I finally got the misra 2012 integration to work. I purchased the MISRA C 2012 pdf from the misra store in the UK. The PDF is secured, so I had to print the PDF to the microsoft PDF printer (effectively removing the security).
I then removed all pages except Appendix A & the first page of Appendix B - (misra.py has a few regular expressions that search for both of these headings and some extra stuff. I also needed to download pdftotext.exe prebuilt binary for windows and converted the 6 or so PDF pages from the appendix to raw text named misra-rules.txt.
Configuring the cppcheck gui to use misra C 2012 was a littke unobvious to say the least. It appears that the configuration has to be doneimmediately after creating a new project - it cannot be added as a setting to an existing project. After checking the 'clang' and 'misra' check boxes and pointing to the aforementioned misra-rules.txt file and finally adding a compile_commands.json file - I got the misra numbers and short summary descriptions from appendix A to appear in the summary column.
I noticed that with misra checking enabled, the whole scanning process takes forever - it does finish, but I cannot help feeling that the python script 'misra.py' in the addon's folder of the development is sub-optimal - however I am not sure about this.
Overall the misra integration was a bit Mis(e)ra(ble) :) one great suggestion that I read somewhere on this forum was encrypting the contents of appendix A and bundling it as a scrambled binary with the build.
BTW I needed to build the latest code from githug to get it working this far. With the 1.89 binary - it is missing the addon's folder and some other things - probably pcre. Building the code was a similarly seamless experience :) made easier with microsoft vcpkg (although the 64 bit visual studio gui project points to the wrong version of the pcre(64).lib - vcpkg uses pcre.lib for the 64 bit release library and exporting the results to a csv file is broken if the summary text contains a "," - it should be escaped if the summary contains a comma - or in my case I replaced comma with a semicolon
voidCsvReport::writeHeader()
{
//NoheaderforCSVreport// @JCaddedCSVheadermTxtWriter<<"File, Line, Severity, Id, Summary"<<endl;
}
voidCsvReport::writeError(constErrorItem&error)
{
/* Error as CSV line gui/test.cpp,23,error,Mismatching allocation and deallocation: k */constQStringfile=QDir::toNativeSeparators(error.errorPath.back().file);QStringline=QString("%1,%2,").arg(file).arg(error.errorPath.back().line);// @JCerroridentifieraddedafterseverity// @JCnotsureifIneedtoconsiderthehiddenIDpreferencesfield// @JCprobablynotasthisisalwayspresent// @JCneedtoescapeembeddedcommas, mucheasiertoreplacethemwithsemicolonsautoescapedSummary=error.summary;escapedSummary.replace(",", ";");line+=QString("%1,%2,%3").arg(GuiSeverity::toString(error.severity)).arg(error.errorId).arg(escapedSummary);mTxtWriter<<line<<endl;
}
Hope this helps
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I want to do what I can to make the user experience better.
Configuring the cppcheck gui to use misra C 2012 was a littke unobvious to say the least. It appears that the configuration has to be doneimmediately after creating a new project - it cannot be added as a setting to an existing project.
hmm.. I don't see how that could make a difference. No matter if you do it directly or later, the saved project file should be exactly the same.
I noticed that with misra checking enabled, the whole scanning process takes forever - it does finish, but I cannot help feeling that the python script 'misra.py' in the addon's folder of the development is sub-optimal - however I am not sure about this.
:-(
I am sure that the addons are slower than the internal Cppcheck checks. But I haven't personally noticed that it takes forever. However I haven't personally tested MISRA in production - that would be interesting but I don't work in such domains at the moment.
one great suggestion that I read somewhere on this forum was encrypting the contents of appendix A and bundling it as a scrambled binary with the build.
I don't understand how that would prevent anybody from extracting the rule texts? Then people could just run our addon on some test file(s) and then they would have all the rule texts without buying a PDF.
I wanted the addon to extract the rule texts directly from the PDF. There are tools and python libraries for that. But as the PDF is secured it was difficult and I could not find a reliable and automated way for it :-(.
I don't think that the MISRA guys have any commercial interest. It's not their idea to get rich by selling the MISRA PDF. I think their main focus is to maintain the reputation of MISRA - if we distribute the texts freely but no further explanations and then people run it on their code they might misunderstand the warnings and think that MISRA is not as good as it is.
