How to Incorporate MISRA C:2023 Into Your Embedded Development Process
March 29, 2023
Blog
Developing software compliant with MISRA C requires planning, documentation, and tools that best enforce the intent and spirit of the guidelines. Used in the development of safety- and security-critical software systems, the 2023 release of MISRA C:2012 Amendment 4 (AMD4) and MISRA C:2023 address concurrency features introduced in the latest two versions of the C standard (ISO/IEC 9899:2011 and 2018) and consolidate all MISRA C versions into one document.
MISRA C is not a coding style guide, but rather a set of rules and directives for minimizing or eliminating coding practices known to be hazardous. Given this importance to safety- and security-critical systems, the AMD4 and MISRA C:2023 releases give developers an opportunity to revisit their processes to improve support for effective and efficient demonstration of MISRA compliance.
The MISRA Compliance:2020 guide states that claims of compliance must establish:
- Use of a disciplined software development process
- The exact guidelines applied
- The effectiveness of the enforcement methods
- The extent of any deviations from the guidelines
- The status of any software components developed outside of the project
New and legacy manufacturers must determine how to integrate the MISRA rules and directives into their processes without sacrificing development velocity.
Figure 1: Example MISRA Compliance report from the LDRA tool suite (Source: LDRA)
A Framework for MISRA C:2023 Compliance
The MISRA C guidelines do not specify exact processes and tools for achieving compliance, as documenting such requirements would unfairly limit what embedded development teams can do. Rather, the MISRA Compliance:2020 guide provides definitions of “what must be covered within the software development process when making a claim of MISRA compliance” as a framework for capturing the activities that matter most.
The MISRA guide covers many process and compliance essentials. Here, we cover the activities that require more thought behind them and that will have the greatest impact on development teams who want to streamline their compliance efforts.
Define a Disciplined Software Development Process
The MISRA Compliance:2020 guide states that the “MISRA Guidelines are intended to be used within the framework of a documented software development process” and that “compliance with MISRA Guidelines must be an integral component of the code development phase and compliance requirements need to be satisfied before code is submitted for review or unit testing.”
Integrating compliance into a new or existing development process starts with a definition of how to validate the MISRA rules and directives at each step of the lifecycle. These activities influence developer training, the creation and management of compliance artifacts, and how compliance tests are run.
The development team should formally document these processes in ways that are sufficiently comprehensive to ensure that all software requirements are fully implemented in each phase of the development lifecycle and all code is covered by testing activities. This documentation must include all decisions that drive development tasks, including training, reporting, selection of the development toolchain, and run-time configurations.
Train Developers on MISRA C:2023
Through formal training, developers spend less time trying to figure out MISRA compliance for themselves and more time on delivering code. The MISRA Compliance:2020 guide recommends the inclusion of concepts around the use of the C language for embedded applications and specifics on safety- and security-critical systems.
Beyond code, developers should also learn the safety and security implications of their chosen development environment, from compiler toolchain to static analysis tools. With MISRA C:2023 including new guidelines for complex, multithreaded systems, it becomes even more important to refresh a developers’ understanding of how their choices impact the enforcement of MISRA guidelines and how they can reduce the likelihood of introducing violations in concurrent applications.
Static analysis tools provide an effective supplement to classroom training, as they offer a comprehensive and real-time form of microlearning long after the class has ended. Static analysis findings reinforce MISRA rules and directives as code is written, maintaining a constant level of awareness in the minds of new and experienced developers alike.
Establish a Deviations Process
MISRA compliance requires that the code supplier and acquirer agree on the interpretation of rules and directives. Such alignment is critical, as the notion of compliance differs from project to project based on their respective requirements and characteristics. Part of the alignment comes from establishing a process for managing deviations from the guidelines, where proving compliance might be impractical or impossible to follow on a certain project.
The MISRA Compliance:2020 guide defines a deviation record as containing the following information:
- The guideline(s) violated
- A description of the circumstances in which a violation is acceptable
- The reason why the deviation is required
- Background information that explains context and language issues
- A set of requirements that include relevant risk assessment procedures and precautions
Use Automation to Support Compliance Activities
Automation reduces or eliminates the manual effort and likelihood of human error in MISRA compliance activities. To benefit most from automated tools, development teams should deploy them early in the software lifecycle, as recommended by the MISRA Compliance:2020 guide:
“A project that attempts to check for compliance late in its lifecycle is likely to spend a considerable amount of time in re-coding, re-reviewing and re-testing, and it is easy for this rework to introduce defects by accident.”
To simplify compliance testing, MISRA C:2012 introduced two classifications of rules:
- Decidable for rules where analysis techniques can provide conclusive verification
- Undecidable where no verification guarantee is possible
Pairing the decidable rules with the recommendation by MISRA to use static analysis for verification leads to an efficient and comprehensive solution to automated compliance testing.
MISRA C:2023 Compliance Starts with a Solid Strategy
Integrating MISRA compliance into development processes helps to improve the safety and security posture of code. Such integration requires an understanding of the MISRA C rules and directives that teams embed into every aspect of the development lifecycle.
From training to automated tools, MISRA compliance processes should enable developers to minimize coding practices known to be hazardous and support the alignment of expectations between code supplier and acquirer. Organizations that adopt these goals up front will have a better chance at MISRA compliance success than those who wait.