MISRA Discussion Forums

Full Version: Compiler
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

qspi

I've got a project running under Safety Integrity Level 3 (MISRA).
I do have a static checker tool to enforce the rules put forth by the MISRA-C:2004, but I still do have to validate my compiler against MISRA, don't I?

What is the meaning of the following sentences found in the document?

\"The validation test [...] for compilers could consist of known good code from previous application. [...] It should be noted that validation testing of the compiler must be performed for the same set of compiler options, linker options and source library versions used when compiling the product code.\"
\"When choosing a compiler (which should be understood to include the linker), an ISO C compliant compiler should be used whenever possible. Where the use of the language is reliant on an \"implementation-defined\" feature (as identified in Annex G.3 of the ISO standard) then the developer must benchmark the compiler to establish that the implementation is as documented by the compiler writer.\"

And furthermore the next two rules: 6.1.1, 6.1.2

So if you know how to validate the compilation process of a compiler, or you know any compiler that is said to be MISRA compliant, please send response.

Gavin McCall

Answer: MISRA C Steering Team 5/1/06

Please contact your compiler vendor for further information.

A C Compiler translates C code to machine code.

This can be validated using various recognised test suites, to show that the compiler conforms to the language requirements of ISO C.

Note: most current compilers are compliant to ISO C90+A1+TCs, but not the current C99, however, most compilers tend to have some features of C99 and other proprietary extensions.
Gavin,

Gavin McCall Wrote:Answer: MISRA C Steering Team 5/1/06

This can be validated using various recognised test suites, to show that the compiler conforms to the language requirements of ISO C.


The validation certificates issued by BSI and NIST (when they were both in the compiler validation business) certified that the named compiler processed a particular set of tests in an acceptable way (ie, the 'error' tests resulted in a diagnostic being issued and the 'correct' were executed as they should be).

This then raises the question of who says the validation suite fully tests the requirements contained in the C Standard? One answer to that question is provided here: http://www.knosof.co.uk/whoguard.html

qspi

Dear Gavin,

Gavin McCall Wrote:

[..]This can be validated using various recognised test suites, to show that the compiler conforms to the language requirements of ISO C.

Note: most current compilers are compliant to ISO C90+A1+TCs[..]

it is clear that the compiler has to be ISO C compatible as it is granted for our compiler by the vendor (it is the Analog VDSP C compiler for Sharc processors).

However, according to the informations we've got from Mr. Chris Tapp (member of the MISRA C Working Group):
"simply having an ISO compatible compiler is unlikely to be considered suitable"

And according to the rules 6.1.1 and 6.1.2 it is clear that validation against the original C90 standard will not be sufficient, so it is still a question: how to prove the MISRA compliance of a compiler?
As described in the 2004 guideline for use, section 4.3.1, to follow MISRA guidelines we need to document a compliance matrix. This implies two things:

1. That we pass all our 'C' code through compilers and/or lint tools.
2. That we know which of the MISRA rules are checked by each compiler or lint that we use.

My question is, how do we find compilers or lint tools for this purpose?
I tried "MISRA C checker" in Google and received plenty of links to static testing tools and compilers that can check MISRA C compliance. In my experience, there is a wide range of price and performance. I suggest that you should perform an evaluation to help you in selecting the tool that best matches your needs.