A professional training course delivered by BUGSENG on MISRA C:2012 Revision 1 with Amendment 2, the latest version of the MISRA C standard, which includes the new guidelines for security and preliminary support for C11 and C18. The course has been designed for the smooth and successful adoption of MISRA C into an organization. Lectures, exercises, tests, hands-on sessions and, optionally, a final exam, will significantly strengthen the skills and competences of teams involved in the design, development and verification of critical embedded software systems.
For a number of notorious historical and technical reasons, the C programming language is the most widely used across industry, even in safety-, security- and mission-critical contexts. Several features of C that proved to be crucial for the success of the language in terms of efficiency and portability, are in sharp conflict with both safety and security requirements. Hence, the development of critical applications requires language subsetting. The most authoritative language subset for the C programming language is MISRA C, now at its third edition, MISRA C:2012.
Formal training of personnel involved in the development and quality assessment of C source code is an essential part of the adoption of MISRA C. Without a proper understanding of C pitfalls and of the reasons behind each of the MISRA guidelines, often developers:
- perceive the adoption of the guidelines as a useless burden;
- do not understand the messages given by the tool and do not know what they are supposed to do;
- are not able to recognize false positives;
- may change the code by trial-and-error in an attempt to silence the tools. Lack of training always implies significant time losses and even, more often than one might think, a strict decrease in the quality of the code produced.
Effective MISRA C is now online: all sessions are live and interactive!
Course Objectives
Upon completion of the course, participants will:
- understand the C language pitfalls, the compilation process, static analysis techniques and tools;
- understand the origin and nature of MISRA C and its role in the development of safe and secure software;
- understand all important MISRA C guidelines and the unwanted phenomena they are designed to prevent;
- understand the notion of compliance to MISRA C and the permitted deviation procedures;
- appreciate and understand the advantages of the adoption of MISRA C and other best practices.
In addition, they will be able to:
- recognize and avoid dangerous features of the C language by adhering to the MISRA C language subset, thus minimizing rework and extended testing phases;
- analyze the output of static analyzers and recognize MISRA C false positives (and negatives);
- decide on the best remediation for each kind of MISRA C violation;
- work effectively on bringing projects into compliance;
- formulate accurate and defensible compliance matrices.
Intended Audience and Teaching Methods
The course is meant for software developers, engineers and architects as well as V&V engineers and project managers. The content is geared towards people with a working understanding of the C programming language; however, no previous knowledge of MISRA C is required. The course, which favors participatory approaches as much as possible, is based on the following methodologies: lectures/presentations, discussions, questions and answers, demonstrations, practical sessions, exercises. An optional final exam is also provided.
Contents and Schedule
The course provides a thorough understanding of MISRA C, disposing of common misconceptions that are ultimately responsible for its ineffective and counterproductive adoption. The course begins with a presentation of the safety and security pitfalls that are inherent in C programming; the most common and dangerous programming errors (with a particular emphasis on embedded systems programming) are then explained in detail. Each MISRA C rule is presented along with its rationale and the role it plays in achieving safety, testability, maintainability and portability. Most importantly, each rule is presented along with a clear explanation of the right corrective measures (those that do increase overall code quality) and with instructions about why, when and how rule deviations might be necessary or advisable. The use of tools for the automatic verification of MISRA C rules is then introduced, with a particular emphasis on their proper configuration and integration with the development environment. The course includes the demonstrative analysis of portions of real software projects: this gives the opportunity to review and practice all the learned concepts and abilities. The on-site version of the course spans two full days. They can be consecutive (recommended) or separated. In the latter case, we recommend that there is no more than two weeks between them.
Day 1
Morning
- Introduction to the course.
- Review of undefined, unspecified and implementation-defined behavior in C.
- How the compilers may take advantage of undefined behavior.
- Review of explicit and implicit casts: balancing, promotion, arithmetic conversions, . . .
- Review of enumerated, integer and floating-point types: representation and operations.
- Review of common integer pitfalls: overflow, sign error, extension, truncation, . . .
- Review of common floating-point pitfalls: error propagation, comparison, excess precision, . . .
- Review of arrays, strings, pointer types and associated programming errors: access outside bounds, null-termination, truncation, off-by-one errors, . . .
Afternoon
- Introduction to MISRA.
- The purpose of MISRA C and its role in improving code quality.
- The MISRA C essential type system and other preliminary notions.
- MISRA C:2012 guidelines related to not fully defined behavior of C.
- Test on not fully defined behavior of C and related MISRA C guidelines.
Day 2
Morning
- Other important MISRA C:2012 guidelines.
- MISRA C:2012 guidelines for security
- Test on MISRA C violations and the best ways to deal with them.
- Properly formulating defensible claims of MISRA compliance.
Afternoon
- Simplifying the deviation procedure with deviation permits.
- Automatic verification of compliance to the MISRA C rules: the tools and their proper configuration and use.
- Demonstrative analysis of the MISRA C violations in real software projects (possibly provided by customers) along with the correct remediation measures.
- Final exam (optional) and course wrap-up.
Customization
The course contents can be customized to some extent. For example, in the case of an audience with previous working knowledge of MISRA C (2004 or 2012) the hands-on part of the course can be expanded.
The Instructors
The course is taught by qualified BUGSENG instructors, in collaboration with esteemed experts including members of the MISRA C, MISRA C++, and C standardization international working groups.
Handouts
Each participant will receive:
- All relevant MISRA documents in PDF format, including a copy of MISRA C:2012 (licensed individually to each participant).
- Printed course material including examples and exercises for individual study (confidential).
- Certificate of attendance or of achievement.
- One month of free email consultancy on the course topics.
Venues
Standard locations are Parma, Pisa, Milan or Rome depending on requests. The course can also be delivered on-site and online. Download Effective MISRA C course brochures down below: