MISRA® provides coding guidelines for C and C++.
Consider this your guide to MISRA C and MISRA C++.
Read along or jump to the section that interests you most:
- What Is MISRA?
- Why Use MISRA Standards?
- Important MISRA C Rules With Examples
- Important MISRA C++ Rules With Examples
- How to Achieve MISRA Compliance
➡️ efficient misra compliance with helix qac
What Is MISRA?
MISRA provides coding standards for developing safety-critical systems.
MISRA is made up of manufacturers, component suppliers, and engineering consultancies. Experts from Perforce’s static code analysis team (formerly PRQA) are members of MISRA, too.
MISRA first developed coding guidelines in 1998. These were specific to the C programming language. Since then, MISRA has added a coding standard for C++.
📕 Related White Paper: How to Write Secure Code in C
Why Use MISRA Standards?
You can use MISRA standards to ensure your code is:
- Safe
- Secure
- Reliable
- Portable
📕 Related White Paper: What Is MISRA? An Overview of the MISRA Standard
The MISRA C coding standard was originally written for the automotive embedded software industry. But today, MISRA standards for C and C++ are widely used by embedded industries — including aerospace and defense, telecommunications, medical devices, and rail.
Most of these industries have a compliance requirement to use a coding standard — such as ISO 26262 for automotive functional safety.
📕 Related White Paper: How to Comply With the ISO 26262 Standard
What Are MISRA C Rules? And MISRA C Rules With Examples
MISRA C is the most widely used set of coding guidelines for C around the world. There have been three releases of the MISRA C standard.
MISRA C:1998
MISRA C:1998 was published in 1998 and remains widely used today. It was written for C90. There are 127 coding rules, including:
Rule 59
The statement forming the body of an "if", "else if", "else", "while", "do ... while", or "for" statement shall always be enclosed in braces
MISRA C:2004
MISRA C:2004 is the second edition of MISRA C, published in 2004. It was written for C90. There are 142 coding rules, including:
Rule 14.9
An if (expression) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement.
Rule 14.10
All if … else if constructs shall be terminated with an else clause.
MISRA C:2012
MISRA C:2012 is the third edition of MISRA C, published in 2012. It was written for C99. There are 143 rules, including:
Rule 18.1
A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
📕 Related White Paper: 6 Key Changes in MISRA:C 2012
MISRA C:2012 Amendment 1
MISRA C 2012 Amendment 1 was released in 2016. With this amendment, MISRA C:2012 includes 156 rules and 17 directives for a total of 173 guidelines, including:
Rule 12.5
The sizeof operator shall not have an operand which is a function parameter declared as "array of type"
MISRA C:2012 Amendment 2
MISRA C 2012 Amendment 2 was released in 2020 and adds two new rules. With this amendment, MISRA C:2012 includes 158 rules and 17 directives for a total of 175 guidelines. The new rules are:
Rule 1.4
Emergent language features shall not be used
Rule 21.21
The Standard Library function system of <stdlib.h> shall not be used
MISRA C:2012 Amendment 3
MISRA C 2012 Amendment 3 was released in 2022 and adds 24 new rules and 1 new directive. This makes a total of 182 rules and 18 directives, for a total of 200 guidelines.
Additionally, a number of existing guidelines have been revised together with supporting materials.
The new rules include further guidance on some of the emergent features previously covered by Rule 1.4, specifically:
Rules 8.15-8.17
Alignment of objects (<stdalign.h>)
Rules 17.9-17.13
No-return functions (<stdnoreturn.h>)
Rules 23.1-23.7
Type generic expressions (_Generic)
Rule 1.4 has been updated to remove the guidance on these features provided in Amendment 2.
Further guidance is provided with:
Rule 1.5
Obsolescent language features shall not be used
Rule 6.3
Bit field in unions
Rule 7.5
Integer-constant macros
Rule 18.9
Object lifetime
Rules 21.22-21.23
Type generic math macros (<tgmath.h>)
Rule 21.24
The random number generator functions of <stdlib.h>
Directive 4.15
Floating point (including comparisons, NaNs, and infinities)
The essential type model has been extended to include of essentially complex floating.
MISRA C:2012 Addenda
While the MISRA C standard was originally designed for functional safety, it also covers security. MISRA C:2012 includes addenda that strengthen security in coding.
MISRA C:2012 — Addendum 2 shows how each MISRA rule maps to the C Secure rules in ISO/IEC TS 17961:2013.
MISRA C:2012 — Addendum 3 shows how each rule maps to the CERT C rules.
MISRA C:2023
A new revision of MISRA C:2012 was published in 2023. It is a rollup of all the previous amendments and technical corrigenda and is known as MISRA C:2023.
What Are Important MISRA C++ Rules? And MISRA C++ Rules With Examples
MISRA C++ is widely used by safety-critical developers. There’s one version of MISRA C++ rules available today.
MISRA C++2008
MISRA C++:2008 was published in 2008. It was written for C++03. There are 228 coding rules, including:
Rule 5-0-13
The condition of an if-statement and the condition of an iteration statement shall have type bool.
MISRA C++ and AUTOSAR Guidelines
MISRA recently announced that AUTOSAR guidelines will be integrated into MISRA C++.
📕 Related Resource: MISRA and AUTOSAR to Unite C++ Coding Guidelines — What This Means
How to Achieve MISRA C and MISRA C++ Compliance?
Achieving MISRA compliance takes knowledge, skill, and the right tools.
Here are seven steps to comply with MISRA:
1. Know the Rules
You need to know the MISRA coding rules pertinent to which version of C or C++ you’re using.2. Check Your Code Constantly
Continuously inspecting your code for violations is the best way to improve quality.3. Set Baselines
Embedded systems come with legacy codebases. By setting baselines, you can focus on making sure your new code is compliant.4. Prioritize Violations Based on Risk
You could have hundreds or even thousands of violations in your code. That’s why it’s important to prioritize rule violations based on risk severity. Some static code analysis tools can do this for you.5. Document Your Deviations
Sometimes there are exceptions to the rule. But when it comes to compliance, every rule deviation needs to be well-documented.6. Monitor Your MISRA Compliance
Keep an eye on how MISRA compliant your code is. Using a static code analyzer makes this easier by automatically generating a compliance report.7. Choose the Right Static Code Analyzer
Choosing the right static code analyzer makes everything else easy. It takes care of scanning your code — new and legacy — for violations. It prioritizes vulnerabilities based on risk.
Complying with MISRA is important for many development teams today. Especially as virtualization rises.
📕 Related Resource: See how an automotive hypervisor achieves MISRA compliance 🚗
But not all MISRA checkers are the same…
📕 Related Resource: How to Compare MISRA Checkers
Using Helix QAC For MISRA C Rules
Helix QAC finds and reports on violations of MISRA rules and directives in C and C++.
Here's a short demo using Helix QAC with MISRA C:2012 guidelines.
Why Use Helix QAC for MISRA Compliance?
- Independently certified for use in the development of safety-critical software.
- Fully documented rule enforcement and message interpretation.
- Supplied with extensive example code.
- Fully configurable rules processing.
- Compliance reports for functional safety audits.
How Embedded Developers Use Helix QAC For MISRA?
See how leaders in embedded industries — automotive, aerospace, and rail — use Helix QAC and MISRA.
|
|
|
