Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software DevelopmentTweet
The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in C++ for safety critical automotive (among other) software. GrammaTech is an active participant in the MISRA committee and is collaborating in merging these standards.
Good News for Developers and Tool Vendors
An interesting thing about the AUTOSAR C++ standard is it derives significantly from MISRA C++ 2008 and the standard is expressed as deltas from the MISRA baseline. Equally important is the inclusion of other key C++ coding guidelines from other key sources such as SEI CERT C++, JSF, HIC++, C++ Core Guidelines. In many ways, it makes sense to merge AUTOSAR C++ and MISRA C++ since it improves and updates MISRA to the latest guidelines, but also reduces the need to evolve and update two standards.
This is good news for developers because they now have a single coding guideline to follow that includes guidance from various industry groups for both safety and security. There is no need to show conformance to multiple standards which should reduce certification costs.
This is good news for tools vendors like GrammaTech since we now have a merged guideline to design and validate against rather than two. Also, AUTOSAR C++14 is specific on what rules are expected to be enforced through automation, classifying rules as “automated”, “partially automated” and “non-automated. “ If this classification carries over to the updated MISRA C++ it will be useful for us since it makes it clear what the set of rules are required to be developed and tested but also clarifies tool conformance and advertising our products as compliant. Our customers can also understand better what is meant by tool compliance and support for the merged standard.
Automation and Applying Static Analysis to Conform to MISRA
The MISRA C++ and AUTOSAR C++ guidelines are, at least partially, written in such a way that automated rule checking is expected and encouraged. AUTOSAR C++14 is more specific in this sense and, we assume, the merged MISRA C++ guideline will follow suit. For example, AUTOSAR C++14 guidelines say the following:
‘Most of the rules are automatically enforceable by a static analysis. A static code analysis tool that claims a full compliance to this standard shall fully check all “enforceable static analysis” rules and it shall check the rules that are “partially enforceable by static analysis” to the extent that is possible/reasonable’
This means that validating tools should be easier since the rules themselves specify if automation is expected. Tools vendors will still have room to claim rules in the “partially enforceable” category but at least the “enforceable” category should become the baseline for claiming support for the merged guidelines. Regardless, software developers can rely on static analysis to automate the compliance to the standard not just as some audit function at the end of the project but day-by-day helping to keep code compliant as soon as it’s written.
The new merged MISRA C++ standard is yet to be published so we’ll update this topic and our plan for support once the standard is available.
Interested in learning more? Read our guide on "Accelerating Automotive Software Safety with MISRA and Static Analysis"