SlideShare a Scribd company logo

MISRA C – Recent developments and a road map to the future

AdaCore
AdaCore

Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group

Technology
1 of 57
Download to read offline
MISRA C – Recent developments and a road map to the future Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group
Agenda 1. Introduction a. A Quick History ... and busting two myths b. Safety v Security 2. Recent Publications a. MISRA Compliance b. Additional Security Guidelines 3. Current Activity and Road Map October 26, 20162
MISRA C – A Quick History From the beginning, to MISRA C:2012 (See “Additional Material”)
Myth Busting #1 The Misunderstanding - MISRA C is only applicable to the automotive industry The History - MISRA C was originated by the automotive industry, for the automotive industry... and we are proud of our automotive heritage. The Reality - MISRA C is applicable to any industry that requires high-integrity software - MISRA C has been adopted by many industries, including medical, rail, aerospace, space and defence. eg: • http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf • http://www.stroustrup.com/JSF-AV-rules.pdf October 26, 20164
Myth Busting #2 The Misunderstanding - MISRA C is only a safety coding standard, not a secure/security one The History - MISRA C:2012 suggests (in its vision) its use in safety-related software The Reality - MISRA C also suggests (in its vision) its applicability to any application with high integrity or high reliability requirements - Unfortunately, a perception remains... October 26, 20165
MISRA C – Safety v Security Or do we just mean “High Integrity”?
Safety v Security The difference between safety and security are largely semantic... especially at the software level Depending on the language they are talking, it might even appear that they seem being divided by a common language. - German Sicherheit v Sicherheit - Spanish Seguridad v Seguridad - French Sécurité v Sécurité - Italian Sicurezza v Sicurezza October 26, 20167
MISRA C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. But don’t just take my word for it... October 26, 20168
ISO/IEC TS 17961 – C Secure Coding Rules Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for the C standard itself Originally proposed to be based on CERT-C but significantly rationalised From the document’s Background: - “In practice, security-critical and safety-critical code have the same requirements” October 26, 20169
Safety v Security v High Integrity Secure System - Prevents risks to privacy - Considers only malicious actions - No requirement for Safety... - Garbage in, Garbage Out Safety Critical System - Prevents risks to human lives and/or the environment - Considers well-intentions (and accidental!) actions also - Inherently requires a level of Security High-Integrity and/or High-Reliability System - A system that must be trusted to work dependably - Unacceptable loss or harm may result otherwise. October 26, 201610
MISRA C – Recent Developments (1) Updates for improved Compliance
MISRA Compliance Available as a standalone document (click for free download) Compatible with MISRA C:2012 (and any future versions) Compatible with forthcoming MISRA C++:20xx No reason it cannot be applied to earlier versions of either document! October 26, 201612
MISRA Compliance Clearer definition of what is meant by MISRA Compliance - and how Compliance should be demonstrated Provides a mechanism for tailoring classification of the guidelines - introduces the Guideline Recategorization Plan Provides guidance on dealing with adopted code Clarifies/tightens the Deviation process Provides a mechanism for establishing pre-approved Permits October 26, 201613
MISRA Compliance MISRA Compliance is NOT - claimed for an organisation ... but only for a deliverable item - applicable to the software ... but to the development lifecycle MISRA Compliance does NOT mean - No deviations ... but no unresolved violations MISRA Compliance is achieved when - development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines - all violations are accepted by means of a deviation, or are against advisory guidelines and are documented as being considered acceptable. October 26, 201614
MISRA C – Guideline Categorization Three levels - Mandatory o Guidelines for which a violation is never permitted - Required o Guidelines which can only be violated when supported by a deviation - Advisory o Recommendations to be followed as far as is reasonably practicable o Violations are identified but do not required a deviation The methods planned to be used to provide enforcement of each Guideline shall be documented in a Guideline Enforcement Plan The compliance level claimed by the project shall be documented in a Guideline Compliance Summary October 26, 201615
MISRA Compliance – Guideline Recategorization Guidelines may be reclassified, depending on their base level - Mandatory o May not be reclassified - Required o May be reclassified to Mandatory - Advisory o May be reclassified up to Mandatory or Required o May be Disapplied Introduces a new Category of Disapplied o No checks performed... violations may be ignored Documented in a Guideline Recategorization Plan - Usually agreed between Acquirer and Supplier at the project outset October 26, 201616
