SlideShare a Scribd company logo
1 of 57
Download to read offline
MISRA C –
Recent developments and a road map
to the future
Andrew Banks
BSc IEng MIET FBCS CITP
Frazer-Nash Research Limited, and
Chairman, MISRA C Working Group
Agenda
1. Introduction
a. A Quick History
... and busting two myths
b. Safety v Security
2. Recent Publications
a. MISRA Compliance
b. Additional Security Guidelines
3. Current Activity and Road Map
October 26, 20162
MISRA C – A Quick History
From the beginning, to MISRA C:2012
(See “Additional Material”)
Myth Busting #1
The Misunderstanding
- MISRA C is only applicable to the automotive industry
The History
- MISRA C was originated by the automotive industry, for the automotive
industry... and we are proud of our automotive heritage.
The Reality
- MISRA C is applicable to any industry that requires high-integrity software
- MISRA C has been adopted by many industries, including medical, rail,
aerospace, space and defence. eg:
• http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf
• http://www.stroustrup.com/JSF-AV-rules.pdf
October 26, 20164
Myth Busting #2
The Misunderstanding
- MISRA C is only a safety coding standard, not a secure/security one
The History
- MISRA C:2012 suggests (in its vision) its use in safety-related software
The Reality
- MISRA C also suggests (in its vision) its applicability to any application
with high integrity or high reliability requirements
- Unfortunately, a perception remains...
October 26, 20165
MISRA C – Safety v Security
Or do we just mean “High Integrity”?
Safety v Security
The difference between safety and security are largely semantic... especially
at the software level
Depending on the language they are talking, it might even appear that they
seem being divided by a common language.
- German Sicherheit v Sicherheit
- Spanish Seguridad v Seguridad
- French Sécurité v Sécurité
- Italian Sicurezza v Sicurezza
October 26, 20167
MISRA C – The Vision
The vision of MISRA C is set out in the opening paragraph of the
Guidelines:
The MISRA C Guidelines define a subset of the C language in which
the opportunity to make mistakes is either removed or reduced.
Many standards for the development of safety-related software
require, or recommend, the use of a language subset, and this can
also be used to develop any application with high integrity or high
reliability requirements.
But don’t just take my word for it...
October 26, 20168
ISO/IEC TS 17961 – C Secure Coding Rules
Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for
the C standard itself
Originally proposed to be based on CERT-C but significantly rationalised
From the document’s Background:
- “In practice, security-critical and safety-critical code
have the same requirements”
October 26, 20169
Safety v Security v High Integrity
Secure System
- Prevents risks to privacy
- Considers only malicious actions
- No requirement for Safety...
- Garbage in, Garbage Out
Safety Critical System
- Prevents risks to human lives and/or the environment
- Considers well-intentions (and accidental!) actions also
- Inherently requires a level of Security
High-Integrity and/or High-Reliability System
- A system that must be trusted to work dependably
- Unacceptable loss or harm may result otherwise.
October 26, 201610
MISRA C – Recent Developments (1)
Updates for improved Compliance
MISRA Compliance
Available as a standalone document
(click for free download)
Compatible with MISRA C:2012
(and any future versions)
Compatible with forthcoming
MISRA C++:20xx
No reason it cannot be applied to earlier
versions of either document!
October 26, 201612
MISRA Compliance
Clearer definition of what is meant by MISRA Compliance
- and how Compliance should be demonstrated
Provides a mechanism for tailoring classification of the guidelines
- introduces the Guideline Recategorization Plan
Provides guidance on dealing with adopted code
Clarifies/tightens the Deviation process
Provides a mechanism for establishing pre-approved Permits
October 26, 201613
MISRA Compliance
MISRA Compliance is NOT
- claimed for an organisation ... but only for a deliverable item
- applicable to the software ... but to the development lifecycle
MISRA Compliance does NOT mean
- No deviations ... but no unresolved violations
MISRA Compliance is achieved when
- development of a software item has been conducted in accordance with
the processes and principles specified in the Guidelines
- all violations are accepted by means of a deviation, or are against
advisory guidelines and are documented as being considered acceptable.
October 26, 201614
MISRA C – Guideline Categorization
Three levels
- Mandatory
o Guidelines for which a violation is never permitted
- Required
o Guidelines which can only be violated when supported by a deviation
- Advisory
o Recommendations to be followed as far as is reasonably practicable
o Violations are identified but do not required a deviation
The methods planned to be used to provide enforcement of each Guideline
shall be documented in a Guideline Enforcement Plan
The compliance level claimed by the project shall be documented in a
Guideline Compliance Summary
October 26, 201615
MISRA Compliance – Guideline Recategorization
Guidelines may be reclassified, depending on their base level
- Mandatory
o May not be reclassified
- Required
o May be reclassified to Mandatory
- Advisory
o May be reclassified up to Mandatory or Required
o May be Disapplied
Introduces a new Category of Disapplied
o No checks performed... violations may be ignored
Documented in a Guideline Recategorization Plan
- Usually agreed between Acquirer and Supplier at the project outset
October 26, 201616
MISRA C – Adopted Code
What is Adopted Code?
- Code developed outside of the current project
- May or may not have been developed to comply with the Guidelines
- Source code or binary/library that is adopted unchanged
Examples include:
- The Standard Library
- Device driver files
- Third-party libraries
- Auto-generated code
- Legacy code
Note: Source code that is revised or modified in any way, within the project, is
no longer considered adopted code
October 26, 201617
MISRA C – Deviations
Sometimes a violation may be justified
- A deviation is an appropriate way of handling such a violation
- Legitimate reasons may be
o Code quality See ISO/IEC 25010
o Access to hardware
o Adopted code integration
o Non-compliant adopted code
A deviation should not merely document the existence of a violation
A deviation should
- document the reason why it is required
- be targeted in scope and specify any necessary precautions
- be subject to approval by a defined process
October 26, 201618
MISRA Compliance – Claiming Compliance
Summary:
- MISRA Compliance is achieved when development of a software item has
been conducted in accordance with the processes and principles specified
in the Guidelines
Evidence:
- Guideline Recategorization Plan (if applicable) } Probably
- Guideline Enforcement Plan } a single
- Guideline Compliance Summary } document!
- Deviation Records covering all violations of Required guidelines
October 26, 201619
MISRA C – Recent Developments (2)
Additional guidance for Security
MISRA C – Additional Security Guidelines
Publication timeline met, as outlined at VDA Automotive SYS 2015...
MISRA C:2012 Addendum 2 (free download)
- Provides a matrix showing coverage of MISRA C:2012 against
ISO/IEC TS 17961:2013 C Secure
- Demonstrates that MISRA C:2012 can justifiably claim to be a Security
standard as well as a Safety Critical one!
MISRA C:2012 Amendment 1 (free download)
- Introduces an additional 14 targeted guidelines
o 13 new Rules
o 1 new Directive
- Incremental update to MISRA C:2012
October 26, 201621
MISRA C:2012 Amendment 1
New Guidelines
- Validation of external data 1G
- Use of sizeof() on a function parameter of array type 1M
- <ctype.h> functions 1M
- <stdlib.h> memory comparison functions 3R
- <stdlib.h> environment functions 2M
- <string.h> string-handling functions 2M
- <stdio.h> I/O functions – handling of EOF 1R
- <error.h> handling of errno 3R
October 26, 201622
ISO/IEC TS 17961 – C Secure Coding Coverage
Coverage Method #1 #2 Comments
MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure
MISRA covers fully – implicitly 7 3
MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h
MISRA covers partially – broad 2 0 getenv() and related functions
MISRA does not cover directly 4 0 sizeof(pointer), padding
46 46
October 26, 201623
#1 MISRA C:2012 as published
#2 incorporating Amendment 1
MISRA C – Recent Developments (3)
Comparison with CERT-C
CERT-C – Secure Coding Standard
What is CERT-C
- Produced by the Software Engineering Institute (SEI) at Carnegie Mellon
University.
- Sponsored by the U.S. Department of Defense
- Originally proposed to be adopted as an ISO standard, but this was not
progressed by WG14, who progressed a subset as ISO/IEC TS 17961
instead.
The MISRA C Position
- We view CERT-C as complementary to MISRA C
o Most rules align with the MISRA C rules
o Some small variance due to difference of focus (not just safety v security)
o In particular, CERT-C considers the interface to the environment in hosted
applications
- Publication of comparison matrix imminent.
October 26, 201625
MISRA C comparison to CERT-C
Coverage Method #1 #2 Comments
C11 functions out of scope 15 16 Align, threads and atomics
MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT
MISRA covers fully – implicitly 18 18
MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h
MISRA does not cover directly 2 2 rand()
98 99
October 26, 201626
MISRA C:2012 incorporating Amendment 1 against:
#1 CERT-C 2nd edition as published
#2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
MISRA C – Recent Developments (4)
Technical Corrigendum 1
MISRA C – Work In Progress
MISRA C:2012 Technical Corrigendum 1
- Address typographical errors and guideline clarification
- Publication (as a PDF download) imminent
October 26, 201628
MISRA C Road Map
From MISRA C:2012 to MISRA C:201x
... and then into the future
MISRA C roadmap
March 201630
MISRA
C:2012
MISRA C:2012
coverage
against ISO/IEC
17961:2013
MISRA C:2012
AMD1
“Security”
MISRA C:2012
TC1
MISRA
Compliance
MISRA
C:201x
ISO/IEC 17961
review
User feedback
Embody
JAMA ADC etc. Consequential
amendments
(editorial only?)
Published
in 2013
Published
in 2016
Consolidate
MISRA C – Future Work
Planned Way Ahead
- Consider additional rules and/or rule revisions to address:
o issues in the new features introduced by C11
o issues in accessing the operating environment, within hosted programs
o issues in using the Standard Library (see Extra Material at the end)
- Continue the review activity against
o CERT-C
o Common Weakness Enumeration
o ... and any other sources that may become known
The MISRA C Working Group welcomes feedback from all users
October 26, 201631
What about C:11
MISRA C Working Group has commenced a review of the deltas:
- Atomic primitives
- Multi-threading
- Unicode characters
- Appendix F/G – ISO/IEC 60559 floating point
- Appendix K – new bounds-checking functions should allow some existing
rules to be revised, with pre-C11 “unsecure” functions deprecated.
However, though, it is possible that this section may be deleted from the
standard!
- Appendix L – Analyzability
We propose to create an update to the Guidelines to address undesirable
behaviours.
More information in due course...
October 26, 201632
In Summary
October 26, 201633
MISRA C – In Summary
MISRA C is
- widely respected as a safety-related coding standard
- equally applicable as a security-related coding standard
MISRA C has
- evolved from an automotive standard into a pan-industry standard
MISRA C will
- continue to evolve as new editions of the C standard are produced
- seek to address other constraints as they become identified
MISRA C welcomes
- feedback from the user community
- approaches from prospective Working Group members
October 26, 201634
Any Questions?
October 26, 201635
Thank You!
I would like to acknowledge the support of the members of the MISRA C Working Group for their
assistance in preparing this presentation.
October 26, 201636
About the speaker
Biography
- Chairman of MISRA-C since June 2013...
... working group member since 2007
- Over 25 years experience in developing real-time
embedded software systems, across a number of
industries
- Chartered Fellow of the British Computer Society
- Member of the Institution of Engineering & Technology
Social Media
AndrewBanks.com
@AndrewBanks
https://linkedin.com/in/AndrewBanks
October 26, 201637
Extra Material
October 26, 201638
MISRA C – A Quick History
From the beginning, to MISRA C:2012
The C Language – A Quick History
K&R C
- 1972 First created by Dennis Ritchie
- 1976 First C static analyser (link) created by Stephen Johnson
- 1978 The C Programming Language published
ANSI C
- 1989 ANSI X3.159-1989 aka C89 First standardized version
ISO C
- 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89
- 1995 Amendment 1 aka C95
- 1999 ISO/IEC 9899:1999 aka C99
- 2011 ISO/IEC 9899:2011 aka C11
Very few (if any) of you will be using ANSI C any more!
October 26, 201640
The C Language – The Problems
Despite its popularity, there are several drawbacks with the C language, eg:
• The ISO Standard language definition is incomplete
• Behaviour that is Undefined
• Behaviour that is Unspecified
• Behaviour that is Implementation Defined
• Language misuse and obfuscation
• Language misunderstanding
• Run-time error checking
WG14 will not address these problems:
• “The standard is not considered to be broken” [WG14 N444]
October 26, 201641
The C Language – The Options
There are a number of solutions:
Use a different language...
• Ada or a derivative: eg SPARK or AdaCore
Adopt C language Guidelines
• ISO/IEC 17961 “C Secure”
• CERT-C
• MISRA C
• etc
October 26, 201642
Original MISRA publications
November 1994: Development guidelines for vehicle based software (The
MISRA Guidelines)
- The first automotive publication concerning functional safety
- Commenced more than 10 years before work started on ISO 26262
April 1998: Guidelines for the use of the C language in vehicle based
software (MISRA C)
October 26, 201643
MISRA C - A brief history
MISRA-C:1998 (aka MISRA-C1)
- “Guidelines for the use of the C
language in vehicle based software”
- Compatible with ISO/IEC 9899:1990
(aka C90)
MISRA-C:2004 (aka MISRA-C2)
- “Guidelines for the use of the C
language in critical systems”
- Remains compatible with
ISO/IEC 9899:1990 (aka C90)
MISRA C:2012 (aka MISRA-C3)
- Adds compatibility with
ISO/IEC 9899:1999 (aka C99)
October 26, 201644
MISRA-C – The Vision
The vision of MISRA C is set out in the opening paragraph of the
Guidelines:
The MISRA C Guidelines define a subset of the C language in which
the opportunity to make mistakes is either removed or reduced.
Many standards for the development of safety-related software
require, or recommend, the use of a language subset, and this can
also be used to develop any application with high integrity or high
reliability requirements.
October 26, 201645
MISRA C – A Quick History
From the beginning, to MISRA C:2012
The C Language – A Quick History
K&R C
- 1972 First created by Dennis Ritchie
- 1976 First C static analyser (link) created by Stephen Johnson
- 1978 The C Programming Language published
ANSI C
- 1989 ANSI X3.159-1989 aka C89 First standardized version
ISO C
- 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89
- 1995 Amendment 1 aka C95
- 1999 ISO/IEC 9899:1999 aka C99
- 2011 ISO/IEC 9899:2011 aka C11
Very few (if any) of you will be using ANSI C any more!
October 26, 201647
The C Language – The Problems
Despite its popularity, there are several drawbacks with the C language, eg:
• The ISO Standard language definition is incomplete
• Behaviour that is Undefined
• Behaviour that is Unspecified
• Behaviour that is Implementation Defined
• Language misuse and obfuscation
• Language misunderstanding
• Run-time error checking
WG14 will not address these problems:
• “The standard is not considered to be broken” [WG14 N444]
October 26, 201648
The C Language – The Options
There are a number of solutions:
Use a different language...
• Ada or a derivative: eg SPARK or AdaCore
Adopt C language Guidelines
• ISO/IEC 17961 “C Secure”
• CERT-C
• MISRA C
• etc
October 26, 201649
Original MISRA publications
November 1994: Development guidelines for vehicle based software (The
MISRA Guidelines)
- The first automotive publication concerning functional safety
- Commenced more than 10 years before work started on ISO 26262
April 1998: Guidelines for the use of the C language in vehicle based
software (MISRA C)
October 26, 201650
MISRA C - A brief history
MISRA-C:1998 (aka MISRA-C1)
- “Guidelines for the use of the C
language in vehicle based software”
- Compatible with ISO/IEC 9899:1990
(aka C90)
MISRA-C:2004 (aka MISRA-C2)
- “Guidelines for the use of the C
language in critical systems”
- Remains compatible with
ISO/IEC 9899:1990 (aka C90)
MISRA C:2012 (aka MISRA-C3)
- Adds compatibility with
ISO/IEC 9899:1999 (aka C99)
October 26, 201651
MISRA-C – The Vision
The vision of MISRA C is set out in the opening paragraph of the
Guidelines:
The MISRA C Guidelines define a subset of the C language in which
the opportunity to make mistakes is either removed or reduced.
Many standards for the development of safety-related software
require, or recommend, the use of a language subset, and this can
also be used to develop any application with high integrity or high
reliability requirements.
October 26, 201652
MISRA C – Standards Conformance
Freestanding v Hosted
Strict Conformance
Chapter 4 of the ISO Standard mandates the following:
- A conforming program is one that is acceptable to a conforming
implementation.
- A strictly conforming program shall use only those features of the
language and library specified in the International Standard.
- It shall not produce output dependent on any unspecified, undefined, or
implementation-defined behavior, and shall not exceed any minimum
implementation limit.
MISRA C:2012 enforces this by:
- Rule 1.1 A standard C environment
- Rule 1.3 No occurrence of undefined or unspecified behaviour
- Dir 1.1 This permits the use of implementation-defined behaviour
but requires that any such use is documented
October 26, 201654
Language Extensions
Chapter 4 of the ISO Standard permits the following:
- A conforming implementation may have extensions (including additional
library functions), provided they do not alter the behaviour of any strictly
conforming program.
MISRA C:2012 advises against this by:
- Rule 1.2 Language extensions should not be used
Chapter 4 of the ISO Standard defines the following
- The two forms of conforming implementation are hosted and freestanding.
- A conforming hosted implementation shall accept any strictly conforming
program.
October 26, 201655
Conformance: Freestanding v Hosted
Chapter 4 of the ISO Standard defines the following:
- A conforming freestanding implementation shall accept any strictly
conforming program in which the use of the features specified in the
library clause is confined to the contents of the standard headers:
o <float.h>
o <iso646.h>
o <limits.h>
o <stdarg.h>
o <stdbool.h>
o <stddef.h >
o <stdint.h>
MISRA C:2012 has no explicit library-specific restrictions on these headers,
except for <stdarg.h> which is prohibited by required Rule 17.1
October 26, 201656
Conformance: Freestanding v Hosted
o <assert.h> Implicit restriction
o <complex.h>
o <ctype.h>
o <errno.h>
o <fenv.h> Major restrictions
o <inttypes.h>
o <locale.h >
o <math.h>
o <setjmp.h> Shall not be used
o <signal.h> Shall not be used
o <stdio.h> Shall not be used
o <stdlib.h> Major restrictions
o <string.h>
o <tgmath.h> Shall not be used
o <time.h> Shall not be used
o <wchar.h> Shall not be used
o <wctype.h>
October 26, 201657
MISRA C:2012 places major restrictions (including out-right prohibition) on
many of the remaining standard headers:
The restricts are due to the extent of the undefined, unspecified and/or
implementation defined behaviour, and the functionality is mostly associated
with accessing the external environment.

