-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Misra compliance #79
Misra compliance #79
Changes from all commits
740b878
7398ba0
e0aff68
62bcd9d
f5c7327
c43886f
950c40e
7d74780
bee6c0d
a6cb311
1dfd730
cdeac63
a993682
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -70,14 +70,30 @@ __attribute__((format(__printf__, (one_based_format_index), (first_arg)))) | |
# define vprintf_ vprintf | ||
#endif | ||
|
||
#if !(defined(PRINTF_CUSTOM_INT_64) || defined(PRINTF_CUSTOM_INT_32) \ | ||
|| defined(PRINTF_CUSTOM_INT_16)) | ||
typedef int printf_int_t; | ||
typedef unsigned int printf_uint_t; | ||
#elif defined(PRINTF_CUSTOM_INT_64) | ||
typedef int64_t printf_int_t; | ||
typedef uint64_t printf_uint_t; | ||
#elif defined(PRINTF_CUSTOM_INT_32) | ||
typedef int32_t printf_int_t; | ||
typedef uint32_t printf_uint_t; | ||
#elif defined(PRINTF_CUSTOM_INT_16) | ||
typedef int16_t printf_int_t; | ||
typedef uint16_t printf_uint_t; | ||
#endif | ||
|
||
/** | ||
* Output a character to a custom device like UART, used by the printf() function | ||
* This function is declared here only. You have to write your custom implementation somewhere | ||
* @param character Character to output | ||
*/ | ||
void putchar_(char character); | ||
|
||
|
||
#if !(defined(PRINTF_CUSTOM_INT_64) || defined(PRINTF_CUSTOM_INT_32) \ | ||
|| defined(PRINTF_CUSTOM_INT_16)) | ||
/** | ||
* Tiny printf implementation | ||
* You have to implement putchar_ if you use printf() | ||
|
@@ -133,8 +149,67 @@ int vprintf_(const char* format, va_list va) ATTR_VPRINTF(1); | |
* @param va A value identifying a variable arguments list | ||
* @return The number of characters that are sent to the output function, not counting the terminating null character | ||
*/ | ||
int fctprintf(void (*out)(char character, void* arg), void* arg, const char* format, ...) ATTR_PRINTF(3, 4); | ||
int vfctprintf(void (*out)(char character, void* arg), void* arg, const char* format, va_list va) ATTR_VPRINTF(3); | ||
int fctprintf(void (*out)(char character, void* arg) out, void* arg, const char* format, ...) ATTR_PRINTF(3, 4); | ||
int vfctprintf(void (*out)(char character, void* arg) out, void* arg, const char* format, va_list va) ATTR_VPRINTF(3); | ||
#else | ||
/** | ||
* Tiny printf implementation | ||
* You have to implement putchar_ if you use printf() | ||
* To avoid conflicts with the regular printf() API it is overridden by macro defines | ||
* and internal underscore-appended functions like printf_() are used | ||
* @param format A string that specifies the format of the output | ||
* @return The number of characters that are written into the array, not counting the terminating null character | ||
*/ | ||
printf_int_t printf_(const char* format, ...) ATTR_PRINTF(1, 2); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not possible. The printf() functions must be compatible with the standard library. If the MISRA standard is incompatible with using the standard library, then we have a problem. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not necessarily incompatible with the std lib. If you're not defining PRINTF_CUSTOM_INT_xx then There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah, ok. I guess we can do something like that. But - I still have to see the literal int in the signature. So I would rather have something like:
or maybe even:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I've update the header file. Is this better? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You'll need a new PR with whatever changes remain after my next push. Also... what does MISRA have to say about the standard library version of these functions? I mean, they return a plain int, after all. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Actually, I've just read the MISRA rule regarding typedefs. It says:
So, first of all, it's a "should", not a "shall" or "will". But even more importantly - the changes you propose don't bring you much closer to satisfying this rule, since the typedef you proposed indicates neither size nor signedness. I believe this advisory is about preferring There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah ok. I'll see about that new pull request. Basically MISRA indicates (among others) to avoid the standard library methods regarding time/date, character handling, stream operators and allocation/deallocation. It more or less recognizes one cannot do without, but discourages dependence. More to the point, it says "For example, the essential type rules apply to the types of the arguments passed to functions specified in the standard library and to their results." There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
I completely agree that is what the rule is about. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Well, this library is about providing these same problematic functions. But - we'll see how it looks in the new PR. Closing this one for now. |
||
|
||
|
||
/** | ||
* Tiny sprintf/vsprintf implementation | ||
* Due to security reasons (buffer overflow) YOU SHOULD CONSIDER USING (V)SNPRINTF INSTEAD! | ||
* @param buffer A pointer to the buffer where to store the formatted string. MUST be big enough to store the output! | ||
* @param format A string that specifies the format of the output | ||
* @param va A value identifying a variable arguments list | ||
* @return The number of characters that are WRITTEN into the buffer, not counting the terminating null character | ||
*/ | ||
printf_int_t sprintf_(char* buffer, const char* format, ...) ATTR_PRINTF(2, 3); | ||
printf_int_t vsprintf_(char* buffer, const char* format, va_list va) ATTR_VPRINTF(2); | ||
|
||
|
||
/** | ||
* Tiny snprintf/vsnprintf implementation | ||
* @param buffer A pointer to the buffer where to store the formatted string | ||
* @param count The maximum number of characters to store in the buffer, including a terminating null character | ||
* @param format A string that specifies the format of the output | ||
* @param va A value identifying a variable arguments list | ||
* @return The number of characters that COULD have been written into the buffer, not counting the terminating | ||
* null character. A value equal or larger than count indicates truncation. Only when the returned value | ||
* is non-negative and less than count, the string has been completely written. | ||
*/ | ||
printf_int_t snprintf_(char* buffer, size_t count, const char* format, ...) ATTR_PRINTF(3, 4); | ||
printf_int_t vsnprintf_(char* buffer, size_t count, const char* format, va_list va) ATTR_VPRINTF(3); | ||
|
||
|
||
/** | ||
* Tiny vprintf implementation | ||
* @param format A string that specifies the format of the output | ||
* @param va A value identifying a variable arguments list | ||
* @return The number of characters that are WRITTEN into the buffer, not counting the terminating null character | ||
*/ | ||
printf_int_t vprintf_(const char* format, va_list va) ATTR_VPRINTF(1); | ||
|
||
|
||
/** | ||
* printf/vprintf with output function | ||
* You may use this as dynamic alternative to printf() with its fixed _putchar() output | ||
* @param out An output function which takes one character and an argument pointer | ||
* @param arg An argument pointer for user data passed to output function | ||
* @param format A string that specifies the format of the output | ||
* @param va A value identifying a variable arguments list | ||
* @return The number of characters that are sent to the output function, not counting the terminating null character | ||
*/ | ||
printf_int_t fctprintf(void (*out)(char character, void* arg), void* arg, const char* format, ...) ATTR_PRINTF(3, 4); | ||
printf_int_t vfctprintf(void (*out)(char character, void* arg), void* arg, const char* format, va_list va) ATTR_VPRINTF(3); | ||
#endif | ||
|
||
#ifdef __cplusplus | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose I could have a distinct type for the flag holder integer.