Versions Compared

Old Version 10

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2022.1

...

Table of Contents
maxLevel1

Background

MISRA began as a set of technical guidelines to help organizations create safety-critical software for automotive applications. The standard has since been adopted by embedded software development organizations in other safety-critical industries. MISRA C:2012 is the most recent implementation for development using the C programming language and includes 159 base guidelines. Amendment 1 is a supplemental set of 14 guidelines that expanded the total to 173.

One of the challenges associated with achieving MISRA compliance has been the lack of a standardized mechanism for demonstrating compliance. To address this issue, MISRA published “MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards,” which provides a more concrete definition of “MISRA compliance” and identifies several deliverables required for demonstrating compliance with the MISRA standard.

The Parasoft MISRA Compliance artifact configures code analysis to run against MISRA guidelines and conforms the data to meet the following reporting specifications defined in MISRA Compliance 2016.

Guideline Enforcement Plan

Overview

The Parasoft MISRA Compliance artifact configures code analysis to run against MISRA guidelines and conforms the data to meet the following reporting specifications defined in MISRA Compliance 2020.

Guideline Enforcement Plan

A guideline enforcement plan (GEP) lists each MISRA guideline to indicate how compliance is checked. In the context of MISRA compliance with Parasoft, the GEP maps MISRA guidelines to Parasoft code analysis rules and DTP functionality.

Guideline Re-categorization Plan

A guideline re-categorization plan (GRP) documents agreed-upon changes to how MISRA guidelines are categorized. Guidelines are categorized as Mandatory, Required, and Advisory. A fourth category, Disapplied, may also be used for instances in which the guideline truly does not apply.

All mandatory guidelines must be followed to achieve compliance. Required guidelines should be followed, but documented exceptions are allowed. Advisory guidelines are considered best practice.

Required and Advisory guidelines can be re-categorized into to stricter categories (e.g., Advisory to Required), but only Advisory guidelines can be re-categorized into less strict categories (i.e., to Disapplied).

Deviations Report

A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the A guideline enforcement plan (GEP) lists each MISRA guideline to indicate how compliance is checked. In the context of MISRA compliance with Parasoft, the GEP maps MISRA guidelines to Parasoft code analysis rules and DTP functionality.

Guideline Re-categorization Plan

A guideline re-categorization plan (GRP) documents agreed-upon changes to how MISRA guidelines are categorized. Guidelines are categorized as Mandatory, Required, and Advisory. A fourth category, Disapplied, may also be used for instances in which the guideline truly does not apply.

All mandatory guidelines must be followed to achieve compliance. Required guidelines should be followed, but documented exceptions are allowed. Advisory guidelines are considered best practice.

Required and Advisory guidelines can be re-categorized into to stricter categories (e.g., Advisory to Required), but only Advisory guidelines can be re-categorized into less strict categories (i.e., to Disapplied).

Deviations Report

A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the context of MISRA compliance with Parasoft, deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.

Guideline Compliance Summary

A guideline compliance summary (GCS) is the primary record of overall project compliance. The GCS includes an entry for each guideline, its level of compliance, any deviations and/or re-catorizations, etc. The MISRA Compliance Report shipped with the Parasoft MISRA Compliance extension fulfills this requirement.  

See MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards for additional details and information.

Prerequisites

This compliance artifact supports code analysis executed by C/C++test (Standard or Professional) with the Flow Analysis license feature enabled.

Process Overview

  1. Analyze code with C/C++test using the MISRA C:2012 test configuration and report violations to DTP.
  2. Install the Automotive Compliance Pack into DTP Extension Designer, which also installs the MISRA Compliance assets.
  3. Deploy the MISRA DTP Workflow to your DTP environment and add the MISRA dashboard and widgets to your DTP interface.
  4. Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.
Note
titleAchieving 100% Compliance

According to MISRA C:2012, there are four guidelines that cannot be statically analyzed. As a result, DTP will report 100% compliance against 169 guidelines.

