This document discusses the MISRA C coding standard and whether it is a "cure or curse" for programming in C. It provides an overview of the history and evolution of MISRA C since its inception in 1996. A key point made is that MISRA C aims to restrict dangerous and error-prone aspects of the C language, but it can be misused if only the headline rules are followed without reading the full standard and explanations. Static analysis is recommended to properly enforce MISRA C rules. While deviations from the standard will be needed for every project, following MISRA C principles can save significant time by reducing defects if implemented correctly.
This document provides guidelines for using the C programming language in safety-critical systems. It was created by the Motor Industry Software Reliability Association (MISRA) to promote best practices. The guidelines have been updated from the original MISRA-C:1998 version to address issues and incorporate feedback. The updated MISRA-C:2004 version contains 122 mandatory and 20 advisory rules for using C in a safe and robust manner.
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
MISRA C Chairman - Device Developer Conference 2016Andrew Banks
MISRA C is a coding standard for the C programming language developed to enable safe and secure embedded systems. It defines a subset of the C language that removes opportunities for mistakes. The standard has evolved from focusing on the automotive industry to being applicable for any industry requiring high integrity or reliability software. Recent updates to MISRA C include improved compliance guidance, additional security rules, and assessments of coverage against other standards like ISO/IEC TS 17961 for secure coding rules and CERT-C. Future work plans to consider rules addressing C11 features and operating environment access.
MISRA C provides guidelines for using the C programming language in safety-critical systems. The document discusses how MISRA C relates to ISO 26262, which specifies functional safety standards for automotive systems. Key points include that MISRA C addresses many criteria specified in ISO 26262 for suitable programming languages, such as enforcing low complexity, using a language subset, strong typing, and defensive implementation techniques. The document also discusses how to achieve and demonstrate compliance with the MISRA C guidelines.
1. The document discusses several standards related to avionics safety and security, including DO-178B for software development processes, safety case analysis, and the Common Criteria for security evaluation.
2. DO-178B defines 5 design assurance levels (DALs) from A to E based on the level of risk. It also requires objective-based development, requirements traceability, and verification and validation plans.
3. Safety cases evaluate the safety argument and risk reduction measures through a structured report. The Common Criteria provides a framework for defining and evaluating security requirements and components through protection profiles, classes, and assurance levels.
The document discusses the RTCA DO-178B/ED-12B standard, which provides guidance on software considerations for airborne systems and equipment certification. It outlines the history and revisions of the DO-178 standard, including DO-178 and DO-178A. It describes the five software levels in DO-178B which are assigned based on the criticality of the software application. It also discusses future revisions including DO-178C, the integration of software capability maturity models, and concludes that DO-178B focuses on design assurance and process compliance for airborne software certification.
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...RAKESH RANA
Increasing Efficiency of ISO 26262 Verification and Validation by Combining Fault Injection and Mutation Testing with Model Based Development
Presented at:
8th International Joint Conference on Software Technologies, ICSOFT-EA, Reykjavík, Iceland, 2013
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
This document provides guidelines for using the C programming language in safety-critical systems. It was created by the Motor Industry Software Reliability Association (MISRA) to promote best practices. The guidelines have been updated from the original MISRA-C:1998 version to address issues and incorporate feedback. The updated MISRA-C:2004 version contains 122 mandatory and 20 advisory rules for using C in a safe and robust manner.
This presentation was originally created for the webinar 'An Introduction to MISRA C:2012', presented by Paul Burden: http://www.programmingresearch.com/resources/webinars/an-introduction-to-misra-c2012/.
Paul is one of the co-authors of the new MISRA coding guidelines. He was a Product Manager for QA·C leading static analysis tool and Technical Consultant, a well-known expert in coding standards enforcement, .
Learn more about MISRA C - the most used coding standard worldwide for C language in a wide range of industries:
- Automotive (ISO 26262);
- Aerospace (DO-178B);
- Defense (DO-178B);
- Medical (IEC 62304);
- Nuclear Power (IEC 6080);
- Railways (EN 50128);
- Consumer Electronics (IEC 61508)
... and others.
MISRA C Chairman - Device Developer Conference 2016Andrew Banks
MISRA C is a coding standard for the C programming language developed to enable safe and secure embedded systems. It defines a subset of the C language that removes opportunities for mistakes. The standard has evolved from focusing on the automotive industry to being applicable for any industry requiring high integrity or reliability software. Recent updates to MISRA C include improved compliance guidance, additional security rules, and assessments of coverage against other standards like ISO/IEC TS 17961 for secure coding rules and CERT-C. Future work plans to consider rules addressing C11 features and operating environment access.
MISRA C provides guidelines for using the C programming language in safety-critical systems. The document discusses how MISRA C relates to ISO 26262, which specifies functional safety standards for automotive systems. Key points include that MISRA C addresses many criteria specified in ISO 26262 for suitable programming languages, such as enforcing low complexity, using a language subset, strong typing, and defensive implementation techniques. The document also discusses how to achieve and demonstrate compliance with the MISRA C guidelines.
1. The document discusses several standards related to avionics safety and security, including DO-178B for software development processes, safety case analysis, and the Common Criteria for security evaluation.
2. DO-178B defines 5 design assurance levels (DALs) from A to E based on the level of risk. It also requires objective-based development, requirements traceability, and verification and validation plans.
3. Safety cases evaluate the safety argument and risk reduction measures through a structured report. The Common Criteria provides a framework for defining and evaluating security requirements and components through protection profiles, classes, and assurance levels.
The document discusses the RTCA DO-178B/ED-12B standard, which provides guidance on software considerations for airborne systems and equipment certification. It outlines the history and revisions of the DO-178 standard, including DO-178 and DO-178A. It describes the five software levels in DO-178B which are assigned based on the criticality of the software application. It also discusses future revisions including DO-178C, the integration of software capability maturity models, and concludes that DO-178B focuses on design assurance and process compliance for airborne software certification.
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...RAKESH RANA
Increasing Efficiency of ISO 26262 Verification and Validation by Combining Fault Injection and Mutation Testing with Model Based Development
Presented at:
8th International Joint Conference on Software Technologies, ICSOFT-EA, Reykjavík, Iceland, 2013
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
The document is a 22-page curriculum vitae for Mohamed Karoui. It provides details on his 10 years of experience in embedded systems development across various sectors including automotive, truck, railways, military, and medical. It lists his software and hardware skills, languages, and details several embedded software engineering roles he has held with ACTIA and its subsidiaries from 2008 to the present.
IRJET- How Artificial Intelligence Accelerates Software DevelopmentIRJET Journal
1. Artificial intelligence techniques can accelerate and improve various aspects of the software development process, including requirements analysis, design, coding, testing, and risk management.
2. AI approaches such as expert systems, natural language processing, genetic algorithms, and fuzzy logic can automate tasks, generate code, and help address problems like ambiguous requirements and testing challenges.
3. While AI shows promise for speeding development and increasing quality, risks still exist and must be managed in automated and AI-assisted software systems.
Avionics Software Standards ppt in latexSushma Reddy
This document discusses standards for avionics software development. It outlines the history and key aspects of the DO-178B and DO-178C standards. DO-178B established guidelines for software life cycle processes and providing evidence of meeting objectives. It classified software by level of criticality and assigned verification requirements. DO-178C updated DO-178B with clearer language and consideration of new development methods while still focusing on design assurance based on software criticality.
This document presents the JPL Institutional Coding Standard for C programming. It aims to improve safety and reliability of code by providing a single standard, rather than project-specific ones. The standard is influenced by MISRA-C and the "Power of Ten" rules. It defines six levels of compliance (LOC), from general language rules to specific MISRA compliance. The standard scope is flight software, focusing on rules that reduce failure risk, excluding process requirements. "Shall" rules must be followed while "should" rules allow deviations with justification. Compliance is preferably verified with tools for each LOC level and parts of large codebases.
A recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.
Eclipse is an open source community whose projects are focused on building an open development platform comprised of extensible frameworks, tools, and runtimes for building, deploying, and managing software across the lifecycle.
The Object Management Group (OMG) is an international, open membership, not-for-profit computer industry consortium which develops enterprise integration specifications, many of which have been implemented by Eclipse projects.
This long talk presents a survey of the OMG specifications that are implemented in some form or another (particularly within the Modeling project) at Eclipse and suggests ways in which Eclipse and the OMG could perhaps work more closely together to benefit the futures of the open source and open specifications communities.
Chapter 7 of the famous saga "the DO-254 for Dummies" from James BEZAMAT director of DMAP
subject : IP and verification process
More : dmap.fr
contact : contact@dmap.fr
The document provides an overview of a training on DO-254, which is design assurance guidance for airborne electronic hardware. It discusses topics like DO-254 scope and requirements, the hardware design life cycle, verification and validation processes, independence, and production transition. The objectives of the training are to help attendees understand and apply DO-254, establish internal procedures to minimize costs and optimize DO-254 introduction, and become fluent in DO-254.
- Dishit Joshi is an embedded software engineer with over 3 years of experience developing firmware in C/C++/Python for microcontrollers and networking applications.
- He has expertise in software design, development, and testing of real-time embedded systems, as well as experience implementing networking protocols and continuous integration tools.
- His background includes projects in fields such as industrial automation, networking infrastructure, and industrial IoT/IIoT systems.
The document provides an overview of the C programming language including its history, development, standards, and myths. It discusses how C was created at Bell Labs in the 1970s to develop the Unix operating system. It describes the early K&R C standard from 1978 and the later ANSI C89/C90 and C99 standards. The document also explores some common myths about C like whether it is obsolete or if C++ is simply an updated version of C. It includes experiments comparing data type sizes and increment/decrement operator behavior across compilers.
C was created in the 1970s by Dennis Ritchie at Bell Labs to develop the UNIX operating system. Key features were added to its predecessor, the B language, including data types and structures. The C language became widely popular due to its inclusion in the UNIX kernel and the book "The C Programming Language". C++ was created in the 1980s by Bjarne Stroustrup as an object-oriented extension of C, adding classes, templates, and exceptions while maintaining compatibility with C. C++ has since become an ISO standard language widely used for system and application programming.
