Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 2018: Static Analysis pp 5–23Cite as

The MISRA C Coding Standard and its Role in the Development and Analysis of Safety- and Security-Critical Embedded Software

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11002))

Abstract

The MISRA project started in 1990 with the mission of providing world-leading best practice guidelines for the safe and secure application of both embedded control systems and standalone software. MISRA C is a coding standard defining a subset of the C language, initially targeted at the automotive sector, but now adopted across all industry sectors that develop C software in safety- and/or security-critical contexts. In this paper, we introduce MISRA C, its role in the development of critical software, especially in embedded systems, its relevance to industry safety standards, as well as the challenges of working with a general-purpose programming language standard that is written in natural language with a slow evolution over the last 40+ years. We also outline the role of static analysis in the automatic checking of compliance with respect to MISRA C, and the role of the MISRA C language subset in enabling a wider application of formal methods to industrial software written in C.

While Roberto Bagnara is a member of the MISRA C Working Group and of ISO/IEC JTC1/SC22/WG14, a.k.a. the C Standardization Working Group, the views expressed in this paper are his and his coauthors’ and should not be taken to represent the views of either working group.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Originally, an acronym for Motor Industry Software Reliability Association.

  2. 2.

    The authors of this paper are not an exception to this statement, at least not until 2010.

  3. 3.

    Source: TIOBE Index for June 2018, see https://www.tiobe.com/tiobe-index/.

  4. 4.

    This is still true for implementations running on simple processors, with a limited degree of caching and internal parallelism. Prediction of maximum running time without tools becomes outright impossible for current multi-core designs such as Kalray MPPA, Freescale P4080, or ARM Cortex-A57 equivalents (see, e.g., [35,36,37]).

  5. 5.

    WG21 is a common shorthand for ISO/IEC JTC1/SC22/WG21, a.k.a. the Standardization Working Group. The cited meeting tool place in Jacksonville, FL, USA, March 12–17, 2018.

  6. 6.

    In this paper, we refer to the C99 language standard [19] because this is the most recent version of the language that is targeted by the current version of MISRA C [28]. All what is said about the C language itself applies equally, with only minor variations, to all the published versions of the C standard.

  7. 7.

    Short for ISO/IEC JTC1/SC22/WG14, a.k.a. the C Standardization Working Group.

  8. 8.

    Such as the standard library, device drivers supplied by the compiler vendor or the hardware manufacturer, middleware components, third party libraries, automatically generated code, legacy code, ....

  9. 9.

    This technical specification has been slightly amended in 2016 [23].

  10. 10.

    We are indebted to Clayton Weimer for this observation.

  11. 11.

    https://clang-analyzer.llvm.org/, last accessed on July 5th, 2018.

  12. 12.

    There are many ways to do that.

References

  1. VV., AA.: JSF Air vehicle C++ coding standards for the system development and demonstration program. Document 2RDU00001, Rev C, Lockheed Martin Corporation, December 2005

    Google Scholar 

  2. VV., AA.: JPL institutional coding standard for the C programming language. Technical report JPL DOCID D-60411, Jet Propulsion Laboratory, California Institute of Technology, March 2009

    Google Scholar 

  3. The Motor Industry Software Reliability Association: Development Guidelines For Vehicle Based Software. The Motor Industry Research Association, Nuneaton, Warwickshire CV10 0TU, UK, November 1994

    Google Scholar 

  4. Bagnara, R.: MISRA C, for security’s sake! In: Lami, G. (ed.) Informal proceedings of the 14th Workshop on Automotive Software & Systems, Milan, Italy (2016). http://www.automotive-spin.it/. Also published as Report arXiv:1705.03517 [cs.SE], available at http://arxiv.org/

  5. Banks, A.: MISRA C – recent developments and a road map to the future. Presentation slides available at http://www.his-2018.co.uk/session/misra-c-updates-2016, presented at the High Integrity Software Conference 2016, Bristol, UK, 1 November 2016 (2016)

  6. Barr, M.: Embedded C Coding Standard. Barr Group, Germantown, MD, USA (2013)

    Google Scholar 

  7. Barr Group, Germantown, MD, USA: Embedded Systems Safety & Security Survey, February 2018. http://www.barrgroup.com/

  8. Baudin, P., Cuoq, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language, version 1.13 edn. (2018)

    Google Scholar 

  9. CERT: SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems. Software Engineering, Carnegie Mellon University, 2016 edn. (2016)

    Google Scholar 

  10. Cousot, P., Cousot, R., Feret, J., Miné, A., Mauborgne, L., Monniaux, D., Rival, X.: Varieties of static analyzers: a comparison with ASTREE. In: First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE 2007), pp. 3–20. IEEE Computer Society, Shanghai, June 2007

