The MISRA C Coding Standard and its Role in the Development and Analysis of Safety- and Security-Critical Embedded Software

  title={The MISRA C Coding Standard and its Role in the Development and Analysis of Safety- and Security-Critical Embedded Software},
  author={Roberto Bagnara and Abramo Bagnara and Patricia M. Hill},
The MISRA project started in 1990 with the mission of providing world-leading best practice guidelines for the safe and secure application of both embedded control systems and standalone software. MISRA C is a coding standard defining a subset of the C language, initially targeted at the automotive sector, but now adopted across all industry sectors that develop C software in safety- and/or security-critical contexts. In this paper, we introduce MISRA C, its role in the development of critical… 

A Rationale-Based Classification of MISRA C Guidelines

An orthogonal classification that associates MISRA C guidelines with their main rationale is added and the advantages of this new classification are illustrated for different kinds of projects, including those not (yet) having MISRA compliance among their objectives.

Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry

A method is devised, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding Guidelines.

A hierarchical model for quantifying software security based on static analysis alerts and software metrics

This paper introduces a hierarchical security assessment model (SAM), able to assess the internal security level of software products based on low-level indicators, i.e., security-relevant static analysis alerts and software metrics, and is the first fully automated, operationalized and sufficiently evaluated security Assessment model in the modern literature.

Model-driven Engineering of Safety and Security Systems: A Systematic Mapping Study

This paper proposes and answers several relevant research questions about frequently used methods, development stages where these concerns are typically investigated in, or application domains, and identifies the community's preference for publication venues and trends.

BARR-C: 2018 and MISRA C: 2012: Synergy Between the Two Most Widely Used C Coding Standards

BARR-C:2018 can be seen as a first, dramatically useful step to C language subsetting that is suitable for all kinds of projects; critical projects can then evolve toward MISRA C:2012 compliance smoothly while maintaining the Barr-C programming style.


  • A. NovikovS. Dorokhin
  • Computer Science
    Materials of the All-Russian scientific-practical conference "Power energy and electronics of promising cars"
  • 2022
The features of the interaction of software developers in the integration of electronic car control systems are considered and the current shortage in the global semiconductor market generates a increase in prices for the assembly and programming of the universal unit and leads to an increase in the cost of cars in dealerships.

Methodische und technische Grundlagen

Zweck diese Kapitels ist es, die formalen und technischen Voraussetzungen zu schaffen, damit in den nachfolgenden Kapiteln die Konzepte und Verfahren der Planung bei Echtzeitsystemen in konsistenter



Safer C - developing software for high-integrity and safety-critical systems

  • L. Hatton
  • Computer Science
    McGrawHill international series in software engineering
  • 1995
Safer C: Developing Software for High-integrity and Safety-critical Systems highlights the 'holes' in C, but also demonstrates clearly that, employed correctly, C can be used to write software of as high intrinsic quality as other languages.

Software verification with VeriFast: Industrial case studies

VCC: Contract-based modular verification of concurrent C

Annotated C and the Verified C Compiler form the first modular sound verification methodology for concurrent C that scales to real-world production code.

MISRA C, for Security's Sake!

The relationship between MISRA C, CERT C and ISO/IEC TS 17961, with a particular focus on the objective of preventing security vulnerabilities as opposed to trying to eradicate them once they have been inserted in the code is illustrated.

VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java

This paper describes the basic symbolic execution approach in some formal detail, and zooms in on two technical aspects: the approach to permission accounting, including fractional permissions, precise predicates, and counting permissions; and the approaches to lemma function termination in the presence of dynamically-bound lemmafunction calls.

The Java Language Specification, Java SE 8 Edition

The Java SE 8 Edition provides complete, accurate, and detailed coverage of the Java programming language, including lambda expressions, method references, default methods, type annotations, and repeating annotations.

Multi-core Interference-Sensitive WCET Analysis Leveraging Runtime Resource Capacity Enforcement

This paper introduces additional phases to state-of-the-art timing analysis techniques to analyse an application's resource usage and compute an interference delay, and implements full transparency to the temporal and functional behaviour of applications, enabling the seamless integration of legacy applications.

Leveraging Multi-core Computing Architectures in Avionics

This paper proposes and argues an approach to quantify the impact of integration of multiple independent applications onto multi-core platforms and evaluates the approach on a specific potential future avionics computing platform.

The development of the C language

The C programming language was devised in the early 1970s as a system implementation language for the nascent Unix operating system, and evolved a type structure that has become one of the dominant languages of today.

Varieties of Static Analyzers: A Comparison with ASTREE

  • P. CousotR. Cousot Xavier Rival
  • Computer Science
    First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07)
  • 2007
We discuss the characteristic properties of ASTREE, an automatic static analyzer for proving the absence of runtime errors in