Organizations / MISRA
MISRA
The MISRA Consortium · misra.org.uk/
MISRA publishes the most widely used C and C++ coding guidelines for safety- and security-critical software. Its Compliance:2020 document defines how a project demonstrates compliance — enforcement, deviations, re-categorization, and a compliance summary — which is the basis for the packs below.
How the publications map to ponens policies
MISRA's individual guidelines (143+ rules and directives) are checked by static analysis of source code, not by a trace — so ponens does not re-encode the rules. What ponens governs is the MISRA Compliance:2020 *process*: the four required artifacts (Guidelines Enforcement Plan, Re-categorization Plan, Compliance Summary, and deviation records) and the category rules (Mandatory / Required / Advisory). Each becomes a policy over a coding/CI trace — that static analysis runs against the ruleset before commit, that Mandatory guidelines are never deviated, that every Required violation carries an approved deviation with rationale, that re-categorizations are recorded in the GRP, and that a Compliance Summary is produced.
This is the natural division of labour for an AI coding agent: the analyzer finds the rule violations, and ponens checks that the agent followed the compliance process around them — making the analyzer's output auditable rather than advisory. The two packs share this process; they differ only in the ruleset they enforce (misra_c_ruleset for MISRA C:2012, misra_cpp_ruleset for MISRA C++:2023) and the guidelines they reference. Running a pack with ponens trace check aggregates to Green / Amber / Red: a Mandatory violation, an undeviated Required violation, or a missing Compliance Summary is Red; advisory records, enforcement-plan coverage, and undecidable-rule review are Amber.
MISRA C
The MISRA Compliance:2020 process for MISRA C:2012 — enforcement, deviations, re-categorization, and compliance summary — as computable policies over a coding/CI trace.
Maps the MISRA Compliance:2020 framework onto ponens policies for MISRA C:2012. The individual coding rules are enforced by static analysis; this pack checks the compliance process around them — analysis before commit, Mandatory never deviated, Required violations covered by approved deviations, re-categorizations recorded in the GRP, and a Guidelines Compliance Summary produced.
Source: MISRA Compliance:2020 (MISRA C:2012 ruleset).
Analysis & Enforcement (GEP) 2
misra_c_enforcement_plan_defined warning MISRA C: Enforcement Plan Defined
Each guideline analysed has a defined enforcement means in the Guidelines Enforcement Plan.
G(StaticAnalysis → enforcement_plan)misra_c_static_analysis_before_commit error MISRA C: Static Analysis Before Commit
Source is checked against the MISRA C:2012 ruleset by static analysis before it is committed.
G(GitCommit → P(StaticAnalysis ∧ misra_c_ruleset))Guideline Categories 3
misra_c_advisory_violation_recorded warning MISRA C: Advisory Violation Recorded
Violations of Advisory guidelines are recorded (a formal deviation is not required, but the decision is documented).
G(advisory_violation → recorded)misra_c_no_mandatory_violation error MISRA C: No Mandatory Violation
Mandatory guidelines are never violated — no deviation is permitted against a Mandatory guideline.
G(¬mandatory_violation)misra_c_required_violation_deviated error MISRA C: Required Violation Has Deviation
Any violation of a Required guideline is covered by an approved deviation.
G(required_violation → P(deviation_approved))Deviations 2
misra_c_deviation_documented error MISRA C: Deviation Documented
Every deviation records the violation and its supporting rationale, and is approved through the deviation procedure.
G(Deviation → rationale_recorded ∧ deviation_approved)misra_c_no_mandatory_deviation error MISRA C: No Deviation Against Mandatory
No deviation is raised against a Mandatory guideline.
G(Deviation → ¬targets_mandatory)Re-categorization (GRP) 2
misra_c_mandatory_not_weakened error MISRA C: Mandatory Not Weakened
A Mandatory guideline is never re-categorized to a less strict category; only Advisory guidelines may be re-categorized to Disapplied.
