| Resource Standard Metrics - Software Source Code Analysis |
|
|
|
|
|
MISRA C Quality Coverage Analysis |
|
|
|
|
|
|
|
|
|
|
|
Peer Review Coverage |
36.22% |
|
|
|
|
RSM Coverage |
40.16% |
|
|
|
|
Compiler Coverage |
23.62% |
|
|
|
|
|
100.00% |
|
|
|
|
|
|
|
|
|
|
RSM User Defined Quality Notices could be constructed using Regular Expressions |
UDQN |
|
127 |
|
|
|
RSM Intrinsic Quality Notices (QN) are built into the tool |
QN |
|
51 |
30 |
46 |
|
|
Code style guide and code inspection |
INSP |
|
|
|
|
ANSI C Compiler enforced |
COMP |
|
|
|
|
|
|
|
|
|
| Rule |
Description of MISRA rule |
Discussion |
Type |
RSM |
CMP |
INSP |
|
| 1 |
no language extensions shall be used |
Language extensions by name can be specified as a User Define Quality Notice and RSM can Identify these. |
UDQN |
1 |
0 |
0 |
|
| 2 |
other languages should only be used with an interface standard |
Coding standard and inspections |
INSP |
0 |
0 |
1 |
|
| 3 |
inline assembly is only allowed in dedicated C functions |
The asm function can be identified using the RSM UDQN |
UDQN |
1 |
0 |
0 |
|
| 4 |
provision should be made for appropriate run-time checking |
RSM is a static test tool suggest using Purify and Compiler |
COMP |
0 |
1 |
0 |
|
| 5 |
only use characters defined by the C standard |
Specific characters can be identified using UDQN |
UDQN |
1 |
0 |
0 |
|
| 6 |
character values shall be restricted to a subset of ISO 106460-1 |
RSM could identify characters not in a set using UDQN |
UDQN |
1 |
0 |
0 |
|
| 7 |
trigraphs shall not be used |
Peer review inspections |
INSP |
0 |
0 |
1 |
|
| 8 |
multibyte characters and wide string literals shall not be used |
Specific characters can be identified using UDQN |
UDQN |
1 |
0 |
0 |
|
| 9 |
comments shall not be nested |
Enforced by compiler |
COMP |
0 |
1 |
0 |
|
| 10 |
sections of code should not be "commented out" |
Coding standard and inspections |
INSP |
0 |
0 |
1 |
|
| 11 |
identifiers shall not rely on significance of more than 31 characters |
Intrinsic RSM capability |
QN |
1 |
0 |
0 |
|
| 12 |
the same identifier shall not be used in multiple name spaces |
Namespaces are created for this purpose. This makes no sense |
INSP |
0 |
0 |
1 |
|
| 13 |
specific-length typedefs should be used instead of the basic types |
Use of basic type name can be identified |
UDQN |
1 |
0 |
0 |
|
| 14 |
use 'unsigned char' or 'signed char' instead of plain 'char' |
Use of plain char can be identified |
UDQN |
1 |
0 |
0 |
|
| 15 |
floating point implementations should comply with a standard |
Ansi standard languages and compilers insure this. |
COMP |
0 |
1 |
0 |
|
| 16 |
the bit representation of floating point numbers shall not be used |
Coding standard and inspections |
INSP |
0 |
0 |
1 |
|
| 17 |
typedef names should not be reused |
#undef can be identified to flag re-typedefing |
UDQN |
1 |
0 |
0 |
|
| 18 |
numeric constants should be suffixed to indicate type |
Coding standard and inspections |
INSP |
0 |
0 |
1 |
|
| 19 |
octal constants (other than zero) shall not be used |
RSM could identify int value2 = 01234; using a UDQN |
UDQN |
1 |
0 |
0 |
|
| 20 |
all object and function identifiers shall be declared before use |
Compiler insures this or RSM can identify the use of extern |
UDQN |
1 |
0 |
0 |
|
| 21 |
identifiers shall not hide identifiers in an outer scope |
Compilers will identify this |
COMP |
0 |
1 |
0 |
|
| 22 |
declarations should be at function scope where possible ("static v |
RSM could identify all occurrences of static |
UDQN |
1 |
0 |
0 |
|
| 23 |
all declarations at file scope should be static where possible |
RSM could identify all occurrences of static |
UDQN |
1 |
0 |
0 |
|
| 24 |
identifiers shall not have both internal and external linkage |
RSM can identify extern, compiler will identify ambiguity |
UDQN |
1 |
0 |
0 |
|
| 25 |
identifiers with external linkage shall have exactly one definition |
Compiler will identify ambiguity |
COMP |
0 |
1 |
0 |
|
| 26 |
multiple declarations for objects or functions shall be compatible |
Overloaded function context must be review at code reviews |
INSP |
0 |
0 |
1 |
|
| 27 |
external objects should not be declared in more than one file |