MISRA C – Adopted Code What is Adopted Code? - Code developed outside of the current project - May or may not have been developed to comply with the Guidelines - Source code or binary/library that is adopted unchanged Examples include: - The Standard Library - Device driver files - Third-party libraries - Auto-generated code - Legacy code Note: Source code that is revised or modified in any way, within the project, is no longer considered adopted code October 26, 201617
MISRA C – Deviations Sometimes a violation may be justified - A deviation is an appropriate way of handling such a violation - Legitimate reasons may be o Code quality See ISO/IEC 25010 o Access to hardware o Adopted code integration o Non-compliant adopted code A deviation should not merely document the existence of a violation A deviation should - document the reason why it is required - be targeted in scope and specify any necessary precautions - be subject to approval by a defined process October 26, 201618
MISRA Compliance – Claiming Compliance Summary: - MISRA Compliance is achieved when development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines Evidence: - Guideline Recategorization Plan (if applicable) } Probably - Guideline Enforcement Plan } a single - Guideline Compliance Summary } document! - Deviation Records covering all violations of Required guidelines October 26, 201619
MISRA C – Recent Developments (2) Additional guidance for Security
MISRA C – Additional Security Guidelines Publication timeline met, as outlined at VDA Automotive SYS 2015... MISRA C:2012 Addendum 2 (free download) - Provides a matrix showing coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 C Secure - Demonstrates that MISRA C:2012 can justifiably claim to be a Security standard as well as a Safety Critical one! MISRA C:2012 Amendment 1 (free download) - Introduces an additional 14 targeted guidelines o 13 new Rules o 1 new Directive - Incremental update to MISRA C:2012 October 26, 201621
MISRA C:2012 Amendment 1 New Guidelines - Validation of external data 1G - Use of sizeof() on a function parameter of array type 1M - <ctype.h> functions 1M - <stdlib.h> memory comparison functions 3R - <stdlib.h> environment functions 2M - <string.h> string-handling functions 2M - <stdio.h> I/O functions – handling of EOF 1R - <error.h> handling of errno 3R October 26, 201622
ISO/IEC TS 17961 – C Secure Coding Coverage Coverage Method #1 #2 Comments MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure MISRA covers fully – implicitly 7 3 MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h MISRA covers partially – broad 2 0 getenv() and related functions MISRA does not cover directly 4 0 sizeof(pointer), padding 46 46 October 26, 201623 #1 MISRA C:2012 as published #2 incorporating Amendment 1
MISRA C – Recent Developments (3) Comparison with CERT-C
CERT-C – Secure Coding Standard What is CERT-C - Produced by the Software Engineering Institute (SEI) at Carnegie Mellon University. - Sponsored by the U.S. Department of Defense - Originally proposed to be adopted as an ISO standard, but this was not progressed by WG14, who progressed a subset as ISO/IEC TS 17961 instead. The MISRA C Position - We view CERT-C as complementary to MISRA C o Most rules align with the MISRA C rules o Some small variance due to difference of focus (not just safety v security) o In particular, CERT-C considers the interface to the environment in hosted applications - Publication of comparison matrix imminent. October 26, 201625
MISRA C comparison to CERT-C Coverage Method #1 #2 Comments C11 functions out of scope 15 16 Align, threads and atomics MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT MISRA covers fully – implicitly 18 18 MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h MISRA does not cover directly 2 2 rand() 98 99 October 26, 201626 MISRA C:2012 incorporating Amendment 1 against: #1 CERT-C 2nd edition as published #2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
MISRA C – Recent Developments (4) Technical Corrigendum 1
MISRA C – Work In Progress MISRA C:2012 Technical Corrigendum 1 - Address typographical errors and guideline clarification - Publication (as a PDF download) imminent October 26, 201628
MISRA C Road Map From MISRA C:2012 to MISRA C:201x ... and then into the future
MISRA C roadmap March 201630 MISRA C:2012 MISRA C:2012 coverage against ISO/IEC 17961:2013 MISRA C:2012 AMD1 “Security” MISRA C:2012 TC1 MISRA Compliance MISRA C:201x ISO/IEC 17961 review User feedback Embody JAMA ADC etc. Consequential amendments (editorial only?) Published in 2013 Published in 2016 Consolidate
MISRA C – Future Work Planned Way Ahead - Consider additional rules and/or rule revisions to address: o issues in the new features introduced by C11 o issues in accessing the operating environment, within hosted programs o issues in using the Standard Library (see Extra Material at the end) - Continue the review activity against o CERT-C o Common Weakness Enumeration o ... and any other sources that may become known The MISRA C Working Group welcomes feedback from all users October 26, 201631
