[C-safe-secure-studygroup] MISRA Compliance vs False Positives

Martin Sebor msebor at gmail.com
Thu Jul 12 16:00:07 BST 2018


On 07/12/2018 04:42 AM, Fulvio Baccaglini wrote:
> Hi,
>
> A question was raised at the meeting about what would a user have to do
> when a tool incorrectly reports a violation of a MISRA rule.
>
> Here is an extract from MISRA Compliance:2016 section 3.4:
>
> "False diagnosis of a violation [...] should be investigated.
> Sometimes, the easiest and quickest solution will be to modify the
> source code to eliminate the message. However, this may not always be
> possible or desirable, in which case a record of the investigation
> should be kept. The purpose of the record is to: [...] Explain and, if
> possible, obtain the tool developer’s agreement that the tool diagnosis
> is incorrect [...] All records of such investigations should be
> reviewed and approved by an appropriately qualified technical
> authority."

This describes the usual process that most engineers normally
follow in response to a false positive.  It doesn't answer
the question I asked during the meeting: whether false positives
are accepted in the safety community and even preferred over
false negatives.  I asked that to confirm what I understood
Clive say sometime ago.  (The text also doesn't spell out
a requirement on an analyzer which is primarily what I'm
interested in, though I recognize that MISRA doesn't specify
requirements on analyzers.)

If this really is the mindset in the safety community I want
to understand why it exists to begin with and if intend to
cater to it.  There is no question that false positives are
a problem: they cost time, frustration, and ultimately money.
With a high enough rate they drown out true positives and
defeat the whole purpose of the analysis.  I have seen it
happen.  It looks exactly like Robert described yesterday:
a database so full of bugs that there aren't enough resources
to even triage.  I am interested in helping minimize this
problem -- but not in contributing to it.

But before answering this question we need to have a shared
understanding of what we mean by a true positive and what is
a false positive.  Hence my post yesterday Re: what constitutes
a rule violation?

Martin

>
> https://www.misra.org.uk/forum/download/file.php?id=692
>
> The deviation process however does not apply in this case, as it only
> applies when a guideline is actually violated.
>
> Fulvio
>
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
>




More information about the C-safe-secure-studygroup mailing list