I don't know.. maybe it would be ok for MISRA if we would sell a bundle on our website; personal PDF + text file. However that would require effort from us. :-(
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Have you tried renaming the pdf? The issue is probably hidden in the
misra-c-2012-file, so it probably won’t do anything, but it could be worth
a shot.
Another ugly solution could be printscreening your pdf and convert the
printscreen to text instead?
Mathias, unfortunately with great difficulty, I purchased the PDF and then
I printed it to a PDF (in my case using the build in PhantomPDF printer but
the default one would do equally fine - this effectively removes the
security restriction, then I removed everything except appendix A, and left
the Title to Appendix B from the resulting PDF.
I then ran the above command to convert Appendix A to plain text. This is
where it got a little challenging, the conversion is crap. I'm not sure if
the issue was to do with my stripping and thus conversion of the original
PDF or just the lousy job that the pdftotext did on the file, the file was
full of errors so I spent an hour or so cleaning it up by hand and removing
the line wraps to make each rule effectively a single line and that worked
for me.
I left the contents of the Appendix B heading in place as I could see
references to it in the python source code where it looks for demarcation
boundaries for the appendix A content, not sure if this is still required,
doesn't hurt.
Hope this is helpful, now if only the developers could stop the cppcheck
gui from auto loading the last project results - taking up to 3 minutes to
make my gui responsive....
My resulting text file is like this (ignore the SOF/EOF descriptive
markers):
SOF>>
Appendix A Summary of guidelines
The implementation
Dir 1.1
Required
Any implementation.. Blah Blah.... single line details....
Compilation and build
Dir 2.1
Required
Blah Blah.... single line details
Requirements traceability
Dir 3.1
Required
Blah Blah.... single line details
Code design
...
Rule 22.10
Required
Blah Blah.... single line details
Appendix B Guideline attributes
<<EOF
BTW, I think you meant to say above that you DO have the misra rules as a
secure PDF
I have some problems with the misra-module especially when I'm using the recommended script-file misra.json. For the records, I'm using the windows version of cppcheck (1.89).
" Failed to open misra.json "
the json-File is in the addons-folder as well in the main-folder of cppcheck.
My main goal is to realize a after-build-batch-script for the programm KEIL uVision5.
Could someone give me an advice to solve that problem ?
For the records, the windows gui is working (sometimes) fine with the misra-module and shows all misra rules by name, sometimes not..
But in this case I have to check every single file and I dont know how to collect all output-data to a xml-report-file.
is there any possibility to include the path of the misra ruletext inside of the .cppcheck-file ? (like by code-example below)
or just a fix path in the misra.py-file ?
I guess we need to have better error handling. Cppcheck should check that python can be executed and report an error otherwise. It should check if the file can be found and report an error otherwise. Etc.. I created ticket https://trac.cppcheck.net/ticket/9542
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How to integrate MISRA rules with cppcheck?
Im using cppcheck version 2.1 in that addon is there i give a path to cppcheck but not working.
so, share some screenshots please....
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Karla Rehn
13:03 (för 1 minut sedan)
till surendra
Are you sure you've given the right path to the MISRA-text? Do you get some
error message? What happens if you don't specify a path at all?
How to integrate MISRA rules with cppcheck?
Im using cppcheck version 2.1 in that addon is there i give a path to
cppcheck but not working.
so, share some screenshots please....
Hi,
Recently i installed cppcheck tool and QT creator.I want to check the violations in given code based on MISRA c++ rules.So , please anyone can help to me how to reach it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I would like to test CppCheck for misra analysis but actually I'm not able to check my code vs the misra rules.
I understood that without the misra text rules I won't see a complete text of misra warning but just a simple reference to the rules violated, but at the moment I never see this in my c language code.
I think that there is something that I have to configure correcttly.
Could you help me to understand what I have to do in order use correctly Cppcheck (I'm using a CppCheck installed on W10 os)?
I finally got the misra 2012 integration to work. I purchased the MISRA C 2012 pdf from the misra store in the UK. The PDF is secured, so I had to print the PDF to the microsoft PDF printer (effectively removing the security).
I then removed all pages except Appendix A & the first page of Appendix B - (misra.py has a few regular expressions that search for both of these headings and some extra stuff. I also needed to download pdftotext.exe prebuilt binary for windows and converted the 6 or so PDF pages from the appendix to raw text named misra-rules.txt.
