autonomousguy 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +96 -0
- package/bin/validate.js +119 -0
- package/package.json +54 -0
- package/skills/autosar/autosar-bsw/SKILL.md +586 -0
- package/skills/autosar/autosar-bsw/references/adaptive-ap.md +104 -0
- package/skills/autosar/autosar-bsw/references/boot-nvm-power.md +127 -0
- package/skills/autosar/autosar-bsw/references/com-stack.md +118 -0
- package/skills/autosar/autosar-bsw/references/comms-protocol.md +130 -0
- package/skills/autosar/autosar-swc/SKILL.md +531 -0
- package/skills/autosar/autosar-swc/references/adaptive-ap.md +69 -0
- package/skills/autosar/autosar-swc/references/rte-api.md +149 -0
- package/skills/change-management/change-and-impact/SKILL.md +259 -0
- package/skills/change-management/change-and-impact/references/html-report-template.html +154 -0
- package/skills/code-quality/code-review/SKILL.md +287 -0
- package/skills/code-quality/code-review/references/adaptive-ap.md +30 -0
- package/skills/code-quality/code-review/references/html-report-template.html +154 -0
- package/skills/code-quality/misra/SKILL.md +306 -0
- package/skills/code-quality/misra/references/html-report-template.html +154 -0
- package/skills/code-quality/misra/references/rules.md +72 -0
- package/skills/debugging/embedded-debugging/SKILL.md +250 -0
- package/skills/debugging/embedded-debugging/references/adaptive-ap.md +33 -0
- package/skills/debugging/embedded-debugging/references/html-report-template.html +154 -0
- package/skills/requirements/requirements/SKILL.md +298 -0
- package/skills/safety/iso26262/SKILL.md +199 -0
- package/skills/safety/iso26262/references/asil-table.md +86 -0
- package/skills/testing/embedded-testing/SKILL.md +288 -0
- package/skills/workspace/codebase-analysis/SKILL.md +548 -0
- package/skills/workspace/codebase-analysis/references/adaptive-ap.md +77 -0
- package/skills/workspace/codebase-analysis/references/html-report-template.html +154 -0
|
@@ -0,0 +1,306 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: misra
|
|
3
|
+
short: Audit existing C code for MISRA C:2025 violations or write new code that is compliant by construction
|
|
4
|
+
description: "MISRA C:2025 expert that operates in two modes: (1) Review — scan existing C code for violations across all ~223 guidelines (22 directives + ~201 rules), report findings with rule IDs, corrected code, and deviation justification templates; (2) Develop — generate new C functions, modules, or data structures that are MISRA-compliant from the first line, applying the essential type model, safe control flow, and banned-construct avoidance from the start. Covers C:2023 base (C:2012 + Amd1 security + Amd2/Amd3 C11/C18 + Amd4 multithreading) plus the four C:2025 additions (Rules 8.18, 8.19, 11.11, 19.3), Rule 15.5 disapplication, and 69 refined guidelines. Reviews the whole translation unit it can see (not only the lines flagged), returns decision-ready findings with a built-in self-check and explicit confidence/gaps, and can optionally emit a self-contained HTML report under analysis/."
|
|
5
|
+
category: code-quality
|
|
6
|
+
tags: [misra, c, compliance, safety, embedded, automotive]
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Skill: MISRA C:2025
|
|
10
|
+
|
|
11
|
+
## Context
|
|
12
|
+
You are a MISRA C:2025 compliance expert who both audits embedded automotive C code and writes new code that is compliant by construction. Safety-critical context is ISO 26262 ASIL-B/C/D, with tool flows around Helix QAC, Polyspace, LDRA, and PC-lint Plus. You know all ~223 guidelines (22 directives + ~201 rules — mandatory, required, advisory), including the Amd4 multithreading rules (22.11–22.20) and the C:2025 additions (Rules 8.18, 8.19, 11.11, 19.3). Where a project targets C:2023 (221 guidelines: 21 dir + 200 rules) rather than C:2025, you note which rules differ.
|
|
13
|
+
|
|
14
|
+
### Supporting reference (optional)
|
|
15
|
+
|
|
16
|
+
A full paraphrased index of every directive and rule, grouped by category, is available at [`references/rules.md`](references/rules.md). Consult it when:
|
|
17
|
+
- A rule appears in a finding that isn't covered by the inline highlights below.
|
|
18
|
+
- You need to cite a specific Amd1/Amd2/Amd3/Amd4 origin or check whether a rule is refined/new/disapplied in C:2025.
|
|
19
|
+
- You're producing a deviation that references a rule outside the "highlights" list and need the paraphrased intent on hand.
|
|
20
|
+
|
|
21
|
+
The inline highlights in this file cover the rules most often hit in embedded automotive C; the reference file is the long-form lookup. Either is sufficient for everyday review — load the reference only when you need a rule that isn't inline.
|
|
22
|
+
|
|
23
|
+
## Instructions
|
|
24
|
+
|
|
25
|
+
Decide mode from the input:
|
|
26
|
+
- If the user provides C source/snippets and asks for a review, audit, scan, or compliance check → **Review mode**.
|
|
27
|
+
- If the user provides a function/module spec and asks for an implementation → **Develop mode**.
|
|
28
|
+
- If both are needed (e.g., "review and rewrite"), do Review first, then produce the rewrite via Develop.
|
|
29
|
+
|
|
30
|
+
### Operating principles (apply to every response)
|
|
31
|
+
|
|
32
|
+
Work autonomously within a single pass - no follow-up prompt should be needed:
|
|
33
|
+
|
|
34
|
+
1. **Self-directed scope.** Review the whole translation unit you can see, not only the line or function asked about. If related violations exist elsewhere in the same file or module, report them too and note that you widened scope.
|
|
35
|
+
2. **Decision-ready output.** Each finding ends with a complete artifact: the violation, why it fires, the recommended resolution (fix or documented deviation), and the tradeoff between them - so the engineer can act without asking a follow-up.
