Parasoft Logo
Geometric background with hints of blue and green

MISRA

MISRA C & C++ Solutions by Parasoft

Failing to meet stringent guidelines jeopardizes product safety, reliability, security, and certification. Without an automated approach, manually tracking compliance across thousands of lines of code becomes nearly impossible. Learn how our tools help you reduce risk and development costs while achieving MISRA compliance.

What Is MISRA?

MISRA is a widely adopted and industry-standard coding guideline framework for C and C++ programming languages. It systematically guides teams toward safe and secure embedded code. At Parasoft, we deliver end-to-end MISRA C and C++ solutions that include the latest standards with full MISRA guidelines analysis, AI-driven prioritization, and automated compliance reporting.

Overhead view of a black car driving down a dark street. Car has lights on.

DevOps Best Practices for Automotive Development

Read More

Understanding MISRA

Developers in safety-critical industries constantly face code quality challenges, from hidden defects to mounting compliance requirements. MISRA provides a comprehensive set of coding guidelines that focuses on protecting applications against known safety violations and security vulnerabilities.

MISRA guidelines are defined as either a “rule” or a “directive.”

  • A rule comes with a complete description of the coding requirement, and through static analysis, developers can use it to check that source code complies with the rules.
  • A directive, on the other hand, offers an important prescription, providing direction and advice for developers to follow. In essence, rules are mandatory, while guidelines are advisory.

Developers use the MISRA coding standards in businesses beyond the automotive industry, such as medical devices, military, aerospace, industrial automation, rail, and energy. These standards facilitate the development of safe, secure, and reliable safety- and security-critical systems.

Blue Shield Icon

Core Principles of MISRA Compliance

MISRA compliance impacts your product’s success and longevity while reducing labor costs and time to market. It does this through its core principles in ensuring predictability, security, and maintainability. MISRA compliance not only extends your product’s market life but also significantly reduces last-minute firefighting and the potential for costly recalls.

MISRA Working Group Member

As a member of MISRA’s C and C++ working groups actively developing MISRA, Parasoft helps define the standard and is committed to swiftly performing product updates with 100% MISRA C/C++ guideline support. Parasoft’s leadership in the MISRA Working Group, combined with our tool quality and TÜV SÜD-certified C/C++ static analysis solutions, underlines our unwavering dedication to helping developers transition seamlessly to MISRA compliance.

MISRA EXPERT

Michal Rozenau

Michal Rozenau has been an active member of the MISRA C and MISRA C++ Working Group.

The Most Extensive MISRA Coverage

MISRA C 2025

As C evolves (for example, C99, C11/C18, C23), the latest MISRA C:2025 evolved from MISRA C:2023 and update its guidelines to address new features, potential pitfalls, and best practices for safety-critical use. In addition, it addresses new security threats, refines existing guidelines, improves clarity and usability in its standard, and lowers compliance overhead by removing obsolete rules.

MISRA C++ 2023

MISRA C++ 2023 advances the lineage that MISRA C++ 2008 and AUTOSAR C++14 started in support of the C++ programming language. Parasoft C/C++test provides 100% coverage of this new standard. With Parasoft C/C++test, software engineers have the ability to scan modern C++ code and ensure that the applications that use C++17 and C++20 are the safest and most secure possible.

MISRA C 2023

Long awaited MISRA C 2023 consolidated MISRA C 2012 and all the amendments and corrigendum’s that had been released to date. The standard supports the C programming language, versions C90, C99, C11, and C18. Parasoft C/C++test fully supports MISRA C 2023 and its predecessor MISRA C:2025 has made these standards available to software development teams looking to ensure deployment of code that’s compliant with this coding standard in safety and security.

Dive into MISRA C code checking in detail.

Learning Center: MISRA C 2023 Compliance: Test Automation Guide »

Aligning With Functional Safety Standards

By implementing MISRA guidelines in your development process, you’re also addressing key verification requirements in functional safety standards. Compliance with MISRA coding guidelines creates a solid foundation for safety-critical embedded software integrity across many industrial sectors.

  • ISO 26262 (automotive)
  • IEC 61508 (industrial automation)
  • IEC 62304 (medical)
  • DO-178C (mil/aero)
  • EN 50716 (rail)

Parasoft’s MISRA Compliance Tool

C/C++test for Static Analysis

Parasoft C/C++test provides complete support for MISRA coding standards, which are crucial for developing safety-critical and security-focused software. Our static analysis solution integrates seamlessly into developers’ IDEs or CI/CD workflows and generates all necessary compliance reports.

Parasoft C/C++test’s static analysis acts as a shift-left tool, empowering development teams to proactively identify and address quality, security, and compliance issues in C and C++ code before it reaches later, more expensive stages of the software development life cycle.

C/C++test employs several advanced static analysis techniques to thoroughly examine code without execution.

Pattern-Based Analysis

Looks for specific code patterns that violate defined rules.

Control Flow Analysis

Simulates program execution paths to find complex runtime-like problems early.

Metrics Analysis

Collects and analyzes code metrics, for example, cyclomatic complexity, lines of code, cohesion, to provide insights into code quality and maintainability.

