AUTOMOTIVE
MISRA recent updates – the essential facts for embedded software developers
By Jill Britton, Perforce Software M
ost people familiar with the world of embedded software will probably have heard of MISRA coding guidelines and the requirement for compliance in safety- critical systems. MISRA C:2012 has had several updates, the most recent being Amendment 3 (AMD3) published in October 2022. This amendment by providing guidance on how to safely use new language features within C11/ C18 versions of the C programming language, instead of just preventing their use. Before digging deeper into those new features and their implications, it helps to have a reminder about why coding standards such as MISRA are so important. C and, to a lesser but growing extent C++, are the most widely used programming languages for embedded software development.
However, although C provides a wide range of resources and libraries and is supported by numerous tools, the suitability of C for use in safety-critical environments was never a developers can write code that is essentially incorrect — and could be dangerous. Coding standards — such as MISRA — enforce a safe language subset to avoid the with prevention, rather than cure, as the aim. for developers to apply coding standards manually, so they are typically enforced using static analysis tools. Static analysis, by enforcing coding standards as part of well- safe, correct, secure, and compliant. MISRA’s success can be attributed to its conciseness, readability and focus on essential issues. The latest update to the guidelines allows projects to safely use more C11/C18 features in a safety-critical environment, where previously, they were simply not permitted. The new features include the alignment of objects, which allows maximum advantage of hardware architecture, and the use of the _Noreturn
24 APRIL 2023 | ELECTRONICS TODAY
keyword, making clear to the intention of a function, and detecting unintentional dead code.
The use of features for writing type-generic code is now also regulated and thus possible. signature, a macro can now wrap the function to offer different specialisations for different types, such as different widths of integer, or both integer and real numbers. These functions increase the portability of the code, so that it can be transferred more easily. In the automotive industry, for example, that might mean being transferred from one chipset — and thus vehicle — to another. This capability supports code re-use, thus reducing costs and saving time. It also improves abstraction and therefore maintainability by separating program logic from type details.
// before:
/* all numbers have to convert to real no fast path for integers no checking for unsupported */
// generically:
/* no expensive conversion separate fast path for integers get a noisy warning instead of generating expensive code */
The amendment also provides further guidance for language features applicable to all versions of C. For instance, using a high- possible to use random numbers in the code. By ensuring that known low-quality generators are not used, the new guidelines increase security in sensitive areas of the automotive or medical device industry, for example, by generating secure encryption keys necessary for over-the-air updates or transmission of sensitive data.
With C being the programming language of choice for increasingly complex and large- scale embedded software projects, providing has to be a priority. The latest version of MISRA certainly goes a long way towards addressing these goals.
Perforce
www.perforce.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46