More Related Content

What's hot

Ethics and computing profession
Ethics and computing professionEthics and computing profession
Ethics and computing professionshahmansoor109
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationAnkit Singh
 
Computer programming all chapters
Computer programming all chaptersComputer programming all chapters
Computer programming all chaptersIbrahim Elewah
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategiesSHREEHARI WADAWADAGI
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Software quality
Software qualitySoftware quality
Software qualityjagadeesan
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
SQA - chapter 13 (Software Quality Infrastructure)
SQA - chapter 13 (Software Quality Infrastructure)SQA - chapter 13 (Software Quality Infrastructure)
SQA - chapter 13 (Software Quality Infrastructure)uma sree
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Presentation On Android
Presentation On AndroidPresentation On Android
Presentation On AndroidTeachMission
 
Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24koolkampus
 
Difference between cts and cls
Difference between cts and clsDifference between cts and cls
Difference between cts and clsUmar Ali
 
Claroty Support L1 - Architecture components and terms.pptx
Claroty Support L1 - Architecture components and terms.pptxClaroty Support L1 - Architecture components and terms.pptx
Claroty Support L1 - Architecture components and terms.pptxLeninHernnCortsLlang
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security ProfessionalHatem ElSahhar
 
Career Domain 2022-23.pptx
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptxJanani S
 
