Professional Documents
Culture Documents
In our previous blog, we looked at the complexities of MISRA C compliance and the necessity
of robust veri cation tools. However, simply installing a tool is not suf cient. The MISRA
compliance documents speci cally state that, in order to describe a project as "MISRA
Compliant", staff must be competent and fully understand the issues underlined by each
guideline. This is especially important for personnel involved in the approval of deviations
from the guidelines.
Ensuring your developers and quality assessors are effectively trained is also crucial to the
smooth and effective adoption of the tool. Developers can make mistakes (and lose signi cant
time) when they don’t fully understand the rationale behind each of the MISRA guidelines.
This blog looks at some of those potential misunderstandings.
A worthwhile investment
Over 50% of the developers who come on our courses are unaware of many of the traps and
pitfalls of C/C++. Even though they are highly quali ed and experienced, this is not something
they have studied in-depth, either at university or in their industry training. This is a global
issue; it’s not speci c to any one country or industry.
That is why we spend the rst half-day of our two day course really drilling down into the
traps and pitfalls. We’ll give them real-world examples of seemingly reasonable and innocuous
pieces of code and how they can go horribly wrong. Here are just two of the simplest examples
that many programmers are surprised to see:
1. The following code violates the MISRA C rule that you must not mix signed and
unsigned expressions (this prescription is formulated using the often-misunderstood
concept of "essential type"):
uint32_t MAX_TEMP = 90;
The problem here is that the call is_overheated(-1) returns true – even though the
temperature is minus.
2. This snippet violates a MISRA C rule that forbids line splicing in // comments:
…
// see critical.* in c:\project\src\
critical_function();
…
In this example, the developer did something seemingly innocuous. But the
critical_function(); becomes part of the comments and therefore is not executed. This is
potentially very dangerous.
Once developers see these examples, they quickly appreciate the importance of each MISRA
rule in preventing potential disasters. They will also see the value of effectively using a tool
that reliably ags the MISRA C/C++ violations. Taking time to gain a solid grounding in MISRA
C is a worthwhile investment because developers should not rely completely on the output of
veri cation tools.
For example, veri cation tools may produce false positives and ag violations that don’t exist.
Developers need the expertise to judge such situations. Otherwise, they will probably feel
compelled to change the code in order to silence the tool. This, more often than not, creates
signi cantly poorer code. Or, they may erroneously think that a tool message is a false
positive, when in fact it is a true positive, and change the tool con guration not to show that
message anymore (a case of ‘shooting the messenger because you don’t like the message’).
CONTACT US (/COMPANY/CONTACT-US)
PRODUCTS
ECLAIR (http://www.bugseng.com/eclair)
ECLAIR for MISRA (http://www.bugseng.com/eclair/eclair-misra-c%3A2012-his-metrics-package)
ECLAIR Bug Finder (http://www.bugseng.com/eclair/eclair-bug- nder)
PPL (http://www.bugseng.com/parma-polyhedra-library)
SERVICES
RESOURCES
Documentation (http://www.bugseng.com/content/documentation)
Scienti c pubblications (http://www.bugseng.com/academy/scienti c-publications)
COMPANY
About (http://www.bugseng.com/company)
Customers (http://www.bugseng.com/customers)
Perspectives (http://www.bugseng.com/perspectives)
News (http://www.bugseng.com/news)
Careers (http://www.bugseng.com/company/careers)
Contacts (http://www.bugseng.com/company/contact-us)
Copyright © 2010-2019 BUGSENG srl | All rights reserved | VAT No. 02592690347 | Privacy Policy
(http://www.bugseng.com/privacy-policy) | Company Pro le & Legal Notes (http://www.bugseng.com/company-
legal)