MISRA C provides guidelines for using the C programming language in safety-critical systems. The document discusses how MISRA C relates to ISO 26262, which specifies functional safety standards for automotive systems. Key points include that MISRA C addresses many criteria specified in ISO 26262 for suitable programming languages, such as enforcing low complexity, using a language subset, strong typing, and defensive implementation techniques. The document also discusses how to achieve and demonstrate compliance with the MISRA C guidelines.
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
AUTOSAR Migration would enable the Automotive Supplier to leverage following benefits of well-defined layered software architecture of AUTOSAR 4.0. Design and development of AUTOSAR MCAL components for migration to the new hardware platform
An approach towards sotif with ansys medini analyzeBernhard Kaiser
This presentation motivates what's so different about safety for automated vehicles and introduces the concept of SOTIF (Safety of the Intended Functionality) and the upcoming first industry standard PAS 21448 on SOTIF. After that, some ideas are given how the lessons from this new discipline can be put into an industry-applicable development process for automated driving functions, and how the safety engineering tool medini analyze can help engineers succeeding in their practical work. After the first set of intended safety analysis realisations in medini analyze has been presented, the slide show concludes with an outlook on possible future extensions, also involving a close integration of medin analyze with ANSYS' simulation capabilities for automated driving functions.
In this AUTOSAR layered architecture, Communication Stack or ComStack facilitates communication. Hence ComStack can be defined as a software stack that provides communication services to the Basic Software Modules and Application Layer or Application Software.
https://www.embitel.com/product-engineering-2/automotive/autosar/
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
AUTOSAR Migration would enable the Automotive Supplier to leverage following benefits of well-defined layered software architecture of AUTOSAR 4.0. Design and development of AUTOSAR MCAL components for migration to the new hardware platform
An approach towards sotif with ansys medini analyzeBernhard Kaiser
This presentation motivates what's so different about safety for automated vehicles and introduces the concept of SOTIF (Safety of the Intended Functionality) and the upcoming first industry standard PAS 21448 on SOTIF. After that, some ideas are given how the lessons from this new discipline can be put into an industry-applicable development process for automated driving functions, and how the safety engineering tool medini analyze can help engineers succeeding in their practical work. After the first set of intended safety analysis realisations in medini analyze has been presented, the slide show concludes with an outlook on possible future extensions, also involving a close integration of medin analyze with ANSYS' simulation capabilities for automated driving functions.
In this AUTOSAR layered architecture, Communication Stack or ComStack facilitates communication. Hence ComStack can be defined as a software stack that provides communication services to the Basic Software Modules and Application Layer or Application Software.
https://www.embitel.com/product-engineering-2/automotive/autosar/
The Basics of Automotive Ethernet Webinar Slidedeckteledynelecroy
Evolving from the BroadR-Reach standard, Automotive Ethernet enables faster data communication to meet the demands of today’s vehicles and the connected vehicles of the future.
This session will focus on the fundamentals of the Automotive Ethernet ecosystem. It will include a brief history and evolution of the standard, and an overview of benefits of the new technology and the associated design challenges. We will conclude with an introduction into the test requirements and the analysis tools available to help troubleshoot and qualify designs.
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
Slide set from this year's SOTIF conference in Austin, Texas, Oct 1 and 2, 2019. Shows intermediate pragmatic ideas on how to handle SOTIF in combination with ISO 26262 safety, and how to integrate SOTIF analysis with simulation and driving verification. Terminology may still change as ISO 21448 is evolving.
Get Answers to the most asked questions for ISO26262 compliant automotive Functional Safety consulting services. Check out the FAQs for Functional safety in automotive.
https://www.embitel.com/product-engineering-2/iso-26262functional-safety/
UDS Software Stack, designed and developed by our experienced automotive team, is a ready-to-deploy, stable and
pre-tested solution. UDS protocol stack has helped our
global customers to reduce ECU product development cost
and time.
The UDS protocol stack offers a set of APIs to facilitate communication between the low level software and the application software.
https://www.embitel.com/wp-content/uploads/2018/02/UDS-fact-sheet_1.1.pdf
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick.
Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and PCI Express is typically neither. After a crash course in PCIe Architecture, we’ll demonstrate a handful of hacks showing how pull PCIe outside of your system case and add PCIe slots to systems without them, including embedded platforms. We’ll top it off with a demonstration of SLOTSCREAMER, an inexpensive device that’s part of the NSA Playset which we’ve configured to access memory and IO, cross-platform and transparent to the OS - all by design with no 0-day needed. The open hardware and software framework that we will release will expand your Playset with the ability to tinker with DMA attacks to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system.
SEooC concept is an inclusive approach to make ISO 26262 compliance possible for all the stakeholders. Read the blog to understand the concept, the SEooC development process with the help of a real-world example.
https://www.embitel.com/blog/embedded-blog/what-is-safety-element-out-of-context-seooc-in-automotive-functional-safety
Compare Performance-power of Arm Cortex vs RISC-V for AI applications_oct_2021Deepak Shankar
Abstract: In the Webinar, we will show you how to construct, simulate, analyze, validate, optimize an architecture model using pre-built components. We will compare micro and application benchmarks on system SoC models containing clusters of ARM Cortex A53, SiFive u74, ARM Cortex A77, and other vendor cores. The system will be built around custom switches, Ingress/Egress buffers, credit flow control, AI accelerators, NoC and AMBA AXI buses with multi-level caches, DDR4 DRAM and DMA. The evaluation and optimization criteria will be task latency, dCache hit-ratio, power consumed/task and memory bandwidth. The parameters to be modified are bus topology, cache size, processor clock speed, custom arbiters, task thread allocation and changing the processor pipeline.
