ptak <ptaksoren@gmail.com> Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
2025-11-04 18:52:31 -05:00 · 2023-12-06 09:51:52 +08:00 · 2023-12-06 09:51:52 +08:00 · 84c0047ccd
commit 84c0047ccd
parent cd5c774b2b
7 changed files with 191 additions and 76 deletions
--- a/MISRA.md
+++ b/MISRA.md
@ -20,34 +20,72 @@ grep 'MISRA Ref 8.4.1' . -rI

 #### Rule 8.4

+MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an
+        object or function with external linkage is defined.
+
 _Ref 8.4.1_

- MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an
-        object or function with external linkage is defined.
-        This rule requires that a compatible declaration is made available
-        in a header file when an object with external linkage is defined.
-        pxCurrentTCB(s) is defined with external linkage but it is only
-        referenced from the assembly code in the port files. Therefore, adding
-        a declaration in header file is not useful as the assembly code will
-        still need to declare it separately.
+- This rule requires that a compatible declaration is made available
+  in a header file when an object with external linkage is defined.
+  pxCurrentTCB(s) is defined with external linkage but it is only
+  referenced from the assembly code in the port files. Therefore, adding
+  a declaration in header file is not useful as the assembly code will
+  still need to declare it separately.


 #### Rule 11.3

-_Ref 11.3.1_
+MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to
+object type and a pointer to a different object type.

- MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to
-        object type and a pointer to a different object type.
-        This rule prohibits casting a pointer to object into a pointer to a
-        different object because it may result in an incorrectly aligned pointer,
-        leading to undefined behavior. Even if the casting produces a correctly
-        aligned pointer, the behavior may be still undefined if the pointer is
-        used to access an object. FreeRTOS deliberately creates external aliases
-        for all the kernel object types (StaticEventGroup_t, StaticQueue_t,
-        StaticStreamBuffer_t, StaticTimer_t and StaticTask_t) for data hiding
-        purposes. The internal object types and the corresponding external
-        aliases are guaranteed to have the same size and alignment which is
-        checked using configASSERT.
+_Ref 11.3.1_
+ - This rule prohibits casting a pointer to object into a pointer to a
+   different object because it may result in an incorrectly aligned pointer,
+   leading to undefined behavior. Even if the casting produces a correctly
+   aligned pointer, the behavior may be still undefined if the pointer is
+   used to access an object. FreeRTOS deliberately creates external aliases
+   for all the kernel object types (StaticEventGroup_t, StaticQueue_t,
+   StaticStreamBuffer_t, StaticTimer_t and StaticTask_t) for data hiding
+   purposes. The internal object types and the corresponding external
+   aliases are guaranteed to have the same size and alignment which is
+   checked using configASSERT.
+
+
+#### Rule 11.5
+
+MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to
+void into pointer to object.
+This rule prohibits conversion of a pointer to void into a pointer to
+object because it may result in an incorrectly aligned pointer leading
+to undefined behavior.
+
+_Ref 11.5.1_
+ - The memory blocks returned by pvPortMalloc() are guaranteed to meet the
+   architecture alignment requirements specified by portBYTE_ALIGNMENT.
+   The casting of the pointer to void returned by pvPortMalloc() is,
+   therefore, safe because it is guaranteed to be aligned.
+
+_Ref 11.5.2_
+ - The conversion from a pointer to void into a pointer to EventGroup_t is
+   safe because it is a pointer to EventGroup_t, which is returned to the
+   application at the time of event group creation for data hiding
+   purposes.
+
+_Ref 11.5.3_
+ - The conversion from a pointer to void in list macros for list item owner
+   is safe because the type of the pointer stored and retrieved is the
+   same.
+
+_Ref 11.5.4_
+ - The conversion from a pointer to void into a pointer to EventGroup_t is
+   safe because it is a pointer to EventGroup_t, which is passed as a
+   parameter to the xTimerPendFunctionCallFromISR API when the callback is
+   pended.
+
+_Ref 11.5.5_
+ - The conversion from a pointer to void into a pointer to uint8_t is safe
+   because data storage buffers are implemented as uint8_t arrays for the
+   ease of sizing, alignment and access.


 ### MISRA configuration
@ -81,10 +119,6 @@ Copy below content to `misra.conf` to run Coverity on FreeRTOS-Kernel.
        {
            deviation: "Rule 8.7",
            reason: "API functions are not used by the library outside of the files they are defined; however, they must be externally visible in order to be used by an application."
-        },
-        {
-            deviation: "Rule 11.5",
-            reason: "Allow casts from `void *`. List owner, pvOwner, is stored as `void *` and are cast to various types for use in functions."
        }
    ]
 }