I just got SonarQube running on our codebase and it’s showing 40 critical bugs which are all MISRA-C Rule 21.8 C static code analysis: "abort", "exit", "getenv" and "system" from <stdlib.h> should not be used. But the explanation:
getenv , and
system have implementation-defined behaviors, and should therefore be avoided.
doesn’t really explain the problem or how to fix it?
To understand this rule, you have to understand the philosophy of MISRA. MISRA is targeting safety-critical systems. In such a system, everything that is implementation-defined is a risk factor, that has to be mitigated.
So when such a rule says:
“abort”, “exit”, “getenv” and “system” from <stdlib.h> should not be used
What it really means is:
“abort”, “exit”, “getenv” and “system” from <stdlib.h> should only be used when you have validated that it is appropriate for your use case (and, if you are in a MISRA context, that you have properly documented this investigation).
So, it’s not really possible to “fix” this problem. What is possible in the tool is:
- to mark the issues as “Won’t fix” (once you’re convinced your behavior is satisfactory), or
- to deactivate the rule if you think that in your context, you are not at risk (note that this rule is not enabled in the SonarWay quality profile).
I hope this helps!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.