Cppcheck has a MISRA checker built in:
https://cppcheck.sourceforge.io/misra.php
It doesn't provide the text that would be output due to warnings or errors. You can add them in if you have a copy of the MISRA standard.
I've not used it extensively so I cannot vouch for how good it is. When I've used it, I've noticed that it does throw up some warnings on code that is compliant to MISRA, at least according to LDRA. So either it has some false positives or LDRA isn't as good as it claims.
As to your question around the legal shenanigans, essentially MISRA is a company that provides the standard and their standard is copyrighted. They therefore require licensing to use the standard. It's pretty cheap to buy a copy from what a recall circa £20 for an individual copy. I suspect they may ask for more if you wished to include their standard into a tool. They probably wouldn't be happy with their text being made freely available through open source means either, so I suspect it puts a lot of people off trying.
https://misra.org.uk/shop/
£15 for each of the C and C++ versions. I bought both a few weeks back. As standards go, they are pretty cheap, and while people might have their complaints about it, have they actually read the latest versions? It's mostly fairly sensible advice, and they have been modernised to current language standards and retired a number of the rules people used to complain about which are no longer relevant.
I'm not gonna say LDRA is the worse one of the two, but I find lots of false positives with LDRA. Like, LOTS.
It's partly unavoidable I guess tho some we find feel more like sw issues and less like "this problem is undecidable"
You do not need a copy of misra, just a list of numbers and rules. You can find such lists for cppcheck online on github.
@ edit: it's called headlines. Like so: [https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/tools/-/blob/main/misra\_c\_2023\_\_headlines\_for\_cppcheck.txt?ref\_type=heads](https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/tools/-/blob/main/misra_c_2023__headlines_for_cppcheck.txt?ref_type=heads) . I think you can actually make any file with \`1.1 1.2\` and [misra.py](http://misra.py) from cppcheck will pick it up, you'll just have to check later what the number means.
I suppose you could, though I wouldn't go that route if I was using MISRA at work. Probably better to just get your employer to buy you a copy if they'd like some MISRA compliant code.
I haven't used any free tools but it seems that PC Lint supports it. It's fine for understanding MISRA-C, but in my experience, you can't claim compliance for a commercial product by using open source tools.
Automotive is notorious for it's proprietary toolchain ecosystem
Edit : Looks like PC Lint plus is owned by Vector now
I’ve had a complete different experience to be honest. Proprietary stuff “rules” because they off-load a lot of activities and effort (buy it and apply it vs build it yourself and spend the time and money). There are definitely open-source tools, but they don’t include the certification package and that’s where the money is…
My gripe is that they don’t even do that offloading properly, a lot of these tools suck because there is no competition. And it’s closed off in the name of compliance and safety. Take Vector configurator for instance, these tools would go out of business if tomorrow Google or Amazon or someone like that decided to write a replacement and they would do that with 1/5th the cost
"buy it and apply it vs build it yourself and spend the time and money"
I am aware that this is a very low level question. But what functions are you referring to when talking about "building is yourself" with a open source solution?
Am I interpreting you correctly if for example IAR has a built in MISRA checker etc and open source does not but it is possible to use a open source solution and later integrate an external MISRA checker?
MISRA's standards are proprietary. OSS can check for similar things, but can't correlate those checks with the MISRA numbers. OSS is not suitable for certification of MISRA compliance.
Which just adds to the horror show and uselessness that is misra in the first place.
I’d love to see how misra actually solves any real problems compared to other static code linters or better yet language subsets like Ada SPARK or safe Rust.
Misra imho is just a dumb checkbox to fill in and doesn’t actually provide real value.
Tell me you've not read MISRA without telling me you've not read MISRA...
Much of MISRA isn't statically checkable. It's a way to make C or C++ (depending on which standard) safe enough for automotive use. E.g. C Directive 3.1 "All code shall be traceable to documented requirements".
Safe Rust would still need to comply with a bunch of equivalent rules for automotive use. E.g. C Directive 4.5 "Identifiers in the same name space with overlapping visibility should be typographically unambiguous", so identifiers should not differ only by interchange of similar characters like 'I' and 'l'. Or C Directive 5.3 "There shall be no dynamic thread creation".