MISRA Compliance Extension Assets

The Parasoft MISRA Compliance artifact helps you create the documentation required for demonstrating compliance with MISRA C:2012. The following assets are included:

  • Compliance categories and guidelines: These files add the MISRA Compliance option to DTP interfaces, such as widget configuration settings.  
  • Test configurations: These files specify which code analysis rules to execute. You can configure C/C++test to run the local test configuration or to run the test configuration uploaded to DTP when the compliance pack is installed. 
  • Dashboard template: This file enables you to add the MISRA C:2012 dashboard that includes a pre-defined set of MISRA-related widgets.
  • Model and profile: These files drive the report compliance reports necessary for demonstrating MISRA compliance. See Profile Configuration for additional information.
  • DTP Workflow: This is the DTP Enterprise Pack artifact that includes the widgets, reports, and processing logic that show violations in the context of MISRA guidelines.   

Installing and Deploying the DTP Workflow

  1. The MISRA Compliance artifact is installed as part of the Automotive Compliance Pack. See Installation for instructions.
  2. Choose Extension Designer from the DTP settings menu (gear icon).
    Image Removed
  3. Click the Services tab and choose a service category. You can deploy the artifact to any service category you want. You can also create a new category (see Working with Services), but we recommend deploying compliance pack artifacts to the DTP Workflows service category. 
    Image Removed
  4. You can deploy the artifact to an existing service or add a new service. The number of artifacts deployed to a service affects the overall performance. See Extension Designer Best Practices for additional information. Choose an existing service and continue to step 6 or click Add Service.
  5. Specify a name for the service and click Confirm
    Image Removed
  6. The tabs interface allows you to organize your artifacts within the service. Organizing your artifacts across one or more tabs does not affect the performance of the system. Click on a tab (or click the + button to add a new tab) and choose Import from the vertical ellipses menu.
    Image Removed
  7. Choose Local> Flows> Workflows> Automotive> MISRA Compliance and click Import.
  8. Click anywhere in the open area to drop the artifact into the service.
  9. Click Deploy to finish deploying the artifact to your DTP environment. 
  10. Return to DTP and refresh your dashboard. 

You will now be able to add the MISRA dashboard and widgets, as well as access MISRA reports.  

Adding the MISRA Dashboard

The MISRA dashboard is configured to show custom widgets shipped as part of the MISRA artifact. The dashboard also contains select native DTP widgets configured to show code analysis data within the context of MISRA C:2012. The information in this section is also covered in the Adding Dashboards chapter.

  1. Click Add Dashboard and specify a name when prompted.
  2. (Optional) You can configure the default view for the dashboard by specifying the following information:
    • Choose the filter associated with your project in the filter drop-down menu. A filter represents a set of run configurations that enabled custom views of the data stored in DTP. See DTP Concepts for additional information.
    • Specify a range of time from the Period drop-down menu. 
    • Specify a range of builds from the Baseline Build and Target Build drop-down menus.  
  3. Enable the Create dashboard from a template option and choose MISRA C Compliance from the drop-down menu.
    Image Removed
  4. Click Create to finish adding the dashboard.

See Viewing MISRA Compliance Widgets for information about understanding the widgets shipped with the MISRA C:2012 artifact.

Manually Adding Widgets to Your Existing Dashboard

deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.

Guideline Compliance Summary

A guideline compliance summary (GCS) is the primary record of overall project compliance. The GCS includes an entry for each guideline, its level of compliance, any deviations and/or re-catorizations, etc. The MISRA Compliance Report shipped with the Parasoft MISRA Compliance extension fulfills this requirement.  

See MISRA Compliance 2020: Achieving Compliance with MISRA Coding Standards for additional details and information.

Prerequisites

This compliance artifact supports code analysis executed by C/C++test (Standard or Professional) with the Flow Analysis license feature enabled.

Process Overview

  1. Analyze code with C/C++test using the MISRA C:2012 test configuration and report violations to DTP.
  2. Install the Automotive Compliance Pack into DTP Extension Designer, which also installs the MISRA Compliance assets.
  3. Deploy the MISRA DTP Workflow to your DTP environment and add the MISRA dashboard and widgets to your DTP interface.
  4. Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.
Note
titleAchieving 100% Compliance

According to MISRA C:2012, there are four guidelines that cannot be statically analyzed. As a result, DTP will report 100% compliance against 171 guidelines.

MISRA Compliance Extension Assets

The Parasoft MISRA Compliance artifact helps you create the documentation required for demonstrating compliance with MISRA C:2012. The following assets are included:

  • Compliance categories and guidelines: These files add the MISRA Compliance option to DTP interfaces, such as widget configuration settings.  
  • Test configurations: These files specify which code analysis rules to execute. You can configure C/C++test to run the local test configuration or to run the test configuration uploaded to DTP when the compliance pack is installed. 
  • Dashboard template: This file enables you to add the MISRA C:2012 dashboard that includes a pre-defined set of MISRA-related widgets.
  • Model and profile: These files drive the report compliance reports necessary for demonstrating MISRA compliance. See Profile Configuration for additional information.
  • DTP Workflow: This is the DTP Enterprise Pack artifact that includes the widgets, reports, and processing logic that show violations in the context of MISRA guidelines.   

Installing and Deploying the DTP Workflow

  1. The MISRA Compliance artifact is installed as part of the Automotive Compliance Pack. See Installation for instructions.
  2. Choose Extension Designer from the DTP settings menu (gear icon).
    Image Added
  3. Click the Services tab and choose a service category. You can deploy the artifact to an existing service or add a new service. We recommend deploying compliance pack artifacts to a service within the DTP Workflows category
    Image Added
    The number of artifacts deployed to a service affects the overall performance (see Extension Designer Best Practices for additional information). If you are deploying the artifact to an existing service, choose it and continue to step 4. If you are adding a new service for the artifact, click Add Service then specify a name for the service and click Confirm.
  4. The tabs interface within the service allows you to organize your artifacts. Organizing your artifacts across one or more tabs within the service does not affect the performance of the system. Click on a tab (or click the + button to add a new tab) and choose Import from the vertical ellipses menu in the upper right.
    Image Added
  5. Choose Local> Flows> Workflows> Automotive> MISRA Compliance and click Import.
  6. Click anywhere in the open area to drop the artifact into the service.
  7. Click Deploy to finish deploying the artifact to your DTP environment. 
  8. Return to DTP and refresh your dashboard. 

You will now be able to add the MISRA dashboard and widgets, as well as access MISRA reports.  

Adding the MISRA Dashboard

The MISRA dashboard is configured to show custom widgets shipped as part of the MISRA artifact. The dashboard also contains select native DTP widgets configured to show code analysis data within the context of MISRA C:2012. The information in this section is also covered in the Adding Dashboards chapter.

  1. Click Add Dashboard and specify a name when prompted.
  2. (Optional) You can configure the default view for the dashboard by specifying the following information:
    • Choose the filter associated with your project in the filter drop-down menu. A filter represents a set of run configurations that enabled custom views of the data stored in DTP. See DTP Concepts for additional information.
    • Specify a range of time from the Period drop-down menu. 
    • Specify a range of builds from the Baseline Build and Target Build drop-down menus.  
  3. Enable the Create dashboard from a template option and choose MISRA C Compliance from the drop-down menu.
    Image Added
  4. Click Create to finish adding the dashboard.

See Viewing MISRA Compliance Widgets for information about understanding the widgets shipped with the MISRA C:2012 artifact.

Manually Adding Widgets to Your Existing Dashboard

You can also add the MISRA widgets shipped with the artifact to an an existing dashboard. See Adding Widgets for You can also add the MISRA widgets shipped with the artifact to an an existing dashboard. See Adding Widgets for general instructions on adding widgets to a dashboard. After deploying the artifact, the MISRA widgets will appear in the MISRA category in the Add Widget overlay:

Image Modified

Specify the following information when adding the MISRA Compliance - Percentage, MISRA Compliance - Status, and MISRA Violations by Category - TreeMap widgets:

...

This widget shows you the general state of compliance. You can add multiple instances of the widget configured to use a different profile, e.g., a profile with disapplied guidelines, to view your current compliance status. Click on the widget to open the MISRA Compliance Report

Image RemovedImage Added

The widget can show five possible states:

...

This widget shows the completeness of MISRA compliance as a percentage. Completeness is based on number of guidelines being enforced in the profileClick on the widget to open the MISRA Compliance Report.

Image RemovedImage Added

MISRA Compliance - Guidelines by Status

This widget shows the compliance status for individual guideline categories (Mandatory, Required, Advisory) or for all categories.

Image Modified

The pie chart can represent up to five different guideline statuses for the selected category:

...

This widget provides a representation of the highest concentration of static analysis violations per MISRA category (mandatory, required, and advisory). The widget also shows the guidelines (e.g., Dir 4.6, Rule 14.3, etc.) within each category in which violations were reported. Finally, the Parasoft rule(s) enforcing each guideline are also presented. Tiles are proportional to the number of static analysis violations reported for each rule. 