Learn More About Parasoft C/C++test »

Dataflow Analysis

Tracks how data flows through the program to identify potential issues like uninitialized variables or incorrect data usage.

Dead Code Detection

Identifies unused code, such as functions, variables, or other constructs that are defined but never called or referenced.

Management Across Coding Standards

Engineering teams often need to understand how MISRA relates to other industry standards they may already follow. This comparison helps determine the most effective compliance strategy for your specific safety and security needs.

However, when you’re adapting to a new coding standard, incorporating an additional standard, or managing a set of standards, all existing suppressions for equivalent rules will automatically be detected and reapplied by C/C++test. This capability saves a lot of manual work that was already invested in analyzing violations and creating suppressions. In addition, this information will clearly be reflected in the generated reports.

Comparison Overview

The MISRA guidelines (for C and C++) are among the most widely recognized coding standards for safety-critical and high-integrity systems, offering strict, enforceable rules to minimize undefined behavior and promote reliability. While other standards, such as CERT (security-focused), AUTOSAR (automotive-specific), and language-specific guidelines address related concerns, MISRA distinguishes itself through its industry-agnostic safety focus, rigorous compliance requirements, and adaptability to regulated environments.

CERT C/C++ vs MISRA C/C++

Both are crucial coding standards, but they address different primary concerns. MISRA focuses on ensuring functional safety, reliability, and portability by defining a “safe subset” of C/C++ to avoid problematic language features and behaviors, while CERT concentrates on software security by providing guidelines to prevent common programming errors that could lead to exploitable vulnerabilities and security breaches. Many teams implement a MISRA and CERT combined approach for comprehensive coverage.

AUTOSAR C++ 14 vs MISRA C++:2023

MISRA C++:2023, developed collaboratively by MISRA and AUTOSAR, is the unified, modern coding standard for safety and security-critical C++ (C++17 with future C++20 compatibility in mind) development in automotive applications. It integrates and updates the coding best practices from the earlier AUTOSAR C++14. While MISRA C++:2023 strictly defines coding rules, AUTOSAR C++14 (though largely superseded for code rules) provides broader guidelines encompassing design, toolchain qualification, and documentation for automotive regulatory compliance (for example, ASPICE or explore ISO 26262 compliance).

Integration With CI/CD

Modern development teams need to integrate compliance checks seamlessly into their continuous integration workflows. Manual verification simply doesn’t scale for large, complex codebases under tight delivery schedules. Continuous testing provides an automated, unobtrusive way to obtain immediate feedback on code upon checking it in.

The purpose is to build quality and security into the product as part of a continuous integration/release/delivery process. Early identified MISRA violations prevent bugs from entering the software build.

Ensuring Fast Feedback Loops

blue icon with triangle and explanation point

Receive immediate alerts upon the introduction of critical MISRA violations, enabling developers to fix issues before they enter the code review phase.

Icon inside a blue circle showing three white arrows forming a continuous circle.

Reduce friction in code reviews by automatically validating MISRA compliance beforehand, letting reviewers focus on architecture and logic.

Blue circle with a white icon in the center that shows test data and a check mark

Implement quality gates that prevent noncompliant code from progressing to testing or production environments.

jenkins Logo
Jenkins
  • Install the Parasoft Findings Plugin to publish MISRA violations.
  • Configure the Warnings Next Generation Plugin to visualize MISRA rule violations.
  • Example Jenkins pipeline step:

stage('Static Analysis') { 
        steps { 
          sh 'cpptestcli -config "MISRA_C_2025" -bdf compile_commands.json -report reports/ -format=xml' 
          parasoftPublisher reportPattern: 'reports/report.xml' 
        } 
}

                                    
Image of a cup of coffee with steam rising from it
GitLab logo
GitLab
    • Use the cpptest-gitlab project for example CI templates.
    • View MISRA violations in GitLab’s Security tab and Merge Request reports.
    • Example .gitlab-ci.yml snippet:

static_analysis:
  stage: test
  image: your-image-with-cpptestcli
  script:
    - cpptestcli -config "MISRA_C_2025" -bdf compile_commands.json -report gl-sast-report.json -format=sarif
  artifacts:
    reports:
      sast: gl-sast-report.json
  paths:
      - gl-sast-report.json
Colorful image of a horizontal line with arrows pointing on each end
GitHub Logo
GitHub
  • Use the Run Parasoft C/C++test GitHub Action for MISRA analysis.
  • View results in GitHub’s Security tab as Code Scanning Alerts.
  • Example workflow:

- name: Run MISRA Analysis
  uses: parasoft/cpptest-action@v1
  with:
    config: 'MISRA_C_2025'
    build_system: 'compilation_database'
    input: 'compile_commands.json'
    args: '-report github-sarif.sarif -format=sarif'
Colorful arrows pointing in different directions
Microsoft Azure DevOps logo
Azure DevOps
  • Integrate Parasoft into Azure Pipelines for MISRA checks.
  • View results in Azure Security Dashboard and Pull Request annotations.
  • Example YAML step:

- task: ParasoftCppTest@1
  inputs:
    config: 'MISRA_C_2025'
    buildSystem: 'compilation_database'
    input: 'compile_commands.json'
    results: '/cpptest-reports//report.xml'
    reportFormat: 'sarif'
    failOnViolation: true
Vibrant cloud image

Best Practices for MISRA C

Code Review Best Practices

In addition to MISRA compliance, convene with your fellow software engineers and systematically check each other’s code for mistakes and coding style violations. Experience shows that this activity accelerates production and substantially improves code quality.