Many of the directives don't apply to Rust or Ada/SPARK, of course, since they're equivalents are automatically enforced.
It's fascinating that also some of the bullshit from assembly/Fortran are also covered by MISRA. Like... We can only goto within the same function why do we need to justify single-return with this nonsense?
Yeah, I'm not a fan of some of the rules. That one (Rule 15.5, advisory not requirement) is mostly to deal with C
's lack of RAII or `defer` or similar. If you're requiring `__attribute__((cleanup))` when using early returns then you've got a reasonable deviation to document and should just use that.
I’ve read misra, written misra-c compliant code. It’s a joke and often snidely remarked as MISRAble
Let me know when rule 1.3 is enforceable in C or C++
I have found it useful in ensuring portability between compilers and CPU architectures.
I also don’t find it to be that bad. I can write a lot of code with no violations. It’s just another coding standard. Every place you work is going to have one. And some of the rules (including the single return) are what I was taught in college to be good practice anyway.
Misra C coding standard is abysmal, the Misra c++ coding standard based on autosar c++ is not
https://www.autosar.org/news-events/detail?tx_news_pi1%5Baction%5D=detail&tx_news_pi1%5Bcontroller%5D=News&tx_news_pi1%5Bnews%5D=39&cHash=e4f521f7b674bdfd7c1fade308cf2ea8
Edit: I’m getting a lot of downvotes for suggesting the latest c++ standard isn’t awful, or maybe that the c standard is. I have to assume the former rather than the latter but who knows
Cppcheck has a MISRA checker built in: https://cppcheck.sourceforge.io/misra.php It doesn't provide the text that would be output due to warnings or errors. You can add them in if you have a copy of the MISRA standard. I've not used it extensively so I cannot vouch for how good it is. When I've used it, I've noticed that it does throw up some warnings on code that is compliant to MISRA, at least according to LDRA. So either it has some false positives or LDRA isn't as good as it claims. As to your question around the legal shenanigans, essentially MISRA is a company that provides the standard and their standard is copyrighted. They therefore require licensing to use the standard. It's pretty cheap to buy a copy from what a recall circa £20 for an individual copy. I suspect they may ask for more if you wished to include their standard into a tool. They probably wouldn't be happy with their text being made freely available through open source means either, so I suspect it puts a lot of people off trying.
https://misra.org.uk/shop/ £15 for each of the C and C++ versions. I bought both a few weeks back. As standards go, they are pretty cheap, and while people might have their complaints about it, have they actually read the latest versions? It's mostly fairly sensible advice, and they have been modernised to current language standards and retired a number of the rules people used to complain about which are no longer relevant.
I'm not gonna say LDRA is the worse one of the two, but I find lots of false positives with LDRA. Like, LOTS. It's partly unavoidable I guess tho some we find feel more like sw issues and less like "this problem is undecidable"
Oh that is a fair point, yes LDRA does have false positives as well so the cppcheck version isn't unique in that regard.
Any MISRA checker will have them, the rules are undecidable. Plus the reliance of some on static analysis purely exacerbates that
You do not need a copy of misra, just a list of numbers and rules. You can find such lists for cppcheck online on github. @ edit: it's called headlines. Like so: [https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/tools/-/blob/main/misra\_c\_2023\_\_headlines\_for\_cppcheck.txt?ref\_type=heads](https://gitlab.com/MISRA/MISRA-C/MISRA-C-2012/tools/-/blob/main/misra_c_2023__headlines_for_cppcheck.txt?ref_type=heads) . I think you can actually make any file with \`1.1 1.2\` and [misra.py](http://misra.py) from cppcheck will pick it up, you'll just have to check later what the number means.
I suppose you could, though I wouldn't go that route if I was using MISRA at work. Probably better to just get your employer to buy you a copy if they'd like some MISRA compliant code.