What about C:11 MISRA C Working Group has commenced a review of the deltas: - Atomic primitives - Multi-threading - Unicode characters - Appendix F/G – ISO/IEC 60559 floating point - Appendix K – new bounds-checking functions should allow some existing rules to be revised, with pre-C11 “unsecure” functions deprecated. However, though, it is possible that this section may be deleted from the standard! - Appendix L – Analyzability We propose to create an update to the Guidelines to address undesirable behaviours. More information in due course... October 26, 201632
In Summary October 26, 201633
MISRA C – In Summary MISRA C is - widely respected as a safety-related coding standard - equally applicable as a security-related coding standard MISRA C has - evolved from an automotive standard into a pan-industry standard MISRA C will - continue to evolve as new editions of the C standard are produced - seek to address other constraints as they become identified MISRA C welcomes - feedback from the user community - approaches from prospective Working Group members October 26, 201634
Any Questions? October 26, 201635
Thank You! I would like to acknowledge the support of the members of the MISRA C Working Group for their assistance in preparing this presentation. October 26, 201636
About the speaker Biography - Chairman of MISRA-C since June 2013... ... working group member since 2007 - Over 25 years experience in developing real-time embedded software systems, across a number of industries - Chartered Fellow of the British Computer Society - Member of the Institution of Engineering & Technology Social Media AndrewBanks.com @AndrewBanks https://linkedin.com/in/AndrewBanks October 26, 201637
Extra Material October 26, 201638
MISRA C – A Quick History From the beginning, to MISRA C:2012
The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201640
The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201641
The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201642
Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201643
MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201644
MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201645
MISRA C – A Quick History From the beginning, to MISRA C:2012
The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201647
The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201648
The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201649
Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201650
MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201651
MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201652
MISRA C – Standards Conformance Freestanding v Hosted
Strict Conformance Chapter 4 of the ISO Standard mandates the following: - A conforming program is one that is acceptable to a conforming implementation. - A strictly conforming program shall use only those features of the language and library specified in the International Standard. - It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit. MISRA C:2012 enforces this by: - Rule 1.1 A standard C environment - Rule 1.3 No occurrence of undefined or unspecified behaviour - Dir 1.1 This permits the use of implementation-defined behaviour but requires that any such use is documented October 26, 201654
Language Extensions Chapter 4 of the ISO Standard permits the following: - A conforming implementation may have extensions (including additional library functions), provided they do not alter the behaviour of any strictly conforming program. MISRA C:2012 advises against this by: - Rule 1.2 Language extensions should not be used Chapter 4 of the ISO Standard defines the following - The two forms of conforming implementation are hosted and freestanding. - A conforming hosted implementation shall accept any strictly conforming program. October 26, 201655
Conformance: Freestanding v Hosted Chapter 4 of the ISO Standard defines the following: - A conforming freestanding implementation shall accept any strictly conforming program in which the use of the features specified in the library clause is confined to the contents of the standard headers: o <float.h> o <iso646.h> o <limits.h> o <stdarg.h> o <stdbool.h> o <stddef.h > o <stdint.h> MISRA C:2012 has no explicit library-specific restrictions on these headers, except for <stdarg.h> which is prohibited by required Rule 17.1 October 26, 201656
Conformance: Freestanding v Hosted o <assert.h> Implicit restriction o <complex.h> o <ctype.h> o <errno.h> o <fenv.h> Major restrictions o <inttypes.h> o <locale.h > o <math.h> o <setjmp.h> Shall not be used o <signal.h> Shall not be used o <stdio.h> Shall not be used o <stdlib.h> Major restrictions o <string.h> o <tgmath.h> Shall not be used o <time.h> Shall not be used o <wchar.h> Shall not be used o <wctype.h> October 26, 201657 MISRA C:2012 places major restrictions (including out-right prohibition) on many of the remaining standard headers: The restricts are due to the extent of the undefined, unspecified and/or implementation defined behaviour, and the functionality is mostly associated with accessing the external environment.

