MISRA C
MISRA C is a set of software development guidelines for the C programming language developed by MISRA (Motor Industry Software Reliability Association). Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There is also a set of guidelines for MISRA C++. MISRA has evolved as a widely accepted model for best practices by leading developers in sectors including aerospace, telecom, medical devices, defense, railway, and others.[1][2][3] MISRA C is not an open standard; the guideline documents must be bought by users or implementers.[4]
History
The first edition of MISRA C, "Guidelines for the use of the C language in vehicle based software", was produced in 1998, and is officially known as MISRA-C:1998.[5]
In 2004, a second edition "Guidelines for the use of the C language in critical systems", or MISRA-C:2004 was produced, with many substantial changes to the guidelines, including a complete renumbering of the rules.
As of 18 March 2013, the release of MISRA C:2012 was announced. MISRA C:2012 extends support to the C99 version of the C language (while maintaining guidelines for C90), in addition to including a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent, safe use of C in critical systems.[6]
Rules
MISRA-C:1998 has 127 rules, of which 93 are required and 34 are advisory; the rules are numbered in sequence from 1 to 127.
MISRA-C:2004 contains 142 rules, of which 122 are "required" and 20 are "advisory"; they are divided into 21 topical categories, from "Environment" to "Run-time failures".
MISRA-C:2012 contains 143 rules (each of which is checkable using static program analysis) and 16 "directives" (that is, rules compliance with more open to interpretation, or relates to process or procedural matters);[7] each of which is classified as "mandatory", "required", or "advisory"; separately classified as either "Single Translation Unit" or "System".[7] Additionally, the rules are classified as Decidable or Undecidable.
The rules can be divided logically into a number of categories:
- Avoiding possible compiler differences, for example, the size of a C integer may vary but an INT16 is always 16 bits. (C99 standardized on
int16_t
.) - Avoiding using functions and constructs that are prone to failure, for example,
malloc
may fail. - Produce maintainable and debuggable code, for example, naming conventions and commenting.
- Best practice rules.
- Complexity limits.
Compliance
In order for a piece of software to claim to be compliant to the MISRA C Guidelines, all mandatory rules shall be met and all required rules and directives shall either be met or subject to a formal deviation. Advisory rules may be disapplied without a formal deviation, but this should still be recorded in the project documentation.
Note: For compliance purposes, there is no distinction between rules and directives.
Deviations
Many MISRA C rules can be characterized as guidelines because under certain condition software engineers may deviate from rules and still be considered compliant with the standard. Deviations must be documented either in the code or in a file. In addition to proof that the software engineer has considered the safety of the system and that deviating from the rule will not have a negative impact, requirements for deviations also include:
- The rule deviated from.
- Rationale for deviation.[8]
Tools
While there exist many software tools that claim to check code for "MISRA conformance", there is no MISRA certification process.[9]
An exemplar suite for MISRA-C:2004 is available from the MISRA Forum, which allows tool users to evaluate and compare the checking support provided by the various MISRA tools. Additionally, it gives tool implementers some guidance as to the intent of the Rules within MISRA-C:2004.
Most of the guidelines can be checked using tools that perform static code analysis. The remaining guidelines require the use of dynamic code analysis.
- Tools that check code for MISRA conformance are
- Astrée by AbsInt
- Coverity Static Analysis
- ECLAIR by BUGSENG
- GrammaTech CodeSonar
- Goanna – A software analysis tool for C/C++ by Red Lizard Software.
- IBM Rational Test RealTime - A cross-platform solution for component testing, static and runtime analysis
- Klocwork by Rogue Wave Software
- LDRA Testbed by Liverpool Data Research Associates
- Parasoft C/C++test
- PC-Lint by Gimpel Software. MISRA C:1998, C:2004, C:2012, C++:2008.[10]
- Polyspace by MathWorks
- PRQA/Programming Research's QA-C
- Soft4Soft RESORT for C, RESORT for C++
- SonarQube by SonarSource (Open Source with some commercial plug-in components)
- SQuORE by Squoring Technologies
- TrueINSPECTOR by Atollic
- Understand by SciTools
- C compilers that support MISRA conformance are
- Green Hills Software
- IAR Systems. MISRA C:1998, C:2004, C:2012, C++:2008.
- TASKING MISRA C:1998, C:2004, C:2012.
- TI Compilers for MSP430 and ARM
See also
References
- ↑ "MISRA C and MISRA C++ Compliance". Programmingresearch.com. Retrieved 2014-06-30.
- ↑ "MISRA checker". Cosmic Software. Retrieved 2014-06-30.
- ↑ "Misra C/C++". Ldra. Retrieved 2014-06-30.
- ↑ "Buying MISRA C". http://www.misra.org.uk. Retrieved 10 June 2013. External link in
|publisher=
(help) - ↑ "A brief history of MISRA C". Misra-c.com. 2013-03-18. Retrieved 2014-06-30.
- ↑ "MISRA C:2012 release date announced". http://www.misra.org.uk. 26 February 2013. Retrieved 10 June 2013. External link in
|publisher=
(help) - 1 2 "Fact Sheet: MISRA C:2012 (PDF)" (PDF). programmingresearch.com. Retrieved 10 June 2013.
- ↑ Achieving MISRA C:2012 Compliance Achieving MISRA C:2012 Compliance
- ↑ "MISRA C FAQ list." MISRA Consortium
- ↑ MISRA conformance checking, PC-lint/FlexeLint, Gimpel Software.
External links
- Official website
- "Introduction to MISRA C". embedded.com.
- "MISRA C: Safer Is Better". electronicdesign.com.
- "MISRA C — Some key rules to make embedded systems safer". iar.com. Retrieved 2013-08-01.
- "Commentary on the first edition of the MISRA C guidelines". knosof.co.uk.
- "Automating Compliance to MISRA C/C++ Standards". johndayautomotivelectronics.com.
- "New Version of MISRA C: Why Should You Care?". http://electronicdesign.com. External link in
|publisher=
(help) - "MISRA C:2012: Plenty Of Good Reasons To Change". http://electronicdesign.com. External link in
|publisher=
(help) - "MISRA C:2012 fact sheet" (PDF). http://www.programmingresearch.com. External link in
|publisher=
(help) - "MISRA C:2012 ensures automotive software safety". http://www.automotive-eetimes.com/. External link in
|publisher=
(help) - "Compliance to MISRA C: Code Generation". Mathworks.
|