MISRA is a set of C and C++ coding standards developed by the Motor Industry Software Reliability Association (MISRA). Today it’s being maintained and expanded by the MISRA Consortium. MISRA has grown into a standard for embedded industries as well as automotive systems. For example, ISO 26262 Functional Safety – Road Vehicles cites MISRA C as being an appropriate subset of the C language.
In the early 1990s, the UK government’s “SafeIT” program began working to develop guidelines for writing embedded code for road vehicles. In November 1994, that effort concluded with the publication of “Development Guidelines for Vehicle-Based Software.” Upon conclusion of the SafeIT program, the development team including individuals and organizations like Liverpool Data Research Associates (LDRA) continued working on a voluntary basis. That effort produced MISRA C, MISRA C++, and the MISTRA Safety guidelines. In 2021 the MISRA Consortium emerged to continue the work as a not-for-profit organization.
MISRA addendums
The MISRA C:2012 addendum security guidelines were developed to begin harmonizing MISRA C with the ISO/IEC 17961:2013 C language Security Guidelines to help developers write more secure code that’s also easier to maintain. In addition, the original 142 rules included a combination of Advisory and Required rules, while the MISRA C:2012 addendum expands that list to include 16 new directives — plus the rules have been expanded to include Mandatory rules in addition to the original Advisory and Required rules (Figure 1).
MISRA C addendum 2 was published in 2016 to further expand the MISRA specifications for security and extend MISRA C outside the automotive industry.
Continuing evolution
MISRA C continues to expand and evolve. In January 2019, the AUTomotive Open System ARchitecture (AUTOSAR) C++14 was incorporated into MISRA C. AUTOSAR C++14 restricts the use of C++14 to constructs that are predictable and don’t involve unnecessary safety and security risks. The automotive industry developed it for use in electronic control units (ECUs) and semiconductor devices.
MISRA C++ was based on C++3 and published in 2008. Since then, there have been significant advancements in C++ that were incorporated in AUTOSAR C++14 (which also includes guidelines for C++11). AUTOSAR C++14 also takes the ISO 26262 automotive functional safety standard into consideration. ISO 26262 was not available when MISRA C++ was released. The merger of MISRA C++ with AUTOSAR is designed to enhance support for safety-critical applications in general, not just automotive systems.
The new guidelines are designed for use in a range of industries including:
- Automotive
- Industrial
- Aerospace and defense
- Medical devices
- Railway systems
- Telecommunications
MISRA C:2023
The MISRA Consortium intends to continue updating MISRA. For example, MISRA C:2023 was released as an incremental update. It’s not a full-blown revision. It received the new “2023” designation to recognize the 25th anniversary of MISRA C. It includes support for versions C11 and C18 of the C language.
More MISRA C++ tools
When it was initially released, MISRA C++ was implemented with hand-written C and C++ code. More recently, the MISRA C++ standards have been extended to accommodate the use of automated code generation tools like MATLAB, Simulink, and Stateflow.
The MISRA autocode (AC) documents consider subsets of the language for automatic code generation. New versions of MISRA AC generic modeling design and style guidelines (GMG) and MISRA AC SLSF, “design and style guidelines for the use of The Mathworks Simulink and Stateflow tools for producing models that will be used for simulation and automatic code generation.”
Testing environments
MISRA C recommends that developers continuously check for compliance as code is written before formal code reviews and testing. Addressing problems early can speed up the development process and result in cleaner and more robust code. Manually checking thousands of lines of code for rule violations is generally not a practical solution and automated verification environments are available. Like MISRA C, these verification and testing environments are undergoing continual updating.
For example, the ECLAIR B package runs on the ECLAIR platform designed for automatic analysis, verification, and testing of C and C++ including MISRA (Figure 2). Some of the package elements include:
- An implementation of the source code metrics defined by the Hersteller Initiative Software (HIS) source code metrics
- A medium weight static analyzer
- An automated bug finder
Summary
MISRA started as a program of the UK government to enhance the safety of automotive software. It has continued to be refined and expanded. Today, it has incorporated AUTOSAR C++14 and the C18 version of the language. Its use has expanded far beyond its roots in the automotive industry and there are a growing number of automated tools available for MISRA code development and testing.
References
MISRA Consortium
Protecting Embedded Systems with New MISRA C Guidelines, LDRA
What Is MISRA C?, MathWorks
Muhammet Kamil Kalaycı says
Good read!