OOPs provides several benefits like reduced complexity, reusability of code, and less redundancy. It achieves this through concepts like encapsulation, inheritance and polymorphism. Some disadvantages are a steeper learning curve, larger program size and slower execution compared to procedural programming. OOPs can be applied in areas like databases, simulation, web applications and user interfaces. C++ is an object-oriented language that builds upon C with additional features like classes, function overloading and exception handling. It requires a C++ compiler to translate the code to an executable file.
C is a relatively low-level programming language that operates close to hardware. It was designed to be portable across various computer systems. C has small keywords, extensive library functions, and allows for low-level programming. It has become widely used due to its ability to handle both high-level and low-level activities efficiently across different computer systems. C was developed in the early 1970s at Bell Labs and the publication of The C Programming Language book popularized it further.
Dream Tech Labs offers C/C++ language training in Jalandhar, India. C was originally developed in the 1960s-1970s and is a general-purpose programming language. C++ was developed in the 1980s as an object-oriented successor to C that added classes, inheritance and other features. C++ provides stronger type checking, user-defined operators and functions, and code reuse through classes compared to C. Dream Tech Labs teaches both C and C++ programming.
Here is the flowchart to add two numbers:
Start
Input first number
Input second number
Add first and second number
Output sum
Stop
The flowchart shows the steps to add two numbers in a graphical format:
- Take input of first number
- Take input of second number
- Add the two numbers
- Output the sum
- Stop
The flow lines connect the steps and show the flow or order of execution of steps to solve the problem.
This document provides an overview of the C++ programming language, including its history, uses, and key features. It begins with C++ ranking highly in popularity and being a wise investment for programmers to learn. The document then covers C++ being a general-purpose, multi-paradigm language that is efficient and widely used. It discusses the history and development of C++ over time through different standard versions. Finally, it provides examples of how to write and run a basic "Hello World" C++ program.
C is an imperative procedural language, supporting structured programming, lexical variable scope and recursion, with a static type system. It was designed to be compiled to provide low-level access to memory and language constructs that map efficiently to machine instructions, all with minimal runtime support.
Summer training PPT Manasv Singharia.pptxshokeenk14
Internshala is a technology company with a mission to equip students with relevant skills and practical experience to help them succeed in their careers. It envisions a world where students can discover their passions and turn them into careers, graduating with confidence and preparation.
C is a procedural programming language developed in 1972 to migrate UNIX code from assembly to a higher-level language. C++ was created in the early 1980s as an extension of C with added support for object-oriented programming. Major operating systems, software, browsers, games and databases are built using C and C++.
The main difference between C and C++ is that C is a procedural language with no object orientation while C++ combines procedural and object-oriented
Learn c programming language in 24 hours allfreebooks.tkragulasai
The first C program prints a greeting message to the screen. It includes the standard input/output header file, contains a main function that calls printf to display the message, and returns 0 at the end. The program is saved as a .c file, compiled into an executable .exe file, and run from the command prompt to output the message.
This document discusses C language concepts relevant to buffer overflows and secure coding. It begins with an overview of C language features and data types. It then covers key concepts like functions, scope, arrays, strings, pointers, and lifetime. Pointers allow references to memory locations, but improper usage can result in undefined behavior like buffer overflows or dangling pointers.
C is a procedural programming language initially developed in the early 1970s. It was largely developed as a system programming language to write operating systems. Many later languages have borrowed syntax and features from C. C is a general purpose language commonly used to write operating systems and is well-suited for both system software and business applications due to its efficiency and low-level access to memory. It combines features of both high-level and low-level languages.
The document is a 22-page curriculum vitae for Mohamed Karoui. It provides details on his 10 years of experience in embedded systems development across various sectors including automotive, truck, railways, military, and medical. It lists his software and hardware skills, languages, and details several embedded software engineering roles he has held with ACTIA and its subsidiaries from 2008 to the present.
IRJET- How Artificial Intelligence Accelerates Software DevelopmentIRJET Journal
1. Artificial intelligence techniques can accelerate and improve various aspects of the software development process, including requirements analysis, design, coding, testing, and risk management.
2. AI approaches such as expert systems, natural language processing, genetic algorithms, and fuzzy logic can automate tasks, generate code, and help address problems like ambiguous requirements and testing challenges.
3. While AI shows promise for speeding development and increasing quality, risks still exist and must be managed in automated and AI-assisted software systems.
Avionics Software Standards ppt in latexSushma Reddy
This document discusses standards for avionics software development. It outlines the history and key aspects of the DO-178B and DO-178C standards. DO-178B established guidelines for software life cycle processes and providing evidence of meeting objectives. It classified software by level of criticality and assigned verification requirements. DO-178C updated DO-178B with clearer language and consideration of new development methods while still focusing on design assurance based on software criticality.