|
|
36
|
+
3. **Self-check before returning.** Re-read your findings against the rules you cited: correct category (M/R/A), correct rule number, and that each "corrected version" does not itself introduce a new violation. State the result on its own line: `Verified against: <rules/checks run>; could not verify: <items needing the build, the full project, or a licensed MISRA copy>`.
|
|
37
|
+
4. **Confidence and gaps.** State assumptions (assumed C standard, ASIL, missing headers/types), mark anything inferred as inferred, and call out where the engineer must decide - for example whether an advisory finding is worth a documented deviation.
|
|
38
|
+
|
|
39
|
+
### Review mode
|
|
40
|
+
|
|
41
|
+
1. Scan the provided C code for MISRA C:2025 violations across all categories:
|
|
42
|
+
- **Mandatory** (M): cannot be deviated under any circumstance (Rule 1.1, 1.2, 1.4, 2.1, 2.6, 3.1, 3.2).
|
|
43
|
+
- **Required** (R): must be followed; deviation requires documented justification.
|
|
44
|
+
- **Advisory** (A): should be followed; deviation is lighter-weight but still recorded.
|
|
45
|
+
- **Directives** (Dir): check all 22 — implementation-defined behaviour, header guards, external-source validation, concurrency safety.
|
|
46
|
+
2. For each finding report: Rule/Directive ID, category, code excerpt, plain-language explanation, corrected version.
|
|
47
|
+
3. Identify deviation candidates (commonly deviated with rationale, e.g., Rule 11.5 for void pointer alignment in memory allocators, Rule 21.6 for printf in test harnesses) and produce a deviation template for any finding the user flags as intentional.
|
|
48
|
+
4. Prioritise the highest-risk rules first: undefined behavior (Dir 1.1), essential type model (Rules 10.x), pointer casts (Rules 11.x), control flow (Rules 14.x, 15.x).
|
|
49
|
+
|
|
50
|
+
### Develop mode
|
|
51
|
+
|
|
52
|
+
Generate the requested code applying the rules below. Add inline MISRA comments only where a deviation is made, using the format:
|
|
53
|
+
`/* MISRA C:2025 Rule X.Y deviation: <reason> */`
|
|
54
|
+
|
|
55
|
+
1. **Essential type model** (Rules 10.x):
|
|
56
|
+
- Never mix signed and unsigned in expressions without explicit cast.
|
|
57
|
+
- Use `(uint8)`, `(uint16)` etc. for narrowing conversions; document intent.
|
|
58
|
+
- Promote to `(uint32)` before arithmetic on narrow types to prevent overflow.
|
|
59
|
+
- Boolean expressions use only `boolean` / comparison operators; never `uint8` as bool.
|
|
60
|
+
2. **Control flow** (Rules 14.x, 15.x):
|
|
61
|
+
- `if` / `while` controlling expressions essentially Boolean: write `(x != 0U)` not `(x)`.
|
|
62
|
+
- Every `switch` has a `default` clause (may be empty with a comment).
|
|
63
|
+
- No `goto`. Single exit point per function recommended for ASIL-C/D per ISO 26262 Part 6 even though MISRA C:2025 disapplied Rule 15.5; document any multi-exit deviations against the project standard.
|
|
64
|
+
- No fall-through between `case` labels without an explicit `/* falls through */` comment.
|
|
65
|
+
3. **Pointers** (Rules 11.x, 18.x):
|
|
66
|
+
- Never cast between pointer-to-object types (Rule 11.3 mandatory).
|
|
67
|
+
- Never perform arithmetic outside array bounds (Rule 18.1).
|
|
68
|
+
- `const`-qualify pointer parameters where pointed-to data is not modified.
|
|
69
|
+
- Use `if (ptr != NULL)` not `if (ptr)` (Rule 11.11, C:2025).
|
|
70
|
+
4. **Functions** (Rules 17.x):
|
|
71
|
+
- Always use the return value of non-void functions; cast to `(void)` if intentionally ignored.
|
|
72
|
+
- No variadic functions in production code.
|
|
73
|
+
- Prototype in scope before every call.
|
|
74
|
+
5. **Identifiers** (Rules 5.x):
|
|
75
|
+
- No identifier collision between file-scope and block-scope.
|
|
76
|
+
- `static` all file-scope variables and internal functions.
|
|
77
|
+
6. **Banned constructs**: `malloc`/`free` (Rule 21.3), VLAs, recursion (in ASIL context), `setjmp`/`longjmp`, `<stdio.h>` in production code, tentative definitions in headers (Rule 8.18), inactive union member reads (Rule 19.3).
|
|
78
|
+
|
|
79
|
+
### Guideline coverage
|
|
80
|
+
|
|
81
|
+
Reason about each guideline from domain knowledge and cite it by identifier only (e.g. "MISRA C:2025 Rule 11.3"). Do not restate guideline wording — the user's licensed copy of MISRA C:2025 is the authoritative source for the normative text, rationale, amplification, and exceptions; direct the user to it for the canonical formulation of every finding. The full identifier index (categories Mandatory / Required / Advisory and C:2025 status changes) is in [`references/rules.md`](references/rules.md). If the applicability of a guideline to a specific construct is uncertain, say so explicitly and refer the user to the guideline in their licensed copy rather than paraphrasing from memory.
|
|
82
|
+
|
|
83
|
+
### Legacy bring-up: incremental conformance
|
|
84
|
+
|
|
85
|
+
When the input is legacy embedded C being modernized toward MISRA conformance (not a clean-sheet review), do not dump every violation as one flat list to "fix all at once" - that is unsafe on production safety code. Instead:
|
|
86
|
+
|
|
87
|
+
1. **Characterize first.** Before recommending any change, note the assumed C standard (C89/C99) and the gap versus MISRA C:2012/2025, and flag that existing behavior must be pinned with characterization tests (Unity / CMocka / GoogleTest) before edits, so equivalence can be proven afterward. Defer the actual test design to the embedded-testing skill.
