See real examples of how you can use AI in your testing. Right now. Learn More >>
MISRA
Failing to meet stringent guidelines jeopardizes product safety, reliability, security, and certification. Without an automated approach, manually tracking compliance across thousands of lines of code becomes nearly impossible. Learn how our tools help you reduce risk and development costs while achieving MISRA compliance.
MISRA is a widely adopted and industry-standard coding guideline framework for C and C++ programming languages. It systematically guides teams toward safe and secure embedded code. At Parasoft, we deliver end-to-end MISRA C and C++ solutions that include the latest standards with full MISRA guidelines analysis, AI-driven prioritization, and automated compliance reporting.
DevOps Best Practices for Automotive Development
Developers in safety-critical industries constantly face code quality challenges, from hidden defects to mounting compliance requirements. MISRA provides a comprehensive set of coding guidelines that focuses on protecting applications against known safety violations and security vulnerabilities.
MISRA guidelines are defined as either a “rule” or a “directive.”
Developers use the MISRA coding standards in businesses beyond the automotive industry, such as medical devices, military, aerospace, industrial automation, rail, and energy. These standards facilitate the development of safe, secure, and reliable safety- and security-critical systems.
MISRA compliance impacts your product’s success and longevity while reducing labor costs and time to market. It does this through its core principles in ensuring predictability, security, and maintainability. MISRA compliance not only extends your product’s market life but also significantly reduces last-minute firefighting and the potential for costly recalls.
As a member of MISRA’s C and C++ working groups actively developing MISRA, Parasoft helps define the standard and is committed to swiftly performing product updates with 100% MISRA C/C++ guideline support. Parasoft’s leadership in the MISRA Working Group, combined with our tool quality and TÜV SÜD-certified C/C++ static analysis solutions, underlines our unwavering dedication to helping developers transition seamlessly to MISRA compliance.
MISRA EXPERT
Michal Rozenau has been an active member of the MISRA C and MISRA C++ Working Group.
As C evolves (for example, C99, C11/C18, C23), the latest MISRA C:2025 evolved from MISRA C:2023 and update its guidelines to address new features, potential pitfalls, and best practices for safety-critical use. In addition, it addresses new security threats, refines existing guidelines, improves clarity and usability in its standard, and lowers compliance overhead by removing obsolete rules.
MISRA C++ 2023 advances the lineage that MISRA C++ 2008 and AUTOSAR C++14 started in support of the C++ programming language. Parasoft C/C++test provides 100% coverage of this new standard. With Parasoft C/C++test, software engineers have the ability to scan modern C++ code and ensure that the applications that use C++17 and C++20 are the safest and most secure possible.
Long awaited MISRA C 2023 consolidated MISRA C 2012 and all the amendments and corrigendum’s that had been released to date. The standard supports the C programming language, versions C90, C99, C11, and C18. Parasoft C/C++test fully supports MISRA C 2023 and its predecessor MISRA C:2025 has made these standards available to software development teams looking to ensure deployment of code that’s compliant with this coding standard in safety and security.
Dive into MISRA C code checking in detail.
Learning Center: MISRA C 2023 Compliance: Test Automation Guide »
By implementing MISRA guidelines in your development process, you’re also addressing key verification requirements in functional safety standards. Compliance with MISRA coding guidelines creates a solid foundation for safety-critical embedded software integrity across many industrial sectors.
Parasoft C/C++test provides complete support for MISRA coding standards, which are crucial for developing safety-critical and security-focused software. Our static analysis solution integrates seamlessly into developers’ IDEs or CI/CD workflows and generates all necessary compliance reports.
Parasoft C/C++test’s static analysis acts as a shift-left tool, empowering development teams to proactively identify and address quality, security, and compliance issues in C and C++ code before it reaches later, more expensive stages of the software development life cycle.
C/C++test employs several advanced static analysis techniques to thoroughly examine code without execution.
Pattern-Based Analysis
Looks for specific code patterns that violate defined rules.
Control Flow Analysis
Simulates program execution paths to find complex runtime-like problems early.
