MISRA C is a set of software development guidelines for the
C programming language
A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language.
The description of a programming ...
developed by
The MISRA Consortium. Its aims are to facilitate code
safety
Safety is the state of being "safe", the condition of being protected from harm or other danger. Safety can also refer to the control of recognized hazards in order to achieve an acceptable level of risk.
Meanings
There are two slightly dif ...
,
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
,
portability and reliability in the context of
embedded systems
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' ...
, specifically those systems programmed in
ISO C / C90 /
C99
C99 (previously known as C9X) is an informal name for ISO/IEC 9899:1999, a past version of the C programming language standard. It extends the previous version ( C90) with new features for the language and the standard library, and helps impl ...
.
There is also a set of guidelines for MISRA C++ not covered by this article.
History
* Draft: 1997
* First edition: 1998 (rules, required/advisory)
* Second edition: 2004 (rules, required/advisory)
* Third edition: 2012 (directives; rules, Decidable/Undecidable)
* MISRA compliance: 2016, updated 2020
For the first two editions of MISRA-C (1998 and 2004) all Guidelines were considered as Rules. With the publication of MISRA C:2012 a new category of Guideline was introduced - the ''Directive'' whose compliance is more open to interpretation, or relates to process or procedural matters.
Adoption
Although originally specifically targeted at the automotive industry, MISRA C has evolved as a widely accepted model for best practices by leading developers in sectors including automotive, aerospace, telecom, medical devices, defense, railway, and others.
For example:
* The
Joint Strike Fighter
Joint Strike Fighter (JSF) is a development and acquisition program intended to replace a wide range of existing fighter, strike, and ground attack aircraft for the United States, the United Kingdom, Italy, Canada, Australia, the Netherlands ...
project C++ Coding Standards
are based on MISRA-C:1998.
* The
NASA
The National Aeronautics and Space Administration (NASA ) is an independent agencies of the United States government, independent agency of the US federal government responsible for the civil List of government space agencies, space program ...
Jet Propulsion Laboratory
The Jet Propulsion Laboratory (JPL) is a federally funded research and development center and NASA field center in the City of La Cañada Flintridge, California, United States.
Founded in the 1930s by Caltech researchers, JPL is owned by NASA an ...
C Coding Standards
are based on MISRA-C:2004.
*
ISO 26262
ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles (excluding mopeds), defined by the Interna ...
''Functional Safety - Road Vehicles'' cites MISRA C as being an appropriate sub-set of the C language:
** ISO 26262-6:2011 ''Part 6: Product development at the software level'' cites MISRA-C:2004 and MISRA AC AGC.
** ISO 26262-6:2018 ''Part 6: Product development at the software level'' cites MISRA C:2012.
* The
AUTOSAR General Software Specification (SRS_BSW_00007) likewise cites MISRA C:
** The AUTOSAR 4.2 General Software Specification requires that ''If the BSW Module implementation is written in C language, then it shall conform to the MISRA C:2004 Standard.''
** The AUTOSAR 4.3 General Software Specification
requires that ''If the BSW Module implementation is written in C language, then it shall conform to the MISRA C:2012 Standard.''
Guideline classification and categorization
When a new software project is started, the latest MISRA standard should be used. Previous standards are still available for use with legacy software projects that need to refer to it.
[MISRA publications](_blank)
/ref>
Classification
Each Guideline is classified as ''Mandatory'' (new for MISRA C:2012), ''Required'' or ''Advisory''. Furthermore, the MISRA Compliance document permits ''Advisory'' guidelines to be ''Disapplied''.
* ''Mandatory'' guidelines shall always be complied with
* ''Required'' guidelines shall be complied with, unless subject to a ''Deviation''
* ''Advisory'' guidelines are considered good practice, but compliance is less formal.
Categorization
The rules can be divided logically into a number of categories:
* Avoiding possible compiler differences, for example, the size of C's int
type may vary but int16_t
(standardized in C99) is always 16 bits.
* Avoiding using functions and constructs that are prone to failure, for example, malloc
may fail.
* Produce maintainable and debuggable code, for example, naming conventions and commenting.
* Best practice rules.
* Complexity limits.
Scope
MISRA C:2012 separately classifies each guideline as either ''Single Translation Unit'' or ''System''.
Decidability
MISRA C:2012 classifies the ''rules'' (but not the ''directives'') as ''Decidable'' or ''Undecidable''.
Achieving compliance
MISRA compliance
MISRA published documents to provide additional guidance to understand and achieve MISRA compliance.
* ''MISRA Compliance:2016'', was released by MISRA in April 2016.
* ''MISRA Compliance:2020'', revised edition, was released in February 2020.
Compliance
In order for a piece of software to claim to be compliant to the MISRA C Guidelines, all ''mandatory'' rules shall be met and all ''required'' rules and directives shall either be met or subject to a formal deviation. ''Advisory'' rules may be disapplied without a formal deviation, but this should still be recorded in the project documentation.
Note: For compliance purposes, there is no distinction between ''rules'' and ''directives''.