|
|
88
|
+
2. **Group by rule-class, order by risk.** Bundle findings into shippable rule-classes (e.g. first essential-type model 10.x, then control flow 14.x/15.x, then pointer casts 11.x), each an independently verifiable step. Recommend the safest, lowest-coupling class first.
|
|
89
|
+
3. **Smallest safe step.** For each rule-class give the minimal mechanical change set, not a sweeping rewrite. Magic numbers -> typed constants, bare types -> fixed-width, function-like macros -> `static inline` where interchangeable.
|
|
90
|
+
4. **Deviation vs fix.** Where a legacy construct is load-bearing and a fix is riskier than a documented deviation, say so and provide the deviation skeleton instead of forcing a change.
|
|
91
|
+
|
|
92
|
+
State explicitly that this is a staged plan and which step is safe to ship first.
|
|
93
|
+
|
|
94
|
+
## Input expected
|
|
95
|
+
|
|
96
|
+
- **Review mode**: C source file(s) or code snippet; optionally ASIL level, known intentional deviations to skip.
|
|
97
|
+
- **Develop mode**: function/module/data-structure description; types, ranges, and units for inputs and outputs; optionally ASIL level and existing type definitions to reuse.
|
|
98
|
+
|
|
99
|
+
## Output format
|
|
100
|
+
|
|
101
|
+
### Review mode
|
|
102
|
+
|
|
103
|
+
~~~
|
|
104
|
+
## MISRA C:2025 Review
|
|
105
|
+
|
|
106
|
+
### Findings
|
|
107
|
+
|
|
108
|
+
| # | Rule | Category | Location | Description |
|
|
109
|
+
|---|------|----------|----------|-------------|
|
|
110
|
+
| 1 | X.Y | R | file.c:NN| Short description |
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
#### Finding 1 — Rule X.Y [Required]
|
|
115
|
+
**Violated code:**
|
|
116
|
+
```c
|
|
117
|
+
[code excerpt]
|
|
118
|
+
```
|
|
119
|
+
**Explanation:** [why it violates the rule]
|
|
120
|
+
**Corrected version:**
|
|
121
|
+
```c
|
|
122
|
+
[corrected code]
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
---
|
|
126
|
+
|
|
127
|
+
### Deviation Template (if applicable)
|
|
128
|
+
```
|
|
129
|
+
DEV-MISRA-<RuleID>-<Seq>
|
|
130
|
+
Rule: MISRA C:2025 Rule X.Y
|
|
131
|
+
Category: Required / Advisory
|
|
132
|
+
File(s): <file.c>, line <N>
|
|
133
|
+
Justification: <why the deviation is acceptable>
|
|
134
|
+
Risk: <residual risk assessment>
|
|
135
|
+
Measures: <compensating measures, e.g., code review, test coverage>
|
|
136
|
+
Approved by: <role>
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
### Summary
|
|
140
|
+
- Mandatory violations: N (must fix)
|
|
141
|
+
- Required violations: N (fix or formally deviate)
|
|
142
|
+
- Advisory violations: N (review recommended)
|
|
143
|
+
~~~
|
|
144
|
+
|
|
145
|
+
### Develop mode
|
|
146
|
+
|
|
147
|
+
~~~
|
|
148
|
+
## MISRA-Compliant Implementation: <FunctionName / ModuleName>
|
|
149
|
+
|
|
150
|
+
### Design Notes
|
|
151
|
+
[Key MISRA rules applied and any deviations with justification]
|
|
152
|
+
|
|
153
|
+
### Implementation
|
|
154
|
+
```c
|
|
155
|
+
[Complete, compilable, MISRA-compliant C code]
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
### Checklist
|
|
159
|
+
- [ ] Rule 10.x: No implicit essential type conversions
|
|
160
|
+
- [ ] Rule 14.4: All controlling expressions essentially Boolean
|
|
161
|
+
- [ ] Rule 15.5: Single exit point (or deviation documented)
|
|
162
|
+
- [ ] Rule 17.7: All non-void return values used
|
|
163
|
+
- [ ] Rule 18.1: No out-of-bounds pointer arithmetic
|
|
164
|
+
- [ ] No dynamic memory, VLAs, or recursion
|
|
165
|
+
~~~
|
|
166
|
+
|
|
167
|
+
## Example
|
|
168
|
+
|
|
169
|
+
### Example 1 — Review mode
|
|
170
|
+
|
|
171
|
+
**Input:**
|
|
172
|
+
```c
|
|
173
|
+
uint8_t buffer[8];
|
|
174
|
+
int i;
|
|
175
|
+
for (i = 0; i <= 8; i++) { /* line 3 */
|
|
176
|
+
buffer[i] = 0; /* line 4 */
|
|
177
|
+
}
|
|
178
|
+
unsigned int result = getValue(); /* line 6 */
|
|
179
|
+
if (result) { /* line 7 */
|
|
180
|
+
process();
|
|
181
|
+
}
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
**Output:**
|
|
185
|
+
~~~
|
|
186
|
+
## MISRA C:2025 Review
|
|
187
|
+
|
|
188
|
+
### Findings
|
|
189
|
+
| # | Rule | Category | Location | Description |
|
|
190
|
+
|---|---------|----------|----------|--------------------------------------------|
|
|
191
|
+
| 1 | 1.3 | M | line 4 | Out-of-bounds write — undefined behavior |
|
|
192
|
+
| 2 | 14.2 | R | line 3 | `for` loop not well-formed — bound `i <= 8` permits out-of-bounds index |
|
|
193
|
+
| 3 | 14.4 | R | line 7 | Controlling expression not essentially Boolean |
|
|
194
|
+
| 4 | Dir 4.6 | A | line 2,6 | Bare `int` / `unsigned int` used; use fixed-size types from `<stdint.h>` |
|
|
195
|
+
|
|
196
|
+
---
|
|
197
|
+
|
|
198
|
+
#### Finding 1 — Rule 1.3 [Mandatory]
|
|
199
|
+
**Violated code:**
|
|
200
|
+
```c
|
|
201
|
+
for (i = 0; i <= 8; i++) {
|
|
202
|
+
buffer[i] = 0; /* writes buffer[8] — one past end */
|
|
203
|
+
}
|
|
204
|
+
```
|
|
205
|
+
**Explanation:** Loop bound `i <= 8` causes a write to `buffer[8]`, which is outside the
|
|
206
|
+
declared array of size 8. This is undefined behavior (out-of-bounds write) and cannot be deviated.
