Skip to main content

Table 11 Deviation for MISRA rule 18.8

From: Development and validation of a safe communication protocol compliant to railway standards

MISRA rule MISRA C:2012 18.8 (required)
Variable-length array types shall not be used.
Motivation Minimization of stack memory, used for the messages handling and the ease in the definition of array sizes used to store the messages.
Risks Variable-length array are implemented as variable size objects stored on the stack. Using variable-length array it is very difficult to determine the stack memory required. Moreover, if the size variable was negative or zero undefined behavior can occur. If a variable length array must be compatible with another array type, the array sizes must be identical; otherwise, an undefined behavior could occur.
Verification method The maximum stack memory used by the PVS during exchange of messages is calculable as payload + header and therefore it is sufficient to make sure that the system is able to manage this memory size.