Selection of cores is a combination of financial and technical bias. Technical comparison of processor cores requires the understanding of the workload, task partitioning and cache-memory structure. A core must be evaluated in the context of the target application. To evaluate these selections, architecture simulation software must be fortified with a library of Intellectual property for power and timing accurate processor cores, simulator at 100 million events per second, peripherals, and all possible traffic distributions
Key Takeaways:
1. Validating architecture models using mathematical calculus and hardware traces
2. Construct custom policies, arbitrations and configure processor cores
3. Select the right combination of statistics to detect bottlenecks and optimize the architecture
4. Identify the right use of stochastic, transaction, cycle-accurate and traces to construct the model
Speaker Bio:
Alex Su is a FPGA solution architect at E-Elements Technology, Hsinchu, Taiwan. He has been an FPGA Solution Architect and Xilinx FPGA Trainer for a number of years, supporting companies, research centers and universities in China and Taiwan. Prior to that, Mr Su has worked at ARM Ltd for 5 years in technical support of Arm CPU and System IP. Alex has also been engaged with a variety of FPGA-based Hardware Emulation System and over ten years in ASIC/SoC design and verification engineer.
Deepak Shankar is the Founder of Mirabilis Design and has been involved in the architecture exploration of over 250 SoC and processors. Mr. Shankar started Mirabilis Design because of a vacuum in the systems engineering and modeling space with the focus shifting to network design and early software development. Deepak has published over 50 articles and presented at over 30 conferences in EDA, semiconductors and embedded computing. Mr. Shankar has an MBA from UC Berkeley, MS in from Clemson University and BS from Coimbatore Institute of Technology, both in Electronics and Communication.
Mixed-critical adaptive AUTOSAR stack based on VxWorks, Linux, and virtualiza...Andrei Kholodnyi
Since the first release of its standard in 2003, AUTOSAR has established itself as one of the primary software development standards for the global automotive industry. As the automotive industry is a now undergoing one of the significant changes in its history toward autonomous driving, connectivity and electrification new standards are needed to handle the complexity regarding software architecture for controlling the high-end processors, Ethernet communication, and over-the-air updates in the cloud-connected automobiles. The recent advent of the Adaptive AUTOSAR standard can help accommodate the extensive and complex requirements of autonomous driving by enabling a flexible, dynamic, and service based platform while still maintaining the integrity of high degree of functional safety standards and also properly engaging with established platforms. The standard itself replies on some technologies which are already established in the industry such as virtualization, POSIX PSE51, C++11/14 for application development, ISO26262/ASIL compliance, etc.
This presentation provides example of an implementation of mixed critical Adaptive AUTOSAR stack based on VxWorks RTOS, embedded Linux, and virtualization profile from Wind River. As one of the very few solutions available on the market which is already fulfilling the requirements described above, VxWorks is a strong example of a foundational software platform for Adaptive AUTOSAR-based autonomous driving development. We will also explain what challenges we have encounter with during this process and make some suggestions to the AUTOSAR consortium of how to overcome them in the future.
This one is for the community of AUTOSAR developers. Our AUTOSAR development team explains what are the different software modules of a Communication Stack (ComStack). Also, learn about the software modules of CAN based Communication Stack in AUTOSAR
Navigating the jungle of Secure Coding StandardsChantalWauters
In a world where software can be found everywhere and potential security holes can be exploited at any time to gain unprivileged access to important systems, most organizations make some efforts to ensure the software they produce is safe and secure.
Usually this is done in the form of black-box testing or penetration testing, which is great, but an even better way is of course to produce software that is more secure and reliable in the first place. To do so, it is helpful to leverage industry coding standards, but there is a veritable jungle of information to tackle, including security coding standards (i.e. CERT, OWASP, CWE) and numerous domain-specific standards (i.e. MISRA, AUTOSAR, and a whole family of IEC 61508-based standards). It can be challenging to determine the set of coding standards that should be applied to a specific project, and even more challenging to do so in the middle of software development, when the already-existing software needs to suddenly be tuned to comply to such a standard.
The Basics of Automotive Ethernet Webinar Slidedeckteledynelecroy
Evolving from the BroadR-Reach standard, Automotive Ethernet enables faster data communication to meet the demands of today’s vehicles and the connected vehicles of the future.
This session will focus on the fundamentals of the Automotive Ethernet ecosystem. It will include a brief history and evolution of the standard, and an overview of benefits of the new technology and the associated design challenges. We will conclude with an introduction into the test requirements and the analysis tools available to help troubleshoot and qualify designs.
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
Slide set from this year's SOTIF conference in Austin, Texas, Oct 1 and 2, 2019. Shows intermediate pragmatic ideas on how to handle SOTIF in combination with ISO 26262 safety, and how to integrate SOTIF analysis with simulation and driving verification. Terminology may still change as ISO 21448 is evolving.