Metrics Analysis
Collects and analyzes code metrics, for example, cyclomatic complexity, lines of code, cohesion, to provide insights into code quality and maintainability.
Dataflow Analysis
Tracks how data flows through the program to identify potential issues like uninitialized variables or incorrect data usage.
Dead Code Detection
Identifies unused code, such as functions, variables, or other constructs that are defined but never called or referenced.
Engineering teams often need to understand how MISRA relates to other industry standards they may already follow. This comparison helps determine the most effective compliance strategy for your specific safety and security needs.
However, when you’re adapting to a new coding standard, incorporating an additional standard, or managing a set of standards, all existing suppressions for equivalent rules will automatically be detected and reapplied by C/C++test. This capability saves a lot of manual work that was already invested in analyzing violations and creating suppressions. In addition, this information will clearly be reflected in the generated reports.
The MISRA guidelines (for C and C++) are among the most widely recognized coding standards for safety-critical and high-integrity systems, offering strict, enforceable rules to minimize undefined behavior and promote reliability. While other standards, such as CERT (security-focused), AUTOSAR (automotive-specific), and language-specific guidelines address related concerns, MISRA distinguishes itself through its industry-agnostic safety focus, rigorous compliance requirements, and adaptability to regulated environments.
Both are crucial coding standards, but they address different primary concerns. MISRA focuses on ensuring functional safety, reliability, and portability by defining a “safe subset” of C/C++ to avoid problematic language features and behaviors, while CERT concentrates on software security by providing guidelines to prevent common programming errors that could lead to exploitable vulnerabilities and security breaches. Many teams implement a MISRA and CERT combined approach for comprehensive coverage.
MISRA C++:2023, developed collaboratively by MISRA and AUTOSAR, is the unified, modern coding standard for safety and security-critical C++ (C++17 with future C++20 compatibility in mind) development in automotive applications. It integrates and updates the coding best practices from the earlier AUTOSAR C++14. While MISRA C++:2023 strictly defines coding rules, AUTOSAR C++14 (though largely superseded for code rules) provides broader guidelines encompassing design, toolchain qualification, and documentation for automotive regulatory compliance (for example, ASPICE or explore ISO 26262 compliance).
Modern development teams need to integrate compliance checks seamlessly into their continuous integration workflows. Manual verification simply doesn’t scale for large, complex codebases under tight delivery schedules. Continuous testing provides an automated, unobtrusive way to obtain immediate feedback on code upon checking it in.
The purpose is to build quality and security into the product as part of a continuous integration/release/delivery process. Early identified MISRA violations prevent bugs from entering the software build.
Receive immediate alerts upon the introduction of critical MISRA violations, enabling developers to fix issues before they enter the code review phase.
Reduce friction in code reviews by automatically validating MISRA compliance beforehand, letting reviewers focus on architecture and logic.
Implement quality gates that prevent noncompliant code from progressing to testing or production environments.
stage('Static Analysis') {
steps {
sh 'cpptestcli -config "MISRA_C_2025" -bdf compile_commands.json -report reports/ -format=xml'
parasoftPublisher reportPattern: 'reports/report.xml'
}
}
static_analysis:
stage: test
image: your-image-with-cpptestcli
script:
- cpptestcli -config "MISRA_C_2025" -bdf compile_commands.json -report gl-sast-report.json -format=sarif
artifacts:
reports:
sast: gl-sast-report.json
paths:
- gl-sast-report.json
- name: Run MISRA Analysis
uses: parasoft/cpptest-action@v1
with:
config: 'MISRA_C_2025'
build_system: 'compilation_database'
input: 'compile_commands.json'
args: '-report github-sarif.sarif -format=sarif'
- task: ParasoftCppTest@1
inputs:
config: 'MISRA_C_2025'
buildSystem: 'compilation_database'
input: 'compile_commands.json'
results: '/cpptest-reports//report.xml'
reportFormat: 'sarif'
failOnViolation: true
In addition to MISRA compliance, convene with your fellow software engineers and systematically check each other’s code for mistakes and coding style violations. Experience shows that this activity accelerates production and substantially improves code quality.
