PVS-Studio: support of MISRA C and MISRA C ++ coding standards

Starting from version 6.27, the PVS-Studio static code analyzer can classify its warnings according to the MISRA C and MISRA C ++ standards. Thanks to the support of these standards, it has become possible to effectively use the analyzer to improve the security, portability and reliability of programs for embedded systems.

This year, we began to support standards such as CWE and SEI CERT in the PVS-Studio analyzer . Basically, support has been reduced to the classification of diagnostics already implemented in the analyzer according to these standards. Additionally, several new diagnostics were implemented or several old diagnostics were expanded to more fully comply with these standards. PVS-Studio diagnostics correspondence tables for various standards:

• CWE Compliance
• SEI CERT Compliance

Now it is time for the standards MISRA C and MISRA C ++. These are the C and C ++ software development standards created by MISRA (Motor Industry Software Reliability Association). The purpose of the standards is to improve the security, portability and reliability of programs for embedded systems. Text standards is paid.

We consider the strength of our analyzer to be able to take and start using it in an already existing large project. You can run PVS-Studio on a code base, identify old errors and then use the analyzer regularly to find new defects as early as possible.

Many analyzers take a different path and implement diagnostics related to coding standards. They suggest how best to name variables, remind to insert comments at the beginning of a file, and so on. It is necessary and useful. However, in this case, the analyzers are very "noisy" and generate a huge number of warnings in which warnings regarding errors are drowned.

We decided that PVS-Studio will be an analyzer that looks for errors. This is his competitive advantage. The programmer can run it on a large code base and be sure that it will not overwhelm with an incredible number of messages about the design of the code and he will be able to focus on bugs.

Therefore, we initially criticallyto the standards of MISRA and for a long time did not plan to implement them. MISRA standards are designed to simplify and improve the quality of the code as a whole, which helps to prevent errors. That is, in it just the majority of diagnostics refers to the style of writing code. This is best illustrated with an example.

In the MISRA standard, there is a rule that the bodies of if statements should be enclosed in curly locks. In MISRA C, this is rule 15.6, and in MISRA C ++ it is 6-4-1. An example of incorrect code:

if (i == bestOffs) continue;

The correct code is:

if (i == bestOffs)
{
  continue;
}

Such diagnostics cannot be applied to already existing projects written for work under the control of the Winodws, Linux or macOS operating system. For example, the just described rule about curly brackets gives 1947 diagnostic tests V2507 (MISRA C 15.6, MISRA C ++ 6-4-1) for the WinMerge project. But WinMerge is a small project! A total of about 250,000 lines of code in C and C ++.

Until 2018, the PVS-Studio analyzer was focused on testing desktop applications running under Windows, Linux and macOS. Accordingly, MISRA support had little practical meaning. No one will embed this standard into a large existing desktop project.

Everything changed when we started supporting embedded systems in 2018. This year, the analyzer supported:

• Windows IAR Embedded Workbench, C / C ++ Compiler for ARM C, C ++
• Windows / Linux. Keil µVision, DS-MDK, ARM Compiler 5/6 C, C ++
• Windows / Linux. Texas Instruments Code Composer Studio, ARM Code Generation Tools C, C ++
• Windows / Linux / macOS. GNU Arm Embedded Toolchain, Arm Embedded GCC compiler, C, C ++

Unlike desktop projects, many embedded developers are already writing projects based on MISRA recommendations, and their support in our analyzer will be definitely useful for developers.

Nevertheless, we still fear that someone from the developers, without understanding, may consider that we have “spoiled” the analyzer by introducing “strange diagnostics” into it. Therefore MISRA diagnostics are turned off by default. We consider this a very correct decision. These diagnostics can be enabled only if you understand exactly what they are for and how to use them.

For example, for application programmers it may not be clear why the analyzer suddenly forbids them to use dynamic memory. Those. why you can't suddenly allocate memory using the malloc function or the new operator. But such restrictions ( V2511 ) are well understood by developers of embedded devices. In some devices operating continuously, it is really unacceptable to use programs for which memory can suddenly run out.

So, now you can install or update PVS-Studio and start using diagnostics that implement the rules from MISRA C and MISRA C ++. The set of supported rules is incomplete, but this should not be an obstacle to starting using PVS-Studio. At the moment there is not a single static analyzer that implements absolutely all MISRA rules. In the future, we plan to expand the set of diagnostic rules implemented in MISRA, and we hope to become the leading tool in the completeness of their support.

To enable MISRA diagnostics in Visual Studio or in the PVS-Studio Standalone utility, you need to change the settings Disabled to Show All in the settings.


Since Disabled means that warnings are not generated at all and are not included in the report, analysis will need to be restarted. Disabled mode is set by default in order to reduce the size of the report. The inclusion of MISRA diagnostics can lead to a huge number of operations and a large increase in the report files (* .plog files).

To analyze projects in Linux and macOS operating systems, there is a utility pvs-studio-analyzer. By default, only general purpose diagnostics are included (General Analysis, GA). Additional rules can be enabled using the "-a" option:

-a [MODE], --analysis-mode [MODE]
        MODE defines the type of warnings:
        1 - 64-bit errors;
        2 - reserved;
        4 - General Analysis;
        8 - Micro-optimizations;
        16 - Customers Specific Requests;
        32 - MISRA.
        Modes can be combined by adding the values
        Default: 4

To enable GA and MISRA warnings, you must run an analysis with the following parameters:

pvs-studio-analyzer analyze ... -a 36 ... -o /path/to/report.log ...

The value 36 is bitwise OR for 4 (GA - general purpose diagnostics) and 32 (MISRA).

Further, it is recommended to create several reports with different types of warnings, for example, like this:

plog-converter -a GA:1,2 -t tasklist
  -o /path/to/ga_results.tasks /path/to/project.log
plog-converter -a MISRA:1,2,3 -t tasklist -m misra
  -o /path/to/misra_results.tasks /path/to/project.log

The first “ga_results.tasks” report will contain general-purpose warnings of the High and Medium confidence levels.

And in the second “misra_results.tasks” report, only warnings related to MISRA of all levels will be included. The "-m misra" key indicates that the report, in addition to the numbers in the PVS-Studio format, will include diagnostic numbers according to the MISRA classification.

All analyzer launch modes in Linux and macOS, as well as report formats, are described in the documentation .

PS We want to evaluate how far we have guessed by choosing MISRA as one of the development directions of PVS-Studio. If you are interested in this topic, please write to us.. Even if you are not planning to use PVS-Studio yet, still please write. We want to ask you some clarifying questions.

Additional links:

1. Download PVS-Studio
2. How to run PVS-Studio in Linux and macOS
3. The PVS-Studio 6.22 static code analyzer is adapted for ARM compilers (Keil, IAR)
4. GNU Arm Embedded Toolchain added in PVS-Studio

If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. PVS-Studio: Support of MISRA C and MISRA C ++ Coding Standards .