(610) 584-4261 sales@gimpel.com
Request Evaluation Online Demo
Gimpel Software LLC Logo   Gimpel Software Evaluate Order Support News About

PC-lint Plus Support for MISRA C++

PC-lint Plus provides support for the MISRA C++ coding guidelines. Checking for MISRA C++ compliance is easily accomplished by adding a reference to the au-misra-cpp.lnt file (distributed with PC-lint Plus) to your PC-lint Plus configuration. This file enables the messages corresponding to MISRA C++ guidelines and adds text to issued messages specifying the rules(s) associated with each applicable message. The au-misra-cpp.lnt file is a plain text, human-readable configuration file using standard PC-lint Plus option syntax that can easily be modified to meet the needs of any individual project.

The Reference Manual that ships with PC-lint Plus includes a support matrix detailing the level of support for each guideline as well as the mechanisms by which each guideline is supported.

Violation Analysis and Presentation

Consider the following example which contains several MISRA C++ violations:

    #include <cstdlib>
    typedef short int16_t;

    namespace Grid {
        class Point {
        public:
            Point(int16_t x, int16_t y) : x(x), y(y) { }
            int16_t xCoord() const { return x; }
            int16_t yCoord() const { return y; }

            int16_t originGridDistance() {
                return abs(x) + abs(y);
            }

        private:
            int16_t x;
            int16_t y;
        };
    }

When analyzing this example with PC-lint Plus, the reported MISRA C++ violations include:

    1762: member function 'Grid::Point::originGridDistance' could be made const [MISRA C++ Rule 9-3-3]
            int16_t originGridDistance() {
                    ^

    9114: implicit conversion of underlying type of integer cvalue expression from 
        'int' to 'int16_t' (aka 'short') [MISRA C++ Rule 5-0-3]
                return abs(x) + abs(y);
                ^      ~~~~~~~~~~~~~~~

    9119: implicit conversion of integer to smaller underlying type ('int' to 
        'int16_t' (aka 'short')) [MISRA C++ Rule 5-0-6]
                return abs(x) + abs(y);
                       ^~~~~~~~~~~~~~~

    952: parameter 'x' of function 'Grid::Point::Point(int16_t, int16_t)' could be 
        const [MISRA C++ Rule 7-1-1]
            Point(int16_t x, int16_t y) : x(x), y(y) { }
                          ^

    952: parameter 'y' of function 'Grid::Point::Point(int16_t, int16_t)' could be 
        const [MISRA C++ Rule 7-1-1]
            Point(int16_t x, int16_t y) : x(x), y(y) { }
                                     ^

Each violation reported includes the location where the violation occurred, a message number and textual description of the underlying issue, and the MISRA C++ Rule that was violated. For example, in the message:

    1762: member function 'Grid::Point::originGridDistance' could be made const [MISRA C++ Rule 9-3-3]
            int16_t originGridDistance() {
                    ^

1762 is the PC-lint Plus message number and the text of this message is “member function ‘Grid::Point::originGridDistance’ could be made const”. The MISRA Rule violated is included in square brackets at the end of the message text. The subsequent two lines show the context and position associated with the message.

Resolving Violations

The PC-lint Plus Reference Manual contains descriptions of each message and often provides additional guidance that can be used to correct the issue. This information can also be displayed on the command line. For example, to display the description of message 1762, run PC-lint Plus with the option -help=1762 to have PC-lint Plus display the following:

    The indicated (non-static) member function did not modify member data
    and did not call non-const functions. Moreover, it does not make any
    deep modification to the class member. A modification is considered deep
    if it modifies information indirectly through a class member pointer.
    Therefore, it could and probably should be declared as a const member
    function.

The MISRA C++ guidelines document can be consulted for information about the specified Rule.

One way to rewrite the above example to address the reported violations is:

    namespace Grid {
    class Point {
    public:
        Point(const int16_t x, const int16_t y) : x(x), y(y) { }
        int16_t xCoord() const { return x; }
        int16_t yCoord() const { return y; }

        int16_t originGridDistance() const {
            return static_cast<int16_t>(abs(x)) + static_cast<int16_t>(abs(y));
        }

    private:
        int16_t x;
        int16_t y;
    };
}

Handling Deviations

Deviations are instances in the source code where a violation of a Rule has been reviewed and deemed acceptable. The MISRA C++ document contains advisory and required rules. Deviations from required rules generally involve a formal approval process whereas deviations from advisory rules may not. While the details of the deviation process will vary from project to project, deviations can be configured in PC-lint Plus using a very flexible suppression mechanism. Most messages can be suppressed in a variety of ways such as within a file, function, or statement, when referring to a particular symbol or type, or on a particular line. Some types of suppressions require a comment be added to the source code but most do not.

For example, MISRA C++ Rule 9-3-3 (reported above by message 1762) is a required rule stating member functions that member functions must be const if possible. This message could be suppressed for the function calc using the option -efunc(1762, Grid::Point::originGridDistance) which can either be placed in the project configuration file or in a source code as a lint comment. The other messages could be suppressed within this function in the same way. Commentary can follow a suppression option which may include a rationale or formal deviation information.

Library Code

PC-lint Plus distinguishes between library code (which by default includes foreign and system headers but can be customized to include any subset of headers and modules) and project code. By default, PC-lint Plus will check both library code and project code for compliance with MISRA C++. It is often desired to limit checking to project code and this is easily accomplished by resetting the library warning level after referencing the au-misra-cpp.lnt file using the options -wlib=4 -wlib=1. Individual messages can also be enabled or disabled for library code just as easily using the -elib and +elib options.

See Also