This document presents the JPL Institutional Coding Standard for C programming. It aims to improve safety and reliability of code by providing a single standard, rather than project-specific ones. The standard is influenced by MISRA-C and the "Power of Ten" rules. It defines six levels of compliance (LOC), from general language rules to specific MISRA compliance. The standard scope is flight software, focusing on rules that reduce failure risk, excluding process requirements. "Shall" rules must be followed while "should" rules allow deviations with justification. Compliance is preferably verified with tools for each LOC level and parts of large codebases.
A recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.
Eclipse is an open source community whose projects are focused on building an open development platform comprised of extensible frameworks, tools, and runtimes for building, deploying, and managing software across the lifecycle.
The Object Management Group (OMG) is an international, open membership, not-for-profit computer industry consortium which develops enterprise integration specifications, many of which have been implemented by Eclipse projects.
This long talk presents a survey of the OMG specifications that are implemented in some form or another (particularly within the Modeling project) at Eclipse and suggests ways in which Eclipse and the OMG could perhaps work more closely together to benefit the futures of the open source and open specifications communities.
Chapter 7 of the famous saga "the DO-254 for Dummies" from James BEZAMAT director of DMAP
subject : IP and verification process
More : dmap.fr
contact : contact@dmap.fr
The document provides an overview of a training on DO-254, which is design assurance guidance for airborne electronic hardware. It discusses topics like DO-254 scope and requirements, the hardware design life cycle, verification and validation processes, independence, and production transition. The objectives of the training are to help attendees understand and apply DO-254, establish internal procedures to minimize costs and optimize DO-254 introduction, and become fluent in DO-254.
- Dishit Joshi is an embedded software engineer with over 3 years of experience developing firmware in C/C++/Python for microcontrollers and networking applications.
- He has expertise in software design, development, and testing of real-time embedded systems, as well as experience implementing networking protocols and continuous integration tools.
- His background includes projects in fields such as industrial automation, networking infrastructure, and industrial IoT/IIoT systems.
The document provides an overview of the C programming language including its history, development, standards, and myths. It discusses how C was created at Bell Labs in the 1970s to develop the Unix operating system. It describes the early K&R C standard from 1978 and the later ANSI C89/C90 and C99 standards. The document also explores some common myths about C like whether it is obsolete or if C++ is simply an updated version of C. It includes experiments comparing data type sizes and increment/decrement operator behavior across compilers.
C was created in the 1970s by Dennis Ritchie at Bell Labs to develop the UNIX operating system. Key features were added to its predecessor, the B language, including data types and structures. The C language became widely popular due to its inclusion in the UNIX kernel and the book "The C Programming Language". C++ was created in the 1980s by Bjarne Stroustrup as an object-oriented extension of C, adding classes, templates, and exceptions while maintaining compatibility with C. C++ has since become an ISO standard language widely used for system and application programming.
OOPs provides several benefits like reduced complexity, reusability of code, and less redundancy. It achieves this through concepts like encapsulation, inheritance and polymorphism. Some disadvantages are a steeper learning curve, larger program size and slower execution compared to procedural programming. OOPs can be applied in areas like databases, simulation, web applications and user interfaces. C++ is an object-oriented language that builds upon C with additional features like classes, function overloading and exception handling. It requires a C++ compiler to translate the code to an executable file.
C is a relatively low-level programming language that operates close to hardware. It was designed to be portable across various computer systems. C has small keywords, extensive library functions, and allows for low-level programming. It has become widely used due to its ability to handle both high-level and low-level activities efficiently across different computer systems. C was developed in the early 1970s at Bell Labs and the publication of The C Programming Language book popularized it further.
Dream Tech Labs offers C/C++ language training in Jalandhar, India. C was originally developed in the 1960s-1970s and is a general-purpose programming language. C++ was developed in the 1980s as an object-oriented successor to C that added classes, inheritance and other features. C++ provides stronger type checking, user-defined operators and functions, and code reuse through classes compared to C. Dream Tech Labs teaches both C and C++ programming.
Here is the flowchart to add two numbers:
Start
Input first number
Input second number
Add first and second number
Output sum
Stop
The flowchart shows the steps to add two numbers in a graphical format:
- Take input of first number
- Take input of second number
- Add the two numbers
- Output the sum
- Stop
The flow lines connect the steps and show the flow or order of execution of steps to solve the problem.
This document provides an overview of the C++ programming language, including its history, uses, and key features. It begins with C++ ranking highly in popularity and being a wise investment for programmers to learn. The document then covers C++ being a general-purpose, multi-paradigm language that is efficient and widely used. It discusses the history and development of C++ over time through different standard versions. Finally, it provides examples of how to write and run a basic "Hello World" C++ program.
C is an imperative procedural language, supporting structured programming, lexical variable scope and recursion, with a static type system. It was designed to be compiled to provide low-level access to memory and language constructs that map efficiently to machine instructions, all with minimal runtime support.
Summer training PPT Manasv Singharia.pptxshokeenk14
Internshala is a technology company with a mission to equip students with relevant skills and practical experience to help them succeed in their careers. It envisions a world where students can discover their passions and turn them into careers, graduating with confidence and preparation.
