The latest version of the MISRA-C coding standard for embedded C is due to be released next week.
Called MISRA-C:2012, or MISRA C3, in incorporates C99 for the first time, as well as continuing to support C90, where further clarification has been added.
“More than 1,000 combined days and 250 years of expertise - all donated by figures across industry and academia - have gone into MISRA C:2012,” said Steve Montgomery, chairman of the MISRA-C working group. “The aim of everything we publish is always to base it on practical, real-world experience and to create something that is clear, versatile and practical.”
The last time the standard was updated was to MISRA-C:2004. Why didn't it incorporate C99, the 1999 release of C, then?
"In 2004, there were virtually no compilers that supported C99. Even now, few support all of 99 and most support a half-way house between 90 and 99," explained Paul Burden, working group member and technical consultant at coding analysis tool firm PRQA.
MISRA, the Motor Industry Software Reliability Association, came out of the UK Government's SafeIT programme in the early 1990s. MISRA-C appeared when Ford and Rover combined their efforts to create a safe subset of C, which is riddled with potential pitfalls for the un-wary in high-reliability applications.
"C is not ideal for safety-critical work, but it is cheap," said Burden. .
The two earlier versions of MISRA-C: 1998 and 2004, both centred on C90.
"C90 is a safe version and very well supported. C99 introduced useful new features and additional problems and dangers - there is nothing to stop you accessing values outside the area of an array, for example," said Burden. "We wanted to be able to support C99 [ISO/IEC 9899:1999]. We stipulated C90 for the best of reasons."
The coding standard bans certain risky, but legal, practices.
"To support C99, you have had to introduce limitations. The coding standard defines a sub-set of C99 - for example, we don't advise using restricted keywords," said Burden.
"Other improvements, many of which have been made as a result of user feedback, include: better rationales for every guideline, identified decidability so users can better interpret the output of checking tools, greater granularity of rules to allow more precise control, a number of expanded examples and integration of MISRA AC AGC automatic code generation guidelines. A cross reference for ISO 26262 has also been produced," said MISRA.
MISRA-C has become widely popular outside the motor industry, entering markets including aerospace, defence and medical.
"You can multiply rules ad-infinitum. The good thing about MISRA-C is we have concentrated on a limited number of rules, which focus on the important issues," said Burden. "It has been a good educational tool, exposing developers to the dangers of language - when they have to use a tool, they have to start to deal with problems."
Burden's employer, Surrey-based PRQA, produces static analysis tools which take source code and analyse it to coding standards - working much like a compiler.
"It finds bugs and checks compliance to coding standards. QAC is the tool," said Burden. "QAC compliance model will cover MISRA-C:2012 on the day it is released, which is planned to be 18th March."
Together, the MISRA working and steering groups include 18 representatives from manufacturers, component suppliers, tool vendors and consultancies.
