On 09/01/17 12:34, Jim MacArthur wrote: > Hi all, I've become involved in a group which seeks to refine previous > efforts in both safety-critical and secure coding standards (for example > MISRA and CERT-C). We note that in the past MISRA has been declined for > explicit inclusion in GCC but that parts of it and CERT-C are tested by > individual flags. > > For either new standards or existing standards like TS 17961, would the > GCC maintainers be opposed to forming a new option (possibly an option > for --std=) to test for a particular standard, or whatever subset of it > can currently be checked? I expect someone from the our group would > provide patches for the tests. > > One of the reasons for asking is that we'd like to remove any barriers > to adoption of our new standard by GCC; in particular, trying to > determine if the new standard not being LGPL or similar would be a problem. > > Thanks for any advice you can offer. > > Jim MacArthur >
Things like MISRA and CERT-C are not "standards" in the sense of "language standards", and thus are not appropriate for "--std" options. They are coding standards, rather than language standards. Normal "MISRA" uses the ISO C90 language standard, MISRA C:2012 uses ISO C99 or C90, and MISRA C++:2008 uses ISO C++2003. So you would start with those languages for the --std= option. I don't know about CERT-C, but one of the challenges of implementing MISRA coding standards checking in gcc is that the MISRA documents are not free. They are cheap (about $10, I think), but since they are not free there are likely to be copyright complications. I think it would be difficult for gcc to have a warning that rejects non-zero octal constants with the message "MISRA Rule 7.1: Octal constants shall not be used", even though it should be fairly straightforward (and highly desirable) for gcc to have a warning on the use of non-zero octal constants. I would imagine that the best way to make a MISRA or CERT-C checked would be as a plugin to gcc. That would let you be a lot freer about the development, as it can be done independently from the main gcc code, and it frees you from the copyright restraints of mainline gcc (you don't have to assign the copyright to gnu, which I think could be problematic with wording taken from MISRA documents). Two likely starting points here would be the gcc Python plugin, and Melt (which uses as sort of LISP language for plugins). Much as I dislike MISRA (whose rules are, IMHO, 50% good, 50% obvious, and 50% bad), for some uses it is an advantage to be able to check for MISRA compliance and get the warnings. So a project to make such warnings in gcc would be a very nice idea. mvh., David
