MISRA C/C++ Code Checking

Reading Time: 9 minutes

MISRA is the legendary standard against which development teams measure a large portion of today’s software. But exactly what is MISRA, how did it develop, how do C and C++ developers gage standards against it, and how do they know they are in compliance?

In this piece, we examine the compelling background of how MISRA came to be. We also answer the above questions and reveal how MISRA helps C++ and C code programmers write efficiently while addressing current safety and security concerns.

Specifically, we look at:

• MISRA definition and background
• MISRA rules and guidelines
• Compliance
• Reporting
• Use with legacy code

What Is MISRA?

The MISRA standards contain guidelines and code rules for writing software. The automotive, aerospace and defense, medical, industrial automation, and railway industries, among others, use the standard to help their developers write source code that ensures safety, security, and reliability in the software. Because embedded software engineers use the C and C++ programming languages to write code for safety-critical software, the creators of the MISRA standard built them for coders who use these two languages.

Background

The Motor Industry Software Reliability Association (MISRA) consortium is similar to the ISO (International Standards Organization) and the IEC (International Electrotechnical Commission), which set general compliance guidelines for industry, such as standards for the development of electric/electronic systems. ISO 26262, published in 2011, is the international standard for certifying the safety of electronics on road vehicles. Software systems that have achieved ISO/IEC compliance can be certified by verification authorities as safe.

MISRA, a consortium of automotive-related industries, developed its first guidelines in 1998, MISRA c1998. The consortium came together as a result of the UK Safety Critical Systems Research Programme, which the UK government instituted to address some of the challenges that the automobile industry faced due to the increased use of software in the manufacture and operation of vehicles. Some of the original industries that helped develop the standard, all of whom are also currently active steering-committee members, included:

• Bentley Motors
• Delphi Diesel Systems
• Ford Motor Company Ltd
• Horiba Mira Ltd
• Jaguar Land Rover
• Protean Electric Ltd
• Ricardo PLC
• The University of Leeds
• Visteon Engineering Services Ltd
• ZF TRW

Although the consortium originally created the standard for the automotive industry, other embedded industries have adopted the standard, including those that use embedded technology that connects devices like loT systems.

The How and Why of MISRA

In the early 1990s, electronics were becoming more and more important in automobiles. So too was the embedded software that was an integral part of these electronics. Thus, engineers and manufacturers began to realize that the reliability of the software was vitally important, for both safety and commercial reasons. The challenge is even greater today because software for a single car can involve in excess of 100 million lines of coding.

Software in Cars and Trucks

Automotive manufacturers use software in engine and powertrain operations. It monitors and provides the correct amount of fuel in ICEs (internal combustion engines) and it supplies data to the ECM (engine control module, sometimes called an ECU, or engine control unit). This is the main automotive computer that gathers information about fuel consumption, the power the engine generates, emissions, and other vital engine-related data essential for safe and efficient driving. (Electric and hybrid vehicles have similar software requirements related to the engine and powertrain.)

Manufacturers also employ software to operate onboard computers for the ubiquitous sensors on current vehicles, including door and window monitoring, climate control systems, and parking and traffic sensors. They also use them in safety-critical systems like airbags and ABS. More operation-related software is certainly in the future of road vehicles, with engineers and designers devoting serious attention to self-driving capabilities, improved energy efficiency, and enhanced safety.

Beyond the Motor Industry

Industries throughout the world accept the MISRA C rules for writing safety- and security-critical C code. The rules and guidelines inspire confidence because they are readable, concise and because they focus on essentials. While applying the MISRA standard does not guarantee that software is free of security and quality problems, it helps software engineers write code that is safer, more robust, more portable, and easier to maintain. (MISRA guidelines also address security vulnerabilities but other coding standards like CERT C specifically tackle security issues written into code.)

MISRA Coding Standards for Functional Safety

Today, development teams employ coding standards as a method to define, manage, and utilize a group of coding practices, with the prime objective being consistency. The main aim of a coding rule is to limit use of the language so it prevents the developer from doing things that are “wrong” and can be potentially dangerous.

Developers can avoid many defects in software by adopting sensible language-use restrictions. This results in style uniformity, which is valuable as a discipline in a software project.