Get Answers to the most asked questions for ISO26262 compliant automotive Functional Safety consulting services. Check out the FAQs for Functional safety in automotive.
https://www.embitel.com/product-engineering-2/iso-26262functional-safety/
UDS Software Stack, designed and developed by our experienced automotive team, is a ready-to-deploy, stable and
pre-tested solution. UDS protocol stack has helped our
global customers to reduce ECU product development cost
and time.
The UDS protocol stack offers a set of APIs to facilitate communication between the low level software and the application software.
https://www.embitel.com/wp-content/uploads/2018/02/UDS-fact-sheet_1.1.pdf
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick.
Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and PCI Express is typically neither. After a crash course in PCIe Architecture, we’ll demonstrate a handful of hacks showing how pull PCIe outside of your system case and add PCIe slots to systems without them, including embedded platforms. We’ll top it off with a demonstration of SLOTSCREAMER, an inexpensive device that’s part of the NSA Playset which we’ve configured to access memory and IO, cross-platform and transparent to the OS - all by design with no 0-day needed. The open hardware and software framework that we will release will expand your Playset with the ability to tinker with DMA attacks to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system.
SEooC concept is an inclusive approach to make ISO 26262 compliance possible for all the stakeholders. Read the blog to understand the concept, the SEooC development process with the help of a real-world example.
https://www.embitel.com/blog/embedded-blog/what-is-safety-element-out-of-context-seooc-in-automotive-functional-safety
Compare Performance-power of Arm Cortex vs RISC-V for AI applications_oct_2021Deepak Shankar
Abstract: In the Webinar, we will show you how to construct, simulate, analyze, validate, optimize an architecture model using pre-built components. We will compare micro and application benchmarks on system SoC models containing clusters of ARM Cortex A53, SiFive u74, ARM Cortex A77, and other vendor cores. The system will be built around custom switches, Ingress/Egress buffers, credit flow control, AI accelerators, NoC and AMBA AXI buses with multi-level caches, DDR4 DRAM and DMA. The evaluation and optimization criteria will be task latency, dCache hit-ratio, power consumed/task and memory bandwidth. The parameters to be modified are bus topology, cache size, processor clock speed, custom arbiters, task thread allocation and changing the processor pipeline.
Selection of cores is a combination of financial and technical bias. Technical comparison of processor cores requires the understanding of the workload, task partitioning and cache-memory structure. A core must be evaluated in the context of the target application. To evaluate these selections, architecture simulation software must be fortified with a library of Intellectual property for power and timing accurate processor cores, simulator at 100 million events per second, peripherals, and all possible traffic distributions
Key Takeaways:
1. Validating architecture models using mathematical calculus and hardware traces
2. Construct custom policies, arbitrations and configure processor cores
3. Select the right combination of statistics to detect bottlenecks and optimize the architecture
4. Identify the right use of stochastic, transaction, cycle-accurate and traces to construct the model
Speaker Bio:
Alex Su is a FPGA solution architect at E-Elements Technology, Hsinchu, Taiwan. He has been an FPGA Solution Architect and Xilinx FPGA Trainer for a number of years, supporting companies, research centers and universities in China and Taiwan. Prior to that, Mr Su has worked at ARM Ltd for 5 years in technical support of Arm CPU and System IP. Alex has also been engaged with a variety of FPGA-based Hardware Emulation System and over ten years in ASIC/SoC design and verification engineer.
Deepak Shankar is the Founder of Mirabilis Design and has been involved in the architecture exploration of over 250 SoC and processors. Mr. Shankar started Mirabilis Design because of a vacuum in the systems engineering and modeling space with the focus shifting to network design and early software development. Deepak has published over 50 articles and presented at over 30 conferences in EDA, semiconductors and embedded computing. Mr. Shankar has an MBA from UC Berkeley, MS in from Clemson University and BS from Coimbatore Institute of Technology, both in Electronics and Communication.
Mixed-critical adaptive AUTOSAR stack based on VxWorks, Linux, and virtualiza...Andrei Kholodnyi
Since the first release of its standard in 2003, AUTOSAR has established itself as one of the primary software development standards for the global automotive industry. As the automotive industry is a now undergoing one of the significant changes in its history toward autonomous driving, connectivity and electrification new standards are needed to handle the complexity regarding software architecture for controlling the high-end processors, Ethernet communication, and over-the-air updates in the cloud-connected automobiles. The recent advent of the Adaptive AUTOSAR standard can help accommodate the extensive and complex requirements of autonomous driving by enabling a flexible, dynamic, and service based platform while still maintaining the integrity of high degree of functional safety standards and also properly engaging with established platforms. The standard itself replies on some technologies which are already established in the industry such as virtualization, POSIX PSE51, C++11/14 for application development, ISO26262/ASIL compliance, etc.
This presentation provides example of an implementation of mixed critical Adaptive AUTOSAR stack based on VxWorks RTOS, embedded Linux, and virtualization profile from Wind River. As one of the very few solutions available on the market which is already fulfilling the requirements described above, VxWorks is a strong example of a foundational software platform for Adaptive AUTOSAR-based autonomous driving development. We will also explain what challenges we have encounter with during this process and make some suggestions to the AUTOSAR consortium of how to overcome them in the future.
