Did you know about MISRA C guidelines?


I am talking to you guys working in the automotive field.

MISRA comes from Motor Industry Software Reliability Association and its main purpose is to provide guidelines to the automotive industry in order to create safe and reliable software.

If you google a little bit you will find something like this:

Currently MISRA guidelines are produced for C and C++ programming languages only. MISRA C is a software development standard for the C programming language developed by MISRA.  Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There is also a set of guidelines for MISRA C++.  MISRA-C:1998 had 127 rules, of which 93 were required and 34 were advisory; the rules were numbered in sequence from 1 to 127. The MISRA-C:2004 document contains 141 rules, of which 121 are “required” and 20 are “advisory”; they are divided into 21 topical categories, from “Environment” to “Run-time failures”. MISRA C++ was launched on March 2008.

.. anyway you can find here a very professional but quite skeptical opinion about those rules.

I will just go through some of MISRA C guidelines which popped to my attention:

Rule 9: Comments should not be nested.

I remember many times my Code Composer compiler issued an warning because of my nested comments.

Rule 13: The basic types char, int, short, long, double and float should not be used. Specific length equivalents should be typedef‘d.

..didn’t know about this

Rule 20: The register storage class specifier should not be used

Rule 37: Bitwise operations shall not be performed on signed integers

Obviously, isn’t it? This prevents you of changing integers’ sign

Rule 45: Typecasting to and from pointers shall not be used

this traces a bottom line on misunderstandings concerning casting void pointers and so on …

Rule 50: Floating point variables shall not be tested for exact equality of inequality

Rule 57: The continue statement shall not be used.

… this I must confess I didn’t know

Rule 59: The statements forming the body of an if, else, else if, while, do .. while or for statement shall always be eclosed in braces

I really broke this rule many times

Rule 69: Functions with variable number of arguments shall not be used

..this rule generated many comments, in any case functions having variable number of arguments are often avoided especially in embedded programming.

Rule 70: Functions shall not call themselves directly or indirectly.

Is this totally excluding recursion?

Rule 101: Pointer arithmetic shall not be used.

What? Cannot index through array’s elements?

Rule 104: non-constant pointers to functions shall not be used.

I don’t know on which ground is this rule based. I remember I read somewhere that pointer to functions technique is strongly encouraged in embedded programming.

I think Nigel Jones’ words (author of the article referred at the beginning of this post) may very well stand for conclusion:

…this is a tool to help you write safer, more portable code.

For those of you who can’t handle the effort of formally adopting MISRA C, you should, at the very least, examine the rules. If you see rules that contradict your normal coding style, then I suggest you look long and hard at your practices. Chances are that the MISRA folks are older and wiser than you.

..he also warns that many software developers for automotive industry in US didn’t even heard about those rules.


2 Responses to Did you know about MISRA C guidelines?

  1. Einat says:

    Where can I get the full guilines document?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: