The task of building embedded software applications was already fraught with challenges, and then with the introduction of IoT, everything now seems to have a connection to the internet – simultaneously increasing the complexity of the systems and the risk of security vulnerabilities. To help mitigate these challenges, many people look to the MISRA guidelines.
The Motor Industry Software Reliability Association (MISRA) “Guidelines for the use of the C language in critical systems” (known as MISRA C 2012) is a definition of a subset of the C language designed to minimize potential errors, security vulnerabilities, and mistakes that cause program failure or serious errors. Although initially created for automotive systems, the guidelines have been adopted by many other industries for safety-critical applications. In all cases, determining compliance (which is increasingly required in vendor/client relationships) is complex and time-consuming.
There are many tools on the market that report errors indicating when code is violating a guideline, but few tools simplify the reporting and documentation process required for demonstrating compliance – never mind implementing the guidelines into your software development process. To streamline the entire process of achieving, documenting, and maintaining MISRA compliance throughout the product lifecycle, we designed our reporting and analytics platform (DTP) to bring automation and assistance, alongside our C and C++ testing tool, C/++test. In this post, I thought I would explain better how you can leverage these tools together to make MISRA compliance less of a headache.
Navigating the Bumpy Compliance Road
Compliance is a binary state – code is either in compliance or it’s not, and MISRA guidelines expect all of the code to comply with the directives and rules set out in the standard. As such, achieving full compliance in a large complex project is not an easy undertaking. Adding to the challenge, many vendor/client relationships require that adherence to the standard be proven through documentation.
To better clarify the procedure for implementing the MISRA Coding guidelines, MISRA issued compliance guidelines in 2016 to help development organizations achieve and document compliance. In order to simplify this process through automation, the following is required:
- High level, real-time views of overall project status to ensure compliance is baked into the development process
- Automated creation of reports that satisfy MISRA compliance guidelines (e.g. MISRA Compliance:2016) to reduce the burden of generating the supporting documentation
- Quick and easy workflows to investigate violations and prioritize remediation actions to streamline the process of getting a project ‘on track’ to compliance
With these guidelines in consideration, we designed the reporting and analytics platform (DTP) to customize and extend deployments of C/C++test, providing intelligent analytics to give stakeholders deeper understanding of test coverage and risks introduced by change. For the MISRA standard, DTP simplifies the process of achieving, enforcing, and documenting compliance, while proving functionality, performance, and safety.
The MISRA Compliance Dashboard
The current state of compliance of a project is an important metric, as are the various finer points in measuring compliance. DTP provides a comprehensive MISRA compliance dashboard that provides an on-the-spot evaluation of the project. This high-level view is important for managers and developers alike, providing managers with an easily-accessible view of compliance at a glance, and giving developers a starting point for making progress towards achieving compliance, helping prioritize work.
Figure 1: An example of DTP's MISRA compliance dashboard.
MISRA Compliance Pack
In addition to the MISRA compliance dashboard, Parasoft provides a whole compliance pack, which specifically addresses compliance documentation requirements of MISRA. The MISRA Compliance Pack for DTP provides automated documentation according to the MISRA Compliance:2016 guidelines, greatly reducing the time and effort required to prove compliance to a certifying agency. These include:
The Guideline Enforcement Plan
The MISRA Guideline Enforcement Plan demonstrates how each MISRA guideline is verified. In most cases, this shows the link between a MISRA directive or rule and the associated code analysis rule(s) or DTP function. See the example below:
Figure 2: An example of DTP's MISRA Guideline Enforcement Plan report.
The Guideline Re-categorization Plan
The MISRA Guideline Re-categorization Plan is used to communicate the agreed-upon importance for the guidelines as part of the vendor/client relationship. The document demonstrates how each guideline is categorized specifically for the current project. Mandatory and required guidelines can’t be downgraded to a lower level; however, a project may decide to upgrade required or advisory guidelines to a stricter setting, and advisory can be disapplied (i.e., made not necessary for compliance). See an example of a re-categorization plan below:
Figure 3: An example of DTP's MISRA Re-categorization Plan report.
The MISRA Deviations Report documents the deviated violations of guidelines with appropriate rationale. Any time a rule violation is detected but allowed to remain, it must be documented in the deviations report. In most cases, these are suppressed errors reported from code analysis. An example report is shown below:
Figure 4: An example of DTP's MISRA Deviation Report
Guidelines Compliance Summary
The Compliance Summary is the primary record of overall project compliance. This report documents the state of compliance for each guideline, as well as any associated deviations or re-categorizations. An example is shown below:
Figure 5: An example of DTP's MISRA Compliance Report
Getting On Track to Compliance
In most cases, when analyzing source code for MISRA compliance, violations are static analysis rule violations. In a large project, there are initially going to be lots of errors reported, and managing them quickly and efficiently is critical. The DTP Violations Explorer is the key tool to navigate, evaluate, prioritize, and assign reported errors for remediation. If a static analysis rule violation turns out to be valid but justifiable, considered harmless, or not applicable, a developer can suppress the error, and a deviation can be documented. These deviations are reported up through each level of the project, to the dashboard and compliance documentation. An example of the Violations Explorer is shown below:
Figure 6: An example violation being investigated in DTP's Violation Explorer.
Enforcement, Compliance, and Traceability
To summarize, when developing safety-critical software, the MISRA standard provides a comprehensive set of guidelines to protect against security vulnerabilities and program failures. However, applying these guidelines and demonstrating compliance can be overly burdensome, and streamlining this is critical to ensure on-time software deliverables.
To let software help you with this work, you can:
- Use C/C++test to verify MISRA guidelines via static code analysis after each build of software, ensuring day-to-day enforcement.
- Create high-level overviews and detailed reports, obtained quickly from DTP’s MISRA Compliance Pack, to efficiently demonstrate compliance.
- Leverage DTP for traceability of project requirements to tests, an important requirement not only of MISRA, but also the safety standards.
At the end of the day, supporting MISRA compliance throughout the lifecycle is important for ongoing enforcement and traceability, and automating documentation, as per the MISRA Compliance:2016 guidelines, is key to saving time and frustration dealing with this guideline.