C is a procedural programming language developed in 1972 to migrate UNIX code from assembly to a higher-level language. C++ was created in the early 1980s as an extension of C with added support for object-oriented programming. Major operating systems, software, browsers, games and databases are built using C and C++.
The main difference between C and C++ is that C is a procedural language with no object orientation while C++ combines procedural and object-oriented
Learn c programming language in 24 hours allfreebooks.tkragulasai
The first C program prints a greeting message to the screen. It includes the standard input/output header file, contains a main function that calls printf to display the message, and returns 0 at the end. The program is saved as a .c file, compiled into an executable .exe file, and run from the command prompt to output the message.
This document discusses C language concepts relevant to buffer overflows and secure coding. It begins with an overview of C language features and data types. It then covers key concepts like functions, scope, arrays, strings, pointers, and lifetime. Pointers allow references to memory locations, but improper usage can result in undefined behavior like buffer overflows or dangling pointers.
C is a procedural programming language initially developed in the early 1970s. It was largely developed as a system programming language to write operating systems. Many later languages have borrowed syntax and features from C. C is a general purpose language commonly used to write operating systems and is well-suited for both system software and business applications due to its efficiency and low-level access to memory. It combines features of both high-level and low-level languages.
The forgotten problems of 64-bit programs developmentPVS-Studio
Though the history of 64-bit systems development makes more than a decade, the appearance of 64-bit version of OS Windows raised new problems in the sphere of development and testing applications. In the article there are considered some mistakes connected with 64-bit C/C++ code development to OS Windows. The reasons are explained according to which these mistakes didn't find their reflection in the articles devoted to the migration tasks and are unsatisfactorily detected by the majority of static analyzers.
C is a general-purpose programming language developed between 1969 and 1973 by Dennis Ritchie at Bell Labs. It was created to write the UNIX operating system and became widely popular. Key features of C include being a robust language with built-in functions and operators, producing efficient and fast programs, and being highly portable. C laid the foundation for many other languages and important programs like Linux, PHP, and MySQL are written in C. It does not support object-oriented programming concepts but provides low-level access to memory.
The document discusses the C programming language and data structures. It covers the basic structure of C programs, data types, operators, control flow statements, arrays, strings, functions, pointers, structures, unions and file I/O. The chapters are outlined and key concepts like algorithms, flowcharts and program development steps are explained in detail. The history and evolution of C language is presented along with its features, applications and importance. A simple C program example is also provided and analyzed.
It is a general-purpose, procedural, middle-level language, first designed by Dennis M. Ritchie at Bell Labs to foster the UNIX operating system. C programming was originally used by the experts of best engineering colleges in Jaipur to create the operating systems.
https://www.aryacollege.in/
The document provides an introduction to C programming. It outlines the course objectives which are to familiarize students with structured programming concepts in C and help students differentiate between various programming structures. It also lists recommended textbooks. The document then discusses what C programming is, its applications like operating systems and databases. It summarizes that C was created in 1972 at Bell Labs and became a standard in 1989. It describes the structure of a basic C program which includes documentation, header files, definitions, global declarations, the main function and subprograms. Finally, it provides a sample program to calculate the area of a circle using functions.
When using C++ for safety-critical systems, great care must be taken to avoid any language
constructs and code that can potentially lead to unintended program behavior. C has most of
these issues as well, though, and this hasn’t stopped C becoming one of the most widely
used languages in safety-critical systems. This has only been possible through the
introduction of coding standards that limit language features to a safe subset that can be
used without giving rise to concerns.
The document provides an overview of the organization NIIT. It states that NIIT is a global talent development corporation that offers learning solutions in areas such as IT, banking, finance, outsourcing, and communication skills. It has trained over 35 million learners since inception. NIIT introduced India's first cloud campus to provide online training programs in fields such as IT, banking, and management to make students industry-ready. It partners with colleges and universities to deliver in-campus training through its NIIT Careers@Campus program.
This document discusses the C programming language and data structures. It covers the basic structure of C programs, including functions, main functions, and sections like documentation, definitions, declarations, and subprograms. It also discusses basic C programs, data types, operators, control structures, arrays, pointers, structures, unions, and file I/O. The document is intended to introduce students to C language concepts and data structures.
1. MISRA C:2012
Cure or Curse
Paper presented at the
Advanced Engineering
Conference
November 2014
First Edition
by
Eur Ing Chris Hills BSc (Hons),
C. Eng., MIET, MBCS, FRGS, FRSA
The Art in Embedded Systems
comes through Engineering discipline.
MISRA C:2012
Adv-Eng 14
3. MISRA C:2012
Adv-Eng 14
3 library.phaedsys.com
MISRA-C started in 1996 as part of the MISRA
series of reports on automotive software development.
MISRA-C was originally published in 1998 as Guidelines
for the Use of the C Language in Vehicle Based Software
and aimed at the UK automotive market. However,
Programming Research, LDRA and Chris Hills, CTO
of Phaedrus Systems, pushed the document to a wider
audience. It soon found a home across the whole
embedded, real time and critical systems markets, not
just in the UK but globally. This meant that the second
version of MISRA-C, published in 2004, changed its title
toGuidelinesfortheUseoftheCLanguageinCriticalSystems.
