MISRA C

Coding Standards MISRA C and MISRA C++

A Guide to Coding Standards MISRA C and MISRA C++

The MISRA Consortium produced MISRA C, a set of software development principles for the C programming language.

Table of content:

  1. MISRA Definition
  2. Is MISRA distinct from ISO 26262 and ASILs?
  3. How do MISRA guidelines work?
  4. What are the challenges of the MISRA compliance process?
  5. How is MISRA C evolving?
  6. What are the benefits of MISRA compliance?
  7. How to Achieve MISRA Compliance?

MISRA Definition

MISRA Definition

What is MISRA C? The Motor Industry Software Reliability Association (MISRA) publishes standards for the development of safety and security-related electronic systems, embedded control systems, software-intensive applications (critical applications), and independent software. MISRA is the result of a collaboration between road vehicle manufacturers, component suppliers, and engineering firms. The following make up the steering committee:

  • Ford Motor Company
  • Bentley Motors
  • Jaguar Land Rover
  • HORIBA MIRA
  • ZF TRW
  • University of Leeds

MISRA was developed for the automobile sector, but it has since acquired traction in other industries such as aerospace, biomedical, and finance. It’s also compatible with embedded, IoT, and industrial control systems. While MISRA compliance does not guarantee that software will be free of any quality or security flaws, it does result in more robust, maintainable, and portable code.

Is MISRA distinct from ISO 26262 and ASIL?

The Motor Industry Software Reliability Association (MISRA) publishes guidelines (development guidelines) for designing embedded portable safety and security-related electronic systems.

How do MISRA guidelines work?

MISRA guidelines

The MISRA requirements for projects written in the C and C++ programming languages are the most well-known. The MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards are among them. The MISRA guidelines are divided into three categories: 

  1. Mandatory
  2. Required
  3. Advisory 

There must be no “required” criteria broken in order to comply. Certain infractions are permitted under “necessary” criteria if there are documented grounds. These deviations are permitted only if and only if they do not jeopardize functional safety standards or security standards, and there is no suitable remedy. Third-party bespoke code that cannot be changed is an example.

Why Use MISRA Standards?

One can use MISRA C standards to ensure their code is reliable (reliable code):

  1. Safe
  2. Secure
  3. Reliable
  4. Portable (portability)

The MISRA C coding standard was created specifically for automotive embedded software. However, embedded industries such as aerospace and defense, telecommunications, medical devices, and rail now adopt MISRA C standards (MISRA C/C++). The usage of a coding standard, such as ISO 26262 for automotive functional safety, is required in most of these businesses.

What are the challenges of the MISRA compliance process?

the challenges of the MISRA compliance process

Everything from anti-lock brakes and power steering to navigation and infotainment systems is now controlled by a standalone software. These systems are all from various manufacturers. Furthermore, the software supply chain is becoming longer, with several vendors contributing safe code to each final product.

For automotive systems in the automotive industry, MISRA C/C++ has become the de facto coding standard. It does not, however, include more recent C++ language advancements or knowledge of the most recent security breaches and vulnerabilities.

How is MISRA evolving?

What is the future of MISRA?

MISRA has announced that it will combine AUTOSAR specification standards (AUTOSAR aggregation of standards) with its own best practices to create a single “go to” language subset for safety-related C++ programming. The MISRA-led guidelines will include the latest version of the language (AUTOSAR’s C++17) as well as its successor (AUTOSAR’s C++20) when it becomes available.

The MISRA–AUTOSAR C++ rule set will provide a unified industry standard with a shared set of rules and directives, serving as a single point of reference for all software developers (programmers) throughout the supply chain (software development process).

What are the benefits of MISRA compliance?

More than 100 million lines of code make up today’s automobile. The average car could have 300 million lines of code in the next decade. The MISRA C coding principles make it easier to write safe code that is:

  • It’s safe to use in safety-critical systems.
  • Defend against common code flaws (code safety).
  • Throughout the supply chain, it is portable (reusable).

More than only coding rules (coding advisory rules), MISRA C compliance also establishes criteria for software quality as it flows from a provider to an acquirer. The code compliance procedure is not only reliable (it is based on C/C++ coding standards), but it is also practical, as it explains how to handle rule exceptions when they arise.

How to Achieve MISRA Compliance?

MISRA compliance necessitates knowledge, talent, and the appropriate instruments. To comply with MISRA, follow these seven steps:

Step 1: Know the MISRA C rules You’ll need to know the MISRA coding guidelines for the C (MISRA C guidelines) or C++ version you’re using.
Step 2: Check Your Code Constantly The greatest way to improve code quality is to examine your source code for infractions on a regular basis.
Step 3: Set Baselines A legacy code base comes with embedded systems. Setting baselines allows you to concentrate on ensuring that your new code is compatible.
Step 4: Prioritize Violations Based on Risk Your code could have hundreds, if not thousands, of rule violations (code for rule violations). As a result, it’s critical to prioritize rule infractions based on the severity of the danger. This is something that several static code analysis tools (analysis of code) can help you with.
Step 5: Document Your Deviations There are exceptions to the rule every now and again. When it comes to compliance, however, every rule deviation must be meticulously documented.
Step 6: Monitor Your MISRA Compliance Keep an eye on your code’s MISRA compliance. Using a static analysis tool simplifies this process by generating a compliance report automatically (using a compiler).
Step 7: Choose the Right Static Code Analyzer Everything else is simple after you’ve chosen the correct static code analyzer (static code analysis). It scans all of your code, both new and old, for infractions. It ranks vulnerabilities in order of risk.

For many development teams today, MISRA compliance is critical. Especially with the rise of virtualization.

Relevant Information on MISRA

  • A pointer generated by arithmetic on a pointer operand must point to a member of the same array as that pointer operand.
  • The international standard IEC 61508 governs electrical, electronic, and programmable electronic safety systems. It specifies the criteria for ensuring that systems are designed, implemented, operated, and maintained to deliver the required level of safety integrity (SIL).
  • MISRA-C:2004 comprises 142 mandatory rules, 122 of which are “necessary” and 20 of which are “recommended.” They are organized into 21 thematic categories, ranging from “Environment” to “Run-time failures.”
  • Software developers should verify for compliance as soon as source code is written, rather than waiting for code review or unit testing, according to MISRA C.
  • C/C++test examines the code’s execution routes for MISRA compliance concerns such as null pointer dereferencing, division by zero, memory leaks, and security flaws such as arithmetic on a pointer operand, buffer overflows, unreachable code, and the stdlib system function.
  • Software teams and software security teams can use static analysis on partially complete code, libraries, and third-party source code.
  • The Motor Industry Software Reliability Association produced MISRA C, a system of software development guidelines (software development process) for the C programming language.
  • Programming errors, undefined behavior, or implementation-defined behavior can all result from certain MISRA C language constructs.
  • Support for later versions of the language, as well as new language features, will be added in future editions of MISRA C (additional language features).
  • Some static analyzers can check code for compliance with MISRA rules. Static analyzers are going to help you find and fix all the spots in your program that don’t meet the rules.
  • MISRA C. engineers can follow the modeling principles, code generation objectives, and Code Generation Advisor checks to comply with the MISRA C:2012 and MISRA C++ recommendations.
  • A loop counter should not have a floating-type.

 

Scroll to Top