Recommended

Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development Standard
Vittorio Giovara
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
PRQA
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Alexander Nyßen
 
How to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU'sHow to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU's
Renesas America
 
C# Access modifiers
C# Access modifiersC# Access modifiers
C# Access modifiers
Prem Kumar Badri
 
C Language
C LanguageC Language
C Language
Aakash Singh
 

Recommended

Misra C Software Development Standard
Misra C Software Development StandardMisra C Software Development Standard
Misra C Software Development Standard
Vittorio Giovara
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
PRQA
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Model-based Automotive Software Development using Autosar, UML, and Domain-Sp...
Alexander Nyßen
 
How to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU'sHow to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU's
Renesas America
 
C# Access modifiers
C# Access modifiersC# Access modifiers
C# Access modifiers
Prem Kumar Badri
 
C Language
C LanguageC Language
C Language
Aakash Singh
 
Abstraction and Encapsulation
Abstraction and EncapsulationAbstraction and Encapsulation
Abstraction and Encapsulation
Cheezy Code
 
operator overloading
operator overloadingoperator overloading
operator overloading
Nishant Joshi
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
DBMS unit-2.pdf
DBMS unit-2.pdfDBMS unit-2.pdf
DBMS unit-2.pdf
Prof. Dr. K. Adisesha
 
C Programming Unit-2
C Programming Unit-2C Programming Unit-2
C Programming Unit-2
Vikram Nandini
 
Union in c language
Union in c languageUnion in c language
Union in c language
tanmaymodi4
 
OPERATORS OF C++
OPERATORS OF C++OPERATORS OF C++
OPERATORS OF C++
ANANT VYAS
 
Migrating From Cpp To C Sharp
Migrating From Cpp To C SharpMigrating From Cpp To C Sharp
Migrating From Cpp To C Sharp
Ganesh Samarthyam
 
exception handling in java.ppt
exception handling in java.pptexception handling in java.ppt
exception handling in java.ppt
Varshini62
 
STRINGS IN C MRS.SOWMYA JYOTHI.pdf
STRINGS IN C MRS.SOWMYA JYOTHI.pdfSTRINGS IN C MRS.SOWMYA JYOTHI.pdf
STRINGS IN C MRS.SOWMYA JYOTHI.pdf
SowmyaJyothi3
 
principle of oop’s in cpp
principle of oop’s in cppprinciple of oop’s in cpp
principle of oop’s in cpp
gourav kottawar
 
C++ How to program
C++ How to programC++ How to program
C++ How to program
Mohammad Golyani
 
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
Embitel Technologies (I) PVT LTD
 
Unit ii chapter 2 Decision making and Branching in C
Unit ii chapter 2 Decision making and Branching in CUnit ii chapter 2 Decision making and Branching in C
Unit ii chapter 2 Decision making and Branching in C
Sowmya Jyothi
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Embitel Technologies (I) PVT LTD
 
OOP in C++
OOP in C++OOP in C++
OOP in C++
ppd1961
 
Constants Variables Datatypes by Mrs. Sowmya Jyothi
Constants Variables Datatypes by Mrs. Sowmya JyothiConstants Variables Datatypes by Mrs. Sowmya Jyothi
Constants Variables Datatypes by Mrs. Sowmya Jyothi
SowmyaJyothi3
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
Shriya Rai
 
Classes and Objects in C#
Classes and Objects in C#Classes and Objects in C#
Classes and Objects in C#
Adeel Rasheed
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
Intland Software GmbH
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
AdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
AdaCore
 

