Main Content

MISRA C:2023 Rule 17.9

A function declared with a _Noreturn function specifier shall not return to its caller

Since R2024a

expand all in page

Description

Rule Definition

A function declared with a _Noreturn function specifier shall not return to its caller.

Rationale

A function declared with a _Noreturn specifier is not supposed to return to its caller. If there is a return path from this function to its caller, it typically indicates an error in the program control flow, and results in undefined behavior.

Polyspace Implementation

The rule checker analyzes the body of a function and reports a violation if the function is declared _Noreturn but has a return path to its caller.

This rule violation is reported only if you specify a C standard version of C11 or later for the Bug Finder analysis. For more information, see C standard version (-c-version).

Troubleshooting

If you expect a rule violation but do not see it, refer to Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

In this example:

  • The function checkID() is declared _Noreturn but can return to its caller if the argument ID is greater than or equal to zero. Therefore, the function violates the rule.

  • The function verifyID() with the same body does not have a _Noreturn specifier and does not violate the rule.

#include <stdlib.h>

_Noreturn void checkID(int32_t ID) // Noncompliant
{
    if (ID < 0)
    {
        abort();
    }
}


void verifyID(int32_t ID) // Compliant
{
    if (ID < 0)
    {
        abort();
    }
}

Check Information

Group: Functions
Category: Mandatory
AGC Category: Mandatory

Version History

Introduced in R2024a

See Also

Topics