[C-safe-secure-studygroup] MISRA rules 8.7 and 8.15
clivepygott at gmail.com
Mon Jul 24 14:21:51 UTC 2017
These two rules were my home work from the last meeting.
*Rule 8.7 Functions and objects should not be defined with external linkage
if they are referenced in only one translation unit*
This is in the class of rules on information hiding - don't put names in
the global namespace if not required
If an object is used in multiple translation units, then this rule doesn't
trigger. It can only apply to objects used in a single translation unit -
and forces them to be declared static. The rationale I got form a member of
the MISRA-C committee was that without this rule, it is possible that
during maintenance an object with the same name may be declared in a second
translation unit. If these both have external linkage, then there is
unspecified behaviour in the linker, as which object is actually used is
unclear. I actually tried this, and Visual Studio's linker always
complained that there were two definitions with the same name. I'm not sure
if this is because the C standard has been tightened since C99 or whether
this is VS being more than usually helpful
My personnel opinion is that this is a No for the security profile and I'm
not totally convinced of its utility for the safety profile either.
*Rule 8.15 *
There is no rule 8.15!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the C-safe-secure-studygroup