--- record-id: MISRA-REC-001 project: demo-epb date: 2026-05-11 status: Approved --- # MISRA Deviation Record MISRA-REC-001 | Field | Value | |-------------------|---------------------------------------------| | Record ID | MISRA-REC-001 | | Date | 2026-05-11 | | File | `src/apply_controller.c` | | Function | `apply_ctrl_step_50ms` | | Line | 64 | | Standard | MISRA C:2012 | | Rule | Rule 15.5 (Advisory) — "A function should have a single point of exit" | | ASIL | D | | Status | Approved | --- ## 1. Code excerpt ```c void apply_ctrl_step_50ms(const ApplyInputs* in) { if (in == NULL) { s_ctx.last_error = EPB_EINVAL; return; /* <-- early exit */ } ... } ``` ## 2. Rationale The NULL pointer check as an early exit significantly improves readability versus a nested variant with a single `return` at the end. MISRA Rule 15.5 is **Advisory**, not **Required**. The early exit has clearly defined semantics (input validation) and does not impair verifiability; on the contrary, the separate path is unambiguously covered in the unit test `test_null_input`. ## 3. Alternative considered Single-exit variant: ```c void apply_ctrl_step_50ms(const ApplyInputs* in) { if (in == NULL) { s_ctx.last_error = EPB_EINVAL; } else { /* entire step logic nested in else branch */ ... } } ``` Rejected because the additional nesting makes the state machine harder to read without gaining functional equivalence relative to the early-exit variant. ## 4. Safety impact None. The early exit is deterministic and covered by the unit test. ## 5. Approval | Role | Name | Date | Signature | |-----------------|------------------|-------------|-----------| | Technical Lead | Stefan Lohmaier | 2026-05-11 | (demo) | | Safety Manager | (in real project)| 2026-05-11 | (demo) | ## 6. Scope This deviation applies only to this specific code site. Other early-exit sites require separate records.