MISRA Compliance with Parasoft

Try Parasoft

Misra

What is MISRA?

The MISRA standard is widely used in safety-critical industries, such as automotive, medical, military, and aerospace, and provides a set of best practices for writing C and C++ code, facilitating the authorship of safe, secure, and portable code. MISRA has Working Groups for both C and C++, and Parasoft is a member of both MISRA Working Groups.

For C development, the MISRA C standard supports the C90 and C99 language specifications. The current version, MISRA C:2012, has evolved over several years and includes 143 rules and 16 directives for a total of 159 guidelines. Amendment 1 to MISRA C:2012, published in 2016, expanded the standard by 14 rules.

For C++ development, the current MISRA standard is MISRA C++:2008 standard. However, many organizations are choosing to standardize on the AUTOSAR C++14 standard, which covers the most recent changes to the C++ language. Recently, MISRA and AUTOSAR organizations announced their collaboration on the next generation of these standards. For more information about Parasoft's offering for AUTOSAR, click here.

Enforcing MISRA Compliance with Static Analysis

Parasoft provides a comprehensive solution for applying MISRA C:2004 and MISRA C:2012, including Amendment 1, to help organizations overcome the challenges associated with ensuring automotive software quality. Parasoft C/C++test is certified by TÜV SÜD to automate the application and monitoring of static analysis coding standards like MISRA. It also provides a unit testing platform that integrates test creation, execution, and coverage reporting. Test and analysis data from Parasoft C/C++test is aggregated and correlates in Parasoft's centralized reporting and analytics hub, providing additional analysis and reports for each step along the complex software supply chain.

How Parasoft Helps Achieve MISRA Compliance

The MISRA standard provides a comprehensive set of guidelines to protect against security vulnerabilities and program failures. For teams that aren't using Parasoft, applying these guidelines and demonstrating compliance can be overly burdensome. Parasoft streamlines this process, critical to ensure on-time software deliverables.

For successfully achieving MISRA Compliance, Parasoft's software provides the ability to:

  • Verify MISRA guidelines via static code analysis after each build of software, ensuring day-to-day enforcement.
  • Create high-level overviews and detailed reports, obtained quickly from Parasoft's’s MISRA Compliance Pack, to efficiently demonstrate compliance.
  • Quickly view traceability of project requirements to tests, an important requirement not only of MISRA, but also the safety standard you might be using.

Supporting MISRA compliance throughout the software development lifecycle is important for ongoing enforcement and traceability, and automating documentation, as per the MISRA Compliance:2016 guidelines, is key to saving time and frustration dealing with this guideline. See examples below for key automatically-generated reports from Parasoft.

The MISRA Guideline Enforcement Plan demonstrates how each MISRA guideline is verified. In most cases, this shows the link between a MISRA directive or rule and the associated Parasoft analysis. See the example below:

MISRA Guideline Enforcement Plan

The MISRA Guideline Re-categorization Plan is used to communicate the agreed-upon importance for the guidelines as part of the vendor/client relationship. The document demonstrates how each guideline is categorized specifically for the current project.

Mandatory and required guidelines can’t be downgraded to a lower level; however, a project may decide to upgrade required or advisory guidelines to a stricter setting, and advisory can be disapplied (i.e., made not necessary for compliance). See an example of a re-categorization plan below:

MISRA Guideline Recategorization Plan

The MISRA Deviations Report documents the deviated violations of guidelines with appropriate rationale. Any time a rule violation is detected but allowed to remain, it must be documented in the deviations report. In most cases, these are suppressed errors reported from code analysis. An example report is shown below:

MISRA Deviation Report

The Compliance Summary is the primary record of overall project compliance. This report documents the state of compliance for each guideline, as well as any associated deviations or re-categorizations. An example is shown below:

MISRA Compliance Report

Further Reading

Achieving MISRA C:2012 Compliance with Parasoft C/C++test

Parasoft C/C++test automates C and C++ static analysis, peer code review, and unit and component testing on host and target with comprehensive code coverage supporting all the common versions of the MISRA standards including MISRA C++ 2008, MISRA C 2012, and MISRA C:2012 Amendment 1 security guidelines. In this paper, learn how Parasoft C/C++test can streamline your deployment and help create safe, secure, reliable software required by ISO 26262 and MISRA.