Code Clarity and Understanding

MISRA compliance helps you write code that’s easy to read and understand. Avoid overly clever or cryptic code that’s difficult to follow or easily misunderstood. We get how tempting it can be to use complex workarounds under deadline pressure. Like many embedded developers, you’re probably juggling multiple standards while trying to keep your code maintainable. Simplifying code with MISRA guidelines eliminates the headaches of misunderstanding and rework.

MISRA guidelines prevent engineers from spending excessive time deciphering bugs in the code. We understand how draining it is to lose entire sprints chasing down elusive bugs. It’s reassuring to know that adopting MISRA’s clarity-based approach ensures your entire team can identify defects faster, preventing those long nights of frantic debugging.

Handling Error Scenarios

Complying with MISRA guidelines means you write code that lasts, not just for ideal situations, but also for unexpected challenges. It’s about preparing your software for all possibilities, ensuring it can gracefully handle everything from typical operations to encountering invalid data or unforeseen errors, making your application significantly more robust and reliable.

Code Portability

MISRA compliance helps programmers write code that can easily be moved and reused across different computer systems or hardware, similar to how standards like POSIX and ANSI C allow software to work on various platforms without major changes. This means developers can switch to different compilers or operating systems with minimal effort, which can open up valuable financial or business opportunities when new target systems or operating environments become necessary.

Reducing Code Complexity

MISRA compliance helps developers minimize excessive branching in their code. The higher the branching complexity, the greater the potential for bugs and maintenance challenges.

Introducing MISRA at Any Stage

One of MISRA’s key strengths is that teams can introduce the guidelines at any stage of software development, and the standards remain effective even for incomplete or partially coded projects.

It’s distressing when you discover security holes late in the development process. We’ve been there. MISRA helps you safeguard your software from day one by acting as a continuous shield, ensuring no critical coding violation slip through.

Adopting MISRA

Icon depicting a cog

Existing Project Approach

For projects where new code development is minimal, achieving MISRA compliance presents unique challenges, often leading to the adoption of an “acknowledge and defer” strategy. While pragmatic, this approach means that any newly uncovered coding violation contributes to the burgeoning technical debt rather than being immediately resolved.

Icon of a white star inside a blue circle

Recommended Implementation Strategy

To properly implement static analysis for MISRA compliance, focus first on fixing all Mandatory rule violations—absolute requirements for certification. Once you satisfy Mandatory rules, address Required rule violations while documenting any necessary deviations.

Finally handle Advisory rule violations as time permits. Don’t waste effort treating all findings equally. A strict priority order (Mandatory → Required → Advisory) is the most efficient path to compliance. As your team gains experience, integrate static analysis into regular development workflows to maintain compliance with minimal overhead.

Static vs. Dynamic Analysis: Best Practices »

Automate Icon Blue

Automated Runtime Problem Detection

Parasoft C/C++test detects complex MISRA compliance runtime-like problems early in the development stage without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code and finds MISRA compliance issues, like null pointer dereferencing, division by zero, memory leaks, and security vulnerabilities, such as arithmetic on a pointer operand, buffer overflows, unreachable code, and stdlib system function.

Icon of a cog with a checkmark in the center

Real World Examples of MISRA Updates

MISRA C 2025 in Legacy Code

The MISRA C 2025 update brings practical improvements for teams dealing with legacy code. By removing obsolete rules, the standard reduces compliance overhead that previously bogged down development teams. For example, certain restrictions on declaration placement have been relaxed when they don’t impact safety, making code refactoring simpler and faster.

MISRA C++ 2023 for Modern Projects

With MISRA C++ 2023 supporting C++17 features, teams can leverage modern C++ capabilities while maintaining safety. This enables developers to write more concise code through features like structured bindings and class template argument deduction, while still maintaining the robustness required for safety-critical applications.

Icon of shield

Compliance Reporting

Parasoft’s analytics dashboard provides automated compliance reporting. For safety and security-critical applications, you’ll want to use our TÜV SÜD certified solution on safety-critical systems.

Parasoft’s automated compliance reporting dashboard »

Next Steps

Implementing MISRA C\C++ guidelines creates a foundation for safe, secure, and reliable embedded software. By leveraging Parasoft’s comprehensive MISRA compliance solutions, your team can automate time-consuming verification tasks, reduce technical debt, and deliver higher-quality code with lower development costs.

Join over 1,000 industry leaders already using Parasoft to automate MISRA compliance. See how leading aerospace companies have cut defect rates by 35% while accelerating time to market.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.

Decorative image of a shield within a technology environment
Footer Banner with people working on computers and conversing

Elevate your software testing with Parasoft solutions.

Request a Demo