misra compliance

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

From the article:

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

If you are strongly interested in MISRA and would like to understand whether your project meets one of the MISRA association's standards, there is a solution. It's name is MISRA Compliance.

Why do you need the MISRA Compliance report and how to generate one in PVS-Studio?

by Nikolay Mironov

From the article:

To make this simpler, let's take rule 1.1 that has the standard value of the category equal to Required. If you look at the table, you can see that acceptable compliance values for Required are Compliance or Deviations (I'll talk more about the meaning of these statuses later). This means that if your project complies with rule 1.1, or if it complies with this rule with some deviations - everything is fine and you can go to the next rule. If you get at least one hit in Violations or Disapplied, then the project does not comply with MISRA C 2012. If all rules have acceptable values only, congratulations! Your project complies with the MISRA C 2012 standard. If you have a hit in the red zone (the table above), you do not comply with the standard.