[C-safe-secure-studygroup] MISRA Rule 10.3

[Clive Pygott]

My homework was MISRA rule 10.3


This rule relates to the essential type model, so its inclusion or not
depends on a strategy decision as to whether we want to consider essential
types as a whole or not.

To summarise essential types, MISRA regard basic types as belonging to one
of six categories:

   - Boolean
   - char (for characters only - not a small integer),
   - unsigned integers (including unsigned char - as a small integer)
   - signed integers (including signed char - as a small integers)
   - enumeration types and
   - floating types.

The basic argument is that terms in an expression should not change their
essential type by implicit conversions, including those caused by the
implementation sizes of integers etc.

This particular rule has two elements:

   1. a value shall not be assigned to an object with a different essential
   type
   2. a value shall not be assigned to an object with a narrower essential
   type


Note that MISRA's glossary defines 'assignment' to include:

   - use of any of the assignment operators
   - returning a value from a function
   - passing an argument to a function and
   - initialisation

So this rule applies in all four of these contexts

The first part of the rule is required if we buy into the essential type
model, and not if we don't

I'd argue that the second part is required whether we want the essential
type model or not, because of the loss of data that may occur

    Clive
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170811/549888fd/attachment.html>