Compiler will identify multiply defined symbols |
COMP |
0 |
1 |
0 |
|
| 28 |
the 'register' storage class specifier should not be used |
RSM could identify this keyword |
UDQN |
1 |
0 |
0 |
|
| 29 |
the use of a tag shall agree with its declaration |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 30 |
all automatics shall be initialized before being used |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 31 |
braces shall be used in the initialization of arrays and structures |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 32 |
only the first, or all enumeration constants may be initialized |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 33 |
the right hand side of && or || shall not contain side effects |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 34 |
the operands of a logical && or || shall be primary expressions |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 35 |
assignment operators shall not be used in Boolean expressions |
RSM identifies = in if and while |
QN |
1 |
0 |
0 |
|
| 36 |
logical operators should not be confused with bitwise operators |
Compiler will insure this |
COMP |
0 |
1 |
0 |
|
| 37 |
bitwise operations shall not be performed on signed integers |
RSM can identify the Bit wise operators for post inspection |
UDQN |
1 |
0 |
0 |
|
| 38 |
a shift count shall be between 0 and the operand width minus 1 |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 39 |
The unary minus shall not be applied to an unsigned expression |
RSM can identify the - operator for post inspections |
UDQN |
1 |
0 |
0 |
|
| 40 |
sizeof' should not be used on expressions with side effects |
RSM can identify the use of sizeof for post inspections |
UDQN |
1 |
0 |
0 |
|
| 41 |
the implementation of integer division should be documented |
RSM can identify the / division operator |
UDQN |
1 |
0 |
0 |
|
| 42 |
the comma operator shall only be used in a 'for' condition |
RSM can identify the comma operator outside the for line or for post inspection |
UDQN |
1 |
0 |
0 |
|
| 43 |
don't use implicit conversions which may result in information loss |
Compiler will warn on this |
COMP |
0 |
1 |
0 |
|
| 44 |
redundant explicit casts should not be used |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 45 |
type casting from any type to/from pointers shall not be used |
RSM can identify (xxx)* case for post inspections |
UDQN |
1 |
0 |
0 |
|
| 46 |
the value of an expression shall be evaluation order independent |
Operator precedence and compiler define this |
COMP |
0 |
1 |
0 |
|
| 47 |
no dependence should be placed on operator precedence rules |
Peer review code inspection |
INSP |
0 |
0 |
1 |
|
| 48 |
mixed arithmetic should use explicit casting |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 49 |
tests of a (non-Boolean) value against 0 should be made explicit |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 50 |
F.P. variables shall not be tested for exact equality or inequality |
Peer review inspections |
INSP |
0 |
0 |
1 |
|
| 51 |
constant unsigned integer expressions should not wrap- around |
Peer review inspections |
INSP |
0 |
0 |
1 |
|
| 52 |
there shall be no unreachable code |
Compiler will warn of this condition |
COMP |
0 |
1 |
0 |
|
| 53 |
all non-null statements shall have a side-effect |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 54 |
a null statement shall only occur on a line by itself |
RSM can identify line with just ; as a NULL statement |
UDQN |
1 |
0 |
0 |
|
| 55 |
labels should not be used |
RSM could identify the : operator for post inspection |
UDQN |
1 |
0 |
0 |
|
| 56 |
the 'goto' statement shall not be used |
RSM identifies the use of goto |
QN |
1 |
0 |
0 |
|
| 57 |
the 'continue' statement shall not be used |
RSM identifies the use of continue |
QN |
1 |
0 |
0 |
|
| 58 |
the 'break' statement shall not be used (except in a 'switch') |
RSM identifies the use of break outside the switch |
QN |
1 |
0 |
0 |
|
| 59 |
an 'if' or loop body shall always be enclosed in braces |
RSM identifies logic control without scope braces |
QN |
1 |
0 |
0 |
|
| 60 |
all 'if', 'else if' constructs should contain a final 'else' |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 61 |
