[C-safe-secure-studygroup] MISRA Rule 15.5 functions shall have a single point of exit

Clive Pygott clivepygott at gmail.com
Thu Oct 5 09:00:16 UTC 2017


Hi

Am I right that we've already discussed 15.5 (at least in passing, possibly
when discussing Rule 16.3 - all switch clauses will end with a break or
throw) and concluded that only allowing a single return in a function is
overly restrictive?  - which I'd agree with.

I'm in a MISRA meeting at the moment and this has come up and I've
discovered that there is a good reason for the rule - as its a specific
requirement in IEC61508  (the European generic safety management standard).
This is written into European law, so all of us developing systems in
Europe are required to comply with this requirement - so the MISRA rule is
there to ease legal compliance.

    Clive
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20171005/87f7cdd0/attachment.html>


More information about the C-safe-secure-studygroup mailing list