CompTIA Network+ Objectives
CompTIA Network+ ObjectivesCompTIA Network+ Objectives
CompTIA Network+ Objectivessombat nirund
 
Introduction To Software Quality Assurance
Introduction To Software Quality AssuranceIntroduction To Software Quality Assurance
Introduction To Software Quality Assuranceruth_reategui
 
Coding standards
Coding standardsCoding standards
Coding standardsMimoh Ojha
 

What's hot (20)

Ethics and computing profession
Ethics and computing professionEthics and computing profession
Ethics and computing profession
 
DO-178B/ED-12B Presentation
DO-178B/ED-12B PresentationDO-178B/ED-12B Presentation
DO-178B/ED-12B Presentation
 
Computer programming all chapters
Computer programming all chaptersComputer programming all chapters
Computer programming all chapters
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Software quality
Software qualitySoftware quality
Software quality
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
SQA - chapter 13 (Software Quality Infrastructure)
SQA - chapter 13 (Software Quality Infrastructure)SQA - chapter 13 (Software Quality Infrastructure)
SQA - chapter 13 (Software Quality Infrastructure)
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Presentation On Android
Presentation On AndroidPresentation On Android
Presentation On Android
 
Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24Quality Management in Software Engineering SE24
Quality Management in Software Engineering SE24
 
Difference between cts and cls
Difference between cts and clsDifference between cts and cls
Difference between cts and cls
 
Claroty Support L1 - Architecture components and terms.pptx
Claroty Support L1 - Architecture components and terms.pptxClaroty Support L1 - Architecture components and terms.pptx
Claroty Support L1 - Architecture components and terms.pptx
 
(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional(ISC)2 CCSP - Certified Cloud Security Professional
(ISC)2 CCSP - Certified Cloud Security Professional
 
Career Domain 2022-23.pptx
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptx
 
CompTIA Network+ Objectives
CompTIA Network+ ObjectivesCompTIA Network+ Objectives
CompTIA Network+ Objectives
 
Introduction To Software Quality Assurance
Introduction To Software Quality AssuranceIntroduction To Software Quality Assurance
Introduction To Software Quality Assurance
 
Coding standards
Coding standardsCoding standards
Coding standards
 

Viewers also liked

An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesAdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation KernelAdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkAdaCore
 

Viewers also liked (20)

An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 

Similar to MISRA C – Recent developments and a road map to the future

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016Andrew Banks
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - FullAndrew Banks
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceJoe Garza
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks  Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfVishalKashyap15069
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTIoT613
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
OSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOW2
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Jim Meyer
 
MISRA-Compliance-2020
MISRA-Compliance-2020MISRA-Compliance-2020
MISRA-Compliance-2020Massimo Talia
 
MISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfMISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfTamilKumaran31
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaDICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaInstitute e-Austria Timisoara
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014   quantifying long-term evolution of industrial meta-models - a case...Iwsm2014   quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...Nesma
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security TrainingBryan Len
 

Similar to MISRA C – Recent developments and a road map to the future (20)

MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016MISRA C Chairman - Device Developer Conference 2016
MISRA C Chairman - Device Developer Conference 2016
 
VDA 2015 Presentation - Full
VDA 2015 Presentation - FullVDA 2015 Presentation - Full
VDA 2015 Presentation - Full
 
Criterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conferenceCriterios Minimos de Seguridad CTPAT 2019 conference
Criterios Minimos de Seguridad CTPAT 2019 conference
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks  Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdf
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
OSS Metrics for Market Readiness
OSS Metrics for Market ReadinessOSS Metrics for Market Readiness
OSS Metrics for Market Readiness
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?
 
MISRA-Compliance-2020
MISRA-Compliance-2020MISRA-Compliance-2020
MISRA-Compliance-2020
 
MISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdfMISRA-Compliance-2020.pdf
MISRA-Compliance-2020.pdf
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, RomaniaDICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
DICE @ Innomatch 2015, 3rd Regional Innovation Fair, Arad, Romania
 
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014   quantifying long-term evolution of industrial meta-models - a case...Iwsm2014   quantifying long-term evolution of industrial meta-models - a case...
Iwsm2014 quantifying long-term evolution of industrial meta-models - a case...
 
Cps sec sg sg2017 conf_iran
Cps sec sg  sg2017 conf_iranCps sec sg  sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 
SCADA Security Training
SCADA Security TrainingSCADA Security Training
SCADA Security Training
 

