MISRA Compliance:2020 — Static Analysis and MISRA
Static analysis tools are essential to MISRA. In the recently published MISRA Compliance:2020 consolidates and clarifies much of the guidance that was previously spread across the MISRA C and C++ coding guideline documents in order to help both software “acquirer” and “supplier” organizations to have a clear understanding of what MISRA compliance means, at the outset of a project.
The first portion of the document outlines why static analysis tools are essential to MISRA compliance. And, it also outlines what features and functionality a static analysis tool are most beneficial for MISRA compliance.
Read along or jump ahead to the section that interests you the most:
How to Select Static Analysis Tools for MISRA
Choosing the right static analyzer will have a big positive impact on your team’s productivity. So, it is very important to make the right decision.
Section 2.6 of the compliance document covers guidance on tool selection, validation, and configuration. It covers compilers and static analysis tools.
For a static analysis tool, the following factors should be considered:
C and C++ are defined by international standards (ISO). These standards evolve. It is important to select a static analysis tool that supports your chosen language version, as well as any language extensions to be used.
Helix QAC is continually updated to support the latest language features used by its large customer base of embedded system developers.
Tool Development Process and Validation Testing
MISRA compliance requires a disciplined development process. The output from your static analysis tool is relied upon, and therefore it is important to know that the tool has been developed in accordance with an accepted quality standard.
The tool vendor should perform comprehensive verification and validation activities. It should have a process of continuous improvement with a mechanism for recording any reported issues and fixing them in future product releases.
Helix QAC is developed according to the ISO 9001 quality standard, which demonstrates our commitment to customer satisfaction and continuous improvement.
Furthermore, Helix QAC is certified as suitable for use in critical applications developed for compliance with all the key functional safety standards as well as being qualified in accordance with the stringent software tool qualification considerations of the DO-330 avionics standard.
Automatically checking compliance with as many guidelines as possible will reduce the effort needed to demonstrate compliance. In order to provide full coverage, the tool must be capable of performing checks across the whole program, and not only within a single translation unit.
Helix QAC performs checks across the whole program. Its ‘cross-module analysis’ finds linkage issues, and its sophisticated dataflow analysis models runtime behavior to find issues across all translation units. Helix QAC covers every rule in MISRA C:2012, and almost every rule in MISRA C++:2008.
Due to undecidability, it is not possible for any tool to find all possible rule violations without generating some false positives. You need to select a tool that finds the maximum possible number of violations while minimizing the number of false positives.
The best static analyzers employ computationally intensive methods in order to optimize accuracy and precision, and this tends to come at the expense of analysis speed. Tools that consume less time (given equivalent hardware capability) tend to generate more false positives.
This means developers spend a disproportionate amount of time addressing warnings for non-consequential issues. It also leads to frustration with the process. So, less capable tools (which initially appear relatively inexpensive), can have a serious negative impact on productivity.
We consider all feedback from our extensive user base to reduce the number of false positives and improve Helix QAC’s accuracy with every product release.
This is one more reason why Helix QAC is recognized as the gold standard for MISRA checking across all industries where safety and security are paramount.Back to top
How to Configure a Static Analysis Tool for MISRA
To get the best results you need to make sure your static analyzer is optimally configured.
Section 2.6.5 of MISRA Compliance explains the importance of correctly configuring your static analyzer.
Language Versions and Extensions
It is essential to configure your static analyzer to interpret your source code according to the correct version of the language. For C code that is compliant to the latest revision of the MISRA C Guidelines (MISRA C:2012 Amendment 2), this means selecting one of C90, C99, C11, or C18 (feature equivalent to C11).
For example, if your code is written according to C99, but Helix QAC is incorrectly configured for C90, then it will generate a warning message every time it encounters a C99 language feature.
The use of language extensions is sometimes necessary for embedded platforms, though they can hinder portability. You can configure Helix QAC to parse most of the commonly used extensions. You can also configure it to ignore any inline assembler code.
Compiler Implementation-Defined Behavior
For the static analysis tool to determine compliance with some MISRA rules, it will need to understand some of the implementation details of the compiler. The ISO C standard states that certain behaviors are implementation (compiler) dependent.
For example, a compiler may implement char as a signed or unsigned datatype. For an accurate analysis, it will be essential to make sure your static analyzer treats all char instances in the same way as they are treated by your compiler.
Helix QAC ships with out-of-the-box support for many compilers. It also has various features that help automate the extraction of this type of configuration data.
Analysis Time vs. Precision
To gain the maximum benefit from a static analyzer it should minimize disruption to the developers’ workflow. The ideal tool will not cause any changes in the way the developer worked prior to its introduction.
Typically, a developer will edit code, perform a local build, and test. If any compiler warnings or errors are emitted during the build, the code will be edited to fix them, and the build re-attempted until there are no warnings.
One way to introduce static analysis into this workflow with minimal change for the developer would be to trigger an analysis as a "pre-build" step. If any static analysis warnings are emitted, the build step could stop prior to compiler invocation, the fixes made, and the build re-attempted until there are no warnings.
This extra step will add some time to the process, and so the static analyzer will need to be configured to give maximum benefit within an acceptable time overhead. Helix QAC has several configuration options so that it can be adjusted to fit your scenario.
For example, suppose you have a codebase that has grown to a point where the static analysis step has gone beyond a practical duration on the developer’s desktop. You could adjust the local tool configuration so that analysis is performed only on the modified files, without any cross-module or dataflow analysis. This would still allow many potential MISRA violations to be fixed before the code is finally checked in to the project’s central repository.
Then, in order to check for any remaining issues, more in-depth, full project dataflow analyses can be performed away from the developer’s desktop, for example using the dedicated computing resource of a centralized build server.
The ability to flex your deployment as your project scales is another reason why Helix QAC is widely adopted by the teams working on some of the world’s most complex and critical embedded systems.Back to top
Why Should You Use Helix QAC for MISRA Compliance
- Independently certified for use in the development of safety-critical software.
- Fully documented rule enforcement and message interpretation.
- Supplied with extensive example code.
- Fully configurable rules processing.
In addition, register for the Helix QAC free trial to see how the static analysis helps you comply with MISRA and other functional safety standards.Back to top