Versatility and Vulnerability of C and C++

The versatility aspect of the C++ and C languages allows a developer to write code that can be unintentionally incorrect and possibly dangerous. It is easy for him or her to write code that adheres to the requirements of the language’s standard but this, nonetheless, can result in undesirable behavior and program “crashes.” These include, for example, code that accesses memory beyond the parameters of an arithmetic process, or of an array that results in memory or boundary violations.

It is obviously important to identify these potential problems. But the aim of MISRA is to prevent problems, not simply identify them. A compiler can detect some of them but using a dedicated analysis tool is more effective.

The MISRA standard emphasizes that adhering to coding rules is only one component to developing software successfully. Developers must integrate each programming project into a disciplined engineering setting that includes methodical development workflows and applying proven in-use validation tools.

Commonly Used MISRA C and C++ Language Guidelines and Rules

Each MISRA standard embodies a set of coding parameters and rules, plus support materials. The support materials are a supplemental part of the standard and provide important background information essential for any programmer who wants to obtain compliance.

Let’s look at the current C and C++ MISRA coding standards themselves and at brief descriptions.

• MISRA C++ 2008. Although C remained the prevailing coding language, this version spoke to the increased usage of C++. Note: Many businesses are opting to standardize on AUTOSAR C++ 14, which covers recent changes to C++. In fact, AUTOSAR and MISRA joined forces to produce the next generation of the standards.
• MISRA C 2012. Released in 2013, this version, also referred to as a MISRA C3, further developed the MISRA C standard. It drew on 14 years of experience from interaction with thousands of organizations and users, and included some new rules, closed some loopholes, and improved the explanations and descriptions behind previously existing rules. The standard extended support of C99 and maintained them for C90, C11, and C18. It also made a number of improvements that lessened the complexity and cost of compliance.
  • MISRA C 2012 Amendments for Safety & Security. With the evolving C programming language and to emphasize that MISRA C:2012 was equally valuable in security applications, MISRA published several supporting addendums and amendments to the standard which offered new rules and guidelines for improved coverage of safety and well-known security vulnerabilities.
• MISRA Compliance 2020. This current document sets a framework for accomplishing compliance to the MISRA coding standard. It supersedes compliance and process and deviation requirements in previous versions of the standard.

Achieving MISRA Compliance Using Static Analysis

The MISRA coding standard furnishes thorough rules and guidelines so companies can protect their applications against run-time errors and software failures, and make them less prone to security and safety vulnerabilities. Compliance with the MISRA standard helps improve syntax, creates code conformity, and facilitates portability. For teams that don’t use static analysis (or SAST – Static Application Security Testing) solutions or tools, validating compliance can be problematic. Parasoft simplifies the process, which is critical for ensuring timely software delivery and coding security.

To achieve successful compliance, solutions need to offer:

1. Dynamic enforcement by verifying MISRA compliance through static code analysis each time coders modify the software.
2. Integration of static analysis into your streamlined CI/CD pipeline with continuous testing that delivers high-quality software quickly.
3. Compliance validation by creating high-level, detailed overviews and reports that you can reference quickly.

It’s important to apply MISRA compliance throughout the software development lifecycle, including during code implementation for shift left testing and to expedite code reviews. This provides not only quality improvements but progress metrics, ongoing traceability, and enforcement. Automating documentation and compliance reporting per MISRA Compliance 2020 is also a key factor for conserving resources and time, and for avoiding frustration when dealing with fixing the violations themselves.

Tools like Parasoft can be configured to detect a subset of the entire MISRA standards. This reduces the amount of noise produced from the analysis and increases focus on addressing severe violations.

Compliance Reporting

One of the problems associated with companies achieving MISRA compliance has been the absence of a standard mechanism for demonstrating compliance. To address this issue, MISRA published “MISRA Compliance 2020: Achieving Compliance with MISRA Coding Guidelines,” which is the latest update that provides a more concrete definition of “MISRA compliance” and identifies several deliverables required for demonstrating compliance with the MISRA standard.

• The Guideline Compliance Summary. A mandatory and primary record of overall project compliance. The GCS includes an entry for each guideline, its level of compliance, any deviations and/or re-categorization.

• The Guideline Re-categorization Plan. All mandatory guidelines must be followed to achieve compliance. However, Required and Advisory guidelines can be re-categorized into stricter categories (such as from Advisory to Required), but only Advisory guidelines can be re-categorized into less strict categories (for example from Advisory to Disapplied).

