MISRA: Software Development Guidelines For The C Programming Language

MISRA C: A set of recommendations or guidelines for software development in C language developed by MISRA (The Motor Industry Software Reliability Association).

C is a popular programming language due to its easy access to hardware, flexibility, and low memory demands. C is used to build applications ranging from simple operating systems to more complex programs. Basic knowledge of C programming ensures a grasp of most other similar programming languages.

However, C is not without some limitations, such as not being object-oriented, susceptibility to buffer overruns/underruns, use of initialized memory, lack of exception handling, not implementing the concept of namespaces, and others.

C was the de-facto language for coding automobile design systems. The UK-based Motor Industry Software Reliability Association (MISRA) needed a way to handle the limitations of C and enable the safe use of C programming, so experienced embedded programmers developed MISRA C.

misraWhat Is MISRA C?

MISRA C, developed by MISRA, is a set of software development guidelines for the C programming language which enable best practices in code safety, security, portability, and reliability in embedded systems. Originally made for use in the automotive industry, it has evolved and is now widely used by developers in many sectors, like the automotive, aerospace, telecom, medical supplies, defense, and railway, amongst others.

MISRA C specifically focuses on defining a safer subset of the C programming language for development projects in which quality, safety, reliability, and security may be issues of concern.

There have been three releases and updates of the MISRA C standard. The first was MISRA C: 1998, which has 127 coding rules and is still widely used even today. This was followed by the second edition, the MISRA C:2004 with 142 coding rules. The third edition is the MISRA C:2012, which initially had 143 rules, but was subsequently amended in 2016 to include 156 rules and 17 directives for a total of 173 guidelines. These additions and adjustments were encouraged by the spread of connected devices in supply chains. They improve efficiency and flexibility, enabling the use of MISRA C beyond the auto industry and ensuring delivery of safety-compliant products in various fields.

MIRSA C guidelines have one of three classifications:

  • Mandatory: Compliance is always required, no exceptions.
  • Required: These are rules that should be complied with as well. However, to make room for unforeseeable circumstances when dealing with embedded systems, the creators of MISRA C added a way to deviate from a given rule, after careful consideration, documentation, and justification. Such deviations are also advised to be localized.
  • Advisory: For these rules, compliance is considered to be good practice, but is less formal.

These guidelines can be further divided into several categories.

  • Undefined and Unspecified behavior
  • Literals and Constants
  • Control flow
  • Implementation defined behavior
  • Declarations and Definitions
  • Code Design
  • Functions
  • Initialization
  • Language Extensions
  • Overlapping Storage
  • Pointer type Conversions
  • Character sets and lexical conventions
  • Standard Libraries
  • Control statement expressions

 

Compliance

Developers have to fulfill the established mandatory rules to accomplish MISRA C compliance. So expert knowledge of MISRA C rules and guidelines, and using the right tools, is essential to achieve MISRA C compliance of C programming language.

Some of the steps to help with compliance include;

1. Becoming familiar with the rules: To achieve compliance, you must be very familiar with the MISRA coding rules of programming language. You need to know the exact coding rules applicable to whatever version of C or C++ you choose.

2. Continuous checking: Regular and constant inspection of the code for violations will improve quality.

3. Recording any deviations: When compliance is involved, if there are any exceptions to the rule, they must be well-documented.

4. Set Baselines: Setting baselines to ensure that any legacy codebase that comes with an embedded system is compliant.

5. Monitoring Compliance: Closely monitoring how compliant your code is by using a static code analyzer to create automated compliance reports.

6. Selecting a Static Code Analyzer: Picking an effective static code analyzer to scan both new and legacy code will ensure better compliance.

 

Software Tools To Aid MISRA C Compliance

There are several software tools to help programmers comply with the MISRA C guidelines for safety-critical software and automatically integrate compliance into the software development lifecycle. Using these tools guarantee safe, secure and reliable code as they instantly and effectively check your software for security vulnerabilities and how well it conforms to MISRA C coding best practices. They can also be configured to run locally on desktops or servers.

These days, coding is complex and development teams cannot afford the luxury of errors, so they naturally turn to static analysis tools to examine source code and automatically analyze them against coding rules. This can certainly be done manually, but using automated tools is more effective and provides an error-free process, as these tools identify issues which if missed, may result in unsafe and unpredictable behavior.

To put it simply, MISRA C compliance software tools help to avoid constructs in the C language program that may lessen code reusability and cause product failures, safety issues, and susceptibilities that attackers can exploit.

Advantages of using static analysis tools include

  • Detecting coding issues early
  • Speed
  • Accuracy
  • Eliminating security vulnerabilities
  • Depth
  • Monitoring code quality
  • Integration with development toolsets

Some factors to consider when choosing a static analyzer tool to work for you are that its programming language fits your needs, and that it supports your coding standard e.g. MISRA C. In making a choice of MISRA checkers, care is needed to be sure it identifies noncompliant code. Some MISRA checkers produce false diagnostics and do not help with undecidable conditions.

 

In Closing

MISRA compliance doesn’t just cover mere coding guidelines. It can be more than just a tool to help you write safer, more portable code. The compliance process is sound as well as practical, clarifying how to deal with any deviations or exceptions to the rules whenever it is required. When complied with, it can define the standards for software excellence as it goes from suppliers to buyers, in many industries.

Contact us for static application security testing that will help you deliver more secure code, right from the start.