Stefan Lohmaier
fb2c083551
Validate / build-test (macos-latest) (push) Failing after 3s
Validate / build-test (windows-latest) (push) Failing after 15s
Validate / build-test (ubuntu-latest) (push) Successful in 17s
Validate / reports (push) Successful in 50s
Release / release (push) Successful in 50s
Phase 2 of the English translation: Word documents (filled, EPB-specific): - 8 plans (PID, PM, QA, SWE, Test, Project Manual, CM, RM) - 6 safety docs (HARA, Safety Case, FMEDA, MISRA Compliance, Verification Report, Tool Qualification Cppcheck) - 2 manuals (User, Service) - 3 audit artefacts (Review minutes, NC-001, MISRA-REC-001) - All regenerated via pandoc from English markdown sources Code, tests, headers: - All file headers, struct comments, function docstrings in English - All test names (TEST_BEGIN strings) translated - Inline comments translated - 46 tests still green after translation CI workflows: - All step names in English - Step descriptions, comments, release notes template in English README.md fully rewritten in English with proper guided tour. Phase 3 (still pending): dev-process repo templates + toolstack/setup docs.
2.4 KiB
2.4 KiB
record-id, project, date, status
| record-id | project | date | status |
|---|---|---|---|
| MISRA-REC-001 | demo-epb | 2026-05-11 | Approved |
MISRA Deviation Record MISRA-REC-001
| Field | Value |
|---|---|
| Record ID | MISRA-REC-001 |
| Date | 2026-05-11 |
| File | src/apply_controller.c |
| Function | apply_ctrl_step_50ms |
| Line | 64 |
| Standard | MISRA C:2012 |
| Rule | Rule 15.5 (Advisory) — "A function should have a single point of exit" |
| ASIL | D |
| Status | Approved |
1. Code excerpt
void apply_ctrl_step_50ms(const ApplyInputs* in)
{
if (in == NULL) {
s_ctx.last_error = EPB_EINVAL;
return; /* <-- early exit */
}
...
}
2. Rationale
The NULL pointer check as an early exit significantly improves readability versus a nested variant with a single return at the end. MISRA Rule 15.5 is Advisory, not Required.
The early exit has clearly defined semantics (input validation) and does not impair verifiability; on the contrary, the separate path is unambiguously covered in the unit test test_null_input.
3. Alternative considered
Single-exit variant:
void apply_ctrl_step_50ms(const ApplyInputs* in)
{
if (in == NULL) {
s_ctx.last_error = EPB_EINVAL;
} else {
/* entire step logic nested in else branch */
...
}
}
Rejected because the additional nesting makes the state machine harder to read without gaining functional equivalence relative to the early-exit variant.
4. Safety impact
None. The early exit is deterministic and covered by the unit test.
5. Approval
| Role | Name | Date | Signature |
|---|---|---|---|
| Technical Lead | Stefan Lohmaier | 2026-05-11 | (demo) |
| Safety Manager | (in real project) | 2026-05-11 | (demo) |
6. Scope
This deviation applies only to this specific code site. Other early-exit sites require separate records.