every non-empty 'case' clause shall be terminated with a 'break' |
RSM identifies case break mismatches assuming comments for "fall through" are used |
QN |
1 |
0 |
0 |
|
| 62 |
all 'switch' statements should contain a final 'default' case |
RSM identifies switches which have no default clauses |
QN |
1 |
0 |
0 |
|
| 63 |
a 'switch' expression should not represent a Boolean case |
Compiler will catch this error |
COMP |
0 |
1 |
0 |
|
| 64 |
every 'switch' shall have at least one 'case' |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 65 |
floating point variables shall not be used as loop counters |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 66 |
a "for" should only contain expressions concerning loop control |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 67 |
iterator variables should not be modified in a "for" loop |
Peer review inspection |
INSP |
0 |
0 |
1 |
|
| 68 |
functions shall always be declared at file scope |
RSM identifies functions with … for var args |
QN |
1 |
0 |
0 |
|
| 69 |
functions with variable number of arguments shall not be used |
RSM Identifies the (…) notation |
QN |
1 |
0 |
0 |
|
| 70 |
functions shall not call themselves |
Recursion is a well accepted design technique. The function could call itself through a function pointer so that trapping this occurrence is not deterministic. Suggest code review inspections |
INSP |
0 |
0 |
1 |
|
| 71 |
function prototypes shall be visible at the definition and call |
The compiler will enforce this. |
COMP |
0 |
1 |
0 |
|
| 72 |
identifiers shall be given for all prototype parameters definition |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 73 |
identifiers shall be given for all prototype parameters or for none |
Style guide and code inspection |
INSP |
0 |
0 |
1 |
|
| 74 |
parameter identifiers shall be identical for tion/definition |
Code review inspection |
INSP |
0 |
0 |
1 |
|
| 75 |
every function shall have an explicit return type |
The compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 76 |
functions with no parameters shall have a 'void' parameter list |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 77 |
an actual parameter type shall be compatible with the prototype |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 78 |
the number of actual parameters shall match the prototype |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 79 |
the values returned by 'void' functions shall not be used |
Function returning void return no parameters |
COMP |
0 |
1 |
0 |
|
| 80 |
void expressions shall not be passed as function parameters |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 81 |
"const" should be used for reference parameters not modified |
Design and Code Inspections |
INSP |
0 |
0 |
1 |
|
| 82 |
a function should have a single point of exit |
RSM identifies these conditions |
QN |
1 |
0 |
0 |
|
| 83 |
every exit point shall have a 'return' of the declared return type |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 84 |
for 'void' functions, 'return' shall not have an expression |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 85 |
function calls with no parameters should have empty parentheses |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 86 |
if a function returns error information, it should be tested |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 87 |
#include shall only be preceded by another directives or comment |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 88 |
non-standard characters shall not occur in #include directives |
Compiler preprocessor will catch this |
COMP |
0 |
1 |
0 |
|
| 89 |
#include shall be followed by either <filename> or "filename" |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 90 |
plain macros shall only be used for constants/qualifiers/specifiers |
RSM will Identify the use of non plain macros |
QN |
1 |
0 |
0 |
|
| 91 |
macros shall not be defined/undefined within a block |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 92 |
'#undef' should not be used |
RSM can identify this construct with UDQN |
UDQN |
1 |
0 |
0 |
|
| 93 |
a function should be used in preference to a function- like macro |