Configuring the cppcheck gui to use misra C 2012 was a littke unobvious to say the least. It appears that the configuration has to be doneimmediately after creating a new project - it cannot be added as a setting to an existing project. After checking the 'clang' and 'misra' check boxes and pointing to the aforementioned misra-rules.txt file and finally adding a compile_commands.json file - I got the misra numbers and short summary descriptions from appendix A to appear in the summary column.
I noticed that with misra checking enabled, the whole scanning process takes forever - it does finish, but I cannot help feeling that the python script 'misra.py' in the addon's folder of the development is sub-optimal - however I am not sure about this.
Overall the misra integration was a bit Mis(e)ra(ble) :) one great suggestion that I read somewhere on this forum was encrypting the contents of appendix A and bundling it as a scrambled binary with the build.
BTW I needed to build the latest code from githug to get it working this far. With the 1.89 binary - it is missing the addon's folder and some other things - probably pcre. Building the code was a similarly seamless experience :) made easier with microsoft vcpkg (although the 64 bit visual studio gui project points to the wrong version of the pcre(64).lib - vcpkg uses pcre.lib for the 64 bit release library and exporting the results to a csv file is broken if the summary text contains a "," - it should be escaped if the summary contains a comma - or in my case I replaced comma with a semicolon
Hope this helps
John
Thanks for all your tips!
I want to do what I can to make the user experience better.
hmm.. I don't see how that could make a difference. No matter if you do it directly or later, the saved project file should be exactly the same.
:-(
I am sure that the addons are slower than the internal Cppcheck checks. But I haven't personally noticed that it takes forever. However I haven't personally tested MISRA in production - that would be interesting but I don't work in such domains at the moment.
I don't understand how that would prevent anybody from extracting the rule texts? Then people could just run our addon on some test file(s) and then they would have all the rule texts without buying a PDF.
I wanted the addon to extract the rule texts directly from the PDF. There are tools and python libraries for that. But as the PDF is secured it was difficult and I could not find a reliable and automated way for it :-(.
I don't think that the MISRA guys have any commercial interest. It's not their idea to get rich by selling the MISRA PDF. I think their main focus is to maintain the reputation of MISRA - if we distribute the texts freely but no further explanations and then people run it on their code they might misunderstand the warnings and think that MISRA is not as good as it is.
I don't know.. maybe it would be ok for MISRA if we would sell a bundle on our website; personal PDF + text file. However that would require effort from us. :-(
Hi, I do have the misra rules as pdf. I am not able to convert the pdf to text with pdftotxt. How get you solved that? λ
pdftotext.exe e:\workdir\ip\misra-c-2012.pdf misra-rules.txt
Permission Error: Copying of text from this document is not allowed.
Is there a way to change the permissions?
many thanks
Have you tried renaming the pdf? The issue is probably hidden in the
misra-c-2012-file, so it probably won’t do anything, but it could be worth
a shot.
Another ugly solution could be printscreening your pdf and convert the
printscreen to text instead?
tors 31 okt. 2019 kl. 10:36 skrev mathias mgiaco82@users.sourceforge.net:
Mathias, unfortunately with great difficulty, I purchased the PDF and then
I printed it to a PDF (in my case using the build in PhantomPDF printer but
the default one would do equally fine - this effectively removes the
security restriction, then I removed everything except appendix A, and left
the Title to Appendix B from the resulting PDF.
I then ran the above command to convert Appendix A to plain text. This is
where it got a little challenging, the conversion is crap. I'm not sure if
the issue was to do with my stripping and thus conversion of the original
PDF or just the lousy job that the pdftotext did on the file, the file was
full of errors so I spent an hour or so cleaning it up by hand and removing
the line wraps to make each rule effectively a single line and that worked
for me.
I left the contents of the Appendix B heading in place as I could see
references to it in the python source code where it looks for demarcation
boundaries for the appendix A content, not sure if this is still required,
doesn't hurt.
Hope this is helpful, now if only the developers could stop the cppcheck
gui from auto loading the last project results - taking up to 3 minutes to
make my gui responsive....
My resulting text file is like this (ignore the SOF/EOF descriptive
markers):
SOF>>
Appendix A Summary of guidelines
The implementation
Dir 1.1
Required
Any implementation.. Blah Blah.... single line details....
Compilation and build
Dir 2.1
Required
Blah Blah.... single line details
Requirements traceability
Dir 3.1
Required
Blah Blah.... single line details
Code design
...
