Blog

25 years of MISRA C: making safety & security relevant for embedded developers

14th April 2023
Paige West
0

When software applications work well, most of them are invisible to the user. When they fail, they can be annoying. Jay Thomas, Senior Director of Field Engineering, LDRA further explores.

Embedded software failures, either through safety compromise or security breach, make headlines. At the heart of millions of embedded devices around the world lies the C programming language, running everything from medical products and industrial robots to automotive and smart home components. Through it all, the MISRA C guidelines have helped embedded software developers reduce the likelihood of safety and security risks in their systems.

Created and maintained by the MISRA Working Group, the MISRA C guidelines reduce critical risks in embedded systems through a set of rules and directives that restrict language use to a safe subset – thereby minimising unexpected and undefined application behaviours in areas such as memory allocation, pointer management, and buffer overflows. April 2023 marks the 25th anniversary of the guidelines and the release of the MISRA C:2012 Amendment 4 (AMD4) and MISRA C:2023 editions.

The evolution of the MISRA C guidelines

To remain relevant alongside the evolution of the C language standard, the MISRA Working Group releases updates to the MISRA C guidelines that align with real-world software processes, practices, and architectures. Table 1 illustrates a timeline of the MISRA C releases over the past 25 years. 

MISRA C edition

Release date

Description

MISRA C:1998

April 1998

The first edition, titled ‘Guidelines for the use of the C language in vehicle-based software,’ contained 127 rules for C90 and is still used today for the maintenance of legacy systems.

MISRA C:2004

October 2004

Renamed ‘Guidelines for the use of the C language in critical systems,’ this edition recognised the applicability of MISRA C beyond automotive software and added new rules to cover different aspects of an embedded system.

MISRA C:2012

February 2013

Extended coverage to C99 and incorporated feedback from users, including rationale behind the guidelines, a classification of ‘decidable’ and ‘undecidable’ rules to clarify how checking tools can identify compliance issues, and the addition of ‘directives’ for which compliance is more flexible in interpretation.

MISRA C:2012 Amendment 1

April 2016

Published as the result of a coverage comparison between the existing MISRA C:2012 guidelines and ISO/IEC 17961:2013, the C secure coding rules published by the C standard committee, this edition specified 14 security guidelines for improving the cybersecurity posture of embedded systems.

MISRA C:2012 Technical Corrigendum 1

June 2017

This ‘Technical clarification of MISRA C:2012’ addressed issues raised by the developer community subsequent to the publication of the main document and is supplemental to it.

MISRA C:2012 (update)

February 2019

An updated form of MISRA C:2012 ‘Guidelines for the use of the C language in critical systems’ to collate the contents of the original MISRA C:2012 document, Amendment 1, and Technical Corrigendum 1.

MISRA C:2012 Amendment 2

February 2020

Introduced coverage of the ISO/IEC 9899:2011/2018 standards by mapping their undefined and unspecified behaviours to the existing MISRA C guidance.

MISRA Compliance:2020

February 2020

A separate document from the MISRA guidelines that defines what must be covered within a software development process when making a claim of MISRA compliance.

MISRA C:2012 Technical Corrigendum 2

March 2022

This ‘Technical clarification of MISRA C:2012’ addressed issues raised by the developer community subsequent to the publication of the third edition and is supplemental to it.

MISRA C:2012 Amendment 3

November 2022

This amendment added 24 rules and 1 directive to reflect new C11 and C18 language features outlined in the ISO/IEC 9899:2011/2018 standard.

MISRA C:2012 Amendment 4

March 2023

This amendment added 19 rules and 3 directives to reflect multithreading and atomic types as specified in the ISO/IEC 9899:2011/2018 standards.

MISRA C:2023

March 2023

This edition consolidates all prior MISRA C:2012 editions, amendments, and technical corrigenda into one document.

 

Table 1: History of the MISRA C guidelines

MISRA C:2023 covers multithreading & atomic types

The MISRA Working Group released new guidelines in AMD4 and consolidated all prior editions in the MISRA C:2023 edition. These releases cover C multithreading and atomic types to address the growing reliance on concurrency and sophisticated inter-process techniques within embedded systems to meet the needs of connected devices and feature-rich user experiences.

Reducing risks in multithreading

MISRA C:2023 minimises potential concurrency issues by adding new guidelines to restrict multithreading features to a safe subset. These guidelines, which cover critical elements of thread usage, include:

  • Restricting dynamic thread creation to enforce more deterministic approaches to concurrency  
  • Ensuring the application creates threads before linking mutexes to them  
  • Minimising the risk of process deadlocks and data races
  • Managing the safe use of thread objects and thread identifiers 

Restricting use of C atomic types 

C11 introduced atomic types and operations to minimise the risk of inter-process interference between data objects and the likelihood of data races. MISRA C:2023 includes guidelines that address undefined behaviors in atomic types that may compromise the system. These guidelines include:

  • Ensuring the application configures atomic types correctly 
  • Preventing the unintended removal of atomicity when referencing atomic types through pointers  
  • Restricting the use of multiple atomic types in the same statement 

The path forward with MISRA C

MISRA C:2023 includes other guidelines to cover potentially problematic C language features, such as restricting the use of small integer macros and variables that the application declares but never references. 

An embedded development process that includes MISRA C:2023 not only reduces the likelihood of unpredictable code behaviors but also supports the assessment and improvement of software quality over time. Given the complexity and pace of development, many teams automate MISRA compliance using static analysis tools – a technology recommended by the MISRA C guidelines.

As the C language evolves and developers find new ways to maximise its capabilities, the MISRA C guidelines will keep pace. The latest editions of the guidelines represent code-safety and -security best practices that development teams should take advantage of through a well-defined MISRA C process and tool stack. 

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier