PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

Andrey Karpov
Articles: 375



Starting with the version 6.27, the PVS-Studio static code analyzer can classify its warnings according to MISRA C and MISRA C++ standards. Due to support of these standards it has become possible to effectively use the analyzer to increase the level of security, portability and reliability of programs for embedded systems.

Picture 1

This year we took up supporting of such standards, as CWE and SEI CERT in the PVS-Studio analyzer. Basically support itself came down to classifying diagnostics which have already been implemented in the analyzer according to these standards. In addition, to comply better to these standards, several new diagnostics were implemented and the old ones were extended.

Mapping tables of PVS-Studio diagnostics to different standards:

Now time has come for MISRA C and MISRA C++ standards. These are standards of software development in C and C++ languages, created by MISRA (Motor Industry Software Reliability Association). The purpose of the standards is to improve safety, portability and reliability of programs for embedded systems. The text of the standards is chargeable.

We believe, the ability to simply start using our analyzer in an already existing large project is its strong point. You can run PVS-Studio on a code base to detect old errors and then use the analyzer regularly to find new defects as early as possible.

Many analyzers are on a different path and implement diagnostics related to coding standards. They suggest how to name the variables better, remind to paste comments at the beginning of the file, and so on. It is needed and useful. However, in this case analyzers become very noisy and they generate a huge number of warnings, in which bug related warnings can be hardly found.

We decided that PVS-Studio will be the analyzer which is specifically looking for errors. It's a competitive edge of it. A developer can run it on a large code base and be certain that he won't be overwhelmed by the incredible number of warnings on his coding style. Eventually, he'll be able to focus on bugs.

So initially we have been critical to the MISRA standards and haven't planned to introduce them for a long time. MISRA standards are intended to simplify and improve code quality in general, which helps prevent errors. That is, most of their diagnostics refer to the style of writing code. This is best illustrated with an actual example.

MISRA standard includes the rule, according to which bodies of if statements must be enclosed in curly brackets. In MISRA C it is the rule 15.6, while in C++ it is 6-4-1 MISRA. Example of incorrect code:

if (i == bestOffs) continue;

Correct code:

if (i == bestOffs)
{
  continue;
}

Such diagnosis can't be applied to already existing projects developed for Windows, Linux or macOS operating systems. For example, only one rule about curly brackets described above gives 1947 warnings of the V2507 diagnostic (MISRA C 15.6, MISRA C++ 6-4-1) for a WinMerge project. Still WinMerge is a small project! In total, only 250 000 lines of code in C and C# languages.

Until 2018 the PVS-Studio analyzer was focused on checking the desktop applications working under Windows, Linux and macOS. Accordingly, MISRA support had little practical meaning. No one will implement this standard in a large existing desktop project.

Everything changed when in 2018 we've started supporting embedded systems. This year we supported the following features in the analyzer:

  • Windows. IAR Embedded Workbench, C/C++ Compiler for ARM C, C++
  • Windows/Linux. Keil µVision, DS-MDK, ARM Compiler 5/6 C, C++
  • Windows/Linux. Texas Instruments Code Composer Studio, ARM Code Generation Tools C, C++
  • Windows/Linux/macOS. GNU Arm Embedded Toolchain, Arm Embedded GCC compiler, C, C++

Unlike desktop projects, many embedded developers already write projects, taking into account MISRA recommendations and their support in our analyzer will be definitely useful for developers.

Nevertheless, we are still concerned that some developers who hasn't puzzled them out, may think that we have "spoiled" the analyzer by introducing some "strange" diagnostics. Therefore, MISRA diagnostics are disabled by default. We believe this is a right decision. We suggest enabling them only if you understand exactly why they are needed and how to use them.

For example, it can be confusing for application programmers, why suddenly the analyzer forbids them to use dynamic memory. For instance, why all of a sudden you cannot allocate memory using the malloc function or the new operator. Nevertheless, such restrictions (V2511) are well understood by developers of embedded devices. In some devices, working continuously, it is truly unacceptable to use programs which can suddenly run out of memory.

So now you can install or upgrade PVS-Studio and start using diagnostics based on rules from MISRA C and MISRA C++. The set of supported rules is incomplete, but it shouldn't be an obstacle to start using PVS-Studio. At the moment there is no static analyzer which covers absolutely all MISRA rules. In the future we're planning to expand the set of diagnostic rules implemented in MISRA and hope to become a leading tool in fullness of their support.

To enable MISRA diagnostics in Visual Studio or in the PVS-Studio Standalone utility, you need to change Disabled for Show All in settings.

Рисунок 2

As Disabled means that warnings aren't generated at all and they don't get into a report, you will need to restart the analysis. The Disabled mode is set by default in order to reduce the size of the report. By turning on MISRA diagnostics you might get a huge number of warnings. In addition, report files (*.plog - files) might significantly grow in size.

To analyze projects in Linux and macOS operating systems there is the pvs-studio analyzer utility. By default only general analysis diagnostics are enabled there (General Analysis, GA). To enable additional rules, you can use the option "-a":

-a [MODE], --analysis-mode [MODE]
        MODE defines the type of warnings:
        1 - 64-bit errors;
        2 - reserved;
        4 - General Analysis;
        8 - Micro-optimizations;
        16 - Customers Specific Requests;
        32 - MISRA.
        Modes can be combined by adding the values
        Default: 4

To enable GA and MISRA warnings you need to run the analysis with the following parameters:

pvs-studio-analyzer analyze ... -a 36 ... -o /path/to/report.log ...

36 is a bitwise OR for 4 (GA - General Analysis diagnostic) and 32 (MISRA).

Further, we recommend that you create multiple reports with different types of warnings, as follows:

plog-converter -a GA:1,2 -t tasklist
  -o /path/to/ga_results.tasks /path/to/project.log
plog-converter -a MISRA:1,2,3 -t tasklist -m misra
  -o /path/to/misra_results.tasks /path/to/project.log

The first report "ga_results.tasks" will contain general analysis warnings of High and Medium certainty levels .

The second report "misra_results.tasks" will include only warnings related to MISRA of all levels. The key "-m misra" indicates that the report, in addition to numbers in the PVS-Studio format, will also include diagnostics according to the MISRA classification.

All running modes of the analyzer in Linux and macOS as well as reporting formats are described in the documentation.

P.S. We'd like to assess the extent to which our choice of MISRA as one of directions of PVS-Studio development was correct. If you are interested in this topic, please write to us. Even if you aren't planning to use PVS-Studio, please write anyway. We'd like to ask you a few clarifying questions.

Additional links:



Use PVS-Studio to search for bugs in C, C++, C# and Java

We offer you to check your project code with PVS-Studio. Just one bug found in the project will show you the benefits of the static code analysis methodology better than a dozen of the articles.

goto PVS-Studio;

Andrey Karpov
Articles: 375


Bugs Found

Checked Projects
363
Collected Errors
13 495