PVS-Studio: support for MISRA C and MISRA C ++ coding standards
Starting from version 6.2? the PVS-Studio static code analyzer can classify its warnings according to the MISRA C and MISRA C ++ standards. Thanks to the support of these standards, it has become possible to effectively use the analyzer to improve the security, portability and reliability of programs for embedded systems.
This year we took care of the support in the analyzer 3r315. PVS-Studio
standards like r3r317. CWE
and SEI CERT . Basically, support has been reduced to the classification of diagnostics already implemented in the analyzer according to these standards. Additionally, several new diagnostics were implemented or several old diagnostics were expanded to more fully comply with these standards.
Correspondence tables diagnostics PVS-Studio to various standards:
3r3334. Compliance CWE
Compliance SEI CERT
Now it’s time for the MISRA C and MISRA C ++ standards. These are the C and C ++ software development standards created by the organization 3r3346. MISRA
(Motor Industry Software Reliability Association). The purpose of the standards is to improve the security, portability and reliability of programs for embedded systems. Text standards is paid.
We consider the strength of our analyzer to be able to take and start using it in an already existing large project. You can run PVS-Studio on the code base, identify old errors and then use the analyzer regularly to find new defects as early as possible.
Many analyzers go the other way and implement diagnostics related to coding standards. They suggest how best to name variables, remind to insert comments at the beginning of a file, and so on. It is necessary and useful. However, in this case, the analyzers are very "noisy" and generate a huge number of warnings, in which warnings regarding errors are drowned.
We decided that PVS-Studio will be an analyzer that looks for errors. This is his competitive advantage. The programmer can run it on a large code base and be sure that it will not overwhelm with an incredible number of messages about the design of the code and he will be able to focus on bugs.
Therefore, we initially critically attributed to r3r3268. to the standards of MISRA and for a long time did not plan to implement them. MISRA standards are designed to simplify and improve the quality of the code as a whole, which helps prevent errors. That is, in it just the majority of diagnostics refers to the style of writing code. This is best illustrated with an example.
In the MISRA standard there is a rule according to which the bodies of the operators if should be enclosed in curly lope. In MISRA C this is rule 15.? and in MISRA C ++ it is 6-4-1. An example of an incorrect code:
if (i == bestOffs) continue;
The correct code is
if (i == bestOffs)
Such diagnostics cannot be applied to already existing projects written for work under the control of the Winodws, Linux or macOS operating system. For example, the just described rule about braces gives [b] 1947 3r336. triggers diagnostics
V2507 (MISRA C 15.? MISRA C ++ 6-4-1) for the WinMerge project. But WinMerge is a small project! A total of about 25?000 lines of code in C and C ++.
Until 201? the PVS-Studio analyzer was focused on testing desktop applications running under Windows, Linux and macOS. Accordingly, MISRA support had little practical meaning. No one will embed this standard into a large existing desktop project.
Everything changed when we started supporting embedded systems in 2018. This year the analyzer supported: 3r326565.
Windows IAR Embedded Workbench, C /C ++ Compiler for ARM C, C ++
Windows /Linux. Keil µVision, DS-MDK, ARM Compiler 5/6 C, C ++
Windows /Linux. Texas Instruments Code Composer Studio, ARM Code Generation Tools C, C ++
Windows /Linux /macOS. GNU Arm Embedded Toolchain, Arm Embedded GCC compiler, C, C ++
Unlike desktop projects, many embedded developers are already writing projects based on MISRA recommendations, and their support in the analyzer will definitely be useful for developers.
Nevertheless, we still fear that someone from the developers, without understanding, may consider that we have “spoiled” the analyzer by introducing “strange diagnostics” into it. Therefore MISRA diagnostics are turned off by default. We consider this a very correct decision. These diagnostics can be enabled only if you understand exactly what they are for and how to use them.
For example, for application programmers it may not be clear why the analyzer suddenly forbids them to use dynamic memory. Those. why suddenly you cannot allocate memory using the function 3r3138. malloc [/i] or operator 3r3138. new [/i] . But such limitations (3r33140. V2511 3r33268.) Are well understood by the developers of embedded devices. In some devices operating continuously, it is really unacceptable to use programs for which memory can suddenly run out.
So, now you can install or update PVS-Studio and start using diagnostics that implement the rules from MISRA C and MISRA C ++. The set of supported rules is incomplete, but this should not be an obstacle to starting using PVS-Studio. At the moment there is not a single static analyzer that implements absolutely all MISRA rules. In the future, we plan to expand the set of diagnostic rules implemented in MISRA, and we hope to become the leading tool in the completeness of their support.
To enable MISRA diagnostics in Visual Studio or in the PVS-Studio Standalone utility, you need to change the settings Disabled to Show All in the settings.
Since Disabled means that warnings are not generated at all and are not included in the report, analysis will need to be restarted. Disabled mode is set by default to reduce the size of the report. The inclusion of MISRA diagnostics can lead to a huge number of operations and a large increase in the report files (* .plog files).
To analyze projects in Linux and macOS operating systems, there is a utility pvs-studio-analyzer. By default, only general purpose diagnostics are included (General Analysis, GA). Additional rules can be enabled using the "-a" option:
-a[MODE], - analysis-mode[MODE]
MODE defines the type of warnings:
1 - 64-bit errors;
2 - reserved;
4 - General Analysis;
8 - Micro-optimizations;
16 - Customers Specific Requests;
32 - MISRA.
Modes can be combined by adding the values
To enable GA and MISRA warnings, you must run an analysis with the following parameters: 3r-3265.
pvs-studio-analyzer analyze -a 36 -o /path/to/report.log
The value 36 is bitwise OR for 4 (GA - general purpose diagnostics) and 32 (MISRA).
Further, it is recommended to create several reports with different types of warnings, for example, like this:
plog-converter -a GA: ?2 -t tasklist
-o /path/to/ga_results.tasks /path/to/project.log
plog-converter -a MISRA: ??3 -t tasklist -m misra
-o /path/to/misra_results.tasks /path/to/project.log
The first ga_results.tasks report will contain general-purpose warnings of the High and Medium confidence levels.
And in the second “misra_results.tasks” report, only warnings related to MISRA of all levels will be included. The "-m misra" key indicates that the report, in addition to the numbers in the PVS-Studio format, will include diagnostic numbers according to the MISRA classification.
All analyzer launch modes in Linux and macOS, as well as report formats, are described in 3r3241. documentation
P.S. We want to assess how far we have guessed by choosing MISRA as one of the development directions of PVS-Studio. If you are interested in this topic, please r3r3223. write us
. Even if you do not plan to use PVS-Studio yet, still please write. We want to ask you some clarifying questions.
Additional links: 3r33232.
How to run PVS-Studio in Linux and macOS
The PVS-Studio ??? static code analyzer is adapted for ARM compilers (Keil, IAR) 3r-3268.
GNU Arm Embedded Toolchain appeared in PVS-Studio.
If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. PVS-Studio: Support of MISRA C and MISRA C ++ Coding Standards .
It may be interesting
visit this site
visit this site
visit this site
Pleasant data, significant and magnificent plan, as offer great stuff with smart thoughts and ideas, bunches of incredible data and motivation, the two of which I need, on account of offer such an accommodating data here.