More from AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 

More from AdaCore (18)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

MISRA C – Recent developments and a road map to the future

  • 1. MISRA C – Recent developments and a road map to the future Andrew Banks BSc IEng MIET FBCS CITP Frazer-Nash Research Limited, and Chairman, MISRA C Working Group
  • 2. Agenda 1. Introduction a. A Quick History ... and busting two myths b. Safety v Security 2. Recent Publications a. MISRA Compliance b. Additional Security Guidelines 3. Current Activity and Road Map October 26, 20162
  • 3. MISRA C – A Quick History From the beginning, to MISRA C:2012 (See “Additional Material”)
  • 4. Myth Busting #1 The Misunderstanding - MISRA C is only applicable to the automotive industry The History - MISRA C was originated by the automotive industry, for the automotive industry... and we are proud of our automotive heritage. The Reality - MISRA C is applicable to any industry that requires high-integrity software - MISRA C has been adopted by many industries, including medical, rail, aerospace, space and defence. eg: • http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf • http://www.stroustrup.com/JSF-AV-rules.pdf October 26, 20164
  • 5. Myth Busting #2 The Misunderstanding - MISRA C is only a safety coding standard, not a secure/security one The History - MISRA C:2012 suggests (in its vision) its use in safety-related software The Reality - MISRA C also suggests (in its vision) its applicability to any application with high integrity or high reliability requirements - Unfortunately, a perception remains... October 26, 20165
  • 6. MISRA C – Safety v Security Or do we just mean “High Integrity”?
  • 7. Safety v Security The difference between safety and security are largely semantic... especially at the software level Depending on the language they are talking, it might even appear that they seem being divided by a common language. - German Sicherheit v Sicherheit - Spanish Seguridad v Seguridad - French Sécurité v Sécurité - Italian Sicurezza v Sicurezza October 26, 20167
  • 8. MISRA C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. But don’t just take my word for it... October 26, 20168
  • 9. ISO/IEC TS 17961 – C Secure Coding Rules Produced by ISO/IEC JTC 1/SC 22/WG 14 – the same people responsible for the C standard itself Originally proposed to be based on CERT-C but significantly rationalised From the document’s Background: - “In practice, security-critical and safety-critical code have the same requirements” October 26, 20169
  • 10. Safety v Security v High Integrity Secure System - Prevents risks to privacy - Considers only malicious actions - No requirement for Safety... - Garbage in, Garbage Out Safety Critical System - Prevents risks to human lives and/or the environment - Considers well-intentions (and accidental!) actions also - Inherently requires a level of Security High-Integrity and/or High-Reliability System - A system that must be trusted to work dependably - Unacceptable loss or harm may result otherwise. October 26, 201610
  • 11. MISRA C – Recent Developments (1) Updates for improved Compliance
  • 12. MISRA Compliance Available as a standalone document (click for free download) Compatible with MISRA C:2012 (and any future versions) Compatible with forthcoming MISRA C++:20xx No reason it cannot be applied to earlier versions of either document! October 26, 201612
  • 13. MISRA Compliance Clearer definition of what is meant by MISRA Compliance - and how Compliance should be demonstrated Provides a mechanism for tailoring classification of the guidelines - introduces the Guideline Recategorization Plan Provides guidance on dealing with adopted code Clarifies/tightens the Deviation process Provides a mechanism for establishing pre-approved Permits October 26, 201613
  • 14. MISRA Compliance MISRA Compliance is NOT - claimed for an organisation ... but only for a deliverable item - applicable to the software ... but to the development lifecycle MISRA Compliance does NOT mean - No deviations ... but no unresolved violations MISRA Compliance is achieved when - development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines - all violations are accepted by means of a deviation, or are against advisory guidelines and are documented as being considered acceptable. October 26, 201614
  • 15. MISRA C – Guideline Categorization Three levels - Mandatory o Guidelines for which a violation is never permitted - Required o Guidelines which can only be violated when supported by a deviation - Advisory o Recommendations to be followed as far as is reasonably practicable o Violations are identified but do not required a deviation The methods planned to be used to provide enforcement of each Guideline shall be documented in a Guideline Enforcement Plan The compliance level claimed by the project shall be documented in a Guideline Compliance Summary October 26, 201615
  • 16. MISRA Compliance – Guideline Recategorization Guidelines may be reclassified, depending on their base level - Mandatory o May not be reclassified - Required o May be reclassified to Mandatory - Advisory o May be reclassified up to Mandatory or Required o May be Disapplied Introduces a new Category of Disapplied o No checks performed... violations may be ignored Documented in a Guideline Recategorization Plan - Usually agreed between Acquirer and Supplier at the project outset October 26, 201616
  • 17. MISRA C – Adopted Code What is Adopted Code? - Code developed outside of the current project - May or may not have been developed to comply with the Guidelines - Source code or binary/library that is adopted unchanged Examples include: - The Standard Library - Device driver files - Third-party libraries - Auto-generated code - Legacy code Note: Source code that is revised or modified in any way, within the project, is no longer considered adopted code October 26, 201617