This one is for the community of AUTOSAR developers. Our AUTOSAR development team explains what are the different software modules of a Communication Stack (ComStack). Also, learn about the software modules of CAN based Communication Stack in AUTOSAR
Navigating the jungle of Secure Coding StandardsChantalWauters
In a world where software can be found everywhere and potential security holes can be exploited at any time to gain unprivileged access to important systems, most organizations make some efforts to ensure the software they produce is safe and secure.
Usually this is done in the form of black-box testing or penetration testing, which is great, but an even better way is of course to produce software that is more secure and reliable in the first place. To do so, it is helpful to leverage industry coding standards, but there is a veritable jungle of information to tackle, including security coding standards (i.e. CERT, OWASP, CWE) and numerous domain-specific standards (i.e. MISRA, AUTOSAR, and a whole family of IEC 61508-based standards). It can be challenging to determine the set of coding standards that should be applied to a specific project, and even more challenging to do so in the middle of software development, when the already-existing software needs to suddenly be tuned to comply to such a standard.
In this presentation, Adrian Hunt, Pre-Sales Consultant at PRQA explains how to achieve ISO 26262 Compliance with our static analysis tools QA·C and QA·C++.
You use Helix QAC (formerly QAC/QAC++) to find coding errors and comply with standards faster.
But have you heard about the compliance, performance, and productivity enhancements we’ve made over the last few releases?
For example…
Our latest release — Helix QAC 2019.1 — includes support for multithreading. Expanded compliance coverage. And an improved desktop server integration.
So, join us to learn about:
-New features in Helix QAC 2019.1 (including multithreading support).
-Recent features from our 2018 releases (including a new CWE C++ compliance module).
-How to get started with the latest version.
To download the latest version of Helix QAC, contact support. Once you do, you'll receive an email from our team with download instructions.
Coding Safe Modern C++ With AUTOSAR GuidelinesPerforce
That's why static code analysis experts from Perforce (formerly PRQA) were invited to join the working group for AUTOSAR’s “Guidelines for the use of the C++14 language in critical and safety-related systems”.
AUTOSAR guidelines are a smart choice for C++ developers. And it’s now easier to use them to achieve functional safety compliance, particularly with ISO 26262.
You’ll learn:
-Why AUTOSAR guidelines were developed — and the philosophy behind them.
-How the rules changed in the latest version — including mapping to ISO 26262.
-What’s next for AUTOSAR guidelines — hint: being merged into MISRA C++.
-Plus what’s next for AUTOSAR guidelines.
"An Insight into MISRA-C 2012" provides an understanding of what MISRA-C 2012 provides to critical systems software development with the C programming language. It begins with a brief review of the origins of C and why some consider it to be a poor choice for critical systems. The reasons why others consider it the only viable choice to make are then touched upon. Making C safer then becomes the subject of the talk and this forms the backdrop to the purpose of the MISRA C guidelines. Finally, we explore what it takes to claim MISRA C 2012 compliance.
The talk should be of interest to both C and non-C developers with an interest in software coding standards. The talk does not cover the technicalities of any of the MISRA C guidelines. Consequentially, no knowledge of the C programming language is required beyond a general programming background.
Dave Banham, Software System Specialist, Rolls-Royce
Model-Driven Development for Safety-Critical Softwaregjuljo
Presentation given at the IBM Systems Engineering Symposium, in 2012, about Model-Driven Development for Safety-Critical Software.
With special focus on the usage of Rational Rhapsody for C++ in real-time and safety-critical software development.
DATEV Meetup Online, Februar 2023, Mario-Leander Reimer (@LeanderReimer, CTO @QAware).
== Dokument bitte herunterladen, falls unscharf! Please download slides if blurred! ==
IaC without tests is like a broken window. Clean IaC comes to rescue like clean code.
AMIS Oracle OpenWorld & CodeOne Review - Pillar 2 - SaaS and Standard Applica...Lucas Jellema
SaaS is a crucial part of Oracle's portfolio. In SaaS - Oracle claims leadership in all horizontal business applications markets except in Sales / CRM where it acknowledges Salesforce as the leader. It has the broadest portfolio of any vendor and the largest marketshares. It is now seriously modernizing the applications - around themes such as machine learning & digital assistant, smart UI, blockchain and Internet of Things. For the first time, Oracle starts to wean customers away from Applications Unlimited (EBS, Peoplesoft, Siebel, JDEdwards) and towards Fusion Applications in the cloud. This presentation introduces the Soar offer to move and improve from on premises Apps to SaaS. It also discusses the innovations announced by Oracle in its major suites. As presented on November 5th 2018 at AMIS HQ, Nieuwegein, The Netherlands.
The annual review session by the AMIS team on their findings, interpretations and opinions regarding news, trends, announcements and roadmaps around Oracle's product portfolio.
Topics covered in this presentation:
What is an Embedded system ?
What are MISRA C rules ?
