Initially developed by the UK government’s “SafeIT” program and later expanded by the automotive industry, the Motor Industry Software Reliability Association (MISRA) sought to develop a C programming language subset—or “coding standard,” more colloquially—to govern their development processes. It’s grown from its inception in 1994 to include multiple sectors and has been updated repeatedly to reflect the current state of development, most recently in 2023.
As software becomes increasingly critical in safety-sensitive industries, understanding and implementing MISRA guidelines has become essential for developers seeking to produce secure, maintainable, and portable code.
Here, we’ll explore the details of the MISRA standard in all its variations. We’ll look at the MISRA C and MISRA C++ varieties and learn which industries use MISRA the most. We’ll also survey the rules and guidelines within the MISRA coding standard, and how this framework can be used along with code analysis tools to elevate code security.
As vehicles relied increasingly upon electronics, automotive manufacturers realized the need for a single unifying standard to guide their coding practices. The result was MISRA.
Embedded programmers and experts from Ford Motor Company, Jaguar Land Rover, Bentley Motors, and other industry leaders collaborated to create a framework to help generate more uniform code, and their work was so successful that it was also implemented in many other sectors. The developers created MISRA to improve three coding parameters, namely:
These parameters are essential for many applications, along with code security. So, industries that use the C/C++ programming languages looked to MISRA to help them create such premium code.
The programming language comprises the C and C++ variants, so there is a separate MISRA code standard for both. Initially created in 1994, both versions have since undergone multiple revisions to reflect the latest code security and quality best practices. The MISRA C standard was revised in 2004 and 2012.
Since then, several additions have been incorporated into the MISRA C framework, leading to the most recent adaptation in March 2023. This version, MISRA C:2023, includes the Technical Corrigendum 2, “Technical clarification of MISRA C:2012,” and the following amendments.
Altogether, the MISRA C:2023 code standard offers developers a concise yet comprehensive framework for how they could best produce robust, maintainable, and portable high-security code.
MISRA C++ is very similar to the MISRA C standard, except its rules are formed around the C++ programming language. Its most recent version was released to the public in October 2023 and covered many of the same topics as the MISRA C variant. Because of its frequent use in the automotive industry, MISRA C++:2023 also sought to incorporate the rules within the Automotive Open System Architecture (AUTOSAR) to reduce the number of discrepancies between the two.
Because AI and automation are used to write code increasingly, the MISRA standard was also adapted to account for automatically generated code. MISRA AC AGC was created to inform automatic code generation practices. Its founding document is MISRA AC AGC: Guidelines for the application of MISRA-C:2004 in the context of automatic code generation, and its supporting resources are as follows:
While it was based upon the contents of MISRA C:2004, its rules also apply to C++.
MISRA’s widespread adoption across diverse industries underscores its versatility as a coding standard that enhances security and reliability in critical applications. The name may have reflected the standard’s original application, but MISRA has expanded so much that the “Motor Industry” portion no longer applies. MISRA has become the coding standard of choice for many industries that rely upon the programming languages C or C++:
MISRA’s primary goal is to make code written in the C/C++ programming languages more robust, portable, and maintainable. Wherever those factors are a priority, MISRA is often the framework of choice.
MISRA consists of a series of guidelines divided into “rules” and “directives.” The latest MISRA standards contain 200 guidelines comprising 182 rules and 18 directives.
A rule is a guideline for which a complete description of the requirement has been provided. It should therefore be possible to check the source code for adherence to the rule with no information other than that which it provides. That is, code analysis tools such as static code analyzers can be automated to check your source code for compliance with MISRA Rules.
A directive is less explicit than a rule and is a guideline for which a complete description of the requirement is not feasible. This makes it harder to check directives for compliance with code analysis tools. While an exact description of each directive and rule wouldn’t be feasible here, ample resources such as compliance matrices exist to assist development teams with implementation.
Remember that leveraging automated tools like static code analyzers can help ensure that your code remains compliant with MISRA rules by preventing errors and maintaining high standards of code quality.
MISRA was designed to improve code security, robustness, maintainability, and portability. However, some other benefits are as follows:
Another key advantage of using MISRA is that it creates greater uniformity across diverse coding tools and silos. Many manufacturers and suppliers use the MISRA standard. So, using the same framework can reduce inconsistencies, improve code quality, and reduce your attack surface—which is what MISRA was designed for.
MISRA may have started in the automotive sector, but it has since proven invaluable in improving the portability, security, and robustness of applications across many industries. Your development teams may use other frameworks to inform their code. Still, applications built upon the C programming language that place a premium on code security should integrate MISRA into the mix.
MISRA has proven invaluable in enhancing applications’ security, portability, and robustness across industries. Integrating MISRA into your development process is crucial for any application built with C. Kiuwan’s static code analyzers make maintaining compliance with MISRA standards easier, helping you build secure, high-quality software. Request a demo to see how Kiuwan can elevate your code security.
