Author Topic: MISRA C & OpenSource  (Read 14351 times)

0 Members and 1 Guest are viewing this topic.

Offline newbrain

  • Super Contributor
  • ***
  • Posts: 1389
  • Country: se
Re: MISRA C & OpenSource
« Reply #25 on: October 14, 2021, 06:23:47 pm »
So, just for kicks, I compiled cppcheck and tested OP's code.

I get a violation for 8.4 (note that I don't have a file with the rules' text):  maybe we have different versions, I simply compiled the latest master branch.

If the function is declared as static in the prototype, the check gives a clean result - though the actual violated rule should have been 8.7:
Quote
Functions and objects should not be defined with external linkage if they are referenced in only one translation unit

"cppcheck --addon misra main.c" of course reports the out of bound access to p[].

While we use cppcheck (and other tools) at work, we do not use the MISRA addon, so I cannot say how reliable it is.
Nandemo wa shiranai wa yo, shitteru koto dake.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #26 on: October 14, 2021, 06:53:13 pm »
But the OP is putting code through a syntax checking tool with a specific rule set so all bets are off... If someone uses case(1) in code I start to doubt that person's coding skills.
I also would not write that way (when using a simple literal) but it's not wrong.
Still, none of the diagnostics was referring to the switch statement - one was for main and one for the other function.  :-//

I do not get the diagnostic here either. Can't see what's wrong. But I suspect the problem is with the misra check semir-t is using here. As I said, MISRA-C support is not complete at this point in Cppcheck. And, I don't know what version they are using either...

Digging a bit deeper, it looks like MISRA-C support is not just incomplete in Cppcheck, but it doesn't give you exact messages either, apparently for licensing reasons if I got it right, but I dunno.
Not sure where semir-t got the rules file 'MISRA_C_2012.txt' from. It doesn't seem to be directly provided by Cppcheck. It does have a MISRA-C addon though, but won't give you detailed messages without this file.

Anyway... Running the latest Cppcheck this way on this piece of code:
Code: [Select]
cppcheck --addon=misra misrac1.cGives the following - which is not the same...
Code: [Select]
misrac1.c:14:4: error: Array 'p[10]' accessed at index 100, which is out of bounds. [arrayIndexOutOfBounds]
  p[100] = 5;
   ^
misrac1.c:4:5: style: misra violation (use --rule-texts=<file> to get proper output) [misra-c2012-8.4]
int getValue (int p);
    ^

Yes, invoking cppcheck directly instead of the python script misra.py - which will be or is already deprecated - will give you other checks apart from MISRA-C rules. And it does spot an out-of-bounds access.
And the only violated MISRA-C rule it finds is different: 8.4. But I still don't understand it here.

Point is: MISRA-C in Cppcheck is probably rather buggy. You may want to contact the author. Unfortunately, they host the project on Sourceforge, which makes collaborating and raising issues a lot less convenient than with, say, github...

 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #27 on: October 14, 2021, 06:54:24 pm »
So, just for kicks, I compiled cppcheck and tested OP's code.

I get a violation for 8.4 (note that I don't have a file with the rules' text):  maybe we have different versions, I simply compiled the latest master branch.

If the function is declared as static in the prototype, the check gives a clean result - though the actual violated rule should have been 8.7:
Quote
Functions and objects should not be defined with external linkage if they are referenced in only one translation unit

"cppcheck --addon misra main.c" of course reports the out of bound access to p[].

While we use cppcheck (and other tools) at work, we do not use the MISRA addon, so I cannot say how reliable it is.

Dang, you did the exact same thing as I did, as I was writing my previous post! :D
 

Offline newbrain

  • Super Contributor
  • ***
  • Posts: 1389
  • Country: se
Re: MISRA C & OpenSource
« Reply #28 on: October 14, 2021, 07:13:57 pm »
Dang, you did the exact same thing as I did, as I was writing my previous post! :D
:-DD great minds waste their time alike!

it doesn't give you exact messages either, apparently for licensing reasons if I got it right, but I dunno.
Not sure where semir-t got the rules file 'MISRA_C_2012.txt' from. It doesn't seem to be directly provided by Cppcheck. It does have a MISRA-C addon though, but won't give you detailed messages without this file.
Yes, the official position of MISRA is that a tool (open source or not) can just use the rule numbers, as the text is copyrighted and needs licensing (the standard is quite cheap, as standards go: 15£) the do not endorse any specific tool, and they suggest to do exactly what cppcheck is doing to be in the clean.
Nandemo wa shiranai wa yo, shitteru koto dake.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #29 on: October 14, 2021, 07:25:52 pm »
Dang, you did the exact same thing as I did, as I was writing my previous post! :D
:-DD great minds waste their time alike!

