[C-safe-secure-studygroup] MISRA Rule 15.5 functions shall have a single point of exit

Robert Seacord rcseacord at gmail.com
Thu Oct 5 17:33:26 BST 2017


Why is IEC61508 a European standard?  I though the IEC was an international
standards organization,

Can you share the text from the standard which establishes this
requirement?  I would be surprised if this standard specifically addresses
C language, so I'm guessing MISRA interpreted a more generally requirement.

On Oct 5, 2017 5:00 AM, "Clive Pygott" <clivepygott at gmail.com> wrote:

Hi

Am I right that we've already discussed 15.5 (at least in passing, possibly
when discussing Rule 16.3 - all switch clauses will end with a break or
throw) and concluded that only allowing a single return in a function is
overly restrictive?  - which I'd agree with.

I'm in a MISRA meeting at the moment and this has come up and I've
discovered that there is a good reason for the rule - as its a specific
requirement in IEC61508  (the European generic safety management standard).
This is written into European law, so all of us developing systems in
Europe are required to comply with this requirement - so the MISRA rule is
there to ease legal compliance.

    Clive



_______________________________________________
C-safe-secure-studygroup mailing list
C-safe-secure-studygroup at lists.trustable.io
https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20171005/b5b7e501/attachment.html>


More information about the C-safe-secure-studygroup mailing list