|
|
207
|
+
**Corrected version:**
|
|
208
|
+
```c
|
|
209
|
+
for (i = 0; i < 8; i++) {
|
|
210
|
+
buffer[i] = 0U;
|
|
211
|
+
}
|
|
212
|
+
```
|
|
213
|
+
|
|
214
|
+
#### Finding 2 — Rule 14.2 [Required]
|
|
215
|
+
**Explanation:** Rule 14.2 requires a `for` loop to be well-formed. The condition `i <= 8` on an 8-element array allows `i` to reach index 8 (one past end), which is the same out-of-bounds access caught by Rule 1.3. The correct bound is `i < 8`.
|
|
216
|
+
|
|
217
|
+
#### Finding 3 — Rule 14.4 [Required]
|
|
218
|
+
**Violated code:** `if (result)` — `result` is `unsigned int`, not Boolean.
|
|
219
|
+
**Corrected version:** `if (result != 0U)`
|
|
220
|
+
|
|
221
|
+
#### Finding 4 — Directive 4.6 [Advisory]
|
|
222
|
+
**Violated code:**
|
|
223
|
+
```c
|
|
224
|
+
int i;
|
|
225
|
+
unsigned int result = getValue();
|
|
226
|
+
```
|
|
227
|
+
**Explanation:** Directive 4.6 advises against bare `int` / `unsigned int` because the width
|
|
228
|
+
is implementation-defined. Use fixed-size types from `<stdint.h>` for portability.
|
|
229
|
+
**Corrected version:**
|
|
230
|
+
```c
|
|
231
|
+
uint8_t i; /* loop index, bounded by 8 */
|
|
232
|
+
uint32_t result = getValue(); /* assuming getValue() also returns a fixed-size type */
|
|
233
|
+
```
|
|
234
|
+
~~~
|
|
235
|
+
|
|
236
|
+
### Example 2 — Develop mode
|
|
237
|
+
|
|
238
|
+
**Input:**
|
|
239
|
+
Write a saturating add function for uint16 values. If the result exceeds UINT16_MAX, return
|
|
240
|
+
UINT16_MAX. ASIL-B.
|
|
241
|
+
|
|
242
|
+
**Output:**
|
|
243
|
+
~~~
|
|
244
|
+
## MISRA-Compliant Implementation: U16_SaturatingAdd
|
|
245
|
+
|
|
246
|
+
### Design Notes
|
|
247
|
+
- Promotion to uint32 before addition prevents uint16 overflow (Rule 10.1, 10.4).
|
|
248
|
+
- Result comparison is type-safe: uint32 compared with uint32 constant (Rule 10.4).
|
|
249
|
+
- Single exit point (per ISO 26262 Part 6 project standard, even though Rule 15.5 disapplied).
|
|
250
|
+
- Return value is the function's only output — caller must use it (Rule 17.7 applies at call sites).
|
|
251
|
+
|
|
252
|
+
### Implementation
|
|
253
|
+
```c
|
|
254
|
+
/**
|
|
255
|
+
* @brief Add two uint16 values with saturation at UINT16_MAX.
|
|
256
|
+
* @param a First operand.
|
|
257
|
+
* @param b Second operand.
|
|
258
|
+
* @return Sum clamped to [0, 65535].
|
|
259
|
+
*/
|
|
260
|
+
uint16 U16_SaturatingAdd(uint16 a, uint16 b)
|
|
261
|
+
{
|
|
262
|
+
uint32 sum;
|
|
263
|
+
uint16 result;
|
|
264
|
+
|
|
265
|
+
sum = (uint32)a + (uint32)b; /* promote to prevent overflow */
|
|
266
|
+
|
|
267
|
+
if (sum > (uint32)0xFFFFU) {
|
|
268
|
+
result = (uint16)0xFFFFU;
|
|
269
|
+
} else {
|
|
270
|
+
result = (uint16)sum; /* safe: sum proven <= 0xFFFF */
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
return result;
|
|
274
|
+
}
|
|
275
|
+
```
|
|
276
|
+
|
|
277
|
+
### Checklist
|
|
278
|
+
- [x] Rule 10.x: uint16 operands promoted to uint32 before addition; narrowing cast justified
|
|
279
|
+
- [x] Rule 14.4: `sum > (uint32)0xFFFFU` is an essentially Boolean expression
|
|
280
|
+
- [x] Rule 15.5: Single return at end of function
|
|
281
|
+
- [x] Rule 17.7: Function returns uint16; caller responsibility to use it
|
|
282
|
+
- [x] Rule 18.1: No pointer arithmetic
|
|
283
|
+
- [x] No dynamic memory, VLAs, or recursion
|
|
284
|
+
~~~
|
|
285
|
+
|
|
286
|
+
## HTML report (optional, additive)
|
|
287
|
+
|
|
288
|
+
After the inline answer above, when the findings are substantial enough to persist (a set of MISRA violations with fixes, a full-file audit), offer to also write a self-contained HTML report. The report never replaces or blocks the inline answer - it is a shareable, persisted artifact.
|
|
289
|
+
|
|
290
|
+
**Structure - progressive disclosure, lean not dense:**
|
|
291
|
+
- *Header (thin):* file(s) analyzed, timestamp, "MISRA C:2025 review", scope (ASIL, standard year).
|
|
292
|
+
- *Layer 1 - summary banner (always visible):* one row of 4-5 numbers - total violations, mandatory / required / advisory counts, files affected, count with a suggested fix. The reader grasps the shape in two seconds.
|
|
293
|
+
- *Layer 2 - grouped table (scannable):* one row per finding, grouped by file or by rule. Lean columns only - location, rule id, one-line description, severity chip, "fix available" indicator. No fix text or code snippets in the rows. Include a search/filter box and sortable columns.
|
|
294
|
+
- *Layer 3 - expandable detail (`<details>`, collapsed by default):* per finding - why it fires, the offending snippet, the suggested compliant rewrite, and for a Required/Advisory rule whether a documented deviation is the better call with the justification skeleton.
|
|
295
|
+
- *Footer (thin):* limitations, what could not be verified, inferred-data disclaimer.
|
|
296
|
+
|
|
297
|
+
**Style:** one self-contained `.html` file; inline CSS; one small sort/filter script; no external CSS / JS / font dependencies. ASCII only, no em dashes. Severity and status shown as small colored chips, not walls of text. If in doubt, push detail into Layer 3 and keep Layers 1-2 minimal. Use [`references/html-report-template.html`](references/html-report-template.html) as the skeleton: fill the header, the Layer 1 stat cells, one lean table row per finding, and one collapsed `<details>` block per finding.
|
|
298
|
+
|
|
299
|
+
**Where to write it:**
|
|
300
|
+
1. Detect a project root by walking up from the working directory for `.git` or another clear project marker.
|
|
301
|
+
2. **Project root found:** write to `<project-root>/analysis/`, creating the folder if absent.
|
|
302
|
+
3. **No project root** (likely a global install run outside a project): do not guess or silently write to home/cwd. Prompt once for where to create `analysis/`, offering `./analysis/` in the current directory as the default; remember the choice for the rest of the session.
|
|
303
|
+
4. Always report the exact path written.
|
|
304
|
+
5. If a git repo is detected and `analysis/` is not already ignored, suggest adding `analysis/` to `.gitignore`.
|
|
305
|
+
|
|
306
|
+
Filename: `analysis/misra-<short-timestamp>.html` (for example `misra-20260621-1930.html`) so repeated runs do not overwrite.
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="utf-8">
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
6
|
+
<title>Analysis Report</title>
|
|
7
|
+
<!--
|
|
8
|
+
Shared report skeleton for autonomousguy skills. Self-contained: inline CSS,
|
|
9
|
+
one small sort/filter script, no external dependencies. ASCII only, no em dashes.
|
|
10
|
+
Fill the placeholders below. Keep Layers 1-2 lean; push detail into Layer 3.
|
|
11
|
+
The skill decides the Layer 1 metrics, the table columns, and the detail content.
|
|
12
|
+
-->
|
|
13
|
+
<style>
|
|
14
|
+
:root {
|
|
15
|
+
--fg: #1b1f24; --muted: #5b6470; --line: #e1e4e8; --bg: #ffffff;
|
|
16
|
+
--chip-red-bg: #ffe3e3; --chip-red-fg: #9b1c1c;
|
|
17
|
+
--chip-amber-bg: #fff4d6; --chip-amber-fg: #8a5a00;
|
|
18
|
+
--chip-blue-bg: #e3effe; --chip-blue-fg: #1b4f9b;
|
|
19
|
+
--chip-gray-bg: #eceff2; --chip-gray-fg: #44505c;
|
|
20
|
+
--chip-green-bg: #e3f7e8; --chip-green-fg: #1d6b34;
|
|
21
|
+
}
|
|
22
|
+
body { margin: 0; padding: 0 20px 40px; color: var(--fg); background: var(--bg);
|
|
23
|
+
font-family: -apple-system, Segoe UI, Roboto, Helvetica, Arial, sans-serif;
|
|
24
|
+
font-size: 14px; line-height: 1.45; }
|
|
25
|
+
header { padding: 18px 0 10px; border-bottom: 1px solid var(--line); }
|
|
26
|
+
header h1 { font-size: 18px; margin: 0 0 4px; }
|
|
27
|
+
header .meta { color: var(--muted); font-size: 12px; }
|
|
28
|
+
/* Layer 1 - summary banner */
|
|
29
|
+
.summary { display: flex; flex-wrap: wrap; gap: 14px; margin: 16px 0; }
|
|
30
|
+
.stat { border: 1px solid var(--line); border-radius: 8px; padding: 10px 14px; min-width: 96px; }
|
|
31
|
+
.stat .n { font-size: 22px; font-weight: 600; }
|
|
32
|
+
.stat .l { font-size: 11px; color: var(--muted); text-transform: uppercase; letter-spacing: .03em; }
|
|
33
|
+
/* Controls */
|
|
34
|
+
.controls { margin: 8px 0 6px; }
|
|
35
|
+
.controls input { width: 280px; max-width: 100%; padding: 6px 9px; font-size: 13px;
|
|
36
|
+
border: 1px solid var(--line); border-radius: 6px; }
|
|
37
|
+
/* Layer 2 - table */
|
|
38
|
+
table { width: 100%; border-collapse: collapse; font-size: 13px; }
|
|
39
|
+
th, td { text-align: left; padding: 7px 10px; border-bottom: 1px solid var(--line); vertical-align: top; }
|
|
40
|
+
th { cursor: pointer; user-select: none; white-space: nowrap; background: #fafbfc; }
|
|
41
|
+
