MISRA-C Rule 21.8

I just got SonarQube running on our codebase and it’s showing 40 critical bugs which are all MISRA-C Rule 21.8 C static code analysis: "abort", "exit", "getenv" and "system" from <stdlib.h> should not be used. But the explanation:

<stdlib.h> 's abort , exit , getenv , and system have implementation-defined behaviors, and should therefore be avoided.

doesn’t really explain the problem or how to fix it?

Hi @Tom_Isaacson,

To understand this rule, you have to understand the philosophy of MISRA. MISRA is targeting safety-critical systems. In such a system, everything that is implementation-defined is a risk factor, that has to be mitigated.

So when such a rule says:

“abort”, “exit”, “getenv” and “system” from <stdlib.h> should not be used

What it really means is:

“abort”, “exit”, “getenv” and “system” from <stdlib.h> should only be used when you have validated that it is appropriate for your use case (and, if you are in a MISRA context, that you have properly documented this investigation).

So, it’s not really possible to “fix” this problem. What is possible in the tool is:

  • to mark the issues as “Won’t fix” (once you’re convinced your behavior is satisfactory), or
  • to deactivate the rule if you think that in your context, you are not at risk (note that this rule is not enabled in the SonarWay quality profile).

I hope this helps!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.