Image Modified  

The widget uses the hierarchy established in the model profile to correlate rules, guidelines, and categories. You can mouse over a tile in the widget to view the number of violations associated with each rule-guidline-category.

...

The MISRA Compliance Report provides an overview of your MISRA compliance status and serves as the primary document for demonstrating compliance.

Image Removed

You can perform the following actions:

...

Table of Content Zone
maxLevel2
minLevel2
locationtop

Guideline Enforcement Plan

The Guidelines Enforcement Plan (GEP) shows which static analysis rules are used to enforce the MISRA guidelines. It is intended to describe how you are enforcing each guideline.

This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can add notes to the Compiler field, such as “no errors” or specific compiler settings that will be applied, to document your plan. These notes appear in the Compiler column.

The Analysis Tool column should refer to the static analysis rule. The Manual Review column should contain any manual verifications that will be performed in addition to the automated checks applied by the compiler and analysis tool.

Image Removed

Guideline Re-categorization Plan
Anchor
gap-report
gap-report

If you changed any of the MISRA guideline categories (see Profile Configuration), they will be processed and displayed in this report. Refer to the MISRA standard for additional information about guideline re-categorization plans. Image Removed

By default, this report does not include the compiler used to build the code. You can add the compiler to your profile so that it appears in this report. See Profile Configuration for information on modifying the profile.

Deviations Report 

Click on the Deviations Report link in the MISRA Compliance report to open the Deviations Report.  Image Removed

The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information. You can perform the following actions:

  • Filter the report by MISRA category (All, Mandatory, Required, Advisory, Disapplied)
  • Enable the Only Deviations option to exclude violations that do not have deviations
  • Enable the Hide Modification History option to exclude the modification history attached to deviations

Build Audit Report

The main MISRA Compliance Report links to the Build Audit Report, which provides access to code analysis, test results, and coverage information sent to DTP under the selected build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with MISRA during a regulatory audit. The Build Audit Report is a standard report shipped with DTP and is not specific to MISRA Compliance.Image Removed

In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

...

The MISRA Compliance DTP Workflow ships with a model profile (see Working with Model Profiles) configured to monitor compliance with MISRA C:2012. The profile includes information necessary for generating compliance reports (see Viewing MISRA Compliance Reports), such as fields for specifying your compiler and guideline categorization and re-categoriziation. You can modify the profile if you want to re-categorize guidelines to meet you specific goals or specify additional metadata for your reports. Changes will be reflected in the Guideline Re-categorization Plan.

Image Removed

We recommend creating a copy of the default profile and modifying the copy. 

  1. Click Export Profile to download a copy. 
  2. Rename the copy and click Import Profile
  3. Browse for the copy and confirm to upload.  
  4. Click on a guideline and specify your changes. If you are changing MISRA categories, the following strings are acceptable:
  5. Click Save

Upgrading MISRA Compliance

You should update any extensions when you upgrade DTP. Extensions are designed to be forward compatible, but Parasoft does not guarantee that older extensions will function as expected with newer versions of DTP. We strongly recommend installing the latest version of the artifact and removing the older version to ensure proper functionality. 

. Changes will be reflected in the Guideline Re-categorization Plan.

We recommend creating a copy of the default profile and modifying the copy. 

  1. Click Export Profile to download a copy. 
  2. Rename the copy and click Import Profile
  3. Browse for the copy and confirm to upload.  
  4. Click on a guideline and specify your changes. If you are changing MISRA categories, the following strings are acceptable:
  5. Click Save
  6. Install the latest version of the Automotive Compliance Pack as described in the Installation section.
  7. Open Extension Designer from the DTP settings menu (gear icon) and click the Settings tab.
  8. Expand the DTP Workflow compliance category (or the category containing the service with the older MISRA artifact) and click on the service. 
    Image Removed
  9. Click on the tab containing the MISRA flow and delete all nodes. You can use your mouse to click and drag over all nodes or use the select-all keyboard shortcut.
  10. Import the new MISRA Compliance artifact by choosing Import> Local> Flows> Workflows> Automotive> MISRA Compliance from the vertical ellipses menu.
  11. Click Deploy to finish deploying the newer MISRA components.
  12. Click the Configuration tab and click the delete button (trash icon) for the older extension.
    Image Removed