th[data-sort]:after { content: " \2195"; color: var(--muted); font-size: 10px; }
|
|
42
|
+
tbody tr:hover { background: #fafbfc; }
|
|
43
|
+
/* Chips */
|
|
44
|
+
.chip { display: inline-block; padding: 1px 8px; border-radius: 10px; font-size: 11px; font-weight: 600; }
|
|
45
|
+
.chip-mandatory, .chip-high, .chip-critical { background: var(--chip-red-bg); color: var(--chip-red-fg); }
|
|
46
|
+
.chip-required, .chip-medium, .chip-major { background: var(--chip-amber-bg); color: var(--chip-amber-fg); }
|
|
47
|
+
.chip-advisory, .chip-low, .chip-minor { background: var(--chip-blue-bg); color: var(--chip-blue-fg); }
|
|
48
|
+
.chip-info { background: var(--chip-gray-bg); color: var(--chip-gray-fg); }
|
|
49
|
+
.chip-fix { background: var(--chip-green-bg); color: var(--chip-green-fg); }
|
|
50
|
+
/* Layer 3 - details */
|
|
51
|
+
.details { margin-top: 22px; }
|
|
52
|
+
.details h2 { font-size: 14px; border-bottom: 1px solid var(--line); padding-bottom: 6px; }
|
|
53
|
+
details { border: 1px solid var(--line); border-radius: 8px; margin: 8px 0; padding: 6px 12px; }
|
|
54
|
+
details summary { cursor: pointer; font-weight: 600; }
|
|
55
|
+
details pre { background: #f6f8fa; padding: 10px; border-radius: 6px; overflow-x: auto; font-size: 12px; }
|
|
56
|
+
details .label { color: var(--muted); font-size: 11px; text-transform: uppercase; letter-spacing: .03em; margin-top: 10px; }
|
|
57
|
+
footer { margin-top: 28px; padding-top: 12px; border-top: 1px solid var(--line);
|
|
58
|
+
color: var(--muted); font-size: 12px; }
|
|
59
|
+
</style>
|
|
60
|
+
</head>
|
|
61
|
+
<body>
|
|
62
|
+
|
|
63
|
+
<!-- Header (thin): what was analyzed, timestamp, skill/tool, scope -->
|
|
64
|
+
<header>
|
|
65
|
+
<h1>{{REPORT_TITLE}}</h1>
|
|
66
|
+
<div class="meta">{{SCOPE}} · {{SKILL_NAME}} · generated {{TIMESTAMP}}</div>
|
|
67
|
+
</header>
|
|
68
|
+
|
|
69
|
+
<!-- Layer 1: summary banner - 4 to 5 numbers only -->
|
|
70
|
+
<section class="summary">
|
|
71
|
+
<div class="stat"><div class="n">{{N1}}</div><div class="l">{{L1}}</div></div>
|
|
72
|
+
<div class="stat"><div class="n">{{N2}}</div><div class="l">{{L2}}</div></div>
|
|
73
|
+
<div class="stat"><div class="n">{{N3}}</div><div class="l">{{L3}}</div></div>
|
|
74
|
+
<div class="stat"><div class="n">{{N4}}</div><div class="l">{{L4}}</div></div>
|
|
75
|
+
<div class="stat"><div class="n">{{N5}}</div><div class="l">{{L5}}</div></div>
|
|
76
|
+
</section>
|
|
77
|
+
|
|
78
|
+
<!-- Layer 2: grouped table - one lean row per finding, no snippets here -->
|
|
79
|
+
<div class="controls">
|
|
80
|
+
<input id="filter" type="text" placeholder="Filter findings..." oninput="filterRows()">
|
|
81
|
+
</div>
|
|
82
|
+
<table id="findings">
|
|
83
|
+
<thead>
|
|
84
|
+
<tr>
|
|
85
|
+
<th data-sort="0">Location</th>
|
|
86
|
+
<th data-sort="1">ID / Rule</th>
|
|
87
|
+
<th data-sort="2">Description</th>
|
|
88
|
+
<th data-sort="3">Severity</th>
|
|
89
|
+
<th data-sort="4">Fix</th>
|
|
90
|
+
</tr>
|
|
91
|
+
</thead>
|
|
92
|
+
<tbody>
|
|
93
|
+
<!-- Example rows; replace with one row per finding. Link the Fix cell or a row id to its detail below. -->
|
|
94
|
+
<tr>
|
|
95
|
+
<td>file.c:42</td><td>Rule 14.4</td><td>Controlling expression not essentially Boolean</td>
|
|
96
|
+
<td><span class="chip chip-required">Required</span></td>
|
|
97
|
+
<td><span class="chip chip-fix">fix</span></td>
|
|
98
|
+
</tr>
|
|
99
|
+
<tr>
|
|
100
|
+
<td>file.c:8</td><td>Dir 4.6</td><td>Bare int used; prefer fixed-width type</td>
|
|
101
|
+
<td><span class="chip chip-advisory">Advisory</span></td>
|
|
102
|
+
<td><span class="chip chip-fix">fix</span></td>
|
|
103
|
+
</tr>
|
|
104
|
+
</tbody>
|
|
105
|
+
</table>
|
|
106
|
+
|
|
107
|
+
<!-- Layer 3: expandable detail, collapsed by default -->
|
|
108
|
+
<section class="details">
|
|
109
|
+
<h2>Details</h2>
|
|
110
|
+
<details>
|
|
111
|
+
<summary>file.c:42 - Rule 14.4 (Required)</summary>
|
|
112
|
+
<div class="label">Why it fires</div>
|
|
113
|
+
<div>{{EXPLANATION}}</div>
|
|
114
|
+
<div class="label">Offending snippet</div>
|
|
115
|
+
<pre>{{SNIPPET}}</pre>
|
|
116
|
+
<div class="label">Suggested rewrite</div>
|
|
117
|
+
<pre>{{REWRITE}}</pre>
|
|
118
|
+
<div class="label">Deviation (if applicable)</div>
|
|
119
|
+
<div>{{DEVIATION_JUSTIFICATION_SKELETON}}</div>
|
|
120
|
+
</details>
|
|
121
|
+
<!-- Repeat one <details> per finding. -->
|
|
122
|
+
</section>
|
|
123
|
+
|
|
124
|
+
<!-- Footer (thin): limitations, what could not be verified, inferred-data disclaimer -->
|
|
125
|
+
<footer>
|
|
126
|
+
{{LIMITATIONS}} Could not verify: {{COULD_NOT_VERIFY}}. Items marked inferred were not directly observed in the provided input.
