c++testingstatic-code-analysiscppchecksafety-critical

Rulesets for cppcheck


Cppcheck allows you to create your own rules files, but I don't know how much of cppcheck's functionality is exposed.

Is anyone working on a set that would enforce JSF or MISRA rules?


Solution

  • You won't be able to implement all MISRA/JSF rules and directives as cppcheck rules, mostly only the straightforward ones restricting certain C language features and constructions or that are style-related (some that come to mind: spaces before/after ./->, # of arguments on a single line, use of unions to provide different methods of accessing memory, presence of unsigned/signed before char, etc).

    User Ira Baxter pretty much nailed it in a comment on another question touching cppcheck: not everything can be represented/simplified as a pattern. Relying on patterns for custom rules makes it difficult to handle and detect higher level issues, related for example to types (e.g. sizeof() on types; you would have to parse and collect tokens (typedefs, enums) used as a type representation), inheritance (e.g. classes, incl. derived ones, used both as virtual and non-virtual), and scope. Those need to be hard-coded into cppcheck (you could always fork cppcheck...)

    In any case, have you touched MISRA (or JSF) rules? Is this a requirement for a project? If not, you could grab a copy of the MISRA guidelines (you already have the JSF ones) and check the ones you can implement using PCRE patterns. If it is a requirement, I suggest you "invest" in a commercial product that does check for MISRA/JSF guidelines and use both tools.

    A final note: you don't need all the MISRA/JSF rules, and many tools leave a small percentage of those out.