CDT and structured analysis / Misra-C

MDSD is one way to improve quality and speed in software development. However, not all code in a system will be generated. There is usually a certain amount of code that is still handcoded. Manually written code is more error-prone, especially when you use languages that give you a high degree of freedom – such as C, which is still one of the most important languages in embedded systems. To prevent some of the pitfalls that C might have, especially for safety-relevant systems, programming guidelines are usually introduced. One of the best known set of guidelines is the Misra-C specification, which has its roots in the automotive industry.

It has several rules that intend to reduce ambiguities (it requires {} around the if/else-clauses), to avoid memory-related problems (no use of recursive function calls, no malloc) and things that make code hard to maintain (no more than two level of pointer indirection – **x is OK, ***x is not).

Obviously, this needs to be checked, and there is a number of commercial tools available that do this, most often as a command-line tool. However, Eclipse provides the CODAN framework, which makes structured analysis (and writing e.g. a Misra checker) much easier. It also has the advantage, that the analysis is done in the IDE, during coding and no build cycle is necessary. In a short time, I have implemented the following Misra-checks:

M2.2, M2.3




(sorry for the numbers, Misra has a copyright that does not allow you to freely reproduce their check descriptions). Some of these checks took only minutes to write, once you get to know the framework. Here is a screenshot of M14.8 (if, while, etc… have to be followed by {} )

Note the error markers.

I will add more checks when I have time. However, from the Miscra-licensing, it seems not possible to release it as open source. However, if you are interested, contact me and we could discuss.