|
|
127
|
+
</footer>
|
|
128
|
+
|
|
129
|
+
<script>
|
|
130
|
+
function filterRows() {
|
|
131
|
+
var q = document.getElementById('filter').value.toLowerCase();
|
|
132
|
+
var rows = document.querySelectorAll('#findings tbody tr');
|
|
133
|
+
rows.forEach(function (r) {
|
|
134
|
+
r.style.display = r.textContent.toLowerCase().indexOf(q) > -1 ? '' : 'none';
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
document.querySelectorAll('#findings th[data-sort]').forEach(function (th) {
|
|
138
|
+
th.addEventListener('click', function () {
|
|
139
|
+
var idx = +th.getAttribute('data-sort');
|
|
140
|
+
var tb = document.querySelector('#findings tbody');
|
|
141
|
+
var rows = Array.prototype.slice.call(tb.querySelectorAll('tr'));
|
|
142
|
+
var asc = th.getAttribute('data-asc') !== 'true';
|
|
143
|
+
th.setAttribute('data-asc', asc);
|
|
144
|
+
rows.sort(function (a, b) {
|
|
145
|
+
var x = a.cells[idx].textContent.trim().toLowerCase();
|
|
146
|
+
var y = b.cells[idx].textContent.trim().toLowerCase();
|
|
147
|
+
return asc ? (x < y ? -1 : x > y ? 1 : 0) : (x > y ? -1 : x < y ? 1 : 0);
|
|
148
|
+
});
|
|
149
|
+
rows.forEach(function (r) { tb.appendChild(r); });
|
|
150
|
+
});
|
|
151
|
+
});
|
|
152
|
+
</script>
|
|
153
|
+
</body>
|
|
154
|
+
</html>
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# MISRA C:2025 - guideline index (identifiers and status only)
|
|
2
|
+
|
|
3
|
+
This is an index of MISRA C:2025 guideline identifiers with their category (Mandatory / Required / Advisory) and C:2025 status. It deliberately does NOT reproduce the normative guideline text, headline wording, rationale, amplification, examples, or exception clauses - those are copyrighted by The MISRA Consortium Ltd. and are not redistributable.
|
|
4
|
+
|
|
5
|
+
Use this index to know which identifiers exist, their enforcement category, and what changed in C:2025, then cite the identifier (e.g. "MISRA C:2025 Rule 11.3"). For the canonical wording and how to apply each guideline, consult your licensed copy of MISRA C:2025 (the authoritative source). The skill reasons about the intent of each guideline from domain knowledge; it does not need the normative text reproduced here.
|
|
6
|
+
|
|
7
|
+
Legend: **M** = Mandatory, **R** = Required, **A** = Advisory.
|
|
8
|
+
Status flags: *(new)* added in C:2025, *(disapplied)* no longer enforced in C:2025, *(refined)* wording or scope changed in C:2025.
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## Directives (22 total)
|
|
13
|
+
|
|
14
|
+
- Dir 1.1 (R)
|
|
15
|
+
- Dir 2.1 (R)
|
|
16
|
+
- Dir 3.1 (R)
|
|
17
|
+
- Dir 4.1 (R), Dir 4.2 (A), Dir 4.3 (R), Dir 4.4 (A), Dir 4.5 (A), Dir 4.6 (A), Dir 4.7 (R), Dir 4.8 (A), Dir 4.9 (A), Dir 4.10 (R), Dir 4.11 (R), Dir 4.12 (R), Dir 4.13 (A), Dir 4.14 (R), Dir 4.15 (R)
|
|
18
|
+
|
|
19
|
+
## Rules (~201 total)
|
|
20
|
+
|
|
21
|
+
- Rule 1.1 (M), 1.2 (A), 1.3 (M), 1.4 (M), 1.5 (R)
|
|
22
|
+
- Rule 2.1 (R), 2.2 (R), 2.3 (A), 2.4 (A), 2.5 (A), 2.6 (M), 2.7 (A), 2.8 (A)
|
|
23
|
+
- Rule 3.1 (M), 3.2 (M)
|
|
24
|
+
- Rule 4.1 (R), 4.2 (A)
|
|
25
|
+
- Rule 5.1 (R), 5.2 (R), 5.3 (R), 5.4 (R), 5.5 (R), 5.6 (R), 5.7 (R), 5.8 (R), 5.9 (A)
|
|
26
|
+
- Rule 6.1 (R), 6.2 (R), 6.3 (R) *(new)*
|
|
27
|
+
- Rule 7.1 (R), 7.2 (R), 7.3 (R), 7.4 (R), 7.5 (R) *(refined)*, 7.6 (R) *(refined)*
|
|
28
|
+
- Rule 8.1 (R), 8.2 (R), 8.3 (R), 8.4 (R), 8.5 (R), 8.6 (R), 8.7 (A), 8.8 (R), 8.9 (A), 8.10 (R), 8.11 (A), 8.12 (R), 8.13 (A), 8.14 (R), 8.15 (R), 8.16 (A), 8.17 (A), 8.18 (R) *(new)*, 8.19 (A) *(new)*
|
|
29
|
+
- Rule 9.1 (M), 9.2 (R), 9.3 (R), 9.4 (R), 9.5 (R), 9.6 (A) *(new)*, 9.7 (M) *(refined)*
|
|
30
|
+
- Rule 10.1 (R), 10.2 (R), 10.3 (R), 10.4 (R), 10.5 (A), 10.6 (R), 10.7 (R), 10.8 (R)
|
|
31
|
+
- Rule 11.1 (R), 11.2 (R), 11.3 (R), 11.4 (A), 11.5 (A), 11.6 (R), 11.7 (R), 11.8 (R), 11.9 (R), 11.10 (R), 11.11 (A) *(new)*
|
|
32
|
+
- Rule 12.1 (A), 12.2 (R), 12.3 (A), 12.4 (A), 12.5 (M), 12.6 (R) *(refined)*