RSM can identify macros to help the Code inspection |
QN |
1 |
0 |
0 |
|
| 94 |
a function-like macro shall not be used without all arguments |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 95 |
macro arguments shall not contain pre-preprocessing directives |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 96 |
macro definitions/parameters should be enclosed in parentheses |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 97 |
don't use undefined identifiers in pre-processing directives |
Compiler will identify undefined identifiers |
COMP |
0 |
1 |
0 |
|
| 98 |
a macro definition shall contain at most one # or ## operator |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 99 |
all uses of the #pragma directive shall be documented |
RSM can identify the #pragma to help the code inspection |
UDQN |
1 |
0 |
0 |
|
| 100 |
'defined' shall only be used in one of the two standard forms |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 101 |
pointer arithmetic should not be used |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 102 |
no more than 2 levels of pointer indirection should be used |
RSM can identify the ** operator |
UDQN |
1 |
0 |
0 |
|
| 103 |
no relational operators between pointers to different objects |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 104 |
non-constant pointers to functions shall not be used |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 105 |
functions assigned to the same pointer shall be of indentical type |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 106 |
an automatic address may not be assigned to a longer lived object |
Code inspection is the best way to identify this. |
COMP |
0 |
1 |
0 |
|
| 107 |
the null pointer shall not be de-referenced |
Runtime testing and tools like Purify can test this. Also code inspections can catch a good deal of these. |
INSP |
0 |
0 |
1 |
|
| 108 |
all struct/union members shall be fully specified |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 109 |
overlapping variable storage shall not be used |
RSM can identify the use of union for overlapping storage |
UDQN |
1 |
0 |
0 |
|
| 110 |
unions shall not be used to access the sub-parts of larger types |
RSM can identify the use of union for overlapping storage |
UDQN |
1 |
0 |
0 |
|
| 111 |
bit fields shall have type 'unsigned int' or 'signed int' |
RSM can identify structs and the use of : in the C file |
UDQN |
1 |
0 |
0 |
|
| 112 |
bit fields of type 'signed int' shall be at least 2 bits long |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 113 |
all struct/union members shall be named |
Compiler will require this |
COMP |
0 |
1 |
0 |
|
| 114 |
reserved and standard library names shall not be redefined |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 115 |
standard library function names shall not be reused |
Compiler will enforce this |
COMP |
0 |
1 |
0 |
|
| 116 |
production libraries shall comply with the MISRA C restriction |
Code inspection is the best way to identify this. |
INSP |
0 |
0 |
1 |
|
| 117 |
the validity of library function parameters shall be checked |
Compiler for the library will enforce this. |
COMP |
0 |
1 |
0 |
|
| 118 |
dynamic heap memory allocation shall not be used |
RSM can identify use of dynamic memory functions |
QN |
1 |
0 |
0 |
|
| 119 |
'errno' should not be used |
RSM can identify errno |
UDQN |
1 |
0 |
0 |
|
| 120 |
the macro 'offsetof()' shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 121 |
<locale.h> and the 'setlocale' function shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 122 |
the 'setjmp' and 'longjmp' functions shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 123 |
the signal handling facilities of <signal.h> shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 124 |
the <stdio.h> library shall not be used in production code |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 125 |
the functions atof/atoi/atol shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 126 |
the functions abort/exit/getenv/system shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
| 127 |
the time handling functions of library <time.h> shall not be used |
RSM can identify this construct |
UDQN |
1 |
0 |
0 |
|
