The Hersteller Initiative Software (HIS) metrics are a collection of 15 metrics that apply to a software project plus three metrics that apply to two revisions
of software projects. Of the project metrics, two are actually summaries of rule violations of a subset of MISRA C.
This checklist contains checks for all 18 metrics representing HIS, along with checks for the underlying MISRA C coding standards that are referenced by HIS. The MISRA C directives and rules are listed by how they are referenced in MISRA-C:2012, rather than the earlier MISRA-C:2004 standard that was in place at the time the HIS standard was issued.
Software being reviewed with this checklist should be loaded into Imagix 4D with the -nosys option disabled and the -nosysbodies option enabled.
"MISRA", "MISRA C" and the triangle logo are registered trademarks owned by HORIBA MIRA Ltd, held on behalf of the MISRA Consortium.
| Rule 1.1 | No violations of the standard C syntax and constraints, and translation limits |
| Rule 1.2 | Language extension should not be used |
| Rule 1.3 | There shall be no occurrence of undefined or critical unspecified behaviour |
| Rule 2.1 | A project shall not contain unreachable code |
| Rule 2.1a | Unreachable code - functions defined but never called |
| Rule 2.1b | Unreachable code - statements not reached in control flow |
| Rule 2.2 | There shall be no dead code |
| Rule 3.1 | Character sequences /* and // not in comment |
| Rule 4.1 | Octal and hexadecimal escape sequences shall be terminated |
| Rule 4.2 | Trigraphs should not be used |
| Rule 5.3 | An identifier declared in an inner scope shall not hide an identifier declared in an outer scope |
| Rule 5.6 | A typedef name shall be a unique identifier |
| Rule 5.7 | A tag name shall be a unique identifier |
| Rule 6.2 | Single-bit named bit fields shall not be of a signed type |
| Rule 7.1 | Octal constants shall not be used |
| Rule 8.1 | Types shall be explicitly specified |
| Rule 8.2 | Function types in prototype form with named parameters |
| Rule 8.3 | All declarations shall use same names and type qualifiers |
| Rule 8.4 | Compatible declaration for symbol with external linkage |
| Rule 8.5 | External symbol shall be declared once in one file |
| Rule 8.6 | External symbol shall have exactly one external definition |
| Rule 8.7 | Functions and objects that could be static |
| Rule 8.8 | Use static storage class specifier consistently |
| Rule 8.9 | Object to be defined at block scope if only in single function |
| Rule 8.13 | A pointer should point to a const-qualified type whenever possible |
| Rule 9.1 | Object with automatic storage shall not be read before set |
| Rule 9.2 | Initializer for aggregate or union shall be in braces |
| Rule 10.1 | Operands shall not be of an inappropriate essential type |
| Rule 10.2 | Expressions of character type inappropriately in addition and subtraction |
| Rule 10.3 | Expression not to be assigned to narrower different essential type |
| Rule 10.4 | Operands of operator with arithmetic conversions shall have same essential type |
| Rule 10.6 | Composite expression not be assigned to object with wider essential type |
| Rule 10.7 | Composite expression as operand with arithmetic conversion not with wider operand |
| Rule 10.8 | Composite expression not be cast to different or wider essential type |
| Rule 11.1 | Conversions not be performed between pointer to function and any other type |
| Rule 11.3 | A cast shall not be performed between pointers to different object types |
| Rule 11.8 | Cast not remove const or volatile qualifier from type |
| Rule 12.1 | Precedence of operators in expressions be made explicit |
| Rule 12.2 | Shift within bit width of type of left hand operand |
| Rule 12.3 | The comma operator should not be used |
| Rule 12.4 | Constant expression evaluation not lead to unsigned wrap-around |
| Rule 13.2 | Expression value and side effects same under all evaluation orders |
| Rule 13.4 | The result of an assignment operator should not be used |
| Rule 13.5 | Right hand operand of && or || operator not contain side effects |
| Rule 13.6 | Operand of sizeof not contain expression with side effects |
| Rule 14.1 | A loop counter shall not have essentially floating type |
| Rule 14.2 | A for loop shall be well-formed |
| Rule 15.1 | The goto statement should not be used |
| Rule 15.2 | The goto statement shall jump to a label declared later in the same function |
| Rule 15.3 | goto shall jump to same block or block enclosing goto |
| Rule 15.6 | Body of an iteration or selection shall be compound-statement |
| Rule 15.7 | All if...else if shall be terminated with an else statement |
| Rule 16.2 | switch label only for most closely-enclosing compound statement |
| Rule 16.3 | Unconditional break statement to terminate every switch-clause |
| Rule 16.4 | Every switch statement shall have a default label |
| Rule 16.5 | Default label either as first or last label of switch statement |
| Rule 16.6 | Every switch statement shall have at least two switch-clauses |
| Rule 16.7 | A switch-expression shall not have essentially Boolean type |
| Rule 17.1 | The features of <stdarg.h> shall not be used |
| Rule 17.2 | Functions shall not call themselves, either directly or indirectly |
| Rule 17.3 | A function shall not be declared implicitly |
| Rule 17.4 | All exit paths from non-void function need return with expression |
| Rule 18.1 | Pointer arithmetic shall address element of same array |
| Rule 18.2 | Subtraction between pointers only between elements of same array |
| Rule 18.3 | Operators >, >=, < and <= only for pointers to same object |
| Rule 18.4 | The +, –, += and –= operators not be applied to expression of pointer type |
| Rule 18.5 | Declarations should contain no more than two levels of pointer nesting |
| Rule 18.6 | Address of object with automatic storage not to non-local object |
| Rule 19.1 | An object shall not be assigned or copied to an overlapping object |
| Rule 20.2 | Certain character sequences shall not occur in a header file name |
| Rule 20.3 | #include directive be followed by <filename> or "filename" sequence |
| Rule 20.4 | A macro shall not be defined with the same name as a keyword |
| Rule 20.6 | Preprocessing directive within a macro argument |
| Rule 20.7 | Expressions resulting from macro parameters in parentheses |
| Rule 20.9 | Identifiers in #if or #elif to be #define'd before evaluation |
| Rule 20.10 | The # and ## preprocessor operators should not be used |
| Rule 20.11 | Macro operators # and ## not following each other |
| Rule 21.1 | #define and #undef not be used on reserved identifier or reserved macro name |
| Rule 21.1a | No #define and #undef for names beginning with an underscore |
| Rule 21.1b | No #define or #undef for identifiers in file scope in standard library headers |
| Rule 21.1c | #define and #undef shall not be used for identifier 'defined' |
| Rule 21.2 | A reserved identifier or macro name shall not be declared |
| Rule 21.3 | Memory allocation functions of <stdlib.h> shall not be used |
| Rule 21.4 | The standard header file <setjmp.h> shall not be used |
| Rule 21.5 | The standard header file <signal.h> shall not be used |
| Rule 21.6 | The Standard Library input/output functions shall not be used |
| Rule 21.7 | The atof, atoi and atoll functions of <stdlib.h> shall not be used |
| Rule 21.8 | Library functions abort, exit, getenv and system of <stdlib.h> not be used |
| Rule 21.10 | The Standard Library time and date functions shall not be used |