Since 2004 the majority of the MISRA-C working group
have come from the defence and aerospace industries
with automotive representation being a minority
Over the 16 years since its first appearance MISRA-C
has become the world’s most widely used C coding
standard. Either as straight MISRA-C or when used as
the basis for company coding standards where formal
MISRA-C compliance is not required, MISRA-C is in use
from Japan, heading west, all the way to San Francisco.
But whilst many promote MISRA-C some call it
MISERY-C. Is MISRA-C a curse or cure?
4. MISRA C:2012
Adv-Eng 14
4library.phaedsys.com
that are flagged by the standard as “undefined”,
“implementation defined” and “unspecified”.
The problem is further exacerbated by the
undeniable fact that most software people do not
understand C. Certainly, after 17 years of involvement
with C standardisation at MISRA, BSI and ISO levels,
I do not know anyone who fully comprehends the
whole language and its use where many things are
implementation defined.
Thissometimesmeansthatausermaynotunderstand
the subtleties of the problem that a particular MISRA rule
is intended to address and so do not see what the rule is
trying to achieve. This in turn can lead to inappropriate
application of MISRA-C which in some cases can cause
more problems than the guidelines solve.
MISRA-C is there to solve a problem. But it appears it
has also created a problem.
What is this problem it is trying to solve? Basically,
the C language needs taming.
C, as originally devised, has an ethos of “trust the
programmer”. That means that, unlike many other
programming languages, there no were built-in
safeguards.
C is famously NOT strongly typed.
It is quite legal to store a double (say 32 bits) in a
char (probably 8 bits) and there is no warning
required of the loss of 3 bytes of data.
It is quite legitimate (syntactically) to increment a
pointer way past the end of an array.
Not to mention the ever expanding list of things
5. MISRA C:2012
Adv-Eng 14
5 library.phaedsys.com
Often the first question that few programmers can
answer correctly is, “Which C are you using?” The
response is often “ANSI-C” , “Standard C”, “Embedded
C”, “C89” and some times also erroneously “C99” The
progression of the C language is shown above. Since 1990
C has been an ISO standard. It is driven by an international
committee on which the ANSI committee is represented
as one among any National Bodies including the UK. C
has now been an ISO (internationally) regulated language
for 25 years and is defined by ISO/IEC 9899:1990,
Programming languages—C (C99) and then more recently
by ISO/IEC 9899:2011, Programming languages—C (C11)
The problem is exacerbated when people ask which
books to read to learn C. Often the “Bible” of K&R
(Kernighan and Ritchie, The C Programming Language)
is cited. Edition 1 is over 36 years old (and dare I say older
than most who are asking the question). The second
edition, whilst a mere 26 years old, is still older than the
version of C the vast majority of C programmers will use.
The other problem is most books on C are a LOT
shorter than the standard(s) they are referencing. None of
them contain more than a fraction of the ever expanding
C standard. The current C standard has more than three
times the pages of K&R 2nd Ed and the first ISO-C
standard. Two that do contain the standard are on page 13.
Why is this a problem? Simply because the vast
majority of C programmers have never seen a copy of
the ISO C standard, let alone read it. If you have not
read (I am not going to get into “understand”) the ISO C
standard how can you program in C?
In answer to the question “Which C?” most cross
compilers for the embedded market are C95 (with
extensions). By 2010 most had evolved from a C90 engine
with additions to a C99 engine with omissions. Very
few (if any?) compilers for the embedded and critical
systems market have been a full implementation of C99.
This includes GCC which only loosely follows ISO-C
anyway. Then of course the C used for cross compilers
for embedded systems will have extensions and
restrictions for the target architecture and hardware.
This is particularly the case with the standard library;
where for a “self hosted” system very little is mandated
by the C standards. No one really knows C. This is the
Curse of C
6. MISRA C:2012
Adv-Eng 14
6library.phaedsys.com
This graph shows the expansion of the C language
over more than three decades. Remember that most
(but not all) compilers in the embedded market are
somewhere between C95 (that is C90 + Amendment
1 and 3 Technical Corrigendum’s) and C99. There are
signs, in late 2014, that some parts of C11 may find
their way into some compilers. A Program Manager
for a major embedded compiler company said in 2013
that their compilers would be ISO–C 2011 compliant
“where C11 touched C99” and it was something they
had already implemented as C99. So while there will be
claims of C11 compliance/compatibility I suspect it will
more marketing than engineering.
ThepointisthatinpracticenoworkingCprogrammer
really understands C and the vast majority have never
actually read the C standard: particularly the most
important part - the infamous Annex J (in C99 parlance).
This addresses portability issues and lists unspecified,
undefined and implementation defined behaviour. It
covers 25 pages!
This is why MISRA-C is needed: to tame the
dangerous parts of the C language and remove many
of the common problems. This in turn will cut down
debugging time and save money. This was, along with
safety, one of the original reasons for MISRA-C. The
90’s were the era of “if you don’t have the time to do it
properly when will you have the time to fix the errors?”