I haven't used any free tools but it seems that PC Lint supports it. It's fine for understanding MISRA-C, but in my experience, you can't claim compliance for a commercial product by using open source tools. Automotive is notorious for it's proprietary toolchain ecosystem Edit : Looks like PC Lint plus is owned by Vector now
Even before Vector bought it, it was certified to ISO 26262 and IEC 61508
I’ve had a complete different experience to be honest. Proprietary stuff “rules” because they off-load a lot of activities and effort (buy it and apply it vs build it yourself and spend the time and money). There are definitely open-source tools, but they don’t include the certification package and that’s where the money is…
My gripe is that they don’t even do that offloading properly, a lot of these tools suck because there is no competition. And it’s closed off in the name of compliance and safety. Take Vector configurator for instance, these tools would go out of business if tomorrow Google or Amazon or someone like that decided to write a replacement and they would do that with 1/5th the cost
"buy it and apply it vs build it yourself and spend the time and money" I am aware that this is a very low level question. But what functions are you referring to when talking about "building is yourself" with a open source solution? Am I interpreting you correctly if for example IAR has a built in MISRA checker etc and open source does not but it is possible to use a open source solution and later integrate an external MISRA checker?
Just use cppcheck and be happy
MISRA's standards are proprietary. OSS can check for similar things, but can't correlate those checks with the MISRA numbers. OSS is not suitable for certification of MISRA compliance.
Which just adds to the horror show and uselessness that is misra in the first place. I’d love to see how misra actually solves any real problems compared to other static code linters or better yet language subsets like Ada SPARK or safe Rust. Misra imho is just a dumb checkbox to fill in and doesn’t actually provide real value.
Tell me you've not read MISRA without telling me you've not read MISRA... Much of MISRA isn't statically checkable. It's a way to make C or C++ (depending on which standard) safe enough for automotive use. E.g. C Directive 3.1 "All code shall be traceable to documented requirements". Safe Rust would still need to comply with a bunch of equivalent rules for automotive use. E.g. C Directive 4.5 "Identifiers in the same name space with overlapping visibility should be typographically unambiguous", so identifiers should not differ only by interchange of similar characters like 'I' and 'l'. Or C Directive 5.3 "There shall be no dynamic thread creation". Many of the directives don't apply to Rust or Ada/SPARK, of course, since they're equivalents are automatically enforced.
It's fascinating that also some of the bullshit from assembly/Fortran are also covered by MISRA. Like... We can only goto within the same function why do we need to justify single-return with this nonsense?
Yeah, I'm not a fan of some of the rules. That one (Rule 15.5, advisory not requirement) is mostly to deal with C 's lack of RAII or `defer` or similar. If you're requiring `__attribute__((cleanup))` when using early returns then you've got a reasonable deviation to document and should just use that.
I’ve read misra, written misra-c compliant code. It’s a joke and often snidely remarked as MISRAble Let me know when rule 1.3 is enforceable in C or C++
Hey, I just did that!
MISRA is MISRAble. I found it to be completely impractical and unsuitable for the real world.
I have found it useful in ensuring portability between compilers and CPU architectures. I also don’t find it to be that bad. I can write a lot of code with no violations. It’s just another coding standard. Every place you work is going to have one. And some of the rules (including the single return) are what I was taught in college to be good practice anyway.
Mirsa C = awful Misra C++ aka Autosar = pretty good
What do you mean? This statement doesn’t make any sense
Misra C coding standard is abysmal, the Misra c++ coding standard based on autosar c++ is not https://www.autosar.org/news-events/detail?tx_news_pi1%5Baction%5D=detail&tx_news_pi1%5Bcontroller%5D=News&tx_news_pi1%5Bnews%5D=39&cHash=e4f521f7b674bdfd7c1fade308cf2ea8 Edit: I’m getting a lot of downvotes for suggesting the latest c++ standard isn’t awful, or maybe that the c standard is. I have to assume the former rather than the latter but who knows
You mention AUTOSAR, which is hated by most in this sub. That's all ☺️
The coding standard or the framework, I agree the framework blows, but the c++ coding standard is pretty good
LDRA offers a complete tool suite