Join us on December 12! MISRA C++ 2023: Everything You Need to Know Register Now >>
The Motor Industry Software Reliability Association (MISRA) refers to the widely adopted and legendary coding standard for C and C++ languages. MISRA provides a comprehensive set of coding guidelines that focuses on protecting applications against known safety violations and security vulnerabilities. The Association classifies guidelines as either a “rule” or a “directive.”
A rule comes with a complete description of the coding requirement, and through static analysis, developers can use it to check that source code complies with a guideline without the need to seek out any other information. A directive, on the other hand, offers an important prescription or development guidance for developers to follow when it’s generally not possible for them to perform a check for compliance.
MISRA is a consortium of automotive-related industries that came together in the early 1990s as a result of the United Kingdom’s Safety Critical Systems Research Programme. The U.K. government instituted this program to address some of the challenges that the automobile industry faced due to auto and truck makers increasing the use of software in the manufacture and operation of road vehicles. Parasoft is a member of the MISRA C and MISRA C++ Working Group.
Michal Rozenau has been an active member of the MISRA C and MISRA C++ Working Group.
As a participant in MISRA’s C and C++ working groups actively developing MISRA, Parasoft helps define the standard and is committed to swiftly performing product updates. Customers are supported with the latest technologies to continuously reduce costs and deliver safe, secure, reliable, and compliant software.
MISRA C 2023 consolidates MISRA C 2012 and all the amendments and corrigendums that have been released to date. The standard supports the C programming language, versions C90, C99, C11, and C18. Parasoft C/C++test fully supports MISRA C 2023 and has made it available to software development teams looking to ensure deployment of code that’s compliant with the latest coding standard in safety and security.
MISRA C++ 2023 combines MISRA C++ 2008 and AUTOSAR C++14 coding guidelines with advancements in support of the C++ programming language, C++17. Parasoft C/C++test provides 100% coverage of this new standard. With Parasoft C/C++test, software engineers have the ability to scan modern C++ code and ensure that the applications that use C++17 and C++20 are the safest and most secure possible.
“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.
When developers implement MISRA guidelines, it helps them deliver safe, secure, and reliable code that has everlasting benefits. MISRA compliance impacts your product’s success and longevity while reducing labor costs and time to market.
A great thing about proposing MISRA compliance is that security teams can introduce and use the guidelines at any software development phase of a project, and the guidelines are effective even if a project is incomplete and partially coded.
The biggest challenge with introducing MISRA compliance is that a large amount of code can produce a large number of warnings. Therefore, companies should focus on getting the team productive as soon as possible when integrating MISRA compliance into a project.
Companies should also concentrate on minimizing the possibility of the static analysis warnings overwhelming the team. As achieving MISRA compliance becomes part of the developers’ daily routine, the developers can analyze results quicker and fix bugs more efficiently.
It’s also important to consider the maturity of the product under development, as this impacts the way the company can adopt MISRA compliance.
The primary approach to adopting MISRA compliance for these projects is called “acknowledge and defer.” Since developers are adding little new code, all of the safety bugs and security vulnerabilities they discover add to the existing technical debt.
The recommended approach to MISRA compliance is called “a line in the sand” approach. At a high level, this approach means developers improve new code as they develop it while deferring less critical warnings as technical debt.
Developers can integrate MISRA compliance in their development environments from the start, ensuring a high standard of quality code as they write it. The approach to adoption, in this case, is aptly named “greenfield.”
Parasoft C/C++test detects complex MISRA compliance runtime-like problems early in the development stage — without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code and finds MISRA compliance issues, like null pointer dereferencing, division by zero, memory leaks, and security vulnerabilities, such as arithmetic on a pointer operand, buffer overflows, unreachable code, and stdlib system function.
Users can view results from C/C++test’s MISRA compliance in Parasoft’s dynamic reporting dashboard, enabling automated post-processing and advanced reporting strategies using historical data. It’s easy to see MISRA compliance results across builds over time, even when working with large codebases and legacy code where visibility into the code is typically challenging so you can quickly focus on the quality of the newly added code.
With widgets that automatically track MISRA compliance, users get a dynamic view into the software compliance process, and can easily produce automatic reports for code audits and certification goals.
Frequently Asked Questions
The Motor Industry Software Reliability Association (MISRA) refers to the widely adopted and legendary coding standard for C and C++ languages. MISRA provides a comprehensive set of coding guidelines that focuses on protecting applications against known safety violations and security vulnerabilities.
Incorporate into your software implementation phase a TÜV certified solution that analyzes your code to the MISRA standard for known safety and application security violations.
In modern Agile development, you can also automate MISRA analysis and compliance into your continuous integration and continuous delivery (CI/CD) workflow. Make sure to understand all identified violations and make certain to address them all. If there are any deviations, thoroughly document them as required by the MISRA standard.
Lastly, you need to present the following artifacts for MISRA compliance certification.
The latest version, MISRA C:2023, includes 200 MISRA C rules and 21 directives for a total of 221 guidelines. The preceding version and final MISRA C:2012 Amendment 4, published on March 15, 2023, contributed to the MISRA standard with 19 new rules and 3 directives.
Static analysis is the process of examining source code without execution, usually for the purposes of finding bugs or evaluating code safety, security, and reliability. This means software teams and software security teams can use static analysis on partially complete code, libraries, and third-party source code.
Static analysis tools help teams conform to coding standards such as MISRA C/C++, AUTOSAR C++ 14, SEI CERT, or your own custom configuration.