Originally developed by the UK government’s “SafeIT” program and later expanded by the automotive industry, the Motor Industry Software Reliability Association (MISRA) sought to develop a C programming language subset — or “coding standard,” more colloquially — to govern their development processes. It’s grown from its inception in 1994 to include multiple sectors and has been updated repeatedly to reflect the current state of development, most recently in 2023.
As software becomes increasingly critical in safety-sensitive industries, understanding and implementing MISRA guidelines has become essential for developers seeking to produce secure, maintainable, and portable code.
Here, we’ll explore the details of the MISRA standard in all its variations. We’ll look at both the MISRA C and MISRA C++ varieties and learn about which industries use MISRA the most. We’ll also survey the rules and guidelines within the MISRA coding standard, and how this framework can be used along with code analysis tools to elevate code security.
As vehicles relied increasingly upon electronics, automotive manufacturers realized the need for a single unifying standard to guide their coding practices. The result was MISRA.
Embedded programmers and experts from Ford Motor Company, Jaguar Land Rover, Bentley Motors, and other industry leaders collaborated to create a framework to help generate more uniform code, and their work was so successful that it was also implemented in many other sectors. The developers created MISRA to improve three coding parameters especially, namely:
Along with code security, these parameters are essential for many applications. So, industries that use the C/C++ programming languages looked to MISRA to help them create such premium code.
As the programming language comprises the C and C++ variants, there is a separate MISRA code standard for both. Originally created in 1994, both versions have since undergone multiple revisions to reflect the latest best practices in code security and quality. The MISRA C standard was revised in 2004 and 2012.
Several additions have been incorporated into the MISRA C framework since then, leading to the most recent adaptation in March 2023. This version, MISRA C:2023, includes the Technical Corrigendum 2, “Technical clarification of MISRA C:2012,” as well as the following amendments:
Altogether, the MISRA C:2023 code standard offers developers a concise yet comprehensive framework for how they could best produce robust, maintainable, and portable high-security code.
MISRA C++ is very similar to the MISRA C standard, except its rules are formed around the C++ programming language. Its most recent version was released to the public in October 2023 and covered many of the same topics as the MISRA C variant. Because of its frequent use in the automotive industry, MISRA C++:2023 also sought to incorporate the rules within the Automotive Open System Architecture (AUTOSAR) to reduce the number of discrepancies between the two.
Because AI and automation are used to write code increasingly, the MISRA standard was also adapted to account for automatically generated code. MISRA AC AGC was created to inform automatic code generation practices. Its founding document is MISRA AC AGC: “Guidelines for the application of MISRA-C:2004 in the context of automatic code generation,” and its supporting resources are as follows:
While it was based upon the contents of MISRA C:2004, its rules also apply to C++.
MISRA’s widespread adoption across diverse industries underscores its versatility as a coding standard that enhances security and reliability in critical applications. The name may have reflected the standard’s original application, but MISRA has expanded so much that the “Motor Industry” portion no longer applies. MISRA has become the coding standard of choice for many industries that rely upon the programming languages C or C++:
The primary goal of MISRA is to make code written in the C/C++ programming languages more robust, portable, and maintainable. Wherever those factors are a priority, MISRA is often the framework of choice.
MISRA consists of a series of guidelines, which are divided into “rules” and “directives.” The latest MISRA standards contain a total of 200 guidelines comprising 182 rules and 18 directives.
A rule is a guideline for which a complete description of the requirement has been provided. It should therefore be possible to check the source code for adherence to the rule with no other information than that which the rule provides. That is, code analysis tools such as static code analyzers can be automated to check your source code for compliance with MISRA Rules.
A directive is less explicit than a rule and is a guideline for which a complete description of the requirement is not feasible. This makes it harder to check directives for compliance with code analysis tools. While an exact description of each directive and rule wouldn’t be feasible here, ample resources such as compliance matrices exist to assist development teams with implementation.
Don’t forget that leveraging automated tools like static code analyzers can help to ensure that your code remains compliant with MISRA rules by preventing errors and maintaining high standards of code quality.
MISRA was designed to improve code security, robustness, maintainability, and portability. However, some other benefits are as follows:
Another key advantage of using MISRA is that it creates greater uniformity across a diverse tool of coding silos. A wide number of manufacturers and suppliers use the MISRA standard. So, using the same framework can reduce inconsistencies, further improving code quality and reducing your attack surface — which is what MISRA was designed for.
MISRA may have started in the automotive sector, but it’s since proven invaluable in improving the portability, security, and robustness of applications across many industries. Your development teams may use other frameworks to inform their code, but applications built upon the C programming languages that place a premium on code security should integrate MISRA into the mix.
MISRA has proven invaluable in enhancing the security, portability, and robustness of applications across industries. Integrating MISRA into your development process is crucial for any application built on C programming languages that prioritize security. Kiuwan’s static code analyzers make it easier to maintain compliance with MISRA standards, helping you build secure, high-quality software. Request a demo to see how Kiuwan can elevate your code security.
