Questions on MISRA Rules

JWRWSEU · March 28, 2024, 4:27pm

We have recently started using SonarQube at work, and so far we like what we see, however, we are now looking to be compliant with MISRA 2023 for C and C++.

SonarQube has several rule categories relating to MISRA:

based-on-misra (336)
misra-advisory (37)
misra-c++2008 (79)
misra-c++2023 (116)
misra-c2004 (43)
misra-c2012 (32)
misra-mandatory (3)
misra-required (76)

This hotch-potch is a bit frustrating. I can disregard the 2004, 2008 and 2012 categories. This leaves nothing obvious for MISRA C 2023. To which MISRA standard do misra-advisory, misra-required and misra-mandatory relate?

How do the based-on-misra rules actually relate to MISRA rules? Which standards are they based on?

I feel that SonarSource do not understand the purpose of a standard like MISRA. We can follow the rules, but unless we can show an auditor that we have a method of checking compliance, we cannot call ourselves MISRA-compliant, and we cannot use this metric to assure clients.

Can SonarSource please provide compliance tables for MISRA 2023, detailing which SonarQube rules correspond to which MISRA rules, and, in the case of the “based-on” rules, how they deviate from the MISRA standard?

ganncamp · March 29, 2024, 3:39pm

Hi,

I appreciate your frustration.

Plainly stated, SonarQube, SonarCloud and SonarLint are not compliance tools, and we do not have the tables you’re asking for.

What I can say is that the rules with the misra-c[++](year) tags are strict implementations, and according to the relevant Product Manager,

But we don’t have a timeline on that.

Ann

JolyLoic · March 29, 2024, 4:26pm

Hi @JWRWSEU,

I can provide additional information to what @ganncamp said:

The tags misra-advisory, misra-mandatory and misra-required should only appear on rules that are also tagged misra-c++2023. They directly reflect the category of the rule in the MISRA document.

We do not currently target MISRA C 2023, but I expect it to be very close to MISRA C 2012.

Roy · August 12, 2024, 10:59am

Are there any news re MISRA C/C++ 2023 ? or due dates?
Thank you

Geoffray · August 19, 2024, 1:55pm

Hello @Roy

Thanks for reaching out.
We have been working on high-priority topics lately, and the implementation of the MISRA C++2023 has been stopped.
Unfortunately, I cannot give you more details about the future, specifically about specific coverage of MISRA C++2023 and timelines. Still, I expect the topic to be clarified and communicated in the next quarter.

VarunP · August 26, 2024, 6:01am

Can you please confirm whether MISRA C 2012 is completely supported? Is CERT C also supported?

ganncamp · August 26, 2024, 11:50am

Hi @VarunP,

Welcome to the community!

There is some support for MISRA C 2012 and for CERT C, but neither is “completely” supported.

HTH,
Ann

VarunP · August 27, 2024, 4:53am

Thank you for the prompt response.
Can you please let me know which rules of MISRA C 2012 & CERT C are supported by the tool?

JWRWSEU · August 27, 2024, 7:51am

As they said in the original reply, although some MISRA rules are covered, SonarQube is not a MISRA-compliance tool. I do like SonarQube, but if you want to be certifiably MISRA-compliant, you need to get another tool.

As they also said in the original response, they do not have tables of which MISRA rules are covered.

Topic		Replies	Views
Misra C:2012 (including AMD4) compliance and plans for 2023? Product Manager for a Day compliance , misra	1	1218	June 9, 2023
Does SonarQube supports MISRA Standard? SonarQube Server / Community Build cfamily , misra	14	9965	June 2, 2022
SonarQube MISRA compliance sheet SonarQube Server / Community Build q_profiles , misra	4	2270	February 3, 2020
MISRA C/C++ rules implemented SonarQube Cloud misra	4	82	January 16, 2025
Should I set anything in SonarQube to analyze against MISRA C++ 2023? New rules / language support sonarqube , misra	3	215	April 29, 2024

Questions on MISRA Rules

Related topics