  • 18. MISRA C – Deviations Sometimes a violation may be justified - A deviation is an appropriate way of handling such a violation - Legitimate reasons may be o Code quality See ISO/IEC 25010 o Access to hardware o Adopted code integration o Non-compliant adopted code A deviation should not merely document the existence of a violation A deviation should - document the reason why it is required - be targeted in scope and specify any necessary precautions - be subject to approval by a defined process October 26, 201618
  • 19. MISRA Compliance – Claiming Compliance Summary: - MISRA Compliance is achieved when development of a software item has been conducted in accordance with the processes and principles specified in the Guidelines Evidence: - Guideline Recategorization Plan (if applicable) } Probably - Guideline Enforcement Plan } a single - Guideline Compliance Summary } document! - Deviation Records covering all violations of Required guidelines October 26, 201619
  • 20. MISRA C – Recent Developments (2) Additional guidance for Security
  • 21. MISRA C – Additional Security Guidelines Publication timeline met, as outlined at VDA Automotive SYS 2015... MISRA C:2012 Addendum 2 (free download) - Provides a matrix showing coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 C Secure - Demonstrates that MISRA C:2012 can justifiably claim to be a Security standard as well as a Safety Critical one! MISRA C:2012 Amendment 1 (free download) - Introduces an additional 14 targeted guidelines o 13 new Rules o 1 new Directive - Incremental update to MISRA C:2012 October 26, 201621
  • 22. MISRA C:2012 Amendment 1 New Guidelines - Validation of external data 1G - Use of sizeof() on a function parameter of array type 1M - <ctype.h> functions 1M - <stdlib.h> memory comparison functions 3R - <stdlib.h> environment functions 2M - <string.h> string-handling functions 2M - <stdio.h> I/O functions – handling of EOF 1R - <error.h> handling of errno 3R October 26, 201622
  • 23. ISO/IEC TS 17961 – C Secure Coding Coverage Coverage Method #1 #2 Comments MISRA covers fully – explicitly 22 35 Some rules stricter than Csecure MISRA covers fully – implicitly 7 3 MISRA covers fully – broad 11 8 Eg: bans dynamic memory, signal.h MISRA covers partially – broad 2 0 getenv() and related functions MISRA does not cover directly 4 0 sizeof(pointer), padding 46 46 October 26, 201623 #1 MISRA C:2012 as published #2 incorporating Amendment 1
  • 24. MISRA C – Recent Developments (3) Comparison with CERT-C
  • 25. CERT-C – Secure Coding Standard What is CERT-C - Produced by the Software Engineering Institute (SEI) at Carnegie Mellon University. - Sponsored by the U.S. Department of Defense - Originally proposed to be adopted as an ISO standard, but this was not progressed by WG14, who progressed a subset as ISO/IEC TS 17961 instead. The MISRA C Position - We view CERT-C as complementary to MISRA C o Most rules align with the MISRA C rules o Some small variance due to difference of focus (not just safety v security) o In particular, CERT-C considers the interface to the environment in hosted applications - Publication of comparison matrix imminent. October 26, 201625
  • 26. MISRA C comparison to CERT-C Coverage Method #1 #2 Comments C11 functions out of scope 15 16 Align, threads and atomics MISRA covers fully – explicitly 41 42 Some MC rules stricter than CERT MISRA covers fully – implicitly 18 18 MISRA covers fully – restrictive 22 21 Eg: bans dynamic memory, signal.h MISRA does not cover directly 2 2 rand() 98 99 October 26, 201626 MISRA C:2012 incorporating Amendment 1 against: #1 CERT-C 2nd edition as published #2 CERT-C PDF released 30th June 2017 (adds 2 Rules, deletes 1)
  • 27. MISRA C – Recent Developments (4) Technical Corrigendum 1
  • 28. MISRA C – Work In Progress MISRA C:2012 Technical Corrigendum 1 - Address typographical errors and guideline clarification - Publication (as a PDF download) imminent October 26, 201628
  • 29. MISRA C Road Map From MISRA C:2012 to MISRA C:201x ... and then into the future
  • 30. MISRA C roadmap March 201630 MISRA C:2012 MISRA C:2012 coverage against ISO/IEC 17961:2013 MISRA C:2012 AMD1 “Security” MISRA C:2012 TC1 MISRA Compliance MISRA C:201x ISO/IEC 17961 review User feedback Embody JAMA ADC etc. Consequential amendments (editorial only?) Published in 2013 Published in 2016 Consolidate
  • 31. MISRA C – Future Work Planned Way Ahead - Consider additional rules and/or rule revisions to address: o issues in the new features introduced by C11 o issues in accessing the operating environment, within hosted programs o issues in using the Standard Library (see Extra Material at the end) - Continue the review activity against o CERT-C o Common Weakness Enumeration o ... and any other sources that may become known The MISRA C Working Group welcomes feedback from all users October 26, 201631
  • 32. What about C:11 MISRA C Working Group has commenced a review of the deltas: - Atomic primitives - Multi-threading - Unicode characters - Appendix F/G – ISO/IEC 60559 floating point - Appendix K – new bounds-checking functions should allow some existing rules to be revised, with pre-C11 “unsecure” functions deprecated. However, though, it is possible that this section may be deleted from the standard! - Appendix L – Analyzability We propose to create an update to the Guidelines to address undesirable behaviours. More information in due course... October 26, 201632
  • 34. MISRA C – In Summary MISRA C is - widely respected as a safety-related coding standard - equally applicable as a security-related coding standard MISRA C has - evolved from an automotive standard into a pan-industry standard MISRA C will - continue to evolve as new editions of the C standard are produced - seek to address other constraints as they become identified MISRA C welcomes - feedback from the user community - approaches from prospective Working Group members October 26, 201634
  • 36. Thank You! I would like to acknowledge the support of the members of the MISRA C Working Group for their assistance in preparing this presentation. October 26, 201636
  • 37. About the speaker Biography - Chairman of MISRA-C since June 2013... ... working group member since 2007 - Over 25 years experience in developing real-time embedded software systems, across a number of industries - Chartered Fellow of the British Computer Society - Member of the Institution of Engineering & Technology Social Media AndrewBanks.com @AndrewBanks https://linkedin.com/in/AndrewBanks October 26, 201637
  • 39. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 40. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201640
  • 41. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201641
  • 42. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201642
  • 43. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201643
  • 44. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201644
  • 45. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201645
  • 46. MISRA C – A Quick History From the beginning, to MISRA C:2012
  • 47. The C Language – A Quick History K&R C - 1972 First created by Dennis Ritchie - 1976 First C static analyser (link) created by Stephen Johnson - 1978 The C Programming Language published ANSI C - 1989 ANSI X3.159-1989 aka C89 First standardized version ISO C - 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89 - 1995 Amendment 1 aka C95 - 1999 ISO/IEC 9899:1999 aka C99 - 2011 ISO/IEC 9899:2011 aka C11 Very few (if any) of you will be using ANSI C any more! October 26, 201647
  • 48. The C Language – The Problems Despite its popularity, there are several drawbacks with the C language, eg: • The ISO Standard language definition is incomplete • Behaviour that is Undefined • Behaviour that is Unspecified • Behaviour that is Implementation Defined • Language misuse and obfuscation • Language misunderstanding • Run-time error checking WG14 will not address these problems: • “The standard is not considered to be broken” [WG14 N444] October 26, 201648
  • 49. The C Language – The Options There are a number of solutions: Use a different language... • Ada or a derivative: eg SPARK or AdaCore Adopt C language Guidelines • ISO/IEC 17961 “C Secure” • CERT-C • MISRA C • etc October 26, 201649
  • 50. Original MISRA publications November 1994: Development guidelines for vehicle based software (The MISRA Guidelines) - The first automotive publication concerning functional safety - Commenced more than 10 years before work started on ISO 26262 April 1998: Guidelines for the use of the C language in vehicle based software (MISRA C) October 26, 201650
  • 51. MISRA C - A brief history MISRA-C:1998 (aka MISRA-C1) - “Guidelines for the use of the C language in vehicle based software” - Compatible with ISO/IEC 9899:1990 (aka C90) MISRA-C:2004 (aka MISRA-C2) - “Guidelines for the use of the C language in critical systems” - Remains compatible with ISO/IEC 9899:1990 (aka C90) MISRA C:2012 (aka MISRA-C3) - Adds compatibility with ISO/IEC 9899:1999 (aka C99) October 26, 201651
  • 52. MISRA-C – The Vision The vision of MISRA C is set out in the opening paragraph of the Guidelines: The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset, and this can also be used to develop any application with high integrity or high reliability requirements. October 26, 201652
  • 53. MISRA C – Standards Conformance Freestanding v Hosted
  • 54. Strict Conformance Chapter 4 of the ISO Standard mandates the following: - A conforming program is one that is acceptable to a conforming implementation. - A strictly conforming program shall use only those features of the language and library specified in the International Standard. - It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit. MISRA C:2012 enforces this by: - Rule 1.1 A standard C environment - Rule 1.3 No occurrence of undefined or unspecified behaviour - Dir 1.1 This permits the use of implementation-defined behaviour but requires that any such use is documented October 26, 201654
  • 55. Language Extensions Chapter 4 of the ISO Standard permits the following: - A conforming implementation may have extensions (including additional library functions), provided they do not alter the behaviour of any strictly conforming program. MISRA C:2012 advises against this by: - Rule 1.2 Language extensions should not be used Chapter 4 of the ISO Standard defines the following - The two forms of conforming implementation are hosted and freestanding. - A conforming hosted implementation shall accept any strictly conforming program. October 26, 201655
  • 56. Conformance: Freestanding v Hosted Chapter 4 of the ISO Standard defines the following: - A conforming freestanding implementation shall accept any strictly conforming program in which the use of the features specified in the library clause is confined to the contents of the standard headers: o <float.h> o <iso646.h> o <limits.h> o <stdarg.h> o <stdbool.h> o <stddef.h > o <stdint.h> MISRA C:2012 has no explicit library-specific restrictions on these headers, except for <stdarg.h> which is prohibited by required Rule 17.1 October 26, 201656
  • 57. Conformance: Freestanding v Hosted o <assert.h> Implicit restriction o <complex.h> o <ctype.h> o <errno.h> o <fenv.h> Major restrictions o <inttypes.h> o <locale.h > o <math.h> o <setjmp.h> Shall not be used o <signal.h> Shall not be used o <stdio.h> Shall not be used o <stdlib.h> Major restrictions o <string.h> o <tgmath.h> Shall not be used o <time.h> Shall not be used o <wchar.h> Shall not be used o <wctype.h> October 26, 201657 MISRA C:2012 places major restrictions (including out-right prohibition) on many of the remaining standard headers: The restricts are due to the extent of the undefined, unspecified and/or implementation defined behaviour, and the functionality is mostly associated with accessing the external environment.