Ahah yeah. But it's not a complete waste of time, as I too use Cppcheck - just not with MISRA-C rules - and routinely recommend it. At least we now know where it stands regarding MISRA-C. And it doesn't look that good so far. Point is, people having to comply with MISRA-C are likely to work in environments that will hardly tolerate false positives, as they often rely on automated systems that won't tolerate any rule violation.
 

Offline newbrain

  • Super Contributor
  • ***
  • Posts: 1389
  • Country: se
Re: MISRA C & OpenSource
« Reply #30 on: October 14, 2021, 07:55:27 pm »
But it's not a complete waste of time, as I too use Cppcheck - just not with MISRA-C rules - and routinely recommend it.
Absolutely not - I was also curious and it has quite a bit of relevance with (a part of) my work.
We use this open source checker from Ericsson, based on clang-tidy and clang-analyzer but that can include and store the results from many others tools (cppcheck included) and has some pretty visualization.
Nandemo wa shiranai wa yo, shitteru koto dake.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #31 on: October 14, 2021, 07:59:32 pm »
We use this open source checker from Ericsson, based on clang-tidy and clang-analyzer but that can include and store the results from many others tools (cppcheck included) and has some pretty visualization.

I'll check it out.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #32 on: October 14, 2021, 08:14:29 pm »
And anyone interested, there is an official example suite for MISRA-C 2012: https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/Example-Suite
That gives examples of compliant and non-compliant code for every rule.
 
The following users thanked this post: oPossum, newbrain

Offline JPortici

  • Super Contributor
  • ***
  • Posts: 2988
  • Country: it
Re: MISRA C & OpenSource
« Reply #33 on: October 15, 2021, 05:32:43 am »
yeeeeah... CppCheck gives a number of bogus warnings regarding misra, also can't recognize interrupt functions (probably because it ignores nonstandard features like __attribute__)  so i get bogus warnings about unused functions.
And i haven't been able to produce a rules file from the standard, i don't understand what you need to do (and all the just use/just do on the support forum don't work with the copy protected PDFs of the standard) so i used the modified cppcheck in MPLABX.

But all in all it helped me from time to time, would recommend as it also gives lots of warnings that GCC doesn't (or i'd rather have to say the GCC version i am bound to use, which is 4.2.8 or something)

But it's not a complete waste of time, as I too use Cppcheck - just not with MISRA-C rules - and routinely recommend it.
Absolutely not - I was also curious and it has quite a bit of relevance with (a part of) my work.
We use this open source checker from Ericsson, based on clang-tidy and clang-analyzer but that can include and store the results from many others tools (cppcheck included) and has some pretty visualization.

but this looks really cool. i have to check it out
 

Offline semir-t

  • Contributor
  • Posts: 28
  • Country: ba
Re: MISRA C & OpenSource
« Reply #34 on: October 15, 2021, 06:29:00 am »
Thank you for your answers.
 
Because this is my first encounter with the cppcheck, the idea behind my code was to try to trigger cppcheck and see what kind of error/warning messages I would get. And all of the stuff that you mentioned that are used in the code are deliberate (access array out of boundaries etc...). But what puzzled me is the error message  (style) Function types shall be in prototype form with named parameters (Required) [misra-c2012-8.2], because for each function I have named parameters (in definition and declaration).

Yes, I assume that commercial applications are way better and we do have one in mind. Problem is that this application is linked to the PC, so only one person can use it. So our idea was to try to get some free version that would help our team develop the code  which will be as closely as possible compliant with the MISRA standard.  Frequently we would use commercial app to solve all the issues.
 

