We need to scan our C and C++ code through the HIS and MISRA metrics to meet rigorous Compliance requirements of the critical software which our organization develops. Currently, MISRA Rules are available in Sonar. However, HIS metrics Rules are NOT available.
For a more comprehensive scan and to be able to get all that we need from Sonar and to NOT have to go to any other tool like Klocwork, we are proposing a new feature suggestion to include HIS metrics Rules in C, C++ Quality Profiles.
We also believe that this feature suggestion will not just be beneficial to us but for all organizations worldwide who comply with such high coding standards.
Please find a related discussion thread on the forum: Compare Sonarqube to Klocwork
I assume that you are referring to High Integrity C++?
You are right that we don’t explicitly support it, and at the same time, since there is quite some overlap between this standard and MISRA, we probably implicitly already cover many of those rules (and I know this standard was also studied when defining the content of the upcoming version of MISRA C++).
Hello again @d-dixit
Sorry for the confusion. I missed the term metric when I read your title, so I did not understand what you were talking about.
Historically, we had more metrics in our products, but many of them were removed because we did not feel that they had a high level of significance.
I remember that in MISRA committee there were also some discussions about metrics (including Hersteller), and that the shared sentiment was that we were not really sure of the value that they were really bringing to the code in term of safety and even in term of readability.
So, are HIS metrics included currently in C, C++ Sonar Quality Profiles?
Or is there a plan to consider adding them?
Do we have some sort of a documentation/plan/conclusion which I can refer related to the same?
No, they are not.
Not currently. It will of course depends if this suggestion get up-voted a lot.