More Related Content

What's hot

Migrating From Cpp To C Sharp
Migrating From Cpp To C SharpMigrating From Cpp To C Sharp
Migrating From Cpp To C Sharp
Ganesh Samarthyam
 

What's hot (20)

Abstraction and Encapsulation
Abstraction and EncapsulationAbstraction and Encapsulation
Abstraction and Encapsulation
 
operator overloading
operator overloadingoperator overloading
operator overloading
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
DBMS unit-2.pdf
DBMS unit-2.pdfDBMS unit-2.pdf
DBMS unit-2.pdf
 
C Programming Unit-2
C Programming Unit-2C Programming Unit-2
C Programming Unit-2
 
Union in c language
Union in c languageUnion in c language
Union in c language
 
OPERATORS OF C++
OPERATORS OF C++OPERATORS OF C++
OPERATORS OF C++
 
Migrating From Cpp To C Sharp
Migrating From Cpp To C SharpMigrating From Cpp To C Sharp
Migrating From Cpp To C Sharp
 
exception handling in java.ppt
exception handling in java.pptexception handling in java.ppt
exception handling in java.ppt
 
STRINGS IN C MRS.SOWMYA JYOTHI.pdf
STRINGS IN C MRS.SOWMYA JYOTHI.pdfSTRINGS IN C MRS.SOWMYA JYOTHI.pdf
STRINGS IN C MRS.SOWMYA JYOTHI.pdf
 
principle of oop’s in cpp
principle of oop’s in cppprinciple of oop’s in cpp
principle of oop’s in cpp
 
C++ How to program
C++ How to programC++ How to program
C++ How to program
 
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
SEooC ISO 26262 | What is Safety Element Out of Context in Automotive Functio...
 
Unit ii chapter 2 Decision making and Branching in C
Unit ii chapter 2 Decision making and Branching in CUnit ii chapter 2 Decision making and Branching in C
Unit ii chapter 2 Decision making and Branching in C
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
 
OOP in C++
OOP in C++OOP in C++
OOP in C++
 
Constants Variables Datatypes by Mrs. Sowmya Jyothi
Constants Variables Datatypes by Mrs. Sowmya JyothiConstants Variables Datatypes by Mrs. Sowmya Jyothi
Constants Variables Datatypes by Mrs. Sowmya Jyothi
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
 
Classes and Objects in C#
Classes and Objects in C#Classes and Objects in C#
Classes and Objects in C#
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
 

Viewers also liked

Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
AdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
AdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
AdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
AdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
AdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
AdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
AdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
AdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
AdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
AdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
AdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
AdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
AdaCore
 

Viewers also liked (20)

An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 

Similar to MISRA C – Recent developments and a road map to the future

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016
Andrew Banks
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
Andrew Banks
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Nesma
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security Training
Bryan Len
 

Similar to MISRA C – Recent developments and a road map to the future (20)

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conference
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdf
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
OSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOSS Metrics for Market Readiness
OSS Metrics for Market Readiness
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?
 
MISRA-Compliance-2020
MISRA-Compliance-2020MISRA-Compliance-2020
MISRA-Compliance-2020
 
MISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfMISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdf
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaDICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security Training
 

More from AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
AdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
AdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
AdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
AdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
AdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
AdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
AdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
AdaCore
 

