Global MW_GetClearResetReason (void): Advisory: misra-c2012- 10.5
Justification: This deviation concerns the determination of the device reset reason. The function uses an enum-to-integer conversion to map register bits to enum members of resetReason_t. This deviation enables reduction of execution time, flash usage, and complexity. The mapping is considered safe due to rigorous unit tests that ensure the correctness of the mapping between the register bits and the enum members. Additionally, the safety of this approach is maintained as long as the order of the enum members in resetReason_t is not changed, as documented in the warning above the enum declaration.
Global MW_SetIntPriority (bool useRoundRobin, uint8_t altStartVect, uint8_t highPriorityVect): Required: misra-c2012- 10.8
Justification: This deviation concerns the determination of the maximum interrupt vector number for the device. The _VECTORS_SIZE macro, defined in the device-specific header file, lacks an unsigned literal suffix, requiring an explicit cast to uint8_t to avoid implicit integer conversions that could lead to other MISRA violations. The fundamental issue is that the macro itself is not inherently MISRA-compliant. However, since package variants within the same device family can have different vector counts, hardcoding values for each supported device is not scalable and reduces software portability. The cast does not introduce unintended behavior, as the value is known to be positive and within the range of uint8_t. This deviation is limited in scope, reviewed, and tested to ensure correctness.
Global T_HandleErrorChInterrupt (void): Required: misra-c2012- 10.1
Justification: This function iterates through the errCh_t enum using the ++ operator to determine which channel is set. The errCh_t enum is continuous and the first member is initialized to an unsigned integer value of zero and a designated max value is used to ensure correct range. This is verified by unit tests and static asserts. Alternative implementations either lead to a greatly increased complexity and probability of erroneous implementation or violations of other MISRA 10.x rules. The enum value is passed to MW_GetErrorChannel, which will return 'ERROR' if an invalid channel is used, breaking the loop and preventing infinite iteration. Thus, the risk of unexpected behavior is mitigated and the deviation is deemed safe.
Global T_HandlePowerInterrupt (void): Advisory: misra-c2012- 15.5
Justification: This function explicitly returns early if a diagnostic has been completed to avoid spending unnecessary time in the interrupt handler checking flags that are most likely not set if a diagnostic was found to be ongoing. In the case that another fault also has set a SLPCTRL interrupt flag not related to the diagnostic, it will be handled by a redundant interrupt handler. This deviation is justified as it optimizes the interrupt handling process by reducing the time spent in the interrupt context, which is critical for system performance and responsiveness. Using a standard if/else construct instead of an early return is not feasible when using conditional compilation directives for optional inclusion of the diagnostic handling code.
Global T_RunNextLatentFaultDiag (void): Advisory: misra-c2012- 8.9
Justification: This function uses an array containing a function pointer and an Error ID for up to 20 diagnostics to implement the diagnostic queue under conditional compilation. To keep the implementation more readable, the array is defined at file scope rather than block scope, even though it is only used by this single function. Since this design is thoroughly tested and does not introduce unexpected behavior, the deviation is deemed safe.