The Parasoft MISRA Compliance Pack is a set of artifacts and configurations for your DTP infrastructure that enable you to readily demonstrate compliance with MISRA development guidelines. The MISRA Compliance Pack can be adapted to support any version of the MISRA standard, but it is configured by default for MISRA C:2012. Contact your Parasoft representative for download and licensing information.

In this section:

Background

MISRA began as a set of technical guidelines to help organizations create safety-critical software for automotive applications. The standard has since been adopted by embedded software development organizations in other safety-critical industries. MISRA C:2012 is the most recent implementation for development using the C programming language and includes 159 base guidelines. Amendment 1 is a supplemental set of 14 guidelines that expanded the total to 173.

One of the challenges associated with achieving MISRA compliance has been the lack of a standardized mechanism for demonstrating compliance. To address this issue, MISRA published “MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards,” which provides a more concrete definition of “MISRA compliance” and identifies several deliverables required for demonstrating compliance with the MISRA standard.

The Parasoft MISRA Compliance Pack configures code analysis to run against MISRA guidelines and conforms the data to meet the following reporting specifications defined in MISRA Compliance 2016.

Guideline Enforcement Plan

A guideline enforcement plan (GEP) lists each MISRA guideline to indicate how compliance is checked. In the context of MISRA compliance with Parasoft, the GEP maps MISRA guidelines to Parasoft code analysis rules and DTP functionality.

Guideline Re-categorization Plan

A guideline re-categorization plan (GRP) documents agreed-upon changes to how MISRA guidelines are categorized. Guidelines are categorized as Mandatory, Required, and Advisory. A fourth category, Disapplied, may also be used for instances in which the guideline truly does not apply.

All mandatory guidelines must be followed to achieve compliance. Required guidelines should be followed, but documented exceptions are allowed (see Deviations report). Advisory guidelines are considered best practice.

Required and Advisory guidelines can be re-categorized into to stricter categories (e.g., Advisory to Required), but only Advisory guidelines can be re-categorized into less strict categories (i.e., to Disapplied).

Deviations Report

A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the context of MISRA compliance with Parasoft, deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.

Guideline Compliance Summary

A guideline compliance summary (GCS) is the primary record of overall project compliance. The GCS includes an entry for each guideline, its level of compliance, any deviations and/or re-catorizations, etc.

See MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards for additional details and information.

How Parasoft Supports MISRA C:2012 Compliance

In addition to the MISRA Compliance Pack, the following Parasoft products are required:

  • Development Testing Platform (DTP) Enterpise 5.3.3 or later
  • DTP Extension Designer 5.3.3 or later (included with the DTP Enterprise license)
  • C/C++test Desktop or C/C++test DTP Engine 10.3.2 or later with the Flow Analysis license feature enabled

Process Overview

  1. Deploy the MISRA Compliance Pack configuration files to DTP.
  2. Connect an instance of C/C++test to DTP. This enables C/C++test to analyze code according to MISRA guidelines by using the configurations stored on DTP, as well as report code analysis data to DTP for processing.
  3. Install, configure, and deploy the MISRA Compliance artifact into DTP Extension Designer. This enables DTP to process the code analysis data to output the compliance deliverables.
  4. Analyze the project with C/C++test using the MISRA configurations and report violations to DTP.
  5. The MISRA Compliance extension then generates DTP dashboard widgets and reports using the data.
  6. Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.

What's Included in the Parasoft MISRA Compliance Pack

The Parasoft MISRA Compliance pack helps you create the documentation required for demonstrating compliance with MISRA C:2012. Download and unzip the pack to access the following artifacts.

MISRA2012-Rulemap.xml

This file remaps the output from the built-in C/C++test static analysis rules to the appropriate MISRA guidelines. The rule map does not change what the rules analyze or how the analyze the code. When applying the MISRA Compliance rule map, violations are reported with new rule IDs. As a result, violations will appear as new violations and any existing suppressions and/or prioritization will not apply to the remapped violations.

This file is located in the <PACK>/MISRA Rules directory.

MISRA C 2012 Compliance.properties

This is the test configuration that enables the rules specified in the rule map to run during code analysis. All Parasoft tools analyze code according to which rules are specified in a test configuration. C/C++test includes test configurations specifically for checking software security, for example. The MISRA Compliance Pack includes a test configuration that enables the Parasoft rules that validate MISRA’s guidelines.

This file is located in the <PACK>/MISRA Rules directory.

misra-compliance-<version>.zip

This is the MISRA Compliance DTP Workflow you must install and deploy in Extension Designer. It extends DTP’s data processing functionality to produce MISRA-specific dashboard widgets and reports. It helps you track compliance status and document guideline enforcement, deviations, and rule re-categorization.

