Stefan Lohmaier
fb2c083551
Validate / build-test (macos-latest) (push) Failing after 3s
Validate / build-test (windows-latest) (push) Failing after 15s
Validate / build-test (ubuntu-latest) (push) Successful in 17s
Validate / reports (push) Successful in 50s
Release / release (push) Successful in 50s
Phase 2 of the English translation: Word documents (filled, EPB-specific): - 8 plans (PID, PM, QA, SWE, Test, Project Manual, CM, RM) - 6 safety docs (HARA, Safety Case, FMEDA, MISRA Compliance, Verification Report, Tool Qualification Cppcheck) - 2 manuals (User, Service) - 3 audit artefacts (Review minutes, NC-001, MISRA-REC-001) - All regenerated via pandoc from English markdown sources Code, tests, headers: - All file headers, struct comments, function docstrings in English - All test names (TEST_BEGIN strings) translated - Inline comments translated - 46 tests still green after translation CI workflows: - All step names in English - Step descriptions, comments, release notes template in English README.md fully rewritten in English with proper guided tour. Phase 3 (still pending): dev-process repo templates + toolstack/setup docs.
75 lines
2.4 KiB
Markdown
75 lines
2.4 KiB
Markdown
---
|
|
record-id: MISRA-REC-001
|
|
project: demo-epb
|
|
date: 2026-05-11
|
|
status: Approved
|
|
---
|
|
|
|
# MISRA Deviation Record MISRA-REC-001
|
|
|
|
| Field | Value |
|
|
|-------------------|---------------------------------------------|
|
|
| Record ID | MISRA-REC-001 |
|
|
| Date | 2026-05-11 |
|
|
| File | `src/apply_controller.c` |
|
|
| Function | `apply_ctrl_step_50ms` |
|
|
| Line | 64 |
|
|
| Standard | MISRA C:2012 |
|
|
| Rule | Rule 15.5 (Advisory) — "A function should have a single point of exit" |
|
|
| ASIL | D |
|
|
| Status | Approved |
|
|
|
|
---
|
|
|
|
## 1. Code excerpt
|
|
|
|
```c
|
|
void apply_ctrl_step_50ms(const ApplyInputs* in)
|
|
{
|
|
if (in == NULL) {
|
|
s_ctx.last_error = EPB_EINVAL;
|
|
return; /* <-- early exit */
|
|
}
|
|
...
|
|
}
|
|
```
|
|
|
|
## 2. Rationale
|
|
|
|
The NULL pointer check as an early exit significantly improves readability versus a nested variant with a single `return` at the end. MISRA Rule 15.5 is **Advisory**, not **Required**.
|
|
|
|
The early exit has clearly defined semantics (input validation) and does not impair verifiability; on the contrary, the separate path is unambiguously covered in the unit test `test_null_input`.
|
|
|
|
## 3. Alternative considered
|
|
|
|
Single-exit variant:
|
|
|
|
```c
|
|
void apply_ctrl_step_50ms(const ApplyInputs* in)
|
|
{
|
|
if (in == NULL) {
|
|
s_ctx.last_error = EPB_EINVAL;
|
|
} else {
|
|
/* entire step logic nested in else branch */
|
|
...
|
|
}
|
|
}
|
|
```
|
|
|
|
Rejected because the additional nesting makes the state machine harder to read without gaining functional equivalence relative to the early-exit variant.
|
|
|
|
## 4. Safety impact
|
|
|
|
None. The early exit is deterministic and covered by the unit test.
|
|
|
|
## 5. Approval
|
|
|
|
| Role | Name | Date | Signature |
|
|
|-----------------|------------------|-------------|-----------|
|
|
| Technical Lead | Stefan Lohmaier | 2026-05-11 | (demo) |
|
|
| Safety Manager | (in real project)| 2026-05-11 | (demo) |
|
|
|
|
## 6. Scope
|
|
|
|
This deviation applies only to this specific code site. Other early-exit sites require separate records.
|