Table 11 Deviation for MISRA rule 18.8
From: Development and validation of a safe communication protocol compliant to railway standards
MISRA rule | MISRA C:2012 18.8 (required) Variable-length array types shall not be used. |
|---|---|
Motivation | Minimization of stack memory, used for the messages handling and the ease in the definition of array sizes used to store the messages. |
Risks | Variable-length array are implemented as variable size objects stored on the stack. Using variable-length array it is very difficult to determine the stack memory required. Moreover, if the size variable was negative or zero undefined behavior can occur. If a variable length array must be compatible with another array type, the array sizes must be identical; otherwise, an undefined behavior could occur. |
Verification method | The maximum stack memory used by the PVS during exchange of messages is calculable as payload + header and therefore it is sufficient to make sure that the system is able to manage this memory size. |