This artifact is located in the <PACK>/Extension Designer Artifact directory

MISRA2012-Category.xml and MISRA2012-Guideline.xml

These configuration files enable additional compliance categories in DTP. The additional categories provide a place for the MISRA-specific dashboard widgets that are shipped with the MISRA Compliance extensions.

If DTP and the DTP Enterprise Pack are on the same machine, these files will automatically be installed when the MISRA Compliance DTP Workflow is deployed (see Installing the MISRA Compliance DTP Workflow). DTP must be restarted after installing the artifact. These files are located in the <PACK>/DTP> conf> compliance directory.

MISRA_C_2012_Compliance.json

This dashboard template file provides a DTP dashboard containing a pre-defined set of MISRA-related widgets. If DTP and the DTP Enterprise Pack are on the same machine, this file will automatically be installed when the MISRA Compliance DTP Workflow is deployed (see Installing the MISRA Compliance DTP Workflow). Refresh your browser after deploying the artifact to view the template. This file is located in the <PACK>/DTP> grs> dashboard directory.

MISRA C:2012 Compliance Data Sheet

This document shows the mapping between C/C++test rules and the guidelines they support. It shows the original C++test rule and the remapped rule.

Configuring DTP for MISRA Compliance Reporting

MISRA guidelines are defined as either "rules" or "directives" and can be categorized as Mandatory, Required, or Advisory. Parasoft static and flow analysis rules report violations according to a category (e.g., Possible Bug, Interoperability, etc.) and severity (I.e. 1-5). In the MISRA rulemap, the analysis rules are remapped so that the Parasoft category matches the MISRA guideline and output presented in both static HTML reports and DTP maps to MISRA guidelines. Additionally, the MISRA Compliance test configuration enables C/C++test to execute only the rules related to the remapped MISRA rules.

  1. Install the MISRA2012-Rulemap.xml configuration file as described in Uploading Rule Map Files.
  2. Install the MISRA C 2012 Compliance.properties test configuration file as described in Managing Test Configurations.
  3. Associate the rule map file with the test configuration file as described in Associating Test Configurations with Rule Maps.

     
     
  4. You can skip this step if DTP and the DTP Enterprise Pack are on the same machine. Deploy the MISRA2012-Category.xml and MISRA2012-Guideline xml custom compliance configuration files as described in Custom Compliance Categories.
  5. You can skip this step if DTP and the DTP Enterprise Pack are on the same machine. Deploy the MISRA_C_2012_Compliance.json dashboard template file as described in Deploying Custom Dashboard Templates.
  6. Restart DTP (see Stopping DTP Services and Starting DTP Services). If DTP and the DTP Enterprise Pack are on the same machine, wait to complete this step until the MISRA Compliance DTP Workflow has been deployed (see Installing the MISRA Compliance DTP Workflow). 

Achieving 100% Compliance

According to MISRA C:2012, there are four guidelines that cannot be statically analyzed. As a result, DTP will report 100% compliance against 169 guidelines.

Configuring Extension Designer

Installing the MISRA Compliance DTP Workflow

  1. Enterprise Pack artifacts are usually downloaded and installed from the Parasoft Marketplace, but the MISRA Compliance workflow must be uploaded manually. See Uploading Artifacts for instructions.
  2. Deploy the artifact after installation. See Deploying Services for instructions.

Profile Configuration

The MISRA Compliance DTP Workflow ships with a model profile (see Working with Model Profiles) configured to monitor compliance with MISRA C:2012. The profile include information necessary for generating compliance reports (see Viewing MISRA Compliance Reports). It includes a field for you to specify your compiler, as well as guideline categorization and re-categoriziation information. You can modify the profile if you want to re-categorize guidelines to meet you specific goals or specify additional metadata for your reports. Changes will be reflected in the Guideline Re-categorization Plan.

We recommend creating a copy of the default profile and modifying the copy. 

  1. Click Export Profile to download a copy.
  2. Rename the copy and click Import Profile.
  3. Browse for the copy and confirm to upload.  
  4. Click on a guideline and specify your changes. If you are changing MISRA categories, the following strings are acceptable:
  5. Click Save

Widget Configuration

Add the MISRA Compliance widgets to your dashboard (see Adding Widgets). The widgets will appear in the Compliance category in the Add Widget overlay:


Native DTP MISRA Widget Vs. DTP Workflow

DTP ships with a native MISRA C 2012 - Compliance widget that is not a part of this artifact. You can view the documentation for this widget for additional information.

Specify the following information when adding the MISRA Compliance - Percentage, MISRA Compliance - Status, and MISRA Violations by Category - TreeMap widgets:

TitleYou can rename the widget in the Title field.
FilterChoose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information.
PeriodChoose a specific time period or Dashboard Settings from the drop-down menu.
Target BuildChoose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. 
CategoryThis setting is available in the MISRA Compliance - Guidelines by Status widget. Choose an individual category or All from the drop-down menu.
Compliance ProfileSpecify a compliance profile (see Profile Configuration). The compliance profile data is used to generate some of the compliance reports.