More from AdaCore (18)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

MISRA C – Recent developments and a road map to the future

  • 1. MISRA C – Recent developments and a road map to the future Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group
  • 2. Agenda 1. Introduction a. A Quick History ... and busting two myths b. Safety v Security 2. Recent Publications a. MISRA Compliance b. Additional Security Guidelines 3. Current Activity and Road Map October 26, 20162
  • 3. MISRA C – A Quick History From the beginning, to MISRA C:2012 (See “Additional Material”)
  • 4. Myth Busting #1 The Misunderstanding - MISRA C is only applicable to the automotive industry The History - MISRA C was originated by the automotive industry, for the automotive industry... and we are proud of our automotive heritage. The Reality - MISRA C is applicable to any industry that requires high-integrity software - MISRA C has been adopted by many industries, including medical, rail, aerospace, space and defence. eg: • http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf • http://www.stroustrup.com/JSF-AV-rules.pdf October 26, 20164
  • 5. Myth Busting #2 The Misunderstanding - MISRA C is only a safety coding standard, not a secure/security one The History - MISRA C:2012 suggests (in its vision) its use in safety-related software The Reality - MISRA C also suggests (in its vision) its applicability to any application with high integrity or high reliability requirements - Unfortunately, a perception remains... October 26, 20165
  • 6. MISRA C – Safety v Security Or do we just mean “High Integrity”?
  • 7. Safety v Security The difference between safety and security are largely semantic... especially at the software level Depending on the language they are talking, it might even appear that they seem being divided by a common language. - German Sicherheit v Sicherheit - Spanish Seguridad v Seguridad - French Sécurité v Sécurité - Italian Sicurezza v Sicurezza October 26, 20167
  • 8. MISRA C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. But don’t just take my word for it... October 26, 20168
  • 9. ISO/IEC TS 17961 – C Secure Coding Rules Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for the C standard itself Originally proposed to be based on CERT-C but significantly rationalised From the document’s Background: - “In practice, security-critical and safety-critical code have the same requirements” October 26, 20169
  • 10. Safety v Security v High Integrity Secure System - Prevents risks to privacy - Considers only malicious actions - No requirement for Safety... - Garbage in, Garbage Out Safety Critical System - Prevents risks to human lives and/or the environment - Considers well-intentions (and accidental!) actions also - Inherently requires a level of Security High-Integrity and/or High-Reliability System - A system that must be trusted to work dependably - Unacceptable loss or harm may result otherwise. October 26, 201610
  • 11. MISRA C – Recent Developments (1) Updates for improved Compliance
  • 12. MISRA Compliance Available as a standalone document (click for free download) Compatible with MISRA C:2012 (and any future versions) Compatible with forthcoming MISRA C++:20xx No reason it cannot be applied to earlier versions of either document! October 26, 201612
  • 13. MISRA Compliance Clearer definition of what is meant by MISRA Compliance - and how Compliance should be demonstrated Provides a mechanism for tailoring classification of the guidelines - introduces the Guideline Recategorization Plan Provides guidance on dealing with adopted code Clarifies/tightens the Deviation process Provides a mechanism for establishing pre-approved Permits October 26, 201613
  • 14. MISRA Compliance MISRA Compliance is NOT - claimed for an organisation ... but only for a deliverable item - applicable to the software ... but to the development lifecycle MISRA Compliance does NOT mean - No deviations ... but no unresolved violations MISRA Compliance is achieved when - development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines - all violations are accepted by means of a deviation, or are against advisory guidelines and are documented as being considered acceptable. October 26, 201614
  • 15. MISRA C – Guideline Categorization Three levels - Mandatory o Guidelines for which a violation is never permitted - Required o Guidelines which can only be violated when supported by a deviation - Advisory o Recommendations to be followed as far as is reasonably practicable o Violations are identified but do not required a deviation The methods planned to be used to provide enforcement of each Guideline shall be documented in a Guideline Enforcement Plan The compliance level claimed by the project shall be documented in a Guideline Compliance Summary October 26, 201615
  • 16. MISRA Compliance – Guideline Recategorization Guidelines may be reclassified, depending on their base level - Mandatory o May not be reclassified - Required o May be reclassified to Mandatory - Advisory o May be reclassified up to Mandatory or Required o May be Disapplied Introduces a new Category of Disapplied o No checks performed... violations may be ignored Documented in a Guideline Recategorization Plan - Usually agreed between Acquirer and Supplier at the project outset October 26, 201616
  • 17. MISRA C – Adopted Code What is Adopted Code? - Code developed outside of the current project - May or may not have been developed to comply with the Guidelines - Source code or binary/library that is adopted unchanged Examples include: - The Standard Library - Device driver files - Third-party libraries - Auto-generated code - Legacy code Note: Source code that is revised or modified in any way, within the project, is no longer considered adopted code October 26, 201617
  • 18. MISRA C – Deviations Sometimes a violation may be justified - A deviation is an appropriate way of handling such a violation - Legitimate reasons may be o Code quality See ISO/IEC 25010 o Access to hardware o Adopted code integration o Non-compliant adopted code A deviation should not merely document the existence of a violation A deviation should - document the reason why it is required - be targeted in scope and specify any necessary precautions - be subject to approval by a defined process October 26, 201618
  • 19. MISRA Compliance – Claiming Compliance Summary: - MISRA Compliance is achieved when development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines Evidence: - Guideline Recategorization Plan (if applicable) } Probably - Guideline Enforcement Plan } a single - Guideline Compliance Summary } document! - Deviation Records covering all violations of Required guidelines October 26, 201619
  • 20. MISRA C – Recent Developments (2) Additional guidance for Security
  • 21. MISRA C – Additional Security Guidelines Publication timeline met, as outlined at VDA Automotive SYS 2015... MISRA C:2012 Addendum 2 (free download) - Provides a matrix showing coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 C Secure - Demonstrates that MISRA C:2012 can justifiably claim to be a Security standard as well as a Safety Critical one! MISRA C:2012 Amendment 1 (free download) - Introduces an additional 14 targeted guidelines o 13 new Rules o 1 new Directive - Incremental update to MISRA C:2012 October 26, 201621
  • 22. MISRA C:2012 Amendment 1 New Guidelines - Validation of external data 1G - Use of sizeof() on a function parameter of array type 1M - <ctype.h> functions 1M - <stdlib.h> memory comparison functions 3R - <stdlib.h> environment functions 2M - <string.h> string-handling functions 2M - <stdio.h> I/O functions – handling of EOF 1R - <error.h> handling of errno 3R October 26, 201622
  • 23. ISO/IEC TS 17961 – C Secure Coding Coverage Coverage Method #1 #2 Comments MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure MISRA covers fully – implicitly 7 3 MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h MISRA covers partially – broad 2 0 getenv() and related functions MISRA does not cover directly 4 0 sizeof(pointer), padding 46 46 October 26, 201623 #1 MISRA C:2012 as published #2 incorporating Amendment 1
  • 24. MISRA C – Recent Developments (3) Comparison with CERT-C
  • 25. CERT-C – Secure Coding Standard What is CERT-C - Produced by the Software Engineering Institute (SEI) at Carnegie Mellon University. - Sponsored by the U.S. Department of Defense - Originally proposed to be adopted as an ISO standard, but this was not progressed by WG14, who progressed a subset as ISO/IEC TS 17961 instead. The MISRA C Position - We view CERT-C as complementary to MISRA C o Most rules align with the MISRA C rules o Some small variance due to difference of focus (not just safety v security) o In particular, CERT-C considers the interface to the environment in hosted applications - Publication of comparison matrix imminent. October 26, 201625
  • 26. MISRA C comparison to CERT-C Coverage Method #1 #2 Comments C11 functions out of scope 15 16 Align, threads and atomics MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT MISRA covers fully – implicitly 18 18 MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h MISRA does not cover directly 2 2 rand() 98 99 October 26, 201626 MISRA C:2012 incorporating Amendment 1 against: #1 CERT-C 2nd edition as published #2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
  • 27. MISRA C – Recent Developments (4) Technical Corrigendum 1
  • 28. MISRA C – Work In Progress MISRA C:2012 Technical Corrigendum 1 - Address typographical errors and guideline clarification - Publication (as a PDF download) imminent October 26, 201628
  • 29. MISRA C Road Map From MISRA C:2012 to MISRA C:201x ... and then into the future
  • 30. MISRA C roadmap March 201630 MISRA C:2012 MISRA C:2012 coverage against ISO/IEC 17961:2013 MISRA C:2012 AMD1 “Security” MISRA C:2012 TC1 MISRA Compliance MISRA C:201x ISO/IEC 17961 review User feedback Embody JAMA ADC etc. Consequential amendments (editorial only?) Published in 2013 Published in 2016 Consolidate
  • 31. MISRA C – Future Work Planned Way Ahead - Consider additional rules and/or rule revisions to address: o issues in the new features introduced by C11 o issues in accessing the operating environment, within hosted programs o issues in using the Standard Library (see Extra Material at the end) - Continue the review activity against o CERT-C o Common Weakness Enumeration o ... and any other sources that may become known The MISRA C Working Group welcomes feedback from all users October 26, 201631