    Google Scholar 

  11. Crocker, D., Carlton, J.: Verification of C programs using automated reasoning. In: Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007), pp. 7–14. IEEE Computer Society, London (2007)

    Google Scholar 

  12. Dahlweid, M., Moskal, M., Santen, T., Tobies, S., Schulte, W.: VCC: contract-based modular verification of concurrent C. In: 31st International Conference on Software Engineering (ICSE 2009), Companion Volume, pp. 429–430. IEEE Computer Society, Vancouver (2009)

    Google Scholar 

  13. Gosling, J., Joy, B., Steele, G.L., Bracha, G., Buckley, A.: The Java Language Specification: Java SE 8 Edition, 5th edn. Java Ser. Addison-Wesley, Upper Saddle River (2014)

    Google Scholar 

  14. Hatton, L.: Safer C: Developing Software for High-Integrity and Safety-Critical Systems. McGraw-Hill Inc., New York (1995)

    Google Scholar 

  15. Intel Corporation: Intel 64 and IA-32 Architectures Software Developer’s Manual – Volume 2 (2A, 2B, 2C & 2D): Instruction Set Reference, A-Z (2018)

    Google Scholar 

  16. ISO: ISO 26262:2011: Road Vehicles – Functional Safety. ISO, Geneva, Switzerland, November 2011

    Google Scholar 

  17. ISO/IEC: ISO/IEC 9899:1990: Programming Languages – C. ISO/IEC, Geneva, Switzerland (1990)

    Google Scholar 

  18. ISO/IEC: ISO/IEC 9899:1990/AMD 1:1995: Programming Languages – C. ISO/IEC, Geneva, Switzerland (1995)

    Google Scholar 

  19. ISO/IEC: ISO/IEC 9899:1999: Programming Languages – C. ISO/IEC, Geneva, Switzerland (1999)

    Google Scholar 

  20. ISO/IEC: ISO/IEC 9899:1999/Cor 3:2007: Programming Languages – C. ISO/IEC, Geneva, Switzerland, Technical Corrigendum 3 edn. (2007)

    Google Scholar 

  21. ISO/IEC: ISO/IEC 9899:2011: Programming Languages – C. ISO/IEC, Geneva, Switzerland (2011)

    Google Scholar 

  22. ISO/IEC: ISO/IEC TS 17961:2013, Information technology – Programming languages, their environments & system software interfaces – C Secure Coding Rules. ISO/IEC, Geneva, Switzerland, November 2013

    Google Scholar 

  23. ISO/IEC: ISO/IEC TS 17961:2016, Information technology – Programming languages, their environments & system software interfaces – C Secure Coding Rules. ISO/IEC, Geneva, Switzerland, August 2016

    Google Scholar 

  24. Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_4

    Chapter  Google Scholar 

  25. Le Charlier, B. (ed.): SAS 1994. LNCS, vol. 864. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58485-4

    Book  Google Scholar 

  26. Motor Industry Software Reliability Association: MISRA-C:1998 – Guidelines for the use of the C language in vehicle based sofware. MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, July 1998

    Google Scholar 

  27. Motor Industry Software Reliability Association: MISRA-C:2004 – Guidelines for the use of the C language in critical systems. MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, October 2004

    Google Scholar 

  28. MISRA: MISRA C:2012 – Guidelines for the use of the C language in critical systems. MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, March 2013

    Google Scholar 

  29. MISRA: MISRA C:2012 Amendment 1 – Additional security guidelines for MISRA C:2012. HORIBA MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, April 2016

    Google Scholar 

  30. MISRA: MISRA Compliance:2016 – Achieving compliance with MISRA Coding Guidelines. HORIBA MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, April 2016

    Google Scholar 

  31. MISRA: MISRA C:2012 Technical Corrigendum 1 – Technical clarification of MISRA C:2012. HORIBA MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, June 2017

    Google Scholar 

  32. MISRA: MISRA C:2012 Addendum 2 – Coverage of MISRA C:2012 (including Amendment 1) against ISO/IEC TS 17961:2013 "C Secure". HORIBA MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, 2nd edn. January 2018

    Google Scholar 

  33. MISRA: MISRA C:2012 Addendum 3 – Coverage of MISRA C:2012 (including Amendment 1) against CERT C 2016 Edition. HORIBA MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, January 2018

    Google Scholar 

  34. Motor Industry Software Reliability Association: MISRA C++:2008 – Guidelines for the use of the C++ language in critical systems. MIRA Ltd, Nuneaton, Warwickshire CV10 0TU, UK, June 2008

