[C-safe-secure-studygroup] MISRA Compliance vs False Positives

Fulvio Baccaglini fbaccaglini at perforce.com
Thu Jul 12 11:42:19 BST 2018


Hi,

A question was raised at the meeting about what would a user have to do
when a tool incorrectly reports a violation of a MISRA rule.

Here is an extract from MISRA Compliance:2016 section 3.4:

"False diagnosis of a violation [...] should be investigated.
Sometimes, the easiest and quickest solution will be to modify the
source code to eliminate the message. However, this may not always be
possible or desirable, in which case a record of the investigation
should be kept. The purpose of the record is to: [...] Explain and, if
possible, obtain the tool developer’s agreement that the tool diagnosis
is incorrect [...] All records of such investigations should be
reviewed and approved by an appropriately qualified technical
authority."

https://www.misra.org.uk/forum/download/file.php?id=692

The deviation process however does not apply in this case, as it only
applies when a guideline is actually violated.

Fulvio




More information about the C-safe-secure-studygroup mailing list