The UK car industry had enough problems with time
to market without the increasing volume of software in
cars adding to it. However the problems are the same in
most other industries where software is embedded into
products.
7. MISRA C:2012
Adv-Eng 14
7 library.phaedsys.com
MISRA-C should be used with static analysis partly
because you should not be programming in C without
static analysis anyway!
When the first static analyser for C (lint) was built it
was to detect legal but suspicious constructs, A LOT of
LEGAL C is DANGEROUS according to Denis Ritchie,
writing in 1993 about the first lint that was constructed in
1976. Even before K&R wrote the first language reference
for C in 1978 and over a decade before ISO C there were
problems with C being mis-used.
Programmersliketotryandprovehowclevertheyare
with C. Brian Kernighan had a comment that debugging
is twice as hard as writing code. So if you write code to
the best of your ability…
It seems that lint (static code analysis) was intended to
be part of the standard C compiler chain and certainly it
was on UNIX. The problem was it never survived on the
leap to the PC development platforms. Many of us did
use lint in the 80’s on PC’s but most never started the habit
and it seems universities never pushed it. The culture of
“If it compiles it must be OK.” started to prevail.
You can read about Steve Johnon, the father of static
analysis at: http://en.wikipedia.org/wiki/Stephen_C._
Johnson
Since the original lint, high end static code analysers
have developed into very powerful code analysers
that can produce many code metrics and enforce local
coding standards as well as rigorously analyse code
with con-figurations for many dialects of C. In the
embedded world most compilers have extensions for the
hardware architecture, such as specific IO and registers.
Before using a Static Code Analyser, check its pedigree
to ensure that it can handle the specific dialect of C that
you are using.
There are some free static code analysers - but take
care as some have not been maintained and so have not
kept up with the language or compilers. Also many have
not really been properly tested.
8. MISRA C:2012
Adv-Eng 14
8library.phaedsys.com
To make C safer, MISRA-C restricts the use of parts
of the language, these include legal C that is known to be
problematic, misused constructs and the misunderstood
parts of C. (This is a larger set than you might think.) These
are all areas where many programmers, often erroneously,
think they know how the dangerous things work.
As the C language is both evolving and expanding,
what may have been correct in C90 is not the same in
C99. Even worse the compiler may be a fuzzy mix of C90
and C99, despite claims to be one or the other. This is
where a good static analyser, properly configured, pays
dividends.
MISRA-C is also evolving and expanding. The
evolution is using feedback the tens of thousands of
users who are implementing projects using the rules.
Static analysis companies have wanted clarification on
wording they regarded as ambiguous. So, apart from
removing ambiguities MISRA-C had increasing amount
of explanation, rationales and examples. It also means
that it makes no sense to read only the headline rules.
9. MISRA C:2012
Adv-Eng 14
9 library.phaedsys.com
The chart above shows the relationship of the number
of pages to the number of rules in some popular coding
standards
Power of 10: 10 rules 2 pages,
Neutrino: 38 rules 89 pages
Cert-C: 265 rules 682 pages
MISRA-C1: 127 rules 68 pages
MISRA-C2: 142 Rules 111 pages
MISRA-C3: 159 Rules 256 pages
Since, as we have argued before, most programmers
don’t have, let alone have read, the ISO C standard,
MISRA has to include a lot of explanation of the way
C works, or doesn’t, in order to explain why the rule is
there. However MISRA-C is not a replacement for books
on C.
The feedback has also resulted in an increase in
guidance on how MISRA-C should be used, particularly
for deviations, that is reasoned arguments for not using a
particular MISRA-C rule.
10. MISRA C:2012
Adv-Eng 14
10library.phaedsys.com
The MISRA-C Curse is that many only read the
headline rules and not the supporting text for the
rule. MISRA-C:2012 has attempted to change this by
shortening the headline rule and adding a rational and
amplification, making rule usable only by reading all
three parts (and, of course, any exceptions). A further
problem is that many only read the chapter containing
the rules and not the rest of the document, which
explains the how and why of implementing the rules,
without which MISRA-C compliance can not be claimed.
This is required reading.
One of the results of not reading and understanding
thecontextinthesupportingchaptersisprojectmanagers
calling for 100% MISRA-C rule enforcement with no
deviations. This is not possible. If MISRA-C is used there
*WILL* be deviations: it is not possible to do otherwise.
The follow on is that some look for a “MISRA-C checker”
without doing static code analysis. Whilst some of the
MISRA-C rules are not statically enforceable the majority
are, and are an enhancement to static code analysis. This
is why most static code analysis tools can enforce a large
number of the MISRA-C rules (typically 80% of them).
It is pointless to either manually check for MISRA-C
compliance or use a tool that does not do static analysis
at the same time.
A “tick box” culture to implementing MISRA-C has
developed. As well as giving the programming team
many problems, it can also produce horrendous source
code that while technically meeting the rules negates
their spirit or intent. There have been many cases of
code written to “silence the MISRA checker” rather
than address the underlying problem.
The MISRA-C team are often asked to give an
opinion on a constructed problem. When the answer
is “don’t do it that way in the first place” they are then
asked to rule on the specifics of the example. The
questioner is looking for a way to circumvent the letter
of the MISRA rule and wants to avoid what would be
the good engineering practice of redesigning the code
to work in a better way.
11. MISRA C:2012
Adv-Eng 14
11 library.phaedsys.com
Only 6% of the MISRA-C rules are Mandatory: that is
rules that are applicable 100% of the time. Therefore we
hope that 99.9999% of MISRA-C users will deviate the
rules in an appropriate manner.
We are regularly asked about deviations. Firstly we
are asked “How do we deviate?” This is discussed in the
two papers referenced at the end of this paper.
Secondly we hear from people who have been told,
“100% MISRA-C with no deviations. [TICK]” This
instruction is always from people who don’t understand
what MISRA-C is or how to implement it.
This is one of the places where MISRA-C can be
counter productive. A manager demanding 100%
compliance doesn’t realise that he is dangerously
handicapping the project. The team will have to fight
with the standard and resort to time consuming and, in
some cases, dangerous, tricks to get round the warnings
from the code analysers. They will waste time and
produce hideous and less efficient code.
In most presentations on MISRA-C by MISRA-C team
members and tool vendors with MISRA-C checkers, the
speaker will tell the audience you are going to have to
deviate some rules and this is NOT a tick box or simple
decision. It requires thought and consideration. YOU
have to do this on YOUR responsibility and it will be
different for every project.
A4 size Copies of this slide are available signed for
your manager’s office wall!
Deviations WILL be required. Just as the rain must
fall (but too much is a flood).
12. MISRA C:2012
Adv-Eng 14
12library.phaedsys.com
MISRA-C is the cure that tames the C language and
helps to make it more predictable with fewer surprises.
The support for MISRA-C in static code analyzers
encourages the use of static analysis and automated
source code checking by rigorous tools. This can cut
the test and debug phase drastically. Over the years
reports and studies have shown anything between 25%
and 40% savings on project time by using a good static
code analyzer and MISRA-C. However, using MISRA-C
without a static code analyzer to check the source is
pointless, and will probably do more harm than good
and certainly not give the gains mentioned above.
The MISRA-C curse is that people think they know
more than they do about C. I know a highly experienced
C trainer who says he learns more about C every time a
new MISRA-C appears.
We on the MISRA-C working group are also
constantly learning, despite most of us being involved in
C standards, and in making C tools. We have, on average
over 25 year’s industrial experience. The MISRA-C team
draws on experience in two ways. Some members are
on the standards panels and some members are making
some of the world’s leading C analysis tools though all
have a background in writing code on real projects. We
also have direct and regular contact with the developers
of the world’s leading C compilers. Some time we may
not know about a feature of C but we always know an
expert who does. (Come to that often when we think we
know we still check!) On the other hand we have lot of
contact with real implementations in our company’s or
our customer’s projects. We see what actually happens
on millions of lines of C over thousands of projects.
The other part of the MISRA Curse is that MISRA-C is
often badly implemented on projects. This is partly due to
management not understanding that deviations are not
a bad thing, not recognizing the need for a compliance
matrix etc, nor the need for static analysis tools. It is also
partly due to programmers not always understanding
the rules and/or C as well as they think they do. This can
mean that badly implemented MISRA-C can do as much
harm as good…. But all is not lost!
13. MISRA C:2012
Adv-Eng 14
13 library.phaedsys.com
This presentation was a short look, just 12 minutes
on the Advanced Engineering 2014 show floor. As a
perspective, Feabhas, the training company (www.
feabhas.co.uk) present MISRA-C courses. The “over view”
takes a whole day and the full course is four full days!!!
The two 45 minute presentations above provide a
halfway house. These were given as part of the MISRA-C
workshops in the 2013 and 2014 Device Developer
Conferences.
The 2013 document explains why MISRA-C might do
more harm than good on a project, outlining some of the
more common problems in trying to use the guidelines.
The2014documentgoesontotalkabouthowtoimplement
MISRA-C in a way that it makes maximum improvement.
The two presentations above are available from
the Phaedrus Systems Library under Conference
Presentations
http://www.phaedsys.com/library/presentations.
html
Bibliography
BSI, The C Standard (incorporating Technical
Corrigendum 1), Wiley 2003, 978-0-470-84573-8 (This is
the complete C99 with the rationale)
Derek Jones, The New C Standard: An Economic and
Cultural Commentary, 2008 (also C99) free from
http://www.coding-guidelines.com/cbook/
cbook1_1.pd
MISRA-C 2013 Workshop: Why MISRa-C won’t save
your project
ht t p://w w w.s a fe t yc r it ic a l.i n fo/l ibra r y/
presentations/MISRA-C3-0001.pdf
MISRA-C 2014 Workshop: Implementing
MISRa-C:2012
ht t p://w w w.s a fe t yc r it ic a l.i n fo/l ibra r y/
presentations/MISRA-C3-0002.pdf