Rule 22.10
Required
Blah Blah.... single line details
Appendix B Guideline attributes
<<EOF
BTW, I think you meant to say above that you DO have the misra rules as a
secure PDF
On Thu, Oct 31, 2019 at 5:36 AM mathias mgiaco82@users.sourceforge.net
wrote:
okay many thanks. switching from windows to ubunto to do the convert save the day :-)
Yes ... I have also had more success with pdftotext in Linux than in Windows.
Hello!
I have some problems with the misra-module especially when I'm using the recommended script-file misra.json. For the records, I'm using the windows version of cppcheck (1.89).
" Failed to open misra.json "
the json-File is in the addons-folder as well in the main-folder of cppcheck.
My main goal is to realize a after-build-batch-script for the programm KEIL uVision5.
Could someone give me an advice to solve that problem ?
For the records, the windows gui is working (sometimes) fine with the misra-module and shows all misra rules by name, sometimes not..
Afterbuild.cmd
TEST.cppcheck
hmm.. sounds flaky!
Can you try to put misra.json in
C:\Projects\TEST
?Your
afterbuild.cmd
looks fine. And yourTEST.cppcheck
looks fine as far as I can tell also.does it work if you invoke the addon manually on some file?
Maybe your problems are somewhat related to https://trac.cppcheck.net/ticket/9371 .
Thanks for your fast response!
this code works (without ruletext and only single file)
But in this case I have to check every single file and I dont know how to collect all output-data to a xml-report-file.
is there any possibility to include the path of the misra ruletext inside of the .cppcheck-file ? (like by code-example below)
or just a fix path in the misra.py-file ?
ok it is interesting that worked for you. I do not recommend that method it was just a test.
I guess we have some problem in windows, but I cant reproduce it. :-(
The misra rule texts is a global setting in the gui. I am not against writing
it in the project file so the command line cppcheck can use that.
The ticket https://trac.cppcheck.net/ticket/9371 was closed as invalid :-(.
I guess we need to have better error handling. Cppcheck should check that python can be executed and report an error otherwise. It should check if the file can be found and report an error otherwise. Etc.. I created ticket https://trac.cppcheck.net/ticket/9542
I added some error handling. If you can compile latest cppcheck and test it .. feel free to do that. Otherwise there will be a new release soon.
How to integrate MISRA rules with cppcheck?
Im using cppcheck version 2.1 in that addon is there i give a path to cppcheck but not working.
so, share some screenshots please....
Karla Rehn
13:03 (för 1 minut sedan)
till surendra
Are you sure you've given the right path to the MISRA-text? Do you get some
error message? What happens if you don't specify a path at all?
Den tis 28 juli 2020 kl 12:58 skrev Surendranath surendra@users.sourceforge.net:
Yes my path was right.Or please tell me how to check the path?
Python binary field means path to Python interpreter in your OS.
I think you should leave it empty to use the default system interpreter from $PATH. If it doesn't work, please set path to your Python.exe there.
Here is a screenshot for these settings from my Linux system:
Last edit: Georgiy Komarov 2020-07-28
Thank you and please tell me where should i get misra c++ rules for cppcheck tool.
There are no MISRA C++ support in Cppcheck. misra.py addon works only with MISRA C 2012.
You can purchase pdf with MISRA C rules texts in their official site: https://www.misra.org.uk. Then you can convert pdf to txt. Here are some examples of the structure of txt rules: https://github.com/danmar/cppcheck/tree/main/addons/test/misra.
Hi,
Recently i installed cppcheck tool and QT creator.I want to check the violations in given code based on MISRA c++ rules.So , please anyone can help to me how to reach it.
if you want to know how to configure the QT creator dialog.. I can't help.
If you wonder how to run MISRA rules in Cppcheck.. well have you read the manual.. http://cppcheck.sourceforge.net/manual.html#running-addons
what problems do you have when trying that?
Can anyone know what is the use of custom argument in QT creator?
I guess that is for custom cppcheck commands. i.e. you could add
--addon
.Thank you...
Hello everybody,
I would like to test CppCheck for misra analysis but actually I'm not able to check my code vs the misra rules.
I understood that without the misra text rules I won't see a complete text of misra warning but just a simple reference to the rules violated, but at the moment I never see this in my c language code.
I think that there is something that I have to configure correcttly.
Could you help me to understand what I have to do in order use correctly Cppcheck (I'm using a CppCheck installed on W10 os)?
Thank you so much for your help!
Claudio
In attachment there is my addon preferences...
Last edit: Bindi Claudio 2020-09-11