Deviations
Many MISRA C ''rules'' can be characterized as ''guidelines'' because under certain condition software engineers may deviate from rules and still be considered compliant with the standard. Deviations must be documented either in the code or in a file. In addition; proof must be provided that the software engineer has considered the safety of the system and that deviating from the rule will not have a negative impact, requirements for deviations also include:
* The rule deviated from.
* Rationale for deviation.
Published documents
MISRA C:1998
The first edition of MISRA C, "Guidelines for the use of the C language in vehicle based software", which was published in 1998 and is officially known as ''MISRA-C:1998''.
MISRA-C:1998 has 127 rules, of which 93 are required and 34 are advisory; the rules are numbered in sequence from 1 to 127.
MISRA C:2004
In 2004, a second edition "Guidelines for the use of the C language in ''critical systems''", or ''MISRA-C:2004'' was produced, with many substantial changes to the guidelines, including a complete renumbering of the rules.
MISRA-C:2004 contains 142 rules, of which 122 are "required" and 20 are "advisory"; they are divided into 21 topical categories, from "Environment" to "Run-time failures".
MISRA C:2012
Main document
In 2013, the third edition, MISRA C:2012, was published. MISRA C:2012 extends support to the C99
C99 (previously known as C9X) is an informal name for ISO/IEC 9899:1999, a past version of the C programming language standard. It extends the previous version ( C90) with new features for the language and the standard library, and helps impl ...
version of the C language (while maintaining guidelines for C90), in addition to including a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent, safe use of C in critical systems.
MISRA-C:2012 contains 143 rules and 16 "directives" (that is, rules whose compliance is more open to interpretation, or relates to process or procedural matters); each of which is classified as ''mandatory'', ''required'', or ''advisory''. They are separately classified as either ''Single Translation Unit'' or ''System''. Additionally, the rules are classified as ''Decidable'' or ''Undecidable''.
Amendment 1
In April 2016, MISRA published (as a free download) ''MISRA C:2012 - Amendment 1: Additional Security Guidelines'' which added fourteen new security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
guidelines.
Amendment 2
In February 2020, MISRA published (as a free download) ''MISRA C:2012 - Amendment 2: Updates for ISO/IEC 9899:2011/18 Core functionality'' which adds mapping for the undefined, unspecified and implementation defined behaviours within C11/C18.
Supporting documents
MISRA have published the following addenda to support MISRA C:2012:
* ''MISRA C:2012 - Addendum 1: Rule Mappings'', which contains bi-directional rule mappings between MISRA C:2004 and the new version. It is intended to assist users in migration.
* ''MISRA C:2012 - Addendum 2: Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 "C Secure"''
* ''MISRA C:2012 - Addendum 3: Coverage of MISRA C:2012 against CERT C''
Example suite
An exemplar suite (for MISRA-C:2004 and MISRA C:2012) is available from the MISRA GitLab
GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmitriy Zaporozhets and Dutch developer ...
repository (login required). This allows tool-users to evaluate and compare the checking support provided by the various MISRA tools; additionally, it gives tool-implementers some guidance as to the intent of the MISRA Guidelines.
Tools
While there exist many software tools that claim to check code for "MISRA conformance", there is no MISRA certification process.
Most of the guidelines can be checked using tools that perform static code analysis
In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.
The term ...
. The remaining guidelines require the use of dynamic code analysis
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs ...
.
Tools that check code for MISRA conformance include:
* Astrée by AbsInt
* Axivion Bauhaus Suite by Axivion GmbH. ''MISRA C:2004, C:2012, C:2012 Amendment 1, C++:2008, Compliance:2016''.
* CodeSonar
CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++ ...
by GrammaTech
GrammaTech is a software-development tools vendor based in Bethesda, Maryland with a research center based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application ...
* Coverity
Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects.
Coverity started as an independent software company in 2002 at the Computer Systems Laborator ...
by Synopsys
Synopsys is an American electronic design automation (EDA) company that focuses on silicon design and verification, silicon intellectual property and software security and quality. Products include tools for logic synthesis and physical de ...
- Static Analysis
* Cppcheck
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.
Cppcheck is free software under the GNU General Public ...
- Open source Static Analysis tool for C/C++
* ECLAIR by BUGSENG srl. ''MISRA C:2004, C:2012, C:2012 Amendment 1, C++:2008''.
* Helix QAC
Helix QAC, formerly QA·C is a commercial static code analysis software tool produced by Minneapolis, Minnesota-based software vendor Perforce Software.QAC means Quality Assurance and Control. The software was originally developed in 1986 by UK-b ...
by Perforce Software
Perforce, legally Perforce Software, Inc., is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle mana ...
. ''MISRA C:1998, C:2004, C:2012, C++:2008''.
* Klocwork
Klocwork is a static code analysis tool owned by Minneapolis, Minnesota-based software developer Perforce. Klocwork software analyzes source code in real time, simplifies peer code reviews, and extends the life of complex software.
Overview
Kloc ...
by Rogue Wave Software
Rogue Wave Software was an American software development company based in Louisville, Colorado. It provided cross-platform software development tools and embedded components for parallel, data-intensive, and other high-performance computing (HPC ...
(now owned by Perforce Software). ''MISRA C:2012, C:2012 Amendment 1, C++:2008''.
* LDRA Testbed
LDRA Testbed provides the core static and dynamic analysis engines for both host and embedded software. LDRA Testbed is made by Liverpool Data Research Associates (LDRA). LDRA Testbed provides the means to enforce compliance with coding standard ...
by Liverpool Data Research Associates
Liverpool Data Research Associates (LDRA) is a provider of software analysis, and test and requirements traceability tools for the Public and Private sectors and a pioneer in static and dynamic software analysis.
History
LDRA was founded in 1975 ...
* Parasoft C/C++test
Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development pract ...
by Parasoft
* PC-Lint
PC-lint is a commercial software linting tool produced by Gimpel Software (formerly Gimp Suit Software Ltd.) for the C/ C++ languages.
PC-lint is a command-line tool for performing static code analysis, indicating suspicious or plain wrong issue ...
by Gimpel Software (now owned by Vector Informatik GmbH). ''MISRA C:1998, C:2004, C:2012, C++:2008''.
* Polyspace
Polyspace is a static code analysis tool for large-scale analysis by abstract interpretation to detect, or prove the absence of, certain run-time errors in source code for the C, C++, and Ada programming languages. The tool also checks source c ...
by MathWorks
MathWorks is an American privately held corporation that specializes in mathematical computing software. Its major products include MATLAB and Simulink, which support data analysis and simulation.
History
The company's key product, MATLAB, was ...
* PVS-Studio
PVS-Studio is a proprietary static code analyzer on guard of code quality, security, and code safety supporting C, C++, C++11, C++/CLI, C++/CX, C# and Java.
PVS‑Studio detects various errors typos, dead code, and potential vulnerabilities ...
by Program Verification Systems
* SonarQube
SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. S ...
by SonarSource
SonarSource is a Swiss company founded in 2008. It develops open source software for continuous code quality and security.
Overview
SonarSource is a company that develops open source software for continuous code quality and security. Founded ...
( Open Source with some commercial plug-in components)
* SQuORE
SQUORE is a software analytics and static code analysis tool for software projects. It gathers information from different artefacts types (e.g. source code, test results, bug tracking system) and tools (reads outputs of Checkstyle, PMD, FindBug ...
by Squoring Technologies
* Understand
Understanding is a psychological process related to an abstract or physical object, such as a person, situation, or message whereby one is able to use concepts to model that object.
Understanding is a relation between the knower and an object ...
by SciTools
C/C++ compilers that support MISRA conformance include:
* Green Hills Software
Green Hills Software is a privately owned company that builds operating systems and programming tools for embedded systems. The firm was founded in 1982 by Dan O'Dowd and Carl Rosenberg. Its world headquarters are in Santa Barbara, California.
...
* IAR Systems
IAR Systems is a Swedish computer software company that offers development tools for embedded systems. IAR Systems was founded in 1983, and is listed on Nasdaq Nordic in Stockholm. IAR is an abbreviation of Ingenjörsfirma Anders Rundgren, which ...
- ''MISRA C:1998, C:2004, C:2012, C++:2008''.
* TASKING
TASKING GmbH is a provider of embedded-software development tools headquartered in Munich, Germany.
History
Founded as a software consulting company in 1977, TASKING developed its first C compiler in 1986. In 1988, its first embedded toolset f ...
- ''MISRA C:1998, C:2004, C:2012''.
Criticism
Some research results question the effectiveness of MISRA C 2004.
In a paper that compares earlier work on MISRA C:1998 with MISRA C:2004, Les Hatton
Les Hatton (born 5 February 1948) is a British-born computer scientist and mathematician most notable for his work on failures and vulnerabilities in software controlled systems.
He was educated at King's College, Cambridge 1967–1970 and the U ...
comes to the conclusion that:[Language subsetting in an industrial context: a comparison of MISRA C 1998 and MISRA C; Les Hatton; University of Kingston; 2004.](_blank)
/ref>
He goes on to state:
A study at the TU Delft
Delft University of Technology ( nl, Technische Universiteit Delft), also known as TU Delft, is the oldest and largest Dutch public technical university, located in Delft, Netherlands. As of 2022 it is ranked by QS World University Rankings among ...
, by Cathal Boogerd and Leon Moonen, empirically assesses the value of MISRA C:2004. It comes to similar results:Assessing the Value of Coding Standards: An Empirical Study; C.J. Boogerd and L. Moonen; Delft University of Technology; 2008.
/ref>
See also
* Programming style
Programming style, also known as code style, is a set of rules or guidelines used when writing the source code for a computer program. It is often claimed that following a particular programming style will help programmers read and understand sour ...
References
External links
*
*
*
*
*
*
*
*
*
{{Embedded systems
C (programming language)
C programming language family
Embedded systems
Hinckley and Bosworth
History of computing in the United Kingdom
Programming language standards
Science and technology in Leicestershire