G(recategorization → ¬weakens_mandatory)misra_c_recategorization_in_grp error MISRA C: Re-categorization in GRP
Any change to a guideline's category is documented in the Guidelines Re-categorization Plan (GRP).
G(recategorization → P(grp_documented))Compliance Summary (GCS) 2
misra_c_compliance_summary_produced error MISRA C: Compliance Summary Produced
A Guidelines Compliance Summary (GCS) is produced as the primary record of overall project compliance.
F(ComplianceSummary)misra_c_undecidable_manually_reviewed warning MISRA C: Undecidable Guideline Manually Reviewed
Potential violations of undecidable guidelines (not fully checkable by static analysis) are subject to manual review.
G(undecidable_violation → manual_review)MISRA C++
The MISRA Compliance:2020 process for MISRA C++:2023 — enforcement, deviations, re-categorization, and compliance summary — as computable policies over a coding/CI trace.
Maps the MISRA Compliance:2020 framework onto ponens policies for MISRA C++:2023 (based on C++17). The individual coding rules are enforced by static analysis; this pack checks the compliance process around them — analysis before commit, Mandatory never deviated, Required violations covered by approved deviations, re-categorizations recorded in the GRP, and a Guidelines Compliance Summary produced.
Source: MISRA Compliance:2020 (MISRA C++:2023 ruleset).
Analysis & Enforcement (GEP) 2
misra_cpp_enforcement_plan_defined warning MISRA C++: Enforcement Plan Defined
Each guideline analysed has a defined enforcement means in the Guidelines Enforcement Plan.
G(StaticAnalysis → enforcement_plan)misra_cpp_static_analysis_before_commit error MISRA C++: Static Analysis Before Commit
Source is checked against the MISRA C++:2023 ruleset by static analysis before it is committed.
G(GitCommit → P(StaticAnalysis ∧ misra_cpp_ruleset))Guideline Categories 3
misra_cpp_advisory_violation_recorded warning MISRA C++: Advisory Violation Recorded
Violations of Advisory guidelines are recorded (a formal deviation is not required, but the decision is documented).
G(advisory_violation → recorded)misra_cpp_no_mandatory_violation error MISRA C++: No Mandatory Violation
Mandatory guidelines are never violated — no deviation is permitted against a Mandatory guideline.
G(¬mandatory_violation)misra_cpp_required_violation_deviated error MISRA C++: Required Violation Has Deviation
Any violation of a Required guideline is covered by an approved deviation.
G(required_violation → P(deviation_approved))Deviations 2
misra_cpp_deviation_documented error MISRA C++: Deviation Documented
Every deviation records the violation and its supporting rationale, and is approved through the deviation procedure.
G(Deviation → rationale_recorded ∧ deviation_approved)misra_cpp_no_mandatory_deviation error MISRA C++: No Deviation Against Mandatory
No deviation is raised against a Mandatory guideline.
G(Deviation → ¬targets_mandatory)Re-categorization (GRP) 2
misra_cpp_mandatory_not_weakened error MISRA C++: Mandatory Not Weakened
A Mandatory guideline is never re-categorized to a less strict category; only Advisory guidelines may be re-categorized to Disapplied.
G(recategorization → ¬weakens_mandatory)misra_cpp_recategorization_in_grp error MISRA C++: Re-categorization in GRP
Any change to a guideline's category is documented in the Guidelines Re-categorization Plan (GRP).
G(recategorization → P(grp_documented))Compliance Summary (GCS) 2
misra_cpp_compliance_summary_produced error MISRA C++: Compliance Summary Produced
A Guidelines Compliance Summary (GCS) is produced as the primary record of overall project compliance.
F(ComplianceSummary)misra_cpp_undecidable_manually_reviewed warning MISRA C++: Undecidable Guideline Manually Reviewed
Potential violations of undecidable guidelines (not fully checkable by static analysis) are subject to manual review.
G(undecidable_violation → manual_review)