Cppcheck vs. cppcheck MISRA

I’m not clear on the differences between these two. It looks like the MISRA version runs recursively on a directory to produce a custom stdout report. I get the custom stdout report, but I’m a bit fuzzy on the recursive running on a directory. What’s the reason that I might choose the MISRA version, or the use case for it, instead of just cppcheck? Also, how would this get configured in Tangram Pro?

MISRA is utilized as a coding standard policy for safety critical systems and is integrated in to the qualified tool chain. I’m not clear on the practical difference between it and cppcheck, but I suspect the ruleset is able to be configured in MISRA more appropriately to safety critical certification (DO-178).

Hey Scott…welcome to Discuss! Thanks for the input. I was not aware it was integrated as part of the qualified tool chain.

Thinking about this a bit more @scott.lachance, if I were to use the MISRA version of cppcheck rather than the standard one, would that improve the generated artifacts from certification perspective? In other words, would it get them closer to certification either by 1) the fact it is part of the qualified tool chain and its use or 2) by identifying the types of errors the cert process is concerned and those errors being addressed before certification?

Yes, it would improve the certification perspective. Item 1), the qualified tool chain, must be qualified for each program. Using tools that are recognized (like SCADE) and standards (like MISRA) streamline this qualification. For item 2), the evidence generated by the tools is what is leveraged by the certifiers to validate the tools and processes are being followed. A sudden influx of defects might indicate that some upstream development is not properly using best practices, following the coding standards or other issue. The ability to detect these negative variations (in process and quality) is one of the goals of the tool chain. HTH

1 Like