1# MISRA Compliance
2
3FreeRTOS-Kernel conforms to [MISRA C:2012](https://www.misra.org.uk/misra-c)
4guidelines, with the deviations listed below. Compliance is checked with
5Coverity static analysis. Since the FreeRTOS kernel is designed for
6small-embedded devices, it needs to have a very small memory footprint and
7has to be efficient. To achieve that and to increase the performance, it
8deviates from some MISRA rules. The specific deviations, suppressed inline,
9are listed below.
10
11Additionally, [MISRA configuration file](examples/coverity/coverity_misra.config)
12contains project wide deviations.
13
14### Suppressed with Coverity Comments
15To find the violation references in the source files run grep on the source code
16with ( Assuming rule 8.4 violation; with justification in point 1 ):
17```
18grep 'MISRA Ref 8.4.1' . -rI
19```
20
21#### Rule 8.4
22
23MISRA C:2012 Rule 8.4: A compatible declaration shall be visible when an
24object or function with external linkage is defined.
25
26_Ref 8.4.1_
27 - pxCurrentTCB(s) is defined with external linkage but it is only referenced
28   from the assembly code in the port files. Therefore, adding a declaration in
29   header file is not useful as the assembly code will still need to declare it
30   separately.
31
32_Ref 8.4.2_
33 - xQueueRegistry is defined with external linkage because it is accessed by the
34   kernel unit tests. It is not meant to be directly accessed by the application
35   and therefore, not declared in a header file.
36
37#### Rule 8.6
38
39MISRA C:2012 Rule 8.6: An identifier with external linkage shall have exactly
40one external definition.
41
42_Ref 8.6.1_
43 - This rule prohibits an identifier with external linkage to have multiple
44   definitions or no definition. FreeRTOS hook functions are implemented in
45   the application and therefore, have no definition in the Kernel code.
46
47#### Rule 11.1
48MISRA C:2012 Rule 11.1: Conversions shall not be performed between a pointer to
49function and any other type.
50
51_Ref 11.1.1_
52 - The pointer to function is casted into void to avoid unused parameter
53   compiler warning when Stream Buffer's Tx and Rx Completed callback feature is
54   not used.
55
56#### Rule 11.3
57
58MISRA C:2012 Rule 11.3: A cast shall not be performed between a pointer to
59object type and a pointer to a different object type.
60
61_Ref 11.3.1_
62 - This rule prohibits casting a pointer to object into a pointer to a
63   different object because it may result in an incorrectly aligned pointer,
64   leading to undefined behavior. Even if the casting produces a correctly
65   aligned pointer, the behavior may be still undefined if the pointer is
66   used to access an object. FreeRTOS deliberately creates external aliases
67   for all the kernel object types (StaticEventGroup_t, StaticQueue_t,
68   StaticStreamBuffer_t, StaticTimer_t and StaticTask_t) for data hiding
69   purposes. The internal object types and the corresponding external
70   aliases are guaranteed to have the same size and alignment which is
71   checked using configASSERT.
72
73
74#### Rule 11.5
75
76MISRA C:2012 Rule 11.5: A conversion should not be performed from pointer to
77void into pointer to object.
78This rule prohibits conversion of a pointer to void into a pointer to
79object because it may result in an incorrectly aligned pointer leading
80to undefined behavior.
81
82_Ref 11.5.1_
83 - The memory blocks returned by pvPortMalloc() are guaranteed to meet the
84   architecture alignment requirements specified by portBYTE_ALIGNMENT.
85   The casting of the pointer to void returned by pvPortMalloc() is,
86   therefore, safe because it is guaranteed to be aligned.
87
88_Ref 11.5.2_
89 - The conversion from a pointer to void into a pointer to EventGroup_t is
90   safe because it is a pointer to EventGroup_t, which is returned to the
91   application at the time of event group creation for data hiding
92   purposes.
93
94_Ref 11.5.3_
95 - The conversion from a pointer to void in list macros for list item owner
96   is safe because the type of the pointer stored and retrieved is the
97   same.
98
99_Ref 11.5.4_
100 - The conversion from a pointer to void into a pointer to EventGroup_t is
101   safe because it is a pointer to EventGroup_t, which is passed as a
102   parameter to the xTimerPendFunctionCallFromISR API when the callback is
103   pended.
104
105_Ref 11.5.5_
106 - The conversion from a pointer to void into a pointer to uint8_t is safe
107   because data storage buffers are implemented as uint8_t arrays for the
108   ease of sizing, alignment and access.
109
110#### Rule 21.6
111
112MISRA C-2012 Rule 21.6: The Standard Library input/output functions shall not
113be used.
114
115_Ref 21.6.1_
116 - The Standard Library function snprintf is used in vTaskListTasks and
117   vTaskGetRunTimeStatistics APIs, both of which are utility functions only and
118   are not considered part of core kernel implementation.
119