cppcheck / Discussion / Development: --addon=misra: Variable 'std' is unknown

mcandre - 2024-08-06

Hi,

I am exploring securing my C++ projects with MISRA. However, when I use the --addon=misra flag, then cppcheck suddenly generates an extraordinary amount of spurious complaints that it is unaware of the std namespace, of nullptr, staticcast, and plenty of other standard, modern C++ elements.

Tried supplying a --std=c++17 flag to remind cppcheck that the project is targeting the C++17 standard , but still getting the same behavior.

Weird, cppcheck -h reports that it only knows of the C89 and C99 standards, not C11, C17, C23, C++11, C++17, C++23, etc.

cppcheck does not appear to validate, short-circuit, or exit non-zero when an unknown language standard value is supplied.

I'm using cppcheck 2.14.2.

Is the MISRA addon targeting an old version of C++, or perhaps only pure C code?

Is there a misra config JSON setup to work around this problem?

Last edit: mcandre 2024-08-06

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2024-08-17

The misra.py is only for pure C code. You can run it on C++ code but it will not handle it well.

If you would like to try out Misra C++ you can look at Cppcheck Premium it's possible to try it out for free..

cppcheck does not appear to validate, short-circuit, or exit non-zero when an unknown language standard value is supplied.

ouch that is not good. I can reproduce. I have created ticket https://trac.cppcheck.net/ticket/13021

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- mcandre - 2024-08-18
  
  Ah, thank you for clearing up more of these concerns!
  
  Would it be possible to obtain a license for Cppcheck Premium for FOSS use?
  I recall JetBrains offering a similar, free license for their premium
  products for FOSS developers.
  
  I publish tutorials, portability tools, linters, and so on. Some of my top
  C/C++ projects are:
  
  https://github.com/mcandre/rez (write your build system configuration
  itself in C/C++)
  
  https://github.com/mcandre/snek (quickly generate large numbers of
  cross-OS and cross-architecture binary ports of your applications)
  
  https://github.com/mcandre/linters (curated index of code analysis tools)
  
  I am always interested in opportunities to integrate more zero price
  quality checks to elevate my source code.
  
  On Sat, Aug 17, 2024 at 2:23 PM Daniel Marjamäki danielmarjamaki@users.sourceforge.net wrote:
  
  The misra.py is only for pure C code. You can run it on C++ code but it
  will not handle it well.
  
  If you would like to try out Misra C++ you can look at Cppcheck Premium
  it's possible to try it out for free..
  
  cppcheck does not appear to validate, short-circuit, or exit non-zero when
  an unknown language standard value is supplied.
  
  ouch that is not good. I can reproduce. I have created ticket
  https://trac.cppcheck.net/ticket/13021
  
  --addon=misra: Variable 'std' is unknown
  https://sourceforge.net/p/cppcheck/discussion/development/thread/0d93d18a3e/?limit=25#4fd5
  
  Sent from sourceforge.net because you indicated interest in
  https://sourceforge.net/p/cppcheck/discussion/development/
  
  To unsubscribe from further messages, please visit
  https://sourceforge.net/auth/subscriptions/
  
  --
  Cheers,
  Andrew
  
  alternate
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

--addon=misra: Variable 'std' is unknown

Static source code analysis tool for C and C++ code

Forums

Help

--addon=misra: Variable 'std' is unknown

--addon=misra: Variable 'std' is unknown

Static source code analysis tool for C and C++ code

Forums

Help

--addon=misra: Variable 'std' is unknown document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

--addon=misra: Variable 'std' is unknown