  • 32. What about C:11 MISRA C Working Group has commenced a review of the deltas: - Atomic primitives - Multi-threading - Unicode characters - Appendix F/G – ISO/IEC 60559 floating point - Appendix K – new bounds-checking functions should allow some existing rules to be revised, with pre-C11 “unsecure” functions deprecated. However, though, it is possible that this section may be deleted from the standard! - Appendix L – Analyzability We propose to create an update to the Guidelines to address undesirable behaviours. More information in due course... October 26, 201632
  • 34. MISRA C – In Summary MISRA C is - widely respected as a safety-related coding standard - equally applicable as a security-related coding standard MISRA C has - evolved from an automotive standard into a pan-industry standard MISRA C will - continue to evolve as new editions of the C standard are produced - seek to address other constraints as they become identified MISRA C welcomes - feedback from the user community - approaches from prospective Working Group members October 26, 201634
  • 36. Thank You! I would like to acknowledge the support of the members of the MISRA C Working Group for their assistance in preparing this presentation. October 26, 201636
  • 37. About the speaker Biography - Chairman of MISRA-C since June 2013... ... working group member since 2007 - Over 25 years experience in developing real-time embedded software systems, across a number of industries - Chartered Fellow of the British Computer Society - Member of the Institution of Engineering & Technology Social Media AndrewBanks.com @AndrewBanks https://linkedin.com/in/AndrewBanks October 26, 201637
  • 39. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 40. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201640
  • 41. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201641
  • 42. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201642
  • 43. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201643
  • 44. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201644
  • 45. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201645
  • 46. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 47. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201647
  • 48. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201648
  • 49. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201649
  • 50. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201650
  • 51. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201651
  • 52. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201652
  • 53. MISRA C – Standards Conformance Freestanding v Hosted
  • 54. Strict Conformance Chapter 4 of the ISO Standard mandates the following: - A conforming program is one that is acceptable to a conforming implementation. - A strictly conforming program shall use only those features of the language and library specified in the International Standard. - It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit. MISRA C:2012 enforces this by: - Rule 1.1 A standard C environment - Rule 1.3 No occurrence of undefined or unspecified behaviour - Dir 1.1 This permits the use of implementation-defined behaviour but requires that any such use is documented October 26, 201654
  • 55. Language Extensions Chapter 4 of the ISO Standard permits the following: - A conforming implementation may have extensions (including additional library functions), provided they do not alter the behaviour of any strictly conforming program. MISRA C:2012 advises against this by: - Rule 1.2 Language extensions should not be used Chapter 4 of the ISO Standard defines the following - The two forms of conforming implementation are hosted and freestanding. - A conforming hosted implementation shall accept any strictly conforming program. October 26, 201655
  • 56. Conformance: Freestanding v Hosted Chapter 4 of the ISO Standard defines the following: - A conforming freestanding implementation shall accept any strictly conforming program in which the use of the features specified in the library clause is confined to the contents of the standard headers: o <float.h> o <iso646.h> o <limits.h> o <stdarg.h> o <stdbool.h> o <stddef.h > o <stdint.h> MISRA C:2012 has no explicit library-specific restrictions on these headers, except for <stdarg.h> which is prohibited by required Rule 17.1 October 26, 201656
  • 57. Conformance: Freestanding v Hosted o <assert.h> Implicit restriction o <complex.h> o <ctype.h> o <errno.h> o <fenv.h> Major restrictions o <inttypes.h> o <locale.h > o <math.h> o <setjmp.h> Shall not be used o <signal.h> Shall not be used o <stdio.h> Shall not be used o <stdlib.h> Major restrictions o <string.h> o <tgmath.h> Shall not be used o <time.h> Shall not be used o <wchar.h> Shall not be used o <wctype.h> October 26, 201657 MISRA C:2012 places major restrictions (including out-right prohibition) on many of the remaining standard headers: The restricts are due to the extent of the undefined, unspecified and/or implementation defined behaviour, and the functionality is mostly associated with accessing the external environment.