What does MISRA C/C++ compliance really involve?
Some organizations believe they can claim MISRA compliance for their software simply by buying any one of the many MISRA-checking tools on the market. That’s not the case. In fact, this approach is extremely risky.
Compliance to MISRA C/C++ is not simply something you can define according to your own taste. The MISRA consortium defines the conditions for formulating a defensible compliance claim. If you’d like to do your own research, here are three normative sources:
Meet BUGSENG at Embedded World 2020
Now in its 18th year, Embedded World is the leading international exhibition and conference for embedded systems. It attracts more than 30,000 trade visitors to meet and learn from over 1,000 exhibitors and speakers from across the world. The conference program covers the entire spectrum of embedded systems, with topics ranging from distributed intelligence and the Internet of Things (IoT) to e-mobility, energy efficiency and systems security.
BUGSENG’s 2019 review and 2020 vision
Launching new products, speaking at international conferences, running training courses and publishing papers. It’s been an incredibly busy and successful year for BUGSENG. We asked CTO, Roberto Bagnara, to give us a brief round up of what’s been happening in 2019 and reveal some of BUGSENG’s plans for next year.
It’s been a highly successful year for BUGSENG; are there any particular achievements that stand out for you?
BUGSENG’s joint paper with Michael Barr
Roberto Bagnara and Dr Patricia Hill of BUGSENG are currently working on a joint paper with Michael Barr, a leading embedded systems software engineer and consultant. The paper discusses the relationship between BARR-C: 2018 and MISRA C: 2012. These are the two most widely used C coding standards and the paper details their parallel and serial adoption.
Three big BUGSENG announcements
We’ve been busy at BUGSENG recently and are now delighted to be able to share three exciting news stories.
Launch: ECLAIR Qualification Kits
Competition time: Test your C programming skills
When Lonely Planet asked travelers for their ‘lost in translation’ photos of signs and menus from around the world, they had over 1,000, often hilarious, responses. Even when communicating in natural languages and dialects, the potential for confusion is immense. We see a similar but more serious issue of confusion around the C programming language.
C means nothing on its own
Meet one of the inspirations for BUGSENG’s success
Dr Patricia Hill (or Pat as she’s known around here) makes an unassuming hero. However, she’s been part of the BUGSENG journey since the start and her experience contributes to our success every day. Her career story is inspiring and exhausting in equal measure, so we persuaded her to pause and reflect on what she’s learnt so far.As co-founder of BUGSENG, how would you describe your role?“I mainly work on the design and implementation of static analyses for the automatic checking of compliance with respect to coding standards.
Three safety critical software trends shaping industry
We live in a world where our safety increasingly depends on software. It has now become so deeply ingrained in many aspects of modern life that, quite literally at times, we can’t live without it. This reflects three broad, converging industry trends: increased software complexity, greater software dependency, and growing demand for fast, accurate, safety critical performance from software.
The question for organizations that produce goods that depend on software is how do you manage these trends in a cost-effective yet responsible way?
Why is MISRA C/C++ compliance great for business?
[Please read to the end for details of our free MISRA C workshop in Italy.]
Most clients initially ask us for help because they need to comply with MISRA C/C++ guidelines. They are the de facto standards for safety critical sectors as diverse as automotive, aerospace and medical devices. These are industries where the quality of the software can literally mean the difference between life and death.
Our philosophy: No shortcuts, no compromises, no excuses
The story of how BUGSENG came to be has taken many twists and turns over the years. From a teenage boy playing with his friend’s programmable calculator, through stints with the military and CERN and on to a glittering academic career spanning both Italy and Yorkshire, England. We wanted to find out more about this story, and who better to tell it than BUGSENG’s co-founder and CTO, Roberto Bagnara.
Q: What inspired you to set up BUGSENG?
Why can’t I use a Bug Finder tool for MISRA compliance?
With a generic programmer audience in mind, Bug Finders are engineered to produce as few false positives as possible. This avoids the frustration of expensive and time consuming investigations. However, in safety critical software development, this approach is potentially life threatening. You may also have a contractual obligation to use MISRA C/C++ for safety critical software.
MISRA C/C++ is about error prevention, not bug finding
Feeling overwhelmed by MISRA C compliance?
In our previous blogs, we looked at the complexities of MISRA C compliance and the need for both robust verification tools and adequate personnel training. Organizations that start new projects having fulfilled these requirements will typically be able to claim MISRA compliance at the end of the project.
But there are exceptions, especially connected to the use of existing code. In this blog we’ll look at four situations, which can occur at the same time. The first two are rather common and all four can be the source of significant extra complications.
How can you avoid the C/C++ traps and pitfalls
In our previous blog, we looked at the complexities of MISRA C compliance and the necessity of robust verification tools. However, simply installing a tool is not sufficient. The MISRA compliance documents specifically state that, in order to describe a project as "MISRA Compliant", staff must be competent and fully understand the issues underlined by each guideline. This is especially important for personnel involved in the approval of deviations from the guidelines.
Three headaches with MISRA compliance
Software bugs are frustrating, inconvenient and expensive in any industry. But, in safety-critical, mission-critical or security-critical sectors, the consequences are not only disruptive to business. A single, subtle bug can be catastrophic to people’s lives.
In the car industry, for example, the number of safety recalls linked to software failures has risen by 30% a year since 2012. Toyota recently recalled more than 2.4 million hybrid vehicles worldwide because of a fault in their systems that could cause them to lose power.
Compiler Warnings: Use Them, Don't Trust Them
Turning On All Warnings Is Definitely a Good Thing
Most compilers provide useful warning messages that inform about circumstances that may not correspond to the intentions of the programmer. In most environments where code quality and low defect rates are important, a rule requiring the code to compile without warnings when all the compiler warnings are enabled is increasingly being enforced.
Making sure what you see is really what you have
Background
Software bugs have a long and frightening history. In just the past few years automobile manufacturers have recalled more than 1.3 million vehicles due to software problems leading to unexpected acceleration, stalling, braking issues, airbag deployment problems and vehicle stability issues. Similar cases have been found in other safety-critical industries such as medical devices.