The Parasoft MISRA Compliance artifact is a set of assets for your DTP infrastructure that enable you to readily demonstrate compliance with MISRA development guidelines. The MISRA Compliance artifact can be adapted to support any version of the MISRA standard, but it is configured by default for MISRA C:2012. This artifact ships with the Automotive Compliance Pack for DTP 5.4.2. Contact your Parasoft representative for information about downloading and licensing the compliance pack.
In this section:
MISRA began as a set of technical guidelines to help organizations create safety-critical software for automotive applications. The standard has since been adopted by embedded software development organizations in other safety-critical industries. MISRA C:2012 is the most recent implementation for development using the C programming language and includes 159 base guidelines. Amendment 1 is a supplemental set of 14 guidelines that expanded the total to 173.
One of the challenges associated with achieving MISRA compliance has been the lack of a standardized mechanism for demonstrating compliance. To address this issue, MISRA published “MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards,” which provides a more concrete definition of “MISRA compliance” and identifies several deliverables required for demonstrating compliance with the MISRA standard.
The Parasoft MISRA Compliance artifact configures code analysis to run against MISRA guidelines and conforms the data to meet the following reporting specifications defined in MISRA Compliance 2016.
A guideline enforcement plan (GEP) lists each MISRA guideline to indicate how compliance is checked. In the context of MISRA compliance with Parasoft, the GEP maps MISRA guidelines to Parasoft code analysis rules and DTP functionality.
A guideline re-categorization plan (GRP) documents agreed-upon changes to how MISRA guidelines are categorized. Guidelines are categorized as Mandatory, Required, and Advisory. A fourth category, Disapplied, may also be used for instances in which the guideline truly does not apply.
All mandatory guidelines must be followed to achieve compliance. Required guidelines should be followed, but documented exceptions are allowed (see Deviations report). Advisory guidelines are considered best practice.
Required and Advisory guidelines can be re-categorized into to stricter categories (e.g., Advisory to Required), but only Advisory guidelines can be re-categorized into less strict categories (i.e., to Disapplied).
A "deviation" is a documented violation of the guideline and supporting rationale for allowing the violation to remain. In the context of MISRA compliance with Parasoft, deviations take the form of suppressed code analysis violations. Your project can have deviations and still be considered compliant if the deviations are documented in the report and do not impact safety.
A guideline compliance summary (GCS) is the primary record of overall project compliance. The GCS includes an entry for each guideline, its level of compliance, any deviations and/or re-catorizations, etc. The MISRA Compliance Report shipped with the Parasoft MISRA Compliance extension fulfills this requirement.
See MISRA Compliance 2016: Achieving Compliance with MISRA Coding Standards for additional details and information.
In addition to the MISRA Compliance artifact, the following Parasoft products are required:
According to MISRA C:2012, there are four guidelines that cannot be statically analyzed. As a result, DTP will report 100% compliance against 169 guidelines.
The Parasoft MISRA Compliance artifact helps you create the documentation required for demonstrating compliance with MISRA C:2012. The following assets are included:
You will now be able to add the MISRA dashboard and widgets, as well as access MISRA reports.
The MISRA dashboard is configured to show custom widgets shipped as part of the MISRA artifact. The dashboard also contains select native DTP widgets configured to show code analysis data within the context of MISRA C:2012. The information in this section is also covered in the Adding Dashboards chapter.
See Viewing MISRA Compliance Widgets for information about understanding the widgets shipped with the MISRA C:2012 artifact.
You can also add the MISRA widgets shipped with the artifact to an an existing dashboard. See Adding Widgets for general instructions on adding widgets to a dashboard. After deploying the artifact, the MISRA widgets will appear in the MISRA category in the Add Widget overlay:
Specify the following information when adding the MISRA Compliance - Percentage, MISRA Compliance - Status, and MISRA Violations by Category - TreeMap widgets:
|Title||You can rename the widget in the Title field.|
|Filter||Choose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information.|
|Target Build||Choose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds.|
|Category||This setting is available in the MISRA Compliance - Guidelines by Status and MISRA Compliance - Status widgets. Choose an individual category or All from the drop-down menu.|
|Compliance Profile||Specify a compliance profile (see Profile Configuration). The compliance profile data is used to generate some of the compliance reports.|
Each widget provides a different view of the test and analysis data to help you achieve MISRA compliance. The following widgets are shipped with the MISRA Compliance DTP Workflow.
This widget shows you the general state of compliance. You can add multiple instances of the widget configured to use a different profile, e.g., a profile with disapplied guidelines, to view your current compliance status. Click on the widget to open the MISRA Compliance Report.
The widget can show five possible states:
Code meets all guidelines with no deviations or changes to the guideline categories.
Missing rule(s) in analysis
Parasoft code analysis rules documented in your profile were not included in the specified build. Make sure all rules are enabled in C/C++test and re-run analysis.
Compliant with Deviations
Code meets all guidelines, but deviations have been applied. Deviations are violations that you have determined to be acceptable (see Deviations Report for additional information about deviations).
Compliant with Violations
Code meets all mandatory and required guidelines, but contains violations for advisory guidelines.
Code does not meet all mandatory and/or required guidelines.
This widget shows the completeness of MISRA compliance as a percentage. Completeness is based on number of guidelines being enforced in the profile. Click on the widget to open the MISRA Compliance Report.
This widget shows the compliance status for individual guideline categories (Mandatory, Required, Advisory) or for all categories.
The pie chart can represent up to five different guideline statuses for the selected category:
|Green||Guidelines that your code is complaint.|
Guidelines that your code is deviating from but are still considered compliant.
A deviation is when the guideline is not being followed according to the Parasoft static analysis rule, but is considered acceptable because it does not affect the safety of the software. Deviations represent Parasoft static analysis rules that have been suppressed.
Guidelines that your code is considered compliant with, even though the static analysis rules that enforce them contain violations.
Only advisory guidelines can have this status.
|Red||Guidelines that your code is not compliant with.|
|Maroon||Guidelines that are specified in the profile, but the Parasoft rule that enforces the guideline are missing.|
You can perform the following actions:
This widget provides a representation of the highest concentration of static analysis violations per MISRA category (mandatory, required, and advisory). The widget also shows the guidelines (e.g., Dir 4.6, Rule 14.3, etc.) within each category in which violations were reported. Finally, the Parasoft rule(s) enforcing each guideline are also presented. Tiles are proportional to the number of static analysis violations reported for each rule.
The widget uses the hierarchy established in the model profile to correlate rules, guidelines, and categories. You can mouse over a tile in the widget to view the number of violations associated with each rule-guidline-category.
Click on a rule to see the violation in the Violations Explorer.
The MISRA Compliance Report provides an overview of your MISRA compliance status and serves as the primary document for demonstrating compliance.
You can perform the following actions:
The MISRA Compliance Report contains the following sub-reports:
Guideline Enforcement Plan
The Guidelines Enforcement Plan (GEP)shows which static analysis rules are used to enforce the MISRA guidelines. It is intended to describe how you are enforcing each guideline.
This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can add notes to the Compiler field, such as “no errors” or specific compiler settings that will be applied, to document your plan. These notes appear in the Compiler column.
The Analysis Tool column should refer to the static analysis rule. The Manual Review column should contain any manual verifications that will be performed in addition to the automated checks applied by the compiler and analysis tool.
Guideline Re-categorization Plan
If you changed any of the MISRA guideline categories (see Profile Configuration), they will be processed and displayed in this report. Refer to the MISRA standard for additional information about guideline re-categorization plans.
Your code can contain violations and still be MISRA-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.
Click on the Deviations Report link in the MISRA Compliance report to open the Deviations Report.
The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information.
You can filter the report by MISRA category, as well as enable the Only Deviations option to only show deviations.
Build Audit Report
The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with MISRA during a regulatory audit.
In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.
The MISRA Compliance DTP Workflow ships with a model profile (see Working with Model Profiles) configured to monitor compliance with MISRA C:2012. The profile includes information necessary for generating compliance reports (see Viewing MISRA Compliance Reports), such as fields for specifying your compiler and guideline categorization and re-categoriziation. You can modify the profile if you want to re-categorize guidelines to meet you specific goals or specify additional metadata for your reports. Changes will be reflected in the Guideline Re-categorization Plan.
We recommend creating a copy of the default profile and modifying the copy.
Making Mandatory and/or Required guidelines less strict will result in an invalid use of the guideline in the Parasoft Guideline Re-categorization Plan Report per the requirements outlined by MISRA (see Guideline Re-categorization Plan). Making required and advisory guidelines stricter is acceptable.
You should update any extensions when you upgrade DTP. Extensions are designed to be forward compatible, but Parasoft does not guarantee that older extensions will function as expected with newer versions of DTP. We strongly recommend installing the latest version of the artifact and removing the older version to ensure proper functionality.