In safety-critical software systems—deployed in industries like medicine, automotive, and space—a single programming error can have dire consequences, from significant financial losses or potential loss of human life. This is where the MISRA standard comes into play. It is specifically designed for safety-critical systems, ensuring they meet stringent security and reliability requirements.
Table of Content
ToggleThe Need for Effective Programming Languages in Embedded Systems
Embedded developers often lament the absence of an ideal programming language for their specific needs. While languages like PL/M, Forth, and Ada were developed with embedded systems in mind, they never achieved universal acceptance. Emerging languages like Rust are gaining support but have yet to become mainstream. As a result, the compromise that has been almost universally adopted is C.
The Versatility and Risks of C
C is valued for its compactness, expressiveness, and power. It empowers programmers to write efficient, readable, and maintainable code, contributing to its widespread popularity. However, the language also grants unwary developers the ability to write dangerous, insecure code that can pose serious issues throughout a project’s development lifecycle and deployment. For applications prioritizing safety and security, these inherent risks in C are a significant concern.
The Birth of MISRA C Guidelines
In response to these challenges, the Motor Industry Software Reliability Association (MISRA) introduced guidelines for the use of C in vehicle systems in the late 1990s, which became known as MISRA C. Over time, these guidelines have undergone refinement, with updates published periodically. A similar framework for the use of C++ has also been established. Originally targeted at automotive software developers, it became evident that these guidelines are equally applicable across various industries where safety is paramount.
While MISRA C is not merely a style guide, it incorporates numerous rules that promote the writing of clear, readable, and maintainable code. This emphasis on clarity is invaluable, as code that is easy to understand is less likely to harbor subtle bugs or exhibit undefined behavior.
Understanding MISRA C: 2012 Guidelines
The MISRA C guidelines are continuously evolving, with updates focusing on enhancing clarity, accuracy, and support for newer versions of the C language standard. While detailed specifics may change, the fundamental philosophy and approach remain consistent.
Each guideline is categorized as one of the following:
-
Mandatory Rules:
These rules are the most stringent, unequivocally prohibiting certain practices. Any C code claimed to conform to MISRA C must comply with every mandatory guideline. Deviation from these rules is not permitted under any circumstances.
-
Required Rules:
Less strict than mandatory rules, the required rules are essential for enhancing code readability and preventing unsafe constructs. C code that is claimed to conform to the MISRA standard must comply with every required guideline. However, formal deviation is allowed under certain circumstances. When a deviation from a required rule is necessary, a thorough deviation record is essential.
-
Advisory Rules:
These rules are recommendations for best practices that are not mandatory but are strongly encouraged. While compliance with advisory rules is not required, developers are urged to follow these guidelines as they contribute to better code quality and maintainability.
Full details of MISRA C guidelines are available on MISRA’s official website,, and there exist numerous tools that support this approach, aiding developers in ensuring compliance and adherence to these critical guidelines.
Implementing MISRA Guidelines in Development
-
Integration and Timing
Ideally, integration should occur before code is written. This facilitates adherence to rules throughout the software’s lifecycle. However, for ongoing projects or completed code bases, thorough refactoring may be necessary to align with MISRA standards.
-
Establishing Documentation and Compliance Plans
Developers and stakeholders should establish a Guidelines Recategorization Plan (GRP), outlining acceptable shifts between guideline categories to suit project requirements. This plan enables customization and ensures alignment with MISRA standards.
-
Validation and Compliance Assessment
After implementing the GRP, developers create a Guidelines Compliance Summary (GCS), documenting the project’s compliance level with each guideline. The GCS serves as a reference point to apply GRP adjustments and identify any deviations from rules.
-
Verification through the Compliance Table
A Compliance Table acts as a crucial tool to verify the project’s compliance with MISRA standards. Instances where the project falls within the red zone signal non-compliance, prompting developers to take corrective action promptly.
Conclusion
In conclusion, adherence to MISRA rules ensures code is secure, portable, and reliable—a vital requirement for safety-critical software. By following a structured approach, from initial compliance planning to detailed documentation and validation, developers can create software that meets the highest safety and reliability standards.