Use MISRA rules from the GUI?
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
I believe I've got the latest code from github installed correctly but I don't see misra listed in the GUI addons. The manual only has usage with the --dump option.
Is it possible to use the misra addon via the GUI?
The list of addons in the project settings dialog of the GUI is fixed, i.e. manually created.
So even when the MISRA addon is in the addons directory it will not be shown there.
Since Daniel Marjamäki always removes the MISRA addon before a release i guess it is not yet ready to be released and therefore not available in the GUI.
I would love to see it in the GUI too :)
It is not official yet because of legal issues. see:
https://www.misra.org.uk/forum/viewtopic.php?t=1189
The MISRA legal department is writing a license agreement for us so we can sign it.
When that is signed I plan to release our misra addon immediately!
ok we have signed the license. Cppcheck is now officially listed in the "Tools supporting MISRA C and MISRA C++":
https://www.misra.org.uk/Links/tabid/63/Default.aspx
I will now finish the MISRA addon and integrate it into the GUI etc..
Good news. I will give it a try as soon as it's available.
Thanks a lot.
When the cppcheck tool availabe with MISHRA C++ support ?
The addon only supports MISRA C 2012 currently. If somebody volounteer to work on MISRA C++ then please do it..
Last edit: Daniel Marjamäki 2018-02-11
Can you please share the addon that supports MISRA C 2012 ?
It is a python script, you can find it here:
https://github.com/danmar/cppcheck/blob/master/addons/misra.py
Information about using addons can be found in the manual in chapter 11:
http://cppcheck.sourceforge.net/manual.pdf
It has not been released yet. You will be able to use the MISRA C 2012 addon in Cppcheck-1.83.
When Cppcheck-1.83 with MISRA C 2012 will be available ?
From https://sourceforge.net/p/cppcheck/wiki/Home/ :
"We make about 5-6 releases / year."
To get a very rough idea when the next version of Cppcheck is released you can look here:
https://trac.cppcheck.net/roadmap
But in the end it depends on different things i guess, so do not rely on the date that is written there.
This is great news. Will the installation include the "Text" of the MISRA issues as well? Right now all the documentaiton I can find is secured and not able to be read by the addon. My company does have a license for MISRA as well, but I can not acquire an unsecured version of the PDFs.
Sadly it is not allowed to include the texts in the case of Cppcheck. When i remember it correctly it is only allowed to include them when they are shipped inside a binary and can not be extracted in an easy way and only with approval by the MISRA Consortium, but since Cppcheck is open source the texts are not allowed to be a part of it.
But you can still get the texts into Cppcheck by providing the rules in a textfile.
Here is the help text explaining the parameter for the MISRA addon when called directly:
--rule-texts=<file> Load rule texts from plain text file. If you have the tool 'pdftotext' you might be able to generate this textfile with such command: $ pdftotext MISRA_C_2012.pdf MISRA_C_2012.txt Otherwise you can more or less copy/paste the chapter Appendix A Summary of guidelines from the MISRA pdf. You can buy the MISRA pdf from http://www.misra.org.uk/ Format: <..arbitrary text..> Appendix A Summary of guidelines Rule 1.1 Rule text for 1.1 Rule 1.2 Rule text for 1.2 <...>The path to the MISRA text file can be specified in the GUI preferences dialog in case the addon is not directly called manually but via according project settings by Cppcheck.
Can you copy text out of the secured version in any way? Then creating the text file this way would be a solution. Otherwise maybe some OCR works or in the worst case typing it into the text file by hand.
Edit: Providing the rules via a PDF directly is not longer supported, the rules must be copied to a text file.
Last edit: versat 2018-03-26
Thanks for the update. Not the news I was hoping for. Luckily we are Licensed for MISRA now we just have to do some manual work.
Another quick (I hope) question.
We are doing a lot of work with AUTOSAR and that by default causes some problems with MISRA checks. Is there a way to to "surpress" certain MISRA possible violations?
Currently i do not see a way to suppress specific rules. At least not via project settings.In the results list you can right click on a line with a violation you do not want to see in the results and choose "Hide all with id". Then all messages regarding this specific violation are hidden. But you have to do this again for every new analyzer run.So i have added a feature request ticket for suppressing specific MISRA rules:
https://trac.cppcheck.net/ticket/8472
Last edit: versat 2018-04-05
I am running cppcheck on one of my Jenkins slaves, so I don't have the ability to use the cppcheck visual tool.
Sorry, i was wrong. It is already possible to suppress specific messages in a very simple way.
The manual says:
This appears to work, on the grand scale.
Dear Cppcheck team,
I am a developper in a start-up and we are trying to have a project that is misra compliant. I will be looking after all the misra directives and rules. I already read some documents, included Misra C 2012.
I am currenlty testing your tool, but I am not sure if I am doing properly. This is waht I haved done.
Appendix A Summary of guidelines
Rule 1.1
txt rule 1.1
Rule 1.2
txt rule 1.2
.
.
. and so
So I have no idea where the output is saved or how to diplayed it. Can you help me with this.
I got the cppcheck 1.83 as a zip file, unzip and make WITH_FLAGS and make install.
This is my first time using your tool. So I am a completely newbie.
Best regards,
jorge
PS I check the rules and files, and in your misra.py you mentione 153 rules, there are 143 rules. I guess is a typo. Can you double check this?
Regarding your rules text file and the commands you use i can not see anything wrong. I've tried it with these commands and i get MISRA messages.
They are printed to stderr by default and should appear just after the output "Checking MYFILE.c.dump".
What kind of violations do you expect, have you some example code with violations you can share?
Maybe the violations in your code are currently not detected by Cppcheck/MISRA addon.
For a list of all violations that could be detected execute this command in the directory where your misra.py is in:
Regarding the number of rules i sadly can not say anything since i have no copy of the MISRA C 2012 pdf, but Daniel Marjamäki maybe can verify this.
Edit: Since
python misra.py -generate-tableoutputs exactly 143 lines/rules i guess you are right.Last edit: versat 2018-04-05
Hi Versat,
I just created the table for the rules, and I can see the rules listed. I assumed the mark next to the rule means a rule that is checked/tested, and in parenthesis the tool that checks such a rule.
If that is the case, the whole tool is checking 78 (~55%) rules. Fortunately, not all rules are mandatory. In MISRA jargon there are three sets of rules: Mandatory, required and advisory.
So maybe cppcheck is only checking for some subset of the rules. I have the Misra docuement and I will try to map the rules.
I will keep doing my research and understanding your tool and Misra guidelines, and many thanks for your big contribution/achievement.
Best regards,
Jorge
Great. If you have any feedback, find bugs, have questions do not hesitate to post it or create a ticket in the issue tracker if you have an account.
I guess there could still be some false positives/negatives in the MISRA checks since it is such a new feature.
Have you solved it so you are seeing misra warnings? I also think that your commands look 100% correct... they should really work. To test that your commands are correct; can you try it with some of this code:
https://github.com/danmar/cppcheck/blob/master/addons/test/misra-test.c
do you get warnings if you remove the --rule-texts=PATHTO/my_rules_in.txt ... maybe if that is not loaded properly the rules are disabled.