The MISRA (Motor Industry Software Reliability Association) guidance is a software development standards that was created to facilitate best practices for programming safety-critical software in road vehicles and other embedded systems.

Simplifying Compliance with CodeSonar

The latest guidance brings substantial improvements from the previous standards, and organizations should switch to these versions, if they haven't already, to prevent exposing their products and customers to considerable risk.

In the guidance, Rule 1.3 ("There shall be no occurrence of undefined or critical unspecified behavior.") and Directive 4.1 ("Run-time failures shall be minimized.") are of particular importance. Many of the most serious bugs in C arise from undefined behavior.

These bugs include:

MISRA C recommends the use of an automated static analysis tool, such as CodeSonar, to find violations of the standard. All tools are not created equal, however, and some can only reason about superficial syntactic properties of the code. More advanced tools, like CodeSonar, have deep semantic knowledge of the entire program.

To this end, avoid lightweight static analysis tools, which can find syntactic violations but are generally not capable of finding the deeper defects. A clean report from a lightweight tool can give you a false sense of security because it will miss serious defects. Additionally, look for a tool that can find violations of the superficial syntactic rules as well as bugs such as the ones listed above.

CodeSonar helps you with standards compliance and bug classification: