As software increasingly takes safety-critical decisions in vehicles guidelines for software safety are becoming essential. The MISRA C standard is one of them. The 2012 update of MISRA C has just been made available and this article provides an update and summary of what has changed.
First published in 1998, MISRA C provided some much-needed guidance to engineers, who often had limited experience in software engineering, at a time when software reliability was becoming a critical issue. In the beginning, it was a modest initiative within the UK motor industry, but it rapidly developed into a de facto standard in software quality.
Today, MISRA C:2004 is in use in nearly every area of the automotive industry where software is being developed. It is also present in safety critical applications in almost every industry throughout the world; defense, aerospace, railways, nuclear and process industries as well as commercial applications. In fact everywhere robust code is a critical necessity.
So, with MISRA C now the most widely used coding standard for the C language, why did MISRA decide to develop a new version? There were several reasons: support for C99, responding to user feedback and an acknowledgement that improvements could be made.
So what are the key differences compared to the previous version?
1. The language: C has continued to evolve and support is now provided for C99 as well as the C90 standard. 2. Rule classification: The addition of a new mandatory rule class 3. Rule compliance and enforceability: enhancements to ensure, that wherever possible, rules are amenable to automatic enforcement. 4. Improved rule definition: More rigorous definitions with comprehensive explanations and rationales. Support for C99
The C language shows no signs of relinquishing its popularity and continues to be heavily used in safety critical software development where reliability is a prime concern.
Back in 2004, there were few compilers and tools that supported C99 and therefore a decision was made to retain a commitment to C90, albeit a conservative approach.
Today, the world has moved on, and despite reservations about the wisdom of certain developments in C99, it was decided at the outset of the project, that MISRA C:2012 should no longer stipulate conformance to C90.
The C99 language standard added some useful new features to the language, such as inline functions and type _Bool, but unfortunately it also introduced a range of new hazards. So 11 new rules have been introduced to curtail the usage of some potentially dangerous C99 language features.
Not only for automotive systems! I have studied the guidelines for C and for C++ and I use them for the programming of all kinds of embedded systems. And I have to say, that the Misra rules really helped me to write better software.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.