MISRA C conformance and deviations
Tools for MISRA C conformance
Embedded Security Rules
See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment
Assessing application development like the rest of the business
Well overdue, it is time to measure application development and
maintenance the same way as the rest of the business, based on not just how much work someone does, but how well they do the work. As we know, looking to see if the code works as expected is only a single measurement. Knowing how easy it will be to maintain over time, how flexible it is to change as required by business changes, how quickly new team members can understand the code and get working on it and how easily the application can be tested are just some of the things that we need to look at in order to understand the real quality of the work being done by application development teams. When these measurements are combined with ways of counting the productivity (quantity) of development teams, we can get a real understanding of how well the teams are performing and what return is being realized from the investment. These measurements can be assessed both for in-house development organizations as well as the work being done by outsourcers.
The applications delivered by IT are a significant differentiator between competitors and therefore it needs to be managed as a core business process. Held up against corporate standards and no matter how or where the development work is done, it must be done well and the resulting applications need to be able to withstand time.
See how to Assess Your Application: https://www.castsoftware.com/use-cases/application-assessment
ABAP Test Cockpit in action with Doctor ZedGe and abap2xlsxIvan Femia
The powerful ABAP Test Cockpit in action and the a new SAP related product in the domain of Custom ABAP Code Application Lifecycle realized by Techedge.
This presentation was part of the Cloudify and XLAB Research Webinar about DevOps for Data Intensive Applications.
In this webinar we discussed how to leverage automation for your big data applications, using DICE tools based on the Cloudify Open Source Orchestration.
We want to make sure that developers use the time to develop their big data applications and not have to worry about deployment and operations, and have the shortest time to delivery possible.
We also cover using the DICE deployment tools for automated deployment of Spark, Storm, Cassandra or Hadoop.
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Long-lived software is a challenge. This was seen very clearly a couple of years ago in the “US COBOL crisis”, but the reasons are less clearly understood, and are worth exploring. The speaker works in Computer Algebra, where “younger” systems are 30-40 years old, and the algorithmic kernel of SageMath, the newest major system, is actually 55 years old, and the people who can debug it are in single figures. More recently, very substantial retooling was required to enable Line 14, the driverless line, of the Paris Métro to be extended. Having reviewed these cases, the speaker will make some tentative suggestions for the management of long-lived software.
Rust and the coming age of high integrity languagesAdaCore
Rust is undeniably successful. In just over 7 year, it moved from a newly released language to one that is considered as a language for high integrity systems. This success did not happen in isolation - Rusts success is deeply rooted in a number of contributing environmental factors.
In this talk, I’d like to make the case why Rust success is due to a general ground shift in software development. What we are seeing is a resurging interest in software practices that were usually part of safety-critical environments being applied to non-safety related, mission-critical environments. On the other side, we are seeing the worlds of safety and security merging.
I’d like to take a step back and talk about coming opportunities, changes and chances not only for Rust, but also for other languages and products.
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
SPARKNaCl https://github.com/rod-chapman/SPARKNaCl is a new, freely-available, verified and fast reference implementation of the NaCl cryptographic API, based on the TweetNaCl distribution. It has a fully automated, complete and sound proof of type-safety and several key correctness properties. In addition, the code is surprisingly fast - out-performing TweetNaCl's C implementation on an Ed25519 Sign operation by a factor of 3 at all optimisation levels on a 32-bit RISC-V bare-metal machine. This talk will concentrate on how "Proof Driven Optimisation" can result in code that is both correct and fast.
Developing Future High Integrity Processing SolutionsAdaCore
Rolls-Royce has been developing high integrity digital processing solutions for its safety critical aerospace engine controllers since the 1980s. By the turn of the century, the electronics industry experienced an inflection point. This resulted in a shift to a consumer driven market and a much-reduced focus on the harsh environment electronics and the extended life cycles required by the aerospace industry. As a result, Rolls-Royce took the decision to design its own microprocessor, and for the last 25 years, has been successfully developing harsh environment safety critical processing solutions for all its aerospace engines.
Alongside the ever-increasing performance expectations, the past few years have seen cyber-security become a major driver in new processor developments. This presents new and interesting development challenges that will need to be addressed.
Taming event-driven software via formal verificationAdaCore
Event-driven software can be found everywhere, from low-level drivers, to software that controls and coordinates complex subcomponents, and even in GUIs. Typically, event-driven software is characterised as consisting of a number of stateful components that communicate by sending messages to each other. Event-driven software is notoriously difficult to test. There are often many different sequences of events, and because the exact order of the events will affect the state of the system, it can be easy for bugs to lurk in obscure un-tested sequences of events. Even worse, reproducing these bugs can be difficult due to the need to reproduce the exact sequence of events that led to the issue.
Formal verification is one method of solving this: rather than writing tests to check each of the different possible sequences of events, automated formal verification could be used to verify that the software is correct no matter what sequence of events is observed. In this talk, we will look at what capabilities are required to ensure that this will be successful, including what it means for event-driven software to be correct, and how to ensure that the verification can scale to industrial-sized software projects.
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
With the large-scale verification of complex programs like compilers and microkernels, program proof has realised the grand challenge of creating a “verifying compiler” proposed by Sir Tony Hoare in 2003. Still, the effort and expertise required for developing the program and its proof to feed to the “verifying compiler” will exceed the V&V budget of most projects. Another approach gaining traction is to automate the proof as much as possible. More specifically, by tailoring the proof tool to the strengths of a target programming language, leveraging an array of automatic provers, and limiting the ambition of proof to those properties for which proof can be mostly automated. This is the approach we are following in SPARK. In this talk, we will survey what properties can be “mostly” proved automatically, and what this means in terms of effort and expertise.
RCA OCORA: Safe Computing Platform using open standardsAdaCore
The railway sector is facing a major transition as it moves towards more fully automated systems on both the train and infrastructure side. This in turn, requires the development of appropriate, future-proof connectivity and IT platforms.
The Reference Control Command and Signalling Architecture (RCA) and Open Control Command and Signalling Onboard Reference Architecture (OCORA) have developed a functional architecture for future trackside and onboard functions. The RCA OCORA open Control Command Signalling (CCS) on-board reference architecture introduces a standardized separation of safety-relevant and non-safety-relevant railway applications and the underlying IT platforms. This allows rail operators to decouple the very distinct life cycles of the domains and aggregate multiple railway applications on common IT platforms.
Based on a Safe Computing Platform (SCP), the architecture accommodates a Platform Independent Application Programming Interface (PI API) between safety-relevant railway applications and IT platforms. This approach supports the portability of railway applications among IT platform realisations from different vendors.
Two of its authors will discuss the RCA OCORA architecture with emphasis on its safe computing framework. The talk will review the required operating system standards and the discuss the newly-released DDS Reference Implementation for Safe Computing Platform Messaging. While designed for rail, this architecture will have elements of interest for other industries.
Product Lines and Ecosystems: from customization to configurationAdaCore
Digitalization is concerned with a fundamental shift in value delivery to customers from transactional to continuous. For R&D this requires adopting processes such as DevOps and continuous deployment. Systems engineering companies using platforms need to adjust their ways of working and be cognisant of the role of the ecosystem surrounding them to capitalize on this transformation. The keynote talk will discuss these developments and provide industrial examples from Software Center, a collaboration between 17 large, international companies and five universities with the intent of accelerating the digital transformation of the European software intensive industry.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
1. MISRA C: How to achieve ISO 26262 Compliance
Presented by
Andrew Banks
(Andrew.Banks@LDRA.com)
High Integrity Software 2019
Bristol, 5th November 2019
2. Agenda
2
MISRA C – A quick history
MISRA C in an ISO 26262 context
Cybersecurity & Autonomy
1
2
3
4
5
MISRA C in a little bit more detail
Achieving MISRA C compliance
3. LDRA Overview
Provider of Software Quality, Compliance
Management & Testing Solutions
Established 1975
ISO 9001 certified company
Certified for use in safety related software
development according to IEC 61508, EN
50128, ISO 26262, IEC 62304 & IEC 60880
Active participants in standards e.g.
DO-178C, MISRA C/C++, CERT
3
4. Experts in Safety and Security Critical
Software
Aerospace Defence Medical
Industrial
& Energy
Rail
Transportation Automotive
4
7. ▪ K&R C
▪ 1972 First created by Dennis Ritchie
▪ 1976 Lint, the first C static analyser, created by Stephen Johnson
▪ 1978 The C Programming Language published
▪ ANSI C
▪ 1989 ANSI X3.159-1989 aka C89 First standardized version
▪ ISO C
▪ 1990 ISO/IEC 9899:1990 aka C90 Equivalent to C89
▪ 1995 Amendment 1 aka C95
▪ 1999 ISO/IEC 9899:1999 aka C99
▪ 2011 ISO/IEC 9899:2011 aka C11
▪ 2018 ISO/IEC 9899:2018 aka C18 A “TC” in all but name
▪ Very few (if any) of you will be using ANSI C any more!
The C Language – A Quick History
7
8. ▪Despite its popularity, there are several drawbacks with
the C language, eg:
▪ The ISO Standard language definition is incomplete
▪ Behaviour that is Undefined
▪ Behaviour that is Unspecified
▪ Behaviour that is Implementation Defined
▪ Language misuse and obfuscation
▪ Language misunderstanding
▪ Run-time error checking
▪MISRA C is one solution...
MISRA C – The Rationale
8
9. ▪ November 1994: Development guidelines for vehicle based
software (aka The MISRA Guidelines)
▪ The first automotive publication concerning functional safety
▪ Commenced more than 10 years before work started on ISO
26262
▪ April 1998: Guidelines for the use of the C language in
vehicle based software (MISRA C)
▪ December 1998: IEC 61508 (first edition) published!
Original MISRA publications
9
10. ▪ MISRA-C:1998
▪ “Guidelines for the use of the C language
in vehicle based software”
▪ Compatible with ISO/IEC 9899:1990
(aka C90)
▪ MISRA-C:2004
▪ “Guidelines for the use of the C language
in critical systems”
▪ Remains compatible with ISO/IEC
9899:1990 (aka C90)
▪ MISRA C:2012 (3rd Edition)
▪ Adds compatibility with
ISO/IEC 9899:1999 (aka C99)
▪ Updated to 1st Revision in 2019 to include
AMD1 and TC1
MISRA C – A Quick History
10
12. ISO 26262-6:2018, section 5.4.3
▪Criteria for suitable modelling, design or
programming languages that are not sufficiently
addressed by the language itself shall be covered
by the corresponding guidelines, or by the
development environment, considering the topics
listed in Table 1
▪Example 1: MISRA C is a coding guideline for the
programming language C and includes guidance
on automatically generated code
MISRA C – In an ISO 26262 Context
12
14. ▪ISO 26262-6:2018, section 8.4.5
▪Design principles for software unit design and
implementation at the source code level as listed
in Table 6 shall be applied to achieve the following
properties:
▪ correct order of execution of subprograms and functions within the
software units, based on the software architectural design;
▪ consistency of the interfaces between the software units;
▪ correctness of data flow and control flow between and within the
software units;
▪ simplicity;
▪ readability and comprehensibility;
▪ robustness;
▪ suitability for software modification; and
▪ verifiability
MISRA C – In an ISO 26262 Context
14
16. Static Analysis, control flow analysis and data flow
analysis are mentioned twice as a set:
▪Table 7 ... software unit verification
▪Table 10 ... verification of software integration
Control flow analysis and data flow analysis are also
mentioned in Table 4:
▪Table 4 ... verification of software architectural design
MISRA C – In an ISO 26262 Context
16
18. ISO 26262-6:2018, Table 10
This also maps to the MISRA C guideline scope:
▪Unit Verification Single-translation-unit guidelines
▪Integration System-wide guidelines
MISRA C – In an ISO 26262 Context
18
21. ▪1a) Enforcement of low complexity
▪MISRA C deliberately avoids the topic of measurement,
other than suggesting you need to do it!
▪MISRA Report 5 “Software Metrics” (February 1995)
offers good advice!
Table 1
21
22. ▪Keep it simple
▪ Keep the design as simple and small as possible.
▪ Complex designs increase the likelihood that errors will be
made in their implementation, configuration, and use
Enforce Low Complexity
22
24. ▪Treat Code Complexity with caution...
For example a switch() construct has a
high calculated complexity!
Enforce Low Complexity
24
25. ▪1b) Use of a language subset
▪The MISRA C Vision
▪ The MISRA C Guidelines define a subset of the C language in
which the opportunity to make mistakes is either removed or
reduced.
▪ Many standards for the development of safety-related software
require, or recommend, the use of a language subset, and this
can also be used to develop any application with security, high
integrity or high reliability requirements.
Table 1
25
26. ▪1c) Use of strong typing
▪Section 8.10 “The Essential Type Model”
▪ The rules in this section collectively define the essential type
model and restrict the C type system so as to:
1. Support a stronger system of type-checking;
2. Provide a rational basis for defining rules to control the
use of implicit and explicit type conversions;
3. Promote portable coding practices;
4. Address some of the type conversion anomalies found
within ISO C.
▪ The essential type model does this by allocating an essential
type to those objects and expressions which ISO C considers to
be of arithmetic type. For example, adding an int to a char gives
a result having essentially character type rather than the int
type that is actually produced by integer promotion.
Table 1
26
27. ▪1d) Use of defensive implementation techniques
▪MISRA C has guidance relating to:
▪ Control flow
▪ If / else if / else
▪ Switch / default
▪ While / do
▪ For loops
▪ Unreachable code
▪ The shall be no unreachable code
▪ There shall be no unused code
Table 1
27
28. ▪Consider the Required MISRA C:2012 Rule 2.1
▪ A project shall not contain unreachable code
▪Consider the Required MISRA C:2012 Rule 15.6
▪ The body of an iteration-statement or a selection-statement
shall be a compound-statement. eg:
if ( condition )
{
action();
}
▪Some suggest that these Rules are (to be polite)
unnecessary
▪I wonder if Apple’s software team agree?
▪ CVE-2014-1266
Defensive Implementation Techniques
28
33. ▪1a) One entry and one exit point
▪MISRA C Rule 15.5 (Advisory)
▪ Justification cites IEC 61508 and ISO 26262
▪A single entry point is a given in a structured
language...
▪Lots of debate as to the usefulness of the single exit
point requirement; often (eg error trapping) early
returns can make for simpler (and hence more
maintainable) code
Table 6
33
34. ▪ 1b) No dynamic objects
▪ MISRA C Directive 4.12 (Required) plus several Rules
▪ The C standard library dynamic memory functions are poorly
defined
▪ Error handling if allocation fails is a common cause of a
software “crash” (ie null pointer returned)
▪ Restriction in C++ harder to enforce due to automatic
allocations.......
▪ Note: JSF AV Coding Guidelines permit dynamic allocation
during program start-up
Table 6
34
35. ▪1c) Initialization of variables
▪MISRA C Rule 8.9 (Mandatory)
▪The C Standard requires “static” variables to be
initialised to zero (unless otherwise explicitly initialised)
▪However “automatic” variables are not initialized and
this have indeterminant values.
▪But is a default value of zero correct?
Table 6
35
37. ▪MISRA has always included
guidance related to compliance
▪ Previously, this has been included
in the introductory chapters
▪ Going forward, this important
guidance now has its own
document
▪ The guidance has always made it
clear what must be done when
using and claiming compliance
with the Guidelines, but there
were some misconceptions and
the guidance has been known to
be ignored or adopted selectively
MISRA Compliance:2016
37
38. ▪Available as a standalone
document
(click for free download)
▪Compatible with MISRA C:2012
(and any future versions)
▪Compatible with forthcoming
MISRA C++:20xx
▪No reason it cannot be applied to
earlier versions of either
document!
MISRA Compliance
38
39. ▪Clearer definition of what is meant by MISRA
Compliance
▪ and how Compliance should be demonstrated
▪Provides a mechanism for tailoring classification of the
guidelines
▪ introduces the Guideline Recategorization Plan
▪Provides guidance on dealing with adopted code
▪Clarifies/tightens the Deviation process
▪Provides a mechanism for establishing pre-approved
Permits
MISRA Compliance
39
40. ▪MISRA Compliance is NOT
▪ claimed for an organisation ... but only for a deliverable item
▪ applicable to the software ... but to the development
lifecycle
▪MISRA Compliance does NOT mean
▪ No deviations ... but no unresolved violations
▪MISRA Compliance is achieved when
▪ development of a software item has been conducted in
accordance with the processes and principles specified in the
Guidelines
▪ all violations are accepted by means of a deviation, or are
against advisory guidelines and are documented as being
considered acceptable.
MISRA Compliance
40
41. ▪What is Adopted Code?
▪ Code developed outside of the current project
▪ May or may not have been developed to comply with the
Guidelines
▪ Source code or binary/library that is adopted unchanged
▪Examples include:
▪ The Standard Library
▪ Device driver files
▪ Third-party libraries
▪ Auto-generated code
▪ Legacy code
▪Note: Source code that is revised or modified in any
way, within the project, is no longer considered adopted
code
MISRA C – Adopted Code
41
42. ▪Sometimes a violation may be justified
▪ A deviation is an appropriate way of handling such a violation
▪ Legitimate reasons may be
▪ Code quality See ISO/IEC 25010 “SQuaRE”
▪ Access to hardware
▪ Adopted code integration
▪ Non-compliant adopted code
▪A deviation should not merely document the existence of
a violation
▪A deviation should
▪ document the reason why it is required
▪ be targeted in scope and specify any necessary precautions
▪ be subject to approval by a defined process
MISRA C – Deviations
42
43. ▪Check the code manually
▪ Needs to be done on MISRA C:2012 “undecidable” rules
▪ But don’t really want to do it on all the code!
▪Use a lightweight tool, such as is often built into
compilers
▪ Fast (Checks just a subset)
▪ Detects the easy to find defects
▪ Tends to be “Optimistic” – False Negatives
▪Use a heavyweight tool
▪ Slow (Deep analysis, Check all rules)
▪ Detects the easy and hard to find defects
(The ones that occur once a year!)
▪ Tends to be “Pessimistic” – False Positives
Checking Compliance
43
44. ▪Summary:
▪ MISRA Compliance is achieved when development of a
software item has been conducted in accordance with the
processes and principles specified in the Guidelines
▪Evidence:
▪ Guideline Recategorization Plan (if applicable)
▪ Guideline Enforcement Plan
▪ Guideline Compliance Summary
▪ Deviation Records covering all violations of Required guidelines
▪Note:
▪ Items 1, 2 and 3 can be combined into a single spreadsheet
MISRA Compliance – Claiming Compliance
44
47. 1. Applicable to road-vehicles
2. Goal of reasonably secure vehicles and systems
3. Management activities for cybersecurity
4. Automakers and suppliers can use to show “due
diligence”
5. Focus on automotive cybersecurity engineering
6. Based on current state-of-the-art for cybersecurity
engineering
7. Risk-oriented approach
8. Cybersecurity activities/processes for all phases of
vehicle lifecycle
ISO/SAE 21434 – Key Principles
47
48. Applicable to:
▪ The Road Vehicle,
▪ Its systems, sub-systems, and components
▪ The software installed
▪ Its connection from the vehicle to any external device/network.
Is designed to be compatible with ISO 26262
ISO/SAE 21434 – Scope
48
51. ▪MISRA C is
▪ widely respected as a safety-related coding standard
▪ equally applicable as a security-related coding standard
▪ appropriate for use in all high-integrity and high-reliability
environments
▪MISRA C has
▪ evolved from an automotive standard into a pan-industry
standard
▪ but has specific applicability to the automotive industry in
general
... and ISO 26262 in particular
▪MISRA C will
▪ continue to evolve as new editions of the C standard are
produced
▪ seek to address other constraints as they become identified
MISRA C – In Summary
51
54. ▪Biography
▪ Over 30 years experience in developing real-time embedded software
systems, across a number of industries
▪ Chartered Fellow of the British Computer Society
▪ Member of the Institution of Engineering & Technology
... Member of the System Safety TPN Executive
▪ Technical Specialist / Field Application Engineer, LDRA
▪Standards
▪ Chairman of MISRA C Working Group since June 2013...
... Working Group member since 2007
▪ Chairman of the BSI Software Testing Working Group
▪ Contributor to ISO/IEC JTC1/SC7 and WG26
▪ Contributor to ISO 29119 “Software Testing”
▪ Contributor to ISO 26262 2nd Edition “Functional Safety”
▪ etc
About the speaker
54
@AndrewBanks
AndrewBanks