• Deviations Report. Your project can have deviations from guidelines or rule violations and still be considered compliant if the deviations are justified, documented in the report, and do not impact safety.

• Guideline Enforcement Plan. Demonstrates how to verify each MISRA guideline. In the context of MISRA compliance with Parasoft, the GEP maps MISRA guidelines to Parasoft code analysis rules and DTP functionality.

Certified for Use on Safety-Critical Software, Including in Medical Devices

Certified by TÜV SÜD, C/C++test automates the application and monitoring of analysis coding criteria like MISRA. This includes a unit test platform. This platform integrates creating tests and executing them, and also coverage reporting. Then Parasoft’s centralized analytics and reporting hub Parasoft DTP, which is also TÜV certified, aggregates and correlates analysis and test data from the Parasoft C/C++test.

Achieving Full MISRA Compliance With Legacy Code, Including Embedded Systems

It’s a fact that developers re-use legacy code for safety-critical software. However, re-using legacy code and realizing complete MISRA C 2012 compliance can be daunting.

MISRA compliance is much easier to manage and achieve as code is being written. The MISRA C 2012 document even provides a warning that we can interpret when applying it to legacy programs:

“ … a project that checks for MISRA compliance late in its cycle is likely to spend a considerable amount of time re-coding, re-reviewing, and re-testing. It’s therefore expected that the software development process will require the early application of MISRA C principles.”

Noting re-use of legacy software, the MISRA Consortium Limited, the organization responsible for creating and maintaining the MISRA standard, created today’s updated and current release of MISRA Compliance:2020. This document provides guidance for developers who write new code and for those who are using adopted or legacy code.

However, the distinction may not be totally clear. For example, during product development, a coder writes software for a prototype only to find out that the project needs MISRA compliance, so he or she must backtrack and apply the guidelines. While this is not applying MISRA to legacy code, it is similar in that when the code is scanned or analyzed, the results reveal thousands, if not tens of thousands, of violations. Add this to the fact that writers of embedded software often state that developing fully compliant code is too difficult, the task to comply with MISRA may appear overwhelming. But it is possible to find a realistic middle ground between “daunting” and compliance.

Consider the End Goal

MISRA Compliance 2020 helps clarify how to prove and demonstrate conformance at a project’s end. Delivering the four mandatory documents is a must. Consider the following for legacy and new code compliance:

1. Have you established a GRP (Guideline Re-categorization Plan) at the project’s start? MISRA standards suggest negotiating with the client and also creating several GRPs tailored to adopted code, which developers can use without modifying, as well as for new code.
2. Has the client reviewed the GPS (Guidelines Compliance Summary) templates at the project’s start? Are they complete and acceptable?

Parasoft automates the necessary reports to assist businesses in satisfying the MISRA 2020 Compliance agenda.

An Incremental Approach

It’s smart to establish a workflow to fix violations on a reasonable schedule without interrupting the development of code and therefore degrading it. Crucial recommendations include:

• Establishing a baseline. After the initial scan, mark the violations as “address later,” setting this as a baseline. From that point on, when coders develop new code, maintain a strategy of “no new violations.”
• Setting a deadline. Set a date after which developers must have resolved all violations for every source file.
• Prioritizing based on severity. The team leader selects the violations based on how critical they are, and developers fix all of those she or he assigns them.

To make this easier, Parasoft’s DTP reporting hub includes a compliance status dashboard.

Tool Qualification

The goal of qualifying tools is to certify that they are valid for the use intended. It includes proof of how the team came to qualify them and the rationale behind it. Parasoft C/C++test and our reporting tool, Parasoft DTP have been TÜV SÜD certified for use on safety-critical applications, and a tool qualification kit exists for some of the strictest process standards like DO-178B/C and what they require.

Staff Training and Competency

The MISRA standard also stresses competency, expertise, and training of staff as key factors for evaluating product readiness. This includes recognizing the risks of violations, and properly configuring and using development tools and static analysis.

Conclusion

It’s important to support MISRA compliance throughout the software development lifecycle. Reaching compliance with MISRA is easier with Parasoft’s comprehensive solution. With ongoing enforcement, traceability, and automating documentation, teams can save time, resources, and alleviate frustrations that come with adhering to this guideline.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.