[clang-tidy][RFC] Add Autosar C++14 clang-tidy module?

I like the idea of adding an AUTOSAR module to clang-tidy!

I know of at least two projects which have some work done already. The first one was started in the context of Google Summer of Code. You can find the final report at https://docs.google.com/document/d/1r6H5eYOji3mytkdpNJFPuc4PdmE2ZbrFeNAhEqkQIpU/edit. Some rules have already been implemented in an LLVM fork at https://github.com/Bareflank/llvm-project as mentioned in the report. The second one is a commercial project which has been presented at the 2020 Developers Meeting: https://www.youtube.com/watch?v=-6dL-7xkIV0. At the time of the presentation it was not quite clear whether the source code will be open-sourced at some point.

All in all, Autosar is not perfect but it’s an important enabler for e.g. the automotive industry to finally leave MISRA C++08 and move to modern C++14. There’s plans for new MISRA guidelines covering C++17 but it’s unclear when they’ll be published, so we need to live with Autosar for a little more.

Talking about MISRA, is there a reason why there are no ambitions to add another module for the MISRA guidelines? I would be very interested in clang-tidy being able to check for MSRA rules, too. Is it because the guidelines have to be licensed/bought? Is it not allowed to make them public in any way? Does anyone know?

Greetings,
Danny

I like the idea of adding an AUTOSAR module to clang-tidy!
Great to hear more positive impressions from the community!

I know of at least two projects which have some work done already
Thanks for the info. The Google SoC and Bareflank repos are the ones I referred to as “a couple of forks here and there”, didn’t know they are actually the same! I wonder how they dealt with the AUTOSAR license. Thanks for the video, very interesting talk. One point that was made there was that perhaps clang-tidy is not the best implementation choice - Clang and AST visitors are needed to implement the more complex rules. As a newbie I can’t really comment on that, hopefully someone knows better? From a “design” point of view I think it fits better in clang-tidy together with the other coding guidelines.

is there a reason why there are no ambitions to add another module for the MISRA guidelines?
I suppose nobody has brought it up yet? The current limitation of MISRA is that you need to actually buy the document, whereas AUTOSAR is publicly available. On the other hand, MISRA has a clear, established way forward regarding open-source checkers - you are allowed to mention the rule number, but not the complete rule text. This is mostly to make sure there is “one source of truth”, instead of inaccurate reproductions. You can read more about it here: https://forum.misra.org.uk/thread-884.html

In theory (I haven’t tried it myself) there’s already MISRA support in an open-source checker - cppcheck: https://cppcheck.sourceforge.io/misra.php
The way it works is that if you want to read the rule text, you need to purchase (I presume) a rules.txt file and pass it to cppcheck so it can print the contents.

I suppose that could work here as well, but I think the development process would be rather awkward. Not possible to document what a given rule is about, and only a select group of people who have purchased the document could actually review the patches. This would probably slow down development significantly. AUTOSAR would be easier to develop since everyone can easily contribute based on the publicly available document. I wonder if there are different licensing models that forbid inaccurate reproduction and yet allow the documents to be publicly available.

I am still waiting for a reply from AUTOSAR in order to get their approval for adding these checks to clang-tidy.

Best regards,
Carlos

Licensing questions aside, one practical reason is because the MISRA
guidelines are not freely available, so it's basically impossible to
perform code reviews for such checkers unless you already own a copy
of MISRA. The rest of the community then has to take it on faith that
the check actually does what the MISRA rule says it should do because
they have no way to verify.

~Aaron

What I conclude from that is that even if some people would work on a module for MISRA rules, the possibility is quite low that it will be accepted by the LLVM community for understandable reasons. Am I right about that?

That's my take on it. As a code reviewer, I wouldn't be able to
validate the check against the rules it means to implement (at least,
not without some licensing-related questions that I wouldn't really
want to get involved with in the first place).

~Aaron

What are those questions?

Sincerely,
Demi Marie Obenour (she/her/hers)

>>
>>> Licensing questions aside, one practical reason is because the MISRA
>>> guidelines are not freely available, so it's basically impossible to
>>> perform code reviews for such checkers unless you already own a copy
>>> of MISRA. The rest of the community then has to take it on faith that
>>> the check actually does what the MISRA rule says it should do because
>>> they have no way to verify.
>>
>> What I conclude from that is that even if some people would work on a module for MISRA rules, the possibility is quite low that it will be accepted by the LLVM community for understandable reasons. Am I right about that?
>
> That's my take on it. As a code reviewer, I wouldn't be able to
> validate the check against the rules it means to implement (at least,
> not without some licensing-related questions that I wouldn't really
> want to get involved with in the first place).

What are those questions?

Effectively: "How do I obtain a copy of these rules without paying for them?"

~Aaron

Effectively: “How do I obtain a copy of these rules without paying for them?”

Could the LLVM Foundation purchase a copy for developers to consult? I guess one issue would be people signing up as developers just to get their hands on the MISRA document and avoid paying.

Anyway I feel this thread is deviating a bit from the original scope (AUTOSAR). Would it make sense to open a separate thread for MISRA? Then it would more easily catch the eyes of MISRA members (like Chris above), and perhaps they might even comment on some of the issues we see. Otherwise I’m totally happy to continue the discussion here, it’s just a suggestion for better visibility.

/Carlos

Got a reply from AUTOSAR. I posted in the patch as well but I think it has better visibility here, sorry for the spam!

The AUTOSAR confidential statement states that these documents are considered under the license of AUTOSAR, thus a commercial usage without being a partner is not allowed.

Since we had other similar requests already, I can state that this usage of the guidelines is uncritical from AUTOSAR’s perspective.

What do you think, should I ask anything else? Let me know if I should forward the mailing conversation to someone in case they need full details.

Best regards,
Carlos

Tom,

Do you have any updates on this topic? You have set a blocking review on my patch since more than one and a half months ago. I have asked about this in the patch itself and haven’t got any reply yet. Looking forward to your feedback on what I can do to move forward with the patch.

Best regards,
Carlos

Tom,

Do you have any updates on this topic? You have set a blocking review on my patch <Login; since more than one and a half months ago. I have asked about this in the patch itself and haven't got any reply yet. Looking forward to your feedback on what I can do to move forward with the patch.

I don't have any updates, we are still trying to get in touch with
an attorney to get an answer.

-Tom

Thanks a lot for the quick response, let me know if you need anything.

Best regards,
Carlos