Checkers in SonarQube

I have questions about checkers provided by SonarQube

  1. Did SonarQube implement checkers to check source code against all rules in AUTOSAR C++ 14 (“Guidelines for the use of the C++14 language in critical and safety-related systems”)?

  2. Does any document/webpage show which rules of AUTOSAR C++14 are implemented?

SonarQube 6.7.6, Scanner 3.3

+1
I’d like to know the answers for these questions too.

Hello

We don’t support AUTOSAR C++ 14, or maybe we do but we don’t know because we did not take the time to map our rules to this standard.
Still, we do support MISRA C++ 2008, which was used as a basis for AUTOSAR, and we did recently an effort to improve its coverage. You can check the rules implemented here: https://rules.sonarsource.com/cpp/tag/misra-c++2008. These rules are available with SonarQube Developer Edition or directly on SonarCloud.io.

Our plan so far is to follow the current version of MISRA and to support the next version of it once it will be released. According to https://www.misra.org.uk/LinkClick.aspx?fileticket=n7HwIG-0JYk%3D&tabid=59, this version will integrate safety-related rules from AUTOSAR, and AUTOSAR will refer to this document instead of developing its own set of rules.

Regards
Alex

I was surprised that I got the feedback from you after 8 months. Thank you!

How about MISRA C:2012 standard?

  1. Does SonarQube cover all misra C 2012 rules?
  2. Does any document/webpage show which rules of MISRA C 2012 are implemented?

SonarQube 6.7.6, Scanner 3.3

Thank you!

Hello,

We don’t cover a lot of the MISRA C 2012 rules. You can find the list of what we cover today here: https://rules.sonarsource.com/c/tag/misra-c2012 + https://rules.sonarsource.com/cpp/tag/misra-c2012.

We are struggling to find information about companies which need such compliance.
Can you share with us in which context you need to be compliant with one of the MISRA standards?

Thanks
Alex

1 Like

For C++, MISRA and AUTOSAR are very common (per facto default) standards for development in the automotive industry, or any other area where safety is critical. For anything not immediately going to production, MISRA C++ 2008 (covering C++03 without dynamic memory allocations, exceptions, etc) is too restricting, so AUTOSAR is more popular. Either way, if you have to use either of the standards, it is mandatory to check your code against it. Doing this manually is impossible, so you have to use tools for it - if that tool conflicts with SonarQube or covers relevant SonarQube features, the decision will have to be to use that other tool (and ditch SonarQube).

2 Likes

@Alexandre_Gigleux I’m happy to provide some more context offline. Let me know if you’d like to chat.