25 years of MISRA C: making safety & security relevant for embedded developers
When software applications work well, most of them are invisible to the user. When they fail, they can be annoying. Jay Thomas, Senior Director of Field Engineering, LDRA further explores.
Embedded software failures, either through safety compromise or security breach, make headlines. At the heart of millions of embedded devices around the world lies the C programming language, running everything from medical products and industrial robots to automotive and smart home components. Through it all, the MISRA C guidelines have helped embedded software developers reduce the likelihood of safety and security risks in their systems.
Created and maintained by the MISRA Working Group, the MISRA C guidelines reduce critical risks in embedded systems through a set of rules and directives that restrict language use to a safe subset – thereby minimising unexpected and undefined application behaviours in areas such as memory allocation, pointer management, and buffer overflows. April 2023 marks the 25th anniversary of the guidelines and the release of the MISRA C:2012 Amendment 4 (AMD4) and MISRA C:2023 editions.
The evolution of the MISRA C guidelines
To remain relevant alongside the evolution of the C language standard, the MISRA Working Group releases updates to the MISRA C guidelines that align with real-world software processes, practices, and architectures. Table 1 illustrates a timeline of the MISRA C releases over the past 25 years.
|
MISRA C edition |
Release date |
Description |
|
MISRA C:1998 |
April 1998 |
The first edition, titled ‘Guidelines for the use of the C language in vehicle-based software,’ contained 127 rules for C90 and is still used today for the maintenance of legacy systems. |
|
MISRA C:2004 |
October 2004 |
Renamed ‘Guidelines for the use of the C language in critical systems,’ this edition recognised the applicability of MISRA C beyond automotive software and added new rules to cover different aspects of an embedded system. |
|
MISRA C:2012 |
February 2013 |
Extended coverage to C99 and incorporated feedback from users, including rationale behind the guidelines, a classification of ‘decidable’ and ‘undecidable’ rules to clarify how checking tools can identify compliance issues, and the addition of ‘directives’ for which compliance is more flexible in interpretation. |
|
MISRA C:2012 Amendment 1 |
April 2016 |
Published as the result of a coverage comparison between the existing MISRA C:2012 guidelines and ISO/IEC 17961:2013, the C secure coding rules published by the C standard committee, this edition specified 14 security guidelines for improving the cybersecurity posture of embedded systems. |
|
MISRA C:2012 Technical Corrigendum 1 |
June 2017 |
This ‘Technical clarification of MISRA C:2012’ addressed issues raised by the developer community subsequent to the publication of the main document and is supplemental to it. |
|
MISRA C:2012 (update) |
February 2019 |
An updated form of MISRA C:2012 ‘Guidelines for the use of the C language in critical systems’ to collate the contents of the original MISRA C:2012 document, Amendment 1, and Technical Corrigendum 1. |
|
MISRA C:2012 Amendment 2 |
February 2020 |
Introduced coverage of the ISO/IEC 9899:2011/2018 standards by mapping their undefined and unspecified behaviours to the existing MISRA C guidance. |
|
MISRA Compliance:2020 |
February 2020 |
A separate document from the MISRA guidelines that defines what must be covered within a software development process when making a claim of MISRA compliance. |
|
MISRA C:2012 Technical Corrigendum 2 |
March 2022 |
This ‘Technical clarification of MISRA C:2012’ addressed issues raised by the developer community subsequent to the publication of the third edition and is supplemental to it. |
|
MISRA C:2012 Amendment 3 |
November 2022 |
This amendment added 24 rules and 1 directive to reflect new C11 and C18 language features outlined in the ISO/IEC 9899:2011/2018 standard. |
|
MISRA C:2012 Amendment 4 |
March 2023 |
This amendment added 19 rules and 3 directives to reflect multithreading and atomic types as specified in the ISO/IEC 9899:2011/2018 standards. |
|
MISRA C:2023 |
March 2023 |
This edition consolidates all prior MISRA C:2012 editions, amendments, and technical corrigenda into one document. |
Table 1: History of the MISRA C guidelines
MISRA C:2023 covers multithreading & atomic types
The MISRA Working Group released new guidelines in AMD4 and consolidated all prior editions in the MISRA C:2023 edition. These releases cover C multithreading and atomic types to address the growing reliance on concurrency and sophisticated inter-process techniques within embedded systems to meet the needs of connected devices and feature-rich user experiences.
Reducing risks in multithreading
MISRA C:2023 minimises potential concurrency issues by adding new guidelines to restrict multithreading features to a safe subset. These guidelines, which cover critical elements of thread usage, include:
- Restricting dynamic thread creation to enforce more deterministic approaches to concurrency
- Ensuring the application creates threads before linking mutexes to them
- Minimising the risk of process deadlocks and data races
- Managing the safe use of thread objects and thread identifiers
Restricting use of C atomic types
C11 introduced atomic types and operations to minimise the risk of inter-process interference between data objects and the likelihood of data races. MISRA C:2023 includes guidelines that address undefined behaviors in atomic types that may compromise the system. These guidelines include:
- Ensuring the application configures atomic types correctly
- Preventing the unintended removal of atomicity when referencing atomic types through pointers
- Restricting the use of multiple atomic types in the same statement
The path forward with MISRA C
MISRA C:2023 includes other guidelines to cover potentially problematic C language features, such as restricting the use of small integer macros and variables that the application declares but never references.
An embedded development process that includes MISRA C:2023 not only reduces the likelihood of unpredictable code behaviors but also supports the assessment and improvement of software quality over time. Given the complexity and pace of development, many teams automate MISRA compliance using static analysis tools – a technology recommended by the MISRA C guidelines.
As the C language evolves and developers find new ways to maximise its capabilities, the MISRA C guidelines will keep pace. The latest editions of the guidelines represent code-safety and -security best practices that development teams should take advantage of through a well-defined MISRA C process and tool stack.
Featured products
MAX40109
Analog Devices Inc.
Precision Signal Conditioning AFE for Pressure Sensor Applications
| SKU: | MAX40109 |
|---|---|
| Stock: | 1759 |
| Cost: | $2.92 |
LT8418
Analog Devices Inc.
100V Half-Bridge GaN Driver with Smart Integrated Bootstrap Switch
| SKU: | LT8418 |
|---|---|
| Stock: | 144027 |
| Cost: | $1.68 |
ADES1754
Analog Devices Inc.
14-Channel, High Voltage Data Acquisition Systems
| SKU: | ADES1754 |
|---|---|
| Stock: | 11605 |
| Cost: | $4.89 |
TMCM-1690
Analog Devices Inc.
Single Axis FOC Servo Controller Gate Driver Module
| SKU: | TMCM-1690 |
|---|---|
| Stock: | 2124 |
| Cost: | $87.50 |
Product Spotlight
ASX00049
Arduino
PORTENTA HAT CARRIER
The Portenta Hat Carrier is an innovative soluti...
| SKU: | 1050-ASX00049-ND |
|---|---|
| Stock: | 939 |
| Cost: | $35.51 |
102991834
BeagleBoard
Single Board Computer (SBC), BeagleY-AI
AM67A BeagleY-AI Jacinto 7 AR...
| SKU: | 2820-102991834-ND |
|---|---|
| Stock: | 355 |
| Cost: | $57.23 |
AT-CK-715
Amphenol Sine Systems
| SKU: | 889-AT-CK-715-ND |
|---|---|
| Stock: | 42 |
| Cost: | $157.35 |
SC1112
Raspberry Pi
Raspberry Pi 5 – 8GB RAM
Raspberry Pi 5 introduces significan...
| SKU: | 2648-SC1112-ND |
|---|---|
| Stock: | 4543 |
| Cost: | $63.12 |
