I have questions about checkers provided by SonarQube
Did SonarQube implement checkers to check source code against all rules in AUTOSAR C++ 14 (“Guidelines for the use of the C++14 language in critical and safety-related systems”)?
Does any document/webpage show which rules of AUTOSAR C++14 are implemented?
SonarQube 6.7.6, Scanner 3.3
+1
I’d like to know the answers for these questions too.
Hello
We don’t support AUTOSAR C++ 14, or maybe we do but we don’t know because we did not take the time to map our rules to this standard.
Still, we do support MISRA C++ 2008, which was used as a basis for AUTOSAR, and we did recently an effort to improve its coverage. You can check the rules implemented here: https://rules.sonarsource.com/cpp/tag/misra-c++2008. These rules are available with SonarQube Developer Edition or directly on SonarCloud.io.
Our plan so far is to follow the current version of MISRA and to support the next version of it once it will be released. According to https://www.misra.org.uk/LinkClick.aspx?fileticket=n7HwIG-0JYk%3D&tabid=59, this version will integrate safety-related rules from AUTOSAR, and AUTOSAR will refer to this document instead of developing its own set of rules.
Regards
Alex
I was surprised that I got the feedback from you after 8 months. Thank you!
How about MISRA C:2012 standard?
SonarQube 6.7.6, Scanner 3.3
Thank you!
Hello,
We don’t cover a lot of the MISRA C 2012 rules. You can find the list of what we cover today here: https://rules.sonarsource.com/c/tag/misra-c2012 + https://rules.sonarsource.com/cpp/tag/misra-c2012.
We are struggling to find information about companies which need such compliance.
Can you share with us in which context you need to be compliant with one of the MISRA standards?
Thanks
Alex
For C++, MISRA and AUTOSAR are very common (per facto default) standards for development in the automotive industry, or any other area where safety is critical. For anything not immediately going to production, MISRA C++ 2008 (covering C++03 without dynamic memory allocations, exceptions, etc) is too restricting, so AUTOSAR is more popular. Either way, if you have to use either of the standards, it is mandatory to check your code against it. Doing this manually is impossible, so you have to use tools for it - if that tool conflicts with SonarQube or covers relevant SonarQube features, the decision will have to be to use that other tool (and ditch SonarQube).
@Alexandre_Gigleux I’m happy to provide some more context offline. Let me know if you’d like to chat.
Hi,
I had a similar requirement where some customers would need autosar in critical embedded devices for it’s core software platforms.
There is a traceability section in the below document
where they have mapped popular coding standards like isocpp, HiC, CERT and couple of more with autosar and added a remark how autosar deviates from it, if sonarqube has a similar mapping with autosar, that would be great, each rule may not be 100% autosar compliant or one may just add a column to these table where Sonarqube has a ruleset similar to it, even if it is near compliance to autosar, people using sonarqube will add these in their ruleset.
Would we have something like this traceability table from Sonarqube
Please let me know.