[C-safe-secure-studygroup] MISRA Compliance vs False Positives
Fulvio Baccaglini
fbaccaglini at perforce.com
Thu Jul 12 11:42:19 BST 2018
Hi,
A question was raised at the meeting about what would a user have to do
when a tool incorrectly reports a violation of a MISRA rule.
Here is an extract from MISRA Compliance:2016 section 3.4:
"False diagnosis of a violation [...] should be investigated.
Sometimes, the easiest and quickest solution will be to modify the
source code to eliminate the message. However, this may not always be
possible or desirable, in which case a record of the investigation
should be kept. The purpose of the record is to: [...] Explain and, if
possible, obtain the tool developer’s agreement that the tool diagnosis
is incorrect [...] All records of such investigations should be
reviewed and approved by an appropriately qualified technical
authority."
https://www.misra.org.uk/forum/download/file.php?id=692
The deviation process however does not apply in this case, as it only
applies when a guideline is actually violated.
Fulvio
More information about the C-safe-secure-studygroup
mailing list