MISRA compliance helps you write code that’s easy to read and understand. Avoid overly clever or cryptic code that’s difficult to follow or easily misunderstood. We get how tempting it can be to use complex workarounds under deadline pressure. Like many embedded developers, you’re probably juggling multiple standards while trying to keep your code maintainable. Simplifying code with MISRA guidelines eliminates the headaches of misunderstanding and rework.
MISRA guidelines prevent engineers from spending excessive time deciphering bugs in the code. We understand how draining it is to lose entire sprints chasing down elusive bugs. It’s reassuring to know that adopting MISRA’s clarity-based approach ensures your entire team can identify defects faster, preventing those long nights of frantic debugging.
Complying with MISRA guidelines means you write code that lasts, not just for ideal situations, but also for unexpected challenges. It’s about preparing your software for all possibilities, ensuring it can gracefully handle everything from typical operations to encountering invalid data or unforeseen errors, making your application significantly more robust and reliable.
MISRA compliance helps programmers write code that can easily be moved and reused across different computer systems or hardware, similar to how standards like POSIX and ANSI C allow software to work on various platforms without major changes. This means developers can switch to different compilers or operating systems with minimal effort, which can open up valuable financial or business opportunities when new target systems or operating environments become necessary.
MISRA compliance helps developers minimize excessive branching in their code. The higher the branching complexity, the greater the potential for bugs and maintenance challenges.
One of MISRA’s key strengths is that teams can introduce the guidelines at any stage of software development, and the standards remain effective even for incomplete or partially coded projects.
It’s distressing when you discover security holes late in the development process. We’ve been there. MISRA helps you safeguard your software from day one by acting as a continuous shield, ensuring no critical coding violation slip through.
For projects where new code development is minimal, achieving MISRA compliance presents unique challenges, often leading to the adoption of an “acknowledge and defer” strategy. While pragmatic, this approach means that any newly uncovered coding violation contributes to the burgeoning technical debt rather than being immediately resolved.
To properly implement static analysis for MISRA compliance, focus first on fixing all Mandatory rule violations—absolute requirements for certification. Once you satisfy Mandatory rules, address Required rule violations while documenting any necessary deviations.
Finally handle Advisory rule violations as time permits. Don’t waste effort treating all findings equally. A strict priority order (Mandatory → Required → Advisory) is the most efficient path to compliance. As your team gains experience, integrate static analysis into regular development workflows to maintain compliance with minimal overhead.
Parasoft C/C++test detects complex MISRA compliance runtime-like problems early in the development stage without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code and finds MISRA compliance issues, like null pointer dereferencing, division by zero, memory leaks, and security vulnerabilities, such as arithmetic on a pointer operand, buffer overflows, unreachable code, and stdlib system function.
The MISRA C 2025 update brings practical improvements for teams dealing with legacy code. By removing obsolete rules, the standard reduces compliance overhead that previously bogged down development teams. For example, certain restrictions on declaration placement have been relaxed when they don’t impact safety, making code refactoring simpler and faster.
With MISRA C++ 2023 supporting C++17 features, teams can leverage modern C++ capabilities while maintaining safety. This enables developers to write more concise code through features like structured bindings and class template argument deduction, while still maintaining the robustness required for safety-critical applications.
Parasoft’s analytics dashboard provides automated compliance reporting. For safety and security-critical applications, you’ll want to use our TÜV SÜD certified solution on safety-critical systems.
Implementing MISRA C\C++ guidelines creates a foundation for safe, secure, and reliable embedded software. By leveraging Parasoft’s comprehensive MISRA compliance solutions, your team can automate time-consuming verification tasks, reduce technical debt, and deliver higher-quality code with lower development costs.
Join over 1,000 industry leaders already using Parasoft to automate MISRA compliance. See how leading aerospace companies have cut defect rates by 35% while accelerating time to market.
“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.
Elevate your software testing with Parasoft solutions.