Skip to content

[Coding Guideline]: Ensure all loops have a termination condition that is provably reachable#305

Draft
rcseacord wants to merge 7 commits intorustfoundation:mainfrom
rcseacord:guideline/infloop
Draft

[Coding Guideline]: Ensure all loops have a termination condition that is provably reachable#305
rcseacord wants to merge 7 commits intorustfoundation:mainfrom
rcseacord:guideline/infloop

Conversation

@rcseacord
Copy link
Collaborator

@rcseacord rcseacord commented Dec 17, 2025

No description provided.

@netlify
Copy link

netlify bot commented Dec 17, 2025
edited
Loading

Deploy Preview for scrc-coding-guidelines ready!

Name Link
🔨 Latest commit aa69089
🔍 Latest deploy log https://app.netlify.com/projects/scrc-coding-guidelines/deploys/697fdb77286d8d0008e77d5c
😎 Deploy Preview https://deploy-preview-305--scrc-coding-guidelines.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@rcseacord rcseacord requested a review from PLeVasseur December 17, 2025 15:21
@rcseacord rcseacord marked this pull request as draft December 17, 2025 15:21
@rcseacord rcseacord self-assigned this Dec 17, 2025
@felix91gr
Copy link
Collaborator

felix91gr commented Dec 17, 2025

Interesting rule. Are we sure there aren't safety-critical systems which have at least one thread that loops forever? @rcseacord

@rcseacord
Copy link
Collaborator Author

rcseacord commented Dec 17, 2025
edited
Loading

Interesting rule. Are we sure there aren't safety-critical systems which have at least one thread that loops forever? @rcseacord

@felix91gr quite possibly. the philosophy behind this rule (which is quite common in MISRA) is that this is pretty dangerous and so it should always be flagged by the analyzer. any time you have an infinite loop in your code will require a deviation permit, meaning that that infinite loops will always be scrutinized more carefully (presumably by a senior engineer who audits these things).

Presumably there aren't many of these in any given system (I would guess at most one) so the burden isn't that high.

@PLeVasseur PLeVasseur added the coding guideline An issue related to a suggestion for a coding guideline label Dec 17, 2025
@PLeVasseur PLeVasseur removed their request for review December 17, 2025 22:50
@PLeVasseur PLeVasseur added coding guideline An issue related to a suggestion for a coding guideline and removed coding guideline An issue related to a suggestion for a coding guideline labels Dec 17, 2025
@github-actions github-actions bot requested review from AlexCeleste and removed request for AlexCeleste December 17, 2025 22:57
@PLeVasseur PLeVasseur added coding guideline An issue related to a suggestion for a coding guideline and removed coding guideline An issue related to a suggestion for a coding guideline labels Dec 17, 2025
@github-actions github-actions bot requested review from PLeVasseur and removed request for PLeVasseur December 17, 2025 23:10
@github-actions github-actions bot added chapter: values chapter: expressions decidability: decidable A coding guideline which can be checked automatically and removed chapter: values labels Dec 17, 2025
@github-actions github-actions bot requested review from AlexCeleste and PLeVasseur and removed request for PLeVasseur December 17, 2025 23:44
@PLeVasseur PLeVasseur removed the request for review from AlexCeleste December 18, 2025 00:22
@github-actions github-actions bot requested review from PLeVasseur and removed request for PLeVasseur December 18, 2025 00:24
@PLeVasseur
Copy link
Collaborator

PLeVasseur commented Dec 18, 2025

@guidelines-bot /commands

@github-actions
Copy link
Contributor

github-actions bot commented Dec 18, 2025

ℹ️ Available Commands

Pass or step away:

  • @guidelines-bot /pass [reason] - Pass this review to next in queue
  • @guidelines-bot /away YYYY-MM-DD [reason] - Step away from queue until a date
  • @guidelines-bot /release [reason] - Release your assignment (leaves issue/PR unassigned)

Assign reviewers:

  • @guidelines-bot /r? @username - Assign a specific reviewer
  • @guidelines-bot /r? producers - Request the next reviewer from the queue
  • @guidelines-bot /claim - Claim this review for yourself

Other:

  • @guidelines-bot /label +label-name - Add a label
  • @guidelines-bot /label -label-name - Remove a label
  • @guidelines-bot /queue - Show current queue status
  • @guidelines-bot /sync-members - Sync queue with members.md

@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
@rustfoundation rustfoundation deleted a comment from github-actions bot Dec 18, 2025
felix91gr
felix91gr reviewed Dec 21, 2025
View reviewed changes
iglesias
iglesias reviewed Dec 26, 2025
View reviewed changes
src/coding-guidelines/expressions/gui_LoopTerminat.rst.inc Outdated

* **Watchdog timeout**: While hardware watchdogs can detect stuck systems,
relying on watchdog reset as a termination mechanism indicates
a design failure and may cause loss of critical state.
Copy link
Contributor

@iglesias iglesias Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially nitpicking: I thought that "relying on watchdog reset as a termination mechanism indicates a design failure" could be unnecessary.
Is using a hardware watchdog to this end really always a design failure? I do not know.

What about something else such as "relying on watchdog reset as a termination mechanism disables formal verification of system shutdown and may cause loss [...]".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felix91gr felix91gr felix91gr left review comments

+1 more reviewer

@iglesias iglesias iglesias left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@rcseacord rcseacord

Labels

chapter: expressions coding guideline An issue related to a suggestion for a coding guideline decidability: undecidable A coding guideline which cannot be checked automatically

Projects

[Safety Critical Rust Consortium Coding Guidelines] Work Items
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rcseacord @felix91gr @PLeVasseur @iglesias