Viewing MISRA Compliance Widgets 

Each widget provides a different review of the test and analysis data to help you achieve MISRA compliance. The following widgets are shipped with the MISRA Compliance DTP Workflow.

MISRA Compliance - Status Widget

This widget shows you the general state of compliance. You can add multiple instances of the widget configured to use a different profile, e.g., a profile with disapplied guidelines, to view your current compliance status. Click on the widget to open the MISRA Compliance Report

The widget can show five possible states:

Compliant

Code meets all guidelines with no deviations or changes to the guideline categories.

Missing rule(s) in analysis

Parasoft code analysis rules documented in your profile were not included in the specified build. Make sure all rules are enabled in C/C++test and re-run analysis.

Compliant with Deviations

Code meets all guidelines, but deviations have been applied. Deviations are violations that you have determined to be acceptable (see Deviations Report for additional information about deviations).

Compliant with Violations

Code meets all mandatory and required guidelines, but contains violations for advisory guidelines.

Not Compliant

Code does not meet all mandatory and/or required guidelines.

MISRA Compliance - Percentage Widget

This widget shows the completeness of MISRA compliance as a percentage. Completeness is based on number of guidelines being enforced in the profileClick on the widget to open the MISRA Compliance Report.

MISRA Compliance - Guidelines by Status

This widget shows the compliance status for an individual guideline category (Mandatory, Required, or Advisory).

The pie chart can represent up to five different guideline statuses for the selected category:

GreenGuidelines that your code is complaint.
Yellow

Guidelines that your code is deviating from but are still considered compliant.

A deviation is when the guideline is not being followed according to the Parasoft static analysis rule, but is considered acceptable because it does not affect the safety of the software. Deviations represent Parasoft static analysis rules that have been suppressed.

Orange

Guidelines that your code is considered compliant with, even though the static analysis rules that enforce them contain violations.

Only advisory guidelines can have this status.

RedGuidelines that your code is not compliant with.
MaroonGuidelines that are specified in the profile, but the Parasoft rule that enforces the guideline are missing.

You can perform the following actions:

  • Mouse over a pie slice to view details.
  • Click on a section to open the MISRA Compliance report filtered by the category and status.
  • Click on the number of violations counter to open the MISRA Compliance report filtered by the category and status.
  • Click on the number of deviations counter to open the Deviations Report filtered by the category selected in the widget.

MISRA Violations by Category - TreeMap Widget

This widget provides a representation of the highest concentration of static analysis violations per MISRA category (mandatory, required, and advisory). The widget also shows the guidelines (e.g., Dir 4.6, Rule 14.3, etc.) within each category in which violations were reported. Finally, the Parasoft rule(s) enforcing each guideline are also presented. Tiles are proportional to the number of static analysis violations reported for each rule. 

  

The widget uses the hierarchy established in the model profile to correlate rules, guidelines, and categories. You can mouse over a tile in the widget to view the number of violations associated with each rule-guidline-category.

Click on a rule to see the violation in the Violations Explorer.

Viewing MISRA Compliance Reports

The MISRA Compliance Report provides an overview of your MISRA compliance status and serves as the primary document for demonstrating compliance.

You can perform the following actions:

  • Use the drop-down menus to sort by MISRA Category or by Compliance status.
  • Click on a link in the # of Violations, In-Code Suppression, or DTP Suppressions column to view the violations in the Violations Explorer.
  • Open one of the MISRA Compliance sub-reports.

The MISRA Compliance Report contains four supporting reports:

Guideline Enforcement Plan

The Guidelines Enforcement Plan (GEP)shows which static analysis rules are used to enforce the MISRA guidelines. It is intended to describe how you are enforcing each guideline.

This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can add notes to the Compiler field, such as “no errors” or specific compiler settings that will be applied, to document your plan. These notes appear in the Compiler column.

The Analysis Tool column should refer to the static analysis rule. The Manual Review column should contain any manual verifications that will be performed in addition to the automated checks applied by the compiler and analysis tool.

Guideline Re-categorization Plan

If you changed any of the MISRA guideline categories (see Profile Configuration), they will be processed and displayed in this report. Refer to the MISRA standard for additional information about guideline re-categorization plans.

Deviations Report 

Your code can contain violations and still be MISRA-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code with comments or in the DTP Violations Explorer by setting the prioritization to Do Not Show. 

Click on the Deviations Report link in the MISRA Compliance report to open the Deviations Report.  

The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information.

You can also filter the report by MISRA category.

Build Audit Report

The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with MISRA during a regulatory audit.

In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

  • No labels