Offline JPortici

  • Super Contributor
  • ***
  • Posts: 2988
  • Country: it
Re: MISRA C & OpenSource
« Reply #35 on: October 15, 2021, 08:18:08 am »
for example, both GCC (version included in XC16 v1.70 is 4.5.1) and CPPCheck are failing to recognize that this statement
Code: [Select]
flashStatus.flags.writeSetupPending;has not effect. This was making me crazy.

definition
Code: [Select]
typedef volatile struct {
  union {
    uint16_t word;
    struct {
      unsigned readSetupPending:1;  //Setup Read pending
      unsigned eraseSetupPending:1; //Setup Erase pending
      unsigned writeSetupPending:1; //Setup Write pending
      unsigned :2;
      unsigned readUDIDPending:1;   //UDID Read Pending
      unsigned :6;
      unsigned resetPending:1;      //Reset Pending after Page Erase
      unsigned setupDataReady:1;    //Setup Data Ready
      unsigned setupUpdated:1;      //Setup Updated
      unsigned error:1;             //Flash Programming Error
    };
  } flags;
  int16_t flashSaveCnt;
} flashStatus_t;
 

Offline newbrain

  • Super Contributor
  • ***
  • Posts: 1389
  • Country: se
Re: MISRA C & OpenSource
« Reply #36 on: October 15, 2021, 09:48:16 am »
for example, both GCC (version included in XC16 v1.70 is 4.5.1) and CPPCheck are failing to recognize that this statement
Code: [Select]
flashStatus.flags.writeSetupPending;has not effect. This was making me crazy.

definition
Code: [Select]
typedef volatile struct {
[...]
} flashStatus_t;
But it has an effect!
Since the typedef is volatile, the expression statement represents a read access to writeSetupPending and the volatile semantic forces the access to happen.

Removing volatile, gcc and clang warn about the statement having no effect, if one uses -Wall, or the specific -Wunused-value flag.
« Last Edit: October 15, 2021, 09:51:22 am by newbrain »
Nandemo wa shiranai wa yo, shitteru koto dake.
 
The following users thanked this post: Siwastaja, JPortici, SiliconWizard

Offline JPortici

  • Super Contributor
  • ***
  • Posts: 2988
  • Country: it
Re: MISRA C & OpenSource
« Reply #37 on: October 15, 2021, 11:15:24 am »
for example, both GCC (version included in XC16 v1.70 is 4.5.1) and CPPCheck are failing to recognize that this statement
Code: [Select]
flashStatus.flags.writeSetupPending;has not effect. This was making me crazy.

definition
Code: [Select]
typedef volatile struct {
[...]
} flashStatus_t;
But it has an effect!
Since the typedef is volatile, the expression statement represents a read access to writeSetupPending and the volatile semantic forces the access to happen.

Removing volatile, gcc and clang warn about the statement having no effect, if one uses -Wall, or the specific -Wunused-value flag.


Ah, of course.
Disregard this particular example then
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 9527
  • Country: fr
Re: MISRA C & OpenSource
« Reply #38 on: October 16, 2021, 08:23:15 pm »
Yes, I assume that commercial applications are way better and we do have one in mind. Problem is that this application is linked to the PC, so only one person can use it. So our idea was to try to get some free version that would help our team develop the code  which will be as closely as possible compliant with the MISRA standard.  Frequently we would use commercial app to solve all the issues.

As you can see, the MISRA addon of Cppcheck gives a lot of false positives. You can actually run it on the official MISRA examples I linked to, and see for yourself. It does spot a lot of true violations, but also find ones that aren't... May still be kind of useful as first check, but it's likely to make you waste a lot of time.

If you use Eclipse (which I don't), there is a plugin that you may try as well: https://github.com/stkim123/kr.ac.jbnu.ssel.misrac
 

Offline Kalvin

  • Super Contributor
  • ***
  • Posts: 2017
  • Country: fi
  • Embedded SW/HW.
Re: MISRA C & OpenSource
« Reply #39 on: October 19, 2021, 06:11:06 am »
In C, the switch statement's default is supposed to be followed by a colon. A syntax error like this may/will affect the parser/analyzer, so all syntax errors need to be fixed first before analyzing the actual analyzer output.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf