4.7. Stylechecks

4.7.1. Introduction

Stylechecks are a collection of static analysis rules that detect violations of coding standards, safety guidelines, security requirements, and general best practices. Findings reported by stylecheck rules can be viewed in the dashboard, denoted by the prefix SV.

The rulesets provided by the Axivion Suite can be broadly categorised into:

  • External standard-based rule groups: These groups implement checks for established coding standards and guidelines, such as MISRA C/C++, AUTOSAR C++, SEI CERT, and the Common Weakness Enumeration (CWE). They are organised according to the structure of the respective published documents.

  • General-purpose rule groups: These groups contain rules that are not tied to a specific external standard but represent widely accepted programming principles and best practices. Examples include GeneralPurpose, CodingStyle, and Miscellaneous.

  • Language-specific or framework-specific rule groups: These groups contain rules that are specific to a particular programming language or framework, such as C# for C# code, Rust for Rust code and Qt for the Qt framework.

4.7.2. Available Rule Groups

The following sections describe each top-level rule group available under Stylechecks, organised according to the three categories introduced above.

4.7.2.1. External Standard Rule Groups

  • MISRA: Misra is the root group for all MISRA guidelines for the use of C and C++ in critical systems, published by the Motor Industry Software Reliability Association (MISRA).

  • AutosarC++: AutosarC++ implements checks for a comprehensive set of rules developed for the use of the C++14 language in critical and safety-related embedded systems.

  • Cert: Cert implements the SEI CERT Coding Standard security checks published by the Software Engineering Institute (SEI) at Carnegie Mellon University. Axivion Suite currently supports the C and C++ rules.

  • CWE: CWE checks for software weaknesses catalogued in the Common Weakness Enumeration (CWE), a community-developed list maintained by MITRE. Each rule corresponds to a specific CWE entry and is identified by its CWE number. Some of the CWE rules are also available for C# in the C#-CWE sub-group.

  • SecureCoding: SecureCoding implements the ISO/IEC TS 17961 C Secure Coding technical specification. The standard defines secure coding rules for C programs and is aimed at preventing common vulnerability patterns.

  • CQM: CQM implements the Code-Quality-Management (CQM) Stylechecks defined in the 2006 book Code-Quality-Management: Technische Qualität industrieller Softwaresysteme transparent und vergleichbar gemacht by Dr. Frank Simon, Dipl.-Inform. Olaf Seng and Dipl.-Inform. Thomas Mohaupt. The CQM rules capture object-oriented design anti-patterns at the structural level. The companion CQMMetrics group provides the corresponding metric variants of these checks.

4.7.2.2. General-Purpose Rule Groups

  • CodingStyle: CodingStyle provides language-agnostic and C/C++ coding style checks that are not tied to a specific external standard. The group focuses on source code readability and maintainability conventions.

  • FaultDetection: FaultDetection is a collection of static checks for possible runtime errors. FaultDetection rules target conditions that may cause incorrect program behavior at runtime. Some rules in this group can use the results of StaticSemanticAnalysis to improve precision when it is enabled.

  • GeneralPurpose: GeneralPurpose provides a set of general-purpose and best-practice checks for C / C++ that do not belong to an external coding standard but represent widely accepted programming principles. This rule group is suitable to be enabled as a whole.

  • Miscellaneous: Miscellaneous contains checks that are not part of any specific standard. Note: this group exists for historical reasons and may be removed in the future. Use rules from GeneralPurpose or CodingStyle instead where possible.

  • CompilerErrata: CompilerErrata acts as a container for checks that detect whether source code is affected by known bugs (errata) in specific native compilers. The rule group itself contains no built-in rules. Instead, compiler errata rule packages obtained from Axivion are installed by selecting their respective rules directory via the “Additional rules” context menu item. Once installed, the errata rules appear under this group and can be enabled and configured like any other stylecheck.

4.7.2.3. Language-Specific Or Framework-Specific Rule Groups

  • C#: C# provides coding style checks specifically for C# source code. A subset of CWE rules is available for C# in the C#-CWE group.

  • CUDA: CUDA contains checks for CUDA C++ programming language and CUDA libraries usage. The rules cover various aspects of CUDA programming, including device synchronization, memory management and security best practices.

  • Qt: Qt provides rule groups for programs using the Qt framework, structured into Qt-Autosar, Qt-Clazy, Qt-Generic, and Qt-Security sub-groups. Generic framework support for Qt is also available at Frameworks-QtSupport.

  • Rust: Rust provides coding style checks for Rust source code, such as Rust-CheckExternSignatures which verifies that extern declarations match the signatures of their exported counterparts in the referenced compiled libraries.