This article is part of the TechXchange: Developing High-Quality Software.
What you’ll learn:
- Why MISRA C matters for ensuring safer, more secure software across multiple industries.
- Straightforward and strategic steps for following MISRA C 2023, the most up-to-date version that was announced in March.
The C language remains a popular choice among embedded developers. It can present challenges for safety- or security-critical applications, though, because it’s based on standards (ISO/IEC 9899:2011 and 2018) that omit comprehensive specifications for how implementations must behave.
This omission is by design. It provides developers with the flexibility to control application behavior and memory access in ways that can be unpredictable and non-deterministic, as well as giving them more leeway to manage system resources. The downside to this flexibility is the potential compromise of system safety, security, and reliability.
This is where MISRA C comes into play. The MISRA C guidelines restrict use of the C language to a safety- and security-critical subset. Unlike a coding style guide, MISRA C is a set of rules and directives to help developers avoid coding practices that are known to be hazardous.
The latest release of the guidelines, MISRA C:2012 Amendment 4, covers new concurrency features introduced by the C11 and C18 standards. Released at the same time, MISRA C:2023 consolidates all MISRA C editions, amendments, and technical corrigenda into a single document. This addresses what has been a huge configuration-management challenge for development teams.
The AMD4 and MISRA C:2023 releases offer developers an opportunity to revisit their processes and improve support for effective and efficient demonstration of MISRA compliance. This requires a thoughtful strategy to integrate the MISRA rules and directives into development processes, from training to automated tools, without impacting development schedules. A few straightforward steps can help teams establish a winning strategy for safer, more secure software using a proven process.
Develop a Strategy for MISRA C:2023 Compliance
The MISRA C guidelines don’t specify exact processes and tools for achieving compliance, as documenting such requirements would unfairly limit what embedded development teams can do. Rather, the MISRA Compliance:2020 guide provides definitions of “what must be covered within the software development process when making a claim of MISRA compliance” as a framework for capturing the activities that matter most.
The MISRA Compliance:2020 guide (see figure) covers many process and compliance essentials, built around fundamental elements that claims of compliance must establish:
- Use of a disciplined software development process.
- The exact guidelines applied.
- The effectiveness of the enforcement methods.
- The extent of any deviations from the guidelines.
- The status of any software components developed outside of the project.
The following strategies will have the greatest impact on development teams who want to streamline their compliance efforts.
MISRA C:2023 Strategy #1—Define your software development process.
Integrating compliance into a new or existing development process starts by defining how your team will validate the MISRA rules and directives at each step of the lifecycle. This supports the MISRA Compliance:2020 guide statement that the “MISRA Guidelines are intended to be used within the framework of a documented software development process.”
In addition, “compliance with MISRA Guidelines must be an integral component of the code development phase and compliance requirements need to be satisfied before code is submitted for review or unit testing.”
These definition activities influence developer training, the creation and management of compliance artifacts, and how compliance tests are run. You’ll need to formally document your processes to ensure that all software requirements are fully implemented in each phase of the development lifecycle and all code is covered by testing activities.
Furthermore, your documentation must include all decisions that drive development tasks, including training, reporting, selection of the development toolchain, and run-time configurations.
MISRA C:2023 Strategy #2—Train your developers on MISRA C:2023.
Formal training allows developers to spend less time figuring out MISRA compliance and more time delivering code. The MISRA Compliance:2020 guide recommends that training includes concepts around the use of the C language for embedded applications and specifics on safety- and security-critical systems.
MISRA C:2023 also includes new guidelines for complex, multithreaded systems. That makes it even more important for developers working with relevant applications to refresh their understanding of how their choices impact the enforcement of MISRA guidelines and how they can reduce the likelihood of introducing violations in concurrent applications.
Beyond code, developers should also learn the safety and security implications of their chosen development environment, from compiler toolchain to static-analysis tools. Static-analysis findings reinforce MISRA rules and directives as code is written, maintaining a constant level of awareness in the minds of new and experienced developers alike.
MISRA C:2023 Strategy #3—Establish your deviations process.
MISRA compliance requires that the code supplier and acquirer agree on the interpretation of rules and directives. This alignment is critical, as the notion of compliance differs based on each project’s unique requirements and characteristics. One element of that alignment uses an established process for managing deviations from the guidelines, for those instances where proving compliance might be impractical or impossible.
The MISRA Compliance:2020 guide defines a deviation record as containing the following information:
- The guideline(s) violated.
- A description of the circumstances in which a violation is acceptable.
- The reason why the deviation is required.
- Background information that explains context and language issues.
- A set of requirements to include relevant risk assessment procedures and precautions.
MISRA C:2023 Strategy #4—Use automation to support compliance activities.
The MISRA Compliance:2020 guide states that, “A project that attempts to check for compliance late in its lifecycle is likely to spend a considerable amount of time in re-coding, re-reviewing and re-testing, and it is easy for this rework to introduce defects by accident.”
Automated development and testing tools reduce manual effort and possibilities for human error in MISRA compliance activities. Especially when deployed early in the software development lifecycle, automation can help teams avoid expensive and time-consuming rework downstream.
To simplify compliance testing, MISRA C:2012 introduced two classifications of rules:
- Decidable for rules where analysis techniques can provide conclusive verification.
- Undecidable where no verification guarantee is possible.
Pairing the decidable rules with the recommendation by MISRA to use static analysis for verification leads to an efficient and comprehensive solution to automated compliance testing.
The recent releases of AMD4 and MISRA C:2023 offer embedded development teams an ideal opportunity to align with proven rules and guidelines for safer, more secure code. A few straightforward strategies can help you integrate the MISRA rules and directives into your processes without sacrificing development efficiencies.
Read more articles in the TechXchange: Developing High-Quality Software.