---
doc-id: SLM-EPB-TQ-Cppcheck-001
version: 1.0
status: Released
date: 2026-05-12
---

# Tool Qualification — Cppcheck + MISRA addon

| Field         | Value                                  |
|---------------|----------------------------------------|
| Tool          | Cppcheck with MISRA addon              |
| Version       | 2.7+ (Linux apt) / 2.20.0 (Windows/macOS) |
| Vendor        | Daniel Marjamäki et al. (open source)  |
| Licence       | GPLv3                                  |
| Use           | Static analysis, MISRA C:2012 check    |
| Standard      | ISO 26262 Part 8 §11                   |

---

## 1. Purpose

This report qualifies Cppcheck with the MISRA addon for use in demo-epb development. Tool qualification per ISO 26262-8 §11 is mandatory when:

- The tool can influence the safety level of the software (TI > 1)
- The tool lacks off-the-shelf certification

## 2. Tool classification

### 2.1 Use cases

| UC-ID | Use case                          | Output verified?           |
|-------|-----------------------------------|----------------------------|
| UC-01 | Static analysis during build      | Via review (CI log)        |
| UC-02 | MISRA C:2012 compliance evidence  | Via deviation records      |
| UC-03 | Bug identification                | Findings are reviewed      |

### 2.2 Tool Impact (TI)

Definition per ISO 26262-8 §11.4.5.1:

| Question                                                              | Answer    |
|------------------------------------------------------------------------|-----------|
| Can a tool error lead to a violation of a safety requirement?          | Yes (the tool may miss bugs) |
| Can a tool error prevent detection of a bug?                          | Yes       |

⇒ **TI = TI2** (the tool can influence safety)

### 2.3 Tool Error Detection (TD)

Definition per ISO 26262-8 §11.4.5.4:

| Question                                                              | Answer       |
|------------------------------------------------------------------------|--------------|
| Is the tool output verified by other measures?                         | Partially: redundant via clang-tidy + code review + unit tests |
| Are bugs detected by downstream reviews / tests?                       | Yes          |

⇒ **TD = TD2** (medium detection probability)

### 2.4 Tool Confidence Level (TCL)

With TI2 + TD2 we obtain per ISO 26262-8 Table 4: **TCL2**.

### 2.5 Qualification method

For TCL2 + ASIL-D, a **tool qualification** is required (Table 5). Applicable methods:

- Increased confidence from use (§11.4.7) — available for Cppcheck
- Evaluation of the tool development process (§11.4.8)
- Validation of the software tool (§11.4.9)

In this project: **Increased Confidence from Use**.

## 3. Increased Confidence from Use — evidence

### 3.1 Maturity / adoption

| Criterion                              | Assessment                              |
|----------------------------------------|------------------------------------------|
| Tool age                               | > 15 years of development                |
| Active community                       | > 100 contributors on GitHub             |
| Releases per year                      | ~6 stable releases                       |
| Known automotive users                 | Documented users including several OEMs  |
| Bug tracker                            | Public (GitHub Issues)                   |
| Test suite                             | Own self-test suite, > 5000 tests        |

### 3.2 Prior use in project context

Cppcheck has been used since 2023 in slohmaier projects for static-analysis builds (anecdotally: ControlNav, BrailleKit). No known cases where Cppcheck missed a real safety violation that wasn't subsequently caught by code review.

### 3.3 Validation tests in project

Each build performs the following validation checks against Cppcheck:

| Test                                       | Expected behaviour              | Result    |
|--------------------------------------------|----------------------------------|-----------|
| Built-in test case `tests/validation_cppcheck.c` with intentionally injected bug | Cppcheck detects it | OK    |
| Cppcheck output is deterministic           | Repeated runs == identical     | OK        |
| MISRA rules checked against reference set | Detection ≥ 95% required rules | OK        |

## 4. Known limitations

| Limitation                              | Mitigation                                 |
|------------------------------------------|---------------------------------------------|
| MISRA addon does not implement all 175 rules completely | Manual review checklists for missing rules |
| Lower detection rate for heap bugs       | No heap usage in this project (MISRA 21.3) |
| False positives on complex pointer aliasing | Per-instance deviation records          |

## 5. Qualification verdict

Cppcheck with the MISRA addon is **qualified** for use in demo-epb at TCL2 ASIL-D, based on "Increased Confidence from Use".

This qualification applies to version 2.7+ on Linux (CI) and version 2.20.0 on macOS/Windows (developer workstations). On tool update the validation must be repeated (regression suite).

## 6. Scope

This tool qualification applies **only** to:
- Project: demo-epb
- ASIL: up to D
- Use: static analysis + MISRA check (CI + local)
- Tool versions: 2.7+ Linux / 2.20.0 macOS+Windows

## 7. Revision history

| Version | Date        | Change              | Author     |
|---------|-------------|---------------------|------------|
| 1.0     | 2026-05-12  | First release       | S. Lohmaier|