    Google Scholar 

  35. Nélis, V., Yomsi, P.M., Pinho, L.M.: The variability of application execution times on a multi-core platform. In: Schoeberl, M. (ed.) Proceedings of the 16th International Workshop on Worst-Case Execution Time Analysis (WCET 2016), OASICS, vol. 55, pp. 6:1–6:11. Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Toulouse (2016)

    Google Scholar 

  36. Nowotsch, J., Paulitsch, M.: Leveraging multi-core computing architectures in avionics. In: Constantinescu, C., Correia, M.P. (eds.) Proceedings of the Ninth European Dependable Computing Conference (EDCC 2012), pp. 132–143. IEEE Computer Society, Sibiu (2012)

    Google Scholar 

  37. Nowotsch, J., Paulitsch, M., Buhler, D., Theiling, H., Wegener, S., Schmidt, M.: Multi-core interference-sensitive WCET analysis leveraging runtime resource capacity enforcement. In: Proceedings of the 26th Euromicro Conference on Real-Time Systems (ECRTS 2014), pp. 109–118. IEEE Computer Society, Madrid (2014)

    Google Scholar 

  38. Philippaerts, P., Mühlberg, J.T., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software verification with VeriFast: industrial case studies. Sci. Comput. Program. 82, 77–97 (2014)

    Article  Google Scholar 

  39. Rainer-Harbach, M.: Methods and Tools for the Formal Verification of Software: An Analysis and Comparison. Master’s thesis, Fakultät für Informatik der Technischen Universität Wien, Wien, Austria, November 2011

    Google Scholar 

  40. Ritchie, D.M.: The development of the C language. SIGPLAN Not. 28(3), 201–208 (1993)

    Article  Google Scholar 

  41. Signoles, J.: EACSL: Executable ANSI/ISO C Specification Language, version 1.12 edn. (2018)

    Google Scholar 

  42. Software Engineering Center: Embedded System Development Coding Reference: C Language Edition. Information-Technology Promotion Agency, Japan, version 2.0, July 2014

    Google Scholar 

  43. U.S. Department Of Health and Human Services; Food and Drug Administration; Center for Devices and Radiological Health; Center for Biologics Evaluation and Research: General Principles of Software Validation; Final Guidance for Industry and FDA Staff, version 2.0 edn. January 2002. http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm085281.htm

  44. VDC Research, Natick, MA, USA: 2011 Embedded Engineer Survey, August 2011

    Google Scholar 

  45. Winkler, J.F.H.: The Frege Program Prover. In: 42. Internationales Wissenschaftliches Kolloquium, pp. 116–121. Technische Universität Ilmenau (1997)

    Google Scholar 

  46. Winters, T.: C++ stability, velocity, and deployment plans [R2]. Doc. no. P0684R2, ISO/IEC JTC1/SC22/WG21, February 2018. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0684r2.pdf

Download references

Acknowledgments

For the notes on the history of MISRA and MISRA C we are indebted to Andrew Banks (LDRA, current Chairman of the MISRA C Working Group) and David Ward (HORIBA MIRA, current Chairman of the MISRA Project). For the information on the ongoing work on annotations, we thank Chris Tapp (LDRA, Keylevel Consultants, MISRA C Working Group, current Chairman of the MISRA Working Group). We are grateful to the following people who helped in proofreading the paper and provided useful comments and advice: Fulvio Baccaglini (PRQA — a Perforce Company, MISRA C Working Group), Dave Banham (Rolls-Royce plc, MISRA C Working Group), Daniel Kästner (AbsInt, MISRA C Working Group), Thomas Schunior Plum (Plum Hall, WG14), Chris Tapp (ditto), David Ward (ditto). We are also grateful to the following BUGSENG collaborators: Paolo Bolzoni, for some example ideas; Anna Camerini for the composition of Fig. 1.

Author information

Authors and Affiliations

  1. BUGSENG srl, Parma, Italy

    Roberto Bagnara, Abramo Bagnara & Patricia M. Hill

  2. Department of Mathematical, Physical and Computer Sciences, University of Parma, Parma, Italy

    Roberto Bagnara

Authors
  1. Roberto Bagnara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abramo Bagnara
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patricia M. Hill
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Roberto Bagnara .

Editor information

Editors and Affiliations

  1. Universität Freiburg, Freiburg, Germany

    Andreas Podelski

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bagnara, R., Bagnara, A., Hill, P.M. (2018). The MISRA C Coding Standard and its Role in the Development and Analysis of Safety- and Security-Critical Embedded Software. In: Podelski, A. (eds) Static Analysis. SAS 2018. Lecture Notes in Computer Science(), vol 11002. Springer, Cham. https://doi.org/10.1007/978-3-319-99725-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99725-4_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99724-7

  • Online ISBN: 978-3-319-99725-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation