New guidance for embedded software developers.
MISRA C comprises the leading guidelines that drive safe, secure, and reliable code for embedded systems from automotive to avionics to medical devices and beyond. Released in 1998, MISRA brought the C language in line with safety- and security-critical system requirements by guiding developers to avoid and eliminate potentially dangerous code.
Over the last 20 years, updated guidelines have addressed challenges encountered with C. The March 2023 release of MISRA C:2012 Amendment 4 (AMD4) and MISRA C:2023 provide the newest guidance to make MISRA more relevant than ever. These updates consolidate all previous MISRA C editions, amendments, and technical corrigenda into a single document to address the huge configuration-management challenge for developers.
Pros and cons of C for embedded development
C was originally built as a lightweight and friendlier alternative to assembler. Developer adoption rates have increased much faster than syntax or semantic updates for safety- and security-critical concerns. This poses challenges for critical applications developed using the language because it is based on standards (ISO/IEC 9899:2011 and 2018) that omit comprehensive specifications for how implementations must behave. This omission is largely by design as it gives developers greater flexibility in how they access and manage low-level system resources.
This also means developers may choose to control application behavior and memory access in unpredictable and non-deterministic ways. Such code may meet C language standard requirements but potentially cause undesirable effects in critical systems, leading to a security breach or loss of life. Examples include:
- Writing to a file stream opened as read-only leading to undesirable behavior.
- Using functions that call themselves (i.e., recursion) leading to a potential stack overflow.
- Accessing memory outside the bounds of a data structure leading to exploits by hackers.
Although some C compilers can identify multiple risky coding practices, identifying more issues before they are introduced into the code base with static analysis is far more efficient and cost-effective. Using a static analysis tool to automate MISRA C compliance can enable developers to identify and remediate issues early in the system lifecycle.
Why MISRA C matters
Since its inception, MISRA C has brought C in line with safety- and security-critical systems requirements by restricting language use to a safety-critical subset to avoid and eliminate potentially dangerous code.
MISRA C:2012 AMD4 specifically covers new concurrency features on multithreading and atomic types introduced by the C11 and C18 standards. New rules and directives restrict multithreading features to a safe subset by:
- Restricting dynamic thread creation to foster more deterministic approaches to concurrency.
- Ensuring threads are created before mutexes are linked to them.
- Minimizing risk of deadlocks and data races in the system.
- Managing safe use of thread objects and thread identifiers.
New rules and modifications support developers in their atomic pursuits by:
- Ensuring the correct configuration of atomic types.
- Preventing the unintended removal of atomicity when referencing atomic types through pointers.
- Restricting the use of multiple atomic types in the same statement.
Start your path toward MISRA C
MISRA C’s influence cannot be overstated. It is integral to any embedded software certification process and the adoption of static analysis tools is a valuable investment toward meeting compliance goals. By advocating for these tools, developers improve the safety, security, and reliability of their code while demonstrating a commitment to higher-level business objectives.