MISRA C++:2023 Compliance Summary Tables

MathWorks® evaluates C++ code generated by Embedded Coder® from Simulink® models and Stateflow® charts against the MISRA™ C++:2023 coding standards. The results from this effort are available in the following compliance summary tables, which align with the MISRA C++:2023 Guidelines for the Use of C++17 in Critical Systems document.

The tables list rules and directives in the Mandatory and Required categories only. They apply only to production code generated under the model_target_rtw build directory and slprj/target project directory. They do not apply to the following files:

  • target_main.cpp

  • rtmodel.cpp

  • half_type.h

  • half_type.cpp

The tables also do not apply to custom code, including the following:

  • Custom S-functions

  • Custom storage classes for signals and parameters

  • Custom memory section strings

  • coder.ceval calls in MATLAB® Function blocks

Model Settings for Compliance

The tables in the Rules and Directives section assume that you have preconfigured your model to improve compliance. Before referencing the tables, verify that:

  • Model configuration parameters meet the MISRA C++:2023 guidelines Code Generation Advisor objective. For more information, see Configure Model for Code Generation Objectives by Using Code Generation Advisor.

  • C++ code interface settings are correct. To verify the settings:

    1. Open the Embedded Coder app. On the C++ Code tab, click the Code Interface menu.

    2. From the Code Interface menu, select Class Name & Namespace. For C++ Class Namespace, enter the name of a C++ class namespace.

    3. From the Code Interface menu, select Code Mappings. In the Data tab:

      • For the Inports and Outports categories, set Data Visibility to private and Member Access Method to Inline structure-based method.

      • For the Model parameter arguments, Model parameters, and Signals, states, and internal data categories, set Data Visibility to private and Member Access Method to None.

    4. In the Functions tab, for the Periodic category (if one exists), set Method Name to be the empty string. Then select Method Preview and set the function prototype to have no arguments.

    Alternatively, run the following commands at the MATLAB prompt, where model is the name of your model.

    cm = coder.mapping.utils.create(model);
setClassName(cm,"myModelClass");
setClassNamespace(cm,"myModelNamespace");
setData(cm,"Inports",DataVisibility="private");
setData(cm,"Inports",MemberAccessMethod="Inlined structure-based method");
setData(cm,"Outports",DataVisibility="private");
setData(cm,"Outports",MemberAccessMethod="Inlined structure-based method");
setData(cm,"ModelParameterArguments",DataVisibility="private");
setData(cm,"ModelParameterArguments",MemberAccessMethod="None");
setData(cm,"ModelParameters",DataVisibility="private");
setData(cm,"ModelParameters",MemberAccessMethod="None");
setData(cm,"InternalData",DataVisibility="private");
setData(cm,"InternalData",MemberAccessMethod="None");
setFunction(cm,"Periodic",MethodName=""); 
setFunction(cm,"Periodic",Arguments="()");

Rules and Directives

You can use Polyspace® Bug Finder™ to identify violations of rules and directives. For more information, see Running Bug Finder (Polyspace Bug Finder).

Run-Time Failures

DirectiveDescriptionaCategoryCompliance
Dir 0.3.2A function call shall not violate the function’s preconditionsRequired

Compliant:

a Copyright © The MISRA Consortium Limited, 2023.

Copy and Move Assignment Operators

DirectiveDescriptionaCategoryCompliance
Dir 15.8.1User-provided copy assignment operators and move assignment operators shall handle self-assignmentRequiredNoncompliant

a Copyright © The MISRA Consortium Limited, 2023.

Path Feasibility

RuleDescriptionaCategoryCompliance
0.0.1A function shall not contain unreachable statementsRequired

Compliant:

a Copyright © The MISRA Consortium Limited, 2023.

Unused Values and Declarations

RuleDescriptionaCategoryCompliance
0.1.2The value returned by a function shall be usedRequired

Noncompliant:

0.2.2A named function parameter shall be used at least onceRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Implementation Compliance

RuleDescriptionaCategoryCompliance
4.1.1A program shall conform to ISO/IEC 14882:2017 (C++17)RequiredCompliant
4.1.3There shall be no occurrence of undefined or critical unspecified behaviourRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Program Execution

RuleDescriptionaCategoryCompliance
4.6.1Operations on a memory location shall be sequenced appropriatelyRequired

Noncompliant:

a Copyright © The MISRA Consortium Limited, 2023.

Comments

RuleDescriptionaCategoryCompliance
5.7.1The character sequence /* shall not be used within a C-style commentRequiredCompliant
5.7.3Line-splicing shall not be used in // comments Compliant

a Copyright © The MISRA Consortium Limited, 2023.

Identifiers

RuleDescriptionaCategoryCompliance
5.10.1User-defined identifiers shall have an appropriate formRequired

Noncompliant:

a Copyright © The MISRA Consortium Limited, 2023.

Literals

RuleDescriptionaCategoryCompliance
5.13.1Within character literals and non raw-string literals, \ shall only be used to form a defined escape sequence or universal character nameRequiredCompliant
5.13.2Octal escape sequences, hexadecimal escape sequences and universal character names shall be terminatedRequired

Noncompliant:

5.13.3Octal constants shall not be usedRequiredCompliant
5.13.4Unsigned integer literals shall be appropriately suffixedRequiredCompliant
5.13.5The lowercase form of L shall not be used as the first character in a literal suffixRequiredCompliant
5.13.6An integer-literal of type long long shall not use a single L or l in any suffixRequiredCompliant
5.13.7String literals with different encoding prefixes shall not be concatenatedRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Declarations and Definitions

RuleDescriptionaCategoryCompliance
6.0.1Block scope declarations shall not be visually ambiguousRequiredCompliant
6.0.4The identifier main shall not be used for a function other than the global function mainRequiredCompliant
6.2.1The one-definition rule shall not be violatedRequiredCompliant
6.2.2All declarations of a variable or function shall have the same typeRequiredCompliant
6.2.3The source code used to implement an entity shall appear only onceRequired

Noncompliant:

6.2.4A header file shall not contain definitions of functions or objects that are non-inline and have external linkageRequiredCompliant
6.4.1A variable declared in an inner scope shall not hide a variable declared in an outer scopeRequiredNoncompliant
6.4.2Derived classes shall not conceal functions that are inherited from their basesRequiredCompliant
6.4.3A name that is present in a dependent base shall not be resolved by unqualified lookupRequiredNoncompliant

a Copyright © The MISRA Consortium Limited, 2023.

Storage Duration and Object Lifetime

RuleDescriptionaCategoryCompliance
6.7.1Local variables shall not have static storage durationRequiredNoncompliant
6.7.2Global variables shall not be usedRequired

Noncompliant:

6.8.1An object shall not be accessed outside of its lifetimeRequiredCompliant
6.8.2A function must not return a reference or a pointer to a local variable with automatic storage duration MandatoryCompliant
6.8.3An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetimeRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Types

RuleDescriptionaCategoryCompliance
6.9.1The same type aliases shall be used in all declarations of the same entityRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Standard Conversions

RuleDescriptionaCategoryCompliance
7.0.1There shall be no conversion from type boolRequired

Noncompliant:

7.0.2There shall be no conversion to type boolRequired

Noncompliant:

7.0.3The numerical value of a character shall not be usedRequiredNoncompliant
7.0.4The operands of bitwise operators and shift operators shall be appropriateRequired

Noncompliant:

7.0.5Integral promotion and the usual arithmetic conversions shall not change the signedness or the type category of an operandRequiredNoncompliant
7.0.6Assignment between numeric types shall be appropriateRequiredNoncompliant

a Copyright © The MISRA Consortium Limited, 2023.

Pointer Conversions

RuleDescriptionaCategoryCompliance
7.11.1nullptr shall be the only form of the null-pointer-constant RequiredNoncompliant
7.11.2An array passed as a function argument shall not decay to a pointerRequiredNoncompliant
7.11.3A conversion from function type to pointer-to-function type shall only occur in appropriate contextsRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Primary Expressions

RuleDescriptionaCategoryCompliance
8.1.1A non-transient lambda shall not implicitly capture thisRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Postfix Expressions

RuleDescriptionaCategoryCompliance
8.2.1A virtual base class shall only be cast to a derived class by means of dynamic_castRequiredCompliant
8.2.2C-style casts and functional notation casts shall not be usedRequiredNoncompliant
8.2.3A cast shall not remove any const or volatile qualification from the type accessed via a pointer or by referenceRequiredNoncompliant
8.2.4Casts shall not be performed between a pointer to function and any other typeRequiredCompliant
8.2.5reinterpret_cast shall not be usedRequiredNoncompliant
8.2.6An object with integral, enumerated, or pointer to void type shall not be cast to a pointer typeRequired

Noncompliant:

8.2.8An object pointer type shall not be cast to an integral type other than std::uintptr_t or std::intptr_tRequiredCompliant
8.2.9The operand to typeid shall not be an expression of polymorphic class typeRequiredCompliant
8.2.10Functions shall not call themselves, either directly or indirectlyRequired

Noncompliant:

8.2.11An argument passed via ellipsis shall have an appropriate typeRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Arithmetic, Relational, and Logical Operators

RuleDescriptionaCategoryCompliance
8.7.1Pointer arithmetic shall not form an invalid pointerRequired

Compliant:

8.7.2Subtraction between pointers shall only be applied to pointers that address elements of the same arrayRequiredCompliant
8.9.1The built-in relational operators >, >=, < and <= shall not be applied to objects of pointer type, except where they point to elements of the same arrayRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Assignment and Compound Assignment

RuleDescriptionaCategoryCompliance
8.18.1An object or subobject must not be copied to an overlapping objectMandatoryCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Statements

RuleDescriptionaCategoryCompliance
9.2.1An explicit type conversion shall not be an expression statementRequiredCompliant
9.3.1The body of an iteration-statement or a selection-statement shall be a compound-statementRequiredCompliant
9.4.1All if ... else if constructs shall be terminated with an else statementRequiredCompliant
9.4.2The structure of a switch statement shall be appropriate RequiredCompliant
9.5.2A for-range-initializer shall contain at most one function callRequiredCompliant
9.6.2A goto statement shall reference a label in a surrounding blockRequiredCompliant
9.6.3The goto statement shall jump to a label declared later in the function bodyRequiredCompliant
9.6.4A function declared with the [[noreturn]] attribute shall not returnRequiredCompliant
9.6.5A function with non-void return type shall return a value on all pathsRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Declarations

RuleDescriptionaCategoryCompliance
10.1.2The volatile qualifier shall be used appropriatelyRequiredCompliant
10.2.1An enumeration shall be defined with an explicit underlying type RequiredNoncompliant
10.2.3The numeric value of an unscoped enumeration with no fixed underlying type shall not be usedRequiredCompliant
10.4.1The asm declaration shall not be usedRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Declarators

RuleDescriptionaCategoryCompliance
11.6.2The value of an object must not be read before it has been setMandatoryCompliant
11.6.3Within an enumerator list, the value of an implicitly-specified enumeration constant shall be uniqueRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Classes

RuleDescriptionaCategoryCompliance
12.2.2A bit-field shall have an appropriate typeRequiredCompliant
12.2.3A named bit-field with signed integer type shall not have a length of one bitRequiredCompliant
12.3.1The union keyword shall not be usedRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Derived Classes

RuleDescriptionaCategoryCompliance
13.1.2An accessible base class shall not be both virtual and non-virtual in the same hierarchyRequiredCompliant
13.3.1User-declared member functions shall use the virtual,override and final specifiers appropriatelyRequired

Noncompliant:

13.3.2Parameters in an overriding virtual function shall not specify different default argumentsRequiredCompliant
13.3.3The parameters in all declarations or overrides of a function shall either be unnamed or have identical namesRequiredNoncompliant
13.3.4A comparison of a potentially virtual pointer to member function shall only be with nullptrRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Special Member Functions

RuleDescriptionaCategoryCompliance
15.0.1Special member functions shall be provided appropriatelyRequired

Noncompliant:

15.1.1An object’s dynamic type shall not be used from within its constructor or destructorRequiredCompliant
15.1.3Conversion operators and constructors that are callable with a single argument shall be explicitRequiredNoncompliant
15.1.5A class shall only define an initializer-list constructor when it is the only constructorRequiredNoncompliant

a Copyright © The MISRA Consortium Limited, 2023.

Overloading

RuleDescriptionaCategoryCompliance
16.5.1The logical AND and logical OR operators shall not be overloadedRequiredCompliant
16.5.2The address-of operator shall not be overloadedRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Templates

RuleDescriptionaCategoryCompliance
17.8.1Function templates shall not be explicitly specializedRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Exception Handling

RuleDescriptionaCategoryCompliance
18.1.1An exception object shall not have pointer typeRequiredCompliant
18.1.2An empty throw shall only occur within the compound-statement of a catch handler RequiredCompliant
18.3.2An exception of class type shall be caught by const reference or referenceRequiredCompliant
18.3.3Handlers for a function-try-block of a constructor or destructor shall not refer to non-static members from their class or its basesRequiredCompliant
18.4.1Exception-unfriendly functions shall be noexcept RequiredNoncompliant

a Copyright © The MISRA Consortium Limited, 2023.

Preprocessing Directives

RuleDescriptionaCategoryCompliance
19.0.1A line whose first token is # shall be a valid preprocessing directiveRequired

Compliant:

19.0.2Function-like macros shall not be definedRequired

Noncompliant:

19.1.1The defined preprocessor operator shall be used appropriatelyRequiredCompliant
19.1.2All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are relatedRequiredCompliant
19.1.3All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be defined prior to evaluationRequiredNoncompliant
19.2.1Precautions shall be taken in order to prevent the contents of a header file being included more than onceRequiredCompliant
19.2.2The #include directive shall be followed by either a <filename> or "filename" sequenceRequiredCompliant
19.2.3The ' or " or \ characters and the /* or // character sequences shall not occur in a header file nameRequiredCompliant
19.3.2A macro parameter immediately following a # operator shall not be immediately followed by a ## operatorRequiredCompliant
19.3.3The argument to a mixed-use macro parameter shall not be subject to further expansionRequiredCompliant
19.3.4Parentheses shall be used to ensure macro arguments are expanded appropriatelyRequiredCompliant
19.3.5Tokens that look like a preprocessing directive shall not occur within a macro argumentRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Language Support Libraries

RuleDescriptionaCategoryCompliance
21.2.1The library functions atof, atoi, atol and atoll from shall not be used RequiredCompliant
21.2.2The string handling functions from <cstring>, cstdlib>, <cwchar>, and <cinttypes> shall not be usedRequired

Noncompliant:

21.2.3The library function system from <cstdlib>shall not be usedRequiredCompliant
21.2.4The macro offsetof shall not be usedRequiredCompliant
21.6.2Dynamic memory shall be managed automaticallyRequiredCompliant
21.6.3Advanced memory management shall not be usedRequiredNoncompliant
21.6.4If a project defines either a sized or unsized version of a global operator delete, then both shall be definedRequiredCompliant
21.6.5A pointer to an incomplete class type shall not be deletedRequiredCompliant
21.10.1The features of <cstdarg> shall not be used RequiredCompliant
21.10.2The standard header file <csetjmp> shall not be usedRequiredCompliant
21.10.3The facilities provided by the standard header file <csignal> shall not be usedRequiredCompliant
22.3.1The assert macro shall not be used with a constant-expressionRequiredCompliant
22.4.1The literal value zero shall be the only value assigned to errnoRequiredCompliant
24.5.1The character handling functions from <cctype> and <cwctype> shall not be usedRequiredCompliant
24.5.2The C++ Standard Library functions memcpy, memmove and memcmp from shall not be usedRequired

Noncompliant:

25.5.1The setlocale and std::locale::global functions shall not be calledRequiredCompliant
25.5.2The pointers returned by the C++ Standard Library functions localeconv, getenv, setlocale or strerror must only be used as if they have pointer to const-qualified typeMandatoryCompliant
25.5.3The pointer returned by the C++ Standard Library functions asctime, ctime, gmtime, localtime, localeconv, getenv, setlocale or strerror must not be used following a subsequent call to the same functionMandatoryCompliant
28.3.1Predicates shall not have persistent side effectsRequiredCompliant
28.6.1The argument to std::move shall be a non-const lvalueRequiredCompliant
28.6.2Forwarding references and std::forward shall be used togetherRequiredCompliant
28.6.3An object shall not be used while in a potentially moved-from state RequiredCompliant
28.6.4The result of std::remove, std::remove_if, std::unique and empty shall be usedRequiredCompliant
30.0.1The C Library input/output functions shall not be usedRequired

Noncompliant:

30.0.2Reads and writes on the same file stream shall be separated by a positioning operationRequiredCompliant

a Copyright © The MISRA Consortium Limited, 2023.

Explanatory Notes

Explanatory Note for Directive 0.3.2, Rule 0.0.1, and Rule 8.7.1

To avoid noncompliant code, verify that model simulation does not error due to invalid inputs or out-of-range accesses.

Explanatory Note for Rule 0.1.2

To reduce violations, avoid using the String Concatenate block and blocks that produce zero crossings, such as triggered subsystems.

Explanatory Note for Rule 4.6.1

To reduce violations, avoid using the Rate Transition block.

Explanatory Note for Rule 5.10.1

To reduce violations, choose names for signals, subsystem functions, and parameters according to MISRA rules.

Explanatory Note for Rule 5.13.2

To reduce violations, do not use octal escape sequences, hexadecimal escape sequences, or universal character names as inputs for String Constant blocks.

Explanatory Note for Rule 6.2.3

To reduce violations, specify header files for your custom-defined enumeration, bus, and alias types. For more information, see Control File Placement of Custom Data Types.

Explanatory Note for Rule 6.7.2

To reduce violations, avoid assigning modeling elements to storage classes that generate global variables.

For a list of global storage classes, see Choose Storage Class for Controlling Data Representation in Generated Code and Use Built-In and Predefined Storage Classes to Represent Data in Generated Code.

Explanatory Note for Rule 7.0.1, 7.0.4, and 19.0.2

To reduce violations, avoid using blocks that produce zero crossings, such as triggered subsystems.

Explanatory Note for Rule 7.0.2

To reduce violations, avoid using the Discrete State-Space block.

Explanatory Note for Rule 8.2.6

To reduce violations, avoid using:

Explanatory Note for Rule 8.2.10

To reduce violations, avoid using recursive calls in Stateflow charts. For any 2-D Median (Computer Vision Toolbox) blocks, set the Sort algorithm block parameter to Insertion sort.

Explanatory Note for Rule 13.3.1

To reduce violations, avoid using:

Explanatory Note for Rule 15.0.1

To reduce violations, avoid using message data types in Simulink.

Explanatory Note for Rule 19.0.1

To avoid noncompliant code, assign memory sections with appropriate pre- and post-statements to your data. For more information, see Control Data and Function Placement in Memory by Inserting Pragmas.

Explanatory Note for Rule 21.2.2

To reduce violations, avoid using the String Concatenate and String to ASCII blocks.

Explanatory Note for Rule 24.5.2

To reduce violations, avoid using:

Explanatory Note for Rule 30.0.1

To reduce violations, avoid using:

  • Message data types in Simulink

  • C functions fprintf and printf in Stateflow charts

See Also

| |