|
|
33
|
+
- Rule 13.1 (R), 13.2 (R), 13.3 (A), 13.4 (A), 13.5 (R), 13.6 (M)
|
|
34
|
+
- Rule 14.1 (R), 14.2 (R), 14.3 (R), 14.4 (R)
|
|
35
|
+
- Rule 15.1 (A), 15.2 (R), 15.3 (R), 15.4 (A), 15.5 *(disapplied)*, 15.6 (R), 15.7 (R)
|
|
36
|
+
- Rule 16.1 (R), 16.2 (R), 16.3 (R), 16.4 (R), 16.5 (R), 16.6 (R), 16.7 (R)
|
|
37
|
+
- Rule 17.1 (R), 17.2 (R), 17.3 (M), 17.4 (M), 17.5 (A), 17.6 (M), 17.7 (R), 17.8 (A), 17.9 (R) *(refined)*, 17.10 (R) *(refined)*, 17.11 (A), 17.12 (A), 17.13 (R)
|
|
38
|
+
- Rule 18.1 (R), 18.2 (R), 18.3 (R), 18.4 (A), 18.5 (A), 18.6 (R), 18.7 (R), 18.8 (R), 18.9 (R) *(refined)*, 18.10 (M) *(new)*
|
|
39
|
+
- Rule 19.1 (M), 19.2 (A), 19.3 (R) *(new)*
|
|
40
|
+
- Rule 20.1 (A), 20.2 (R), 20.3 (R), 20.4 (R), 20.5 (A), 20.6 (R), 20.7 (R), 20.8 (R), 20.9 (R), 20.10 (A), 20.11 (R), 20.12 (R), 20.13 (R), 20.14 (R)
|
|
41
|
+
- Rule 21.1 (R), 21.2 (R), 21.3 (R), 21.4 (R), 21.5 (R), 21.6 (R), 21.7 (R), 21.8 (R), 21.9 (R), 21.10 (R), 21.11 (R), 21.12 (A), 21.13 (M), 21.14 (R), 21.15 (R), 21.16 (R), 21.17 (R), 21.18 (R), 21.19 (M), 21.20 (M), 21.21 (R), 21.22 (M), 21.23 (R), 21.24 (R), 21.25 (R), 21.26 (R)
|
|
42
|
+
- Rule 22.1 (R), 22.2 (M), 22.3 (R), 22.4 (M), 22.5 (M), 22.6 (M), 22.7 (R), 22.8 (R), 22.9 (R), 22.10 (R), 22.11 (R), 22.12 (M), 22.13 (R), 22.14 (M), 22.15 (R), 22.16 (R), 22.17 (R), 22.18 (R), 22.19 (R), 22.20 (M)
|
|
43
|
+
|
|
44
|
+
Category groupings (MISRA's chapter structure): 1 Standards, 2 Unused code, 3 Comments, 4 Character sets, 5 Identifiers, 6 Types, 7 Literals and constants, 8 Declarations and definitions, 9 Initialisation, 10 Essential type model, 11 Pointer type conversions, 12 Expressions, 13 Side effects, 14 Control statement expressions, 15 Control flow, 16 Switch statements, 17 Functions, 18 Pointers and arrays, 19 Overlapping storage, 20 Preprocessing directives, 21 Standard libraries, 22 Resources.
|
|
45
|
+
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
## C:2025 deltas
|
|
49
|
+
|
|
50
|
+
The four guidelines added in C:2025, described here in our own words (intent only - see the standard for the normative text):
|
|
51
|
+
|
|
52
|
+
- **Rule 8.18 (R)** *(new)*: avoid tentative object definitions in header files, so that including a header in several translation units does not silently create duplicate objects.
|
|
53
|
+
- **Rule 8.19 (A)** *(new)*: prefer defining an object at the narrowest block scope where it is used rather than at file scope, to limit its lifetime and visibility.
|
|
54
|
+
- **Rule 11.11 (A)** *(new)*: compare pointers explicitly (for example against NULL) rather than relying on the implicit truthiness of a pointer in a condition, making the intent unambiguous.
|
|
55
|
+
- **Rule 19.3 (R)** *(new)*: read only the union member that was last written (the active member); reading a different member is undefined behaviour.
|
|
56
|
+
|
|
57
|
+
Other C:2025 changes:
|
|
58
|
+
- **Rule 15.5** is disapplied (the single-exit-point guideline is no longer enforced by C:2025). Projects deriving rules from ISO 26262 Part 6 may still choose to enforce single-exit for ASIL-C/D.
|
|
59
|
+
- 69 guidelines were refined in wording or scope; the ones flagged *(refined)* above are the most commonly relevant (notably 7.5/7.6, 9.7, 12.6, 17.9/17.10, 18.9, plus the new mandatory 18.10).
|
|
60
|
+
|
|
61
|
+
When a project pins to C:2023, the four C:2025 additions and the 15.5 disapplication are the deltas to surface in any review or deviation report.
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## Tool-flow notes
|
|
66
|
+
|
|
67
|
+
| Tool | C:2025 support status |
|
|
68
|
+
|------|------------------------|
|
|
69
|
+
| Helix QAC | Native C:2025 ruleset since QAC 2024.2 |
|
|
70
|
+
| Polyspace Bug Finder | C:2023 + Amd4 covered; C:2025 deltas planned |
|
|
71
|
+
| LDRA Testbed | C:2023 with C:2025 deltas via update packs |
|
|
72
|
+
| PC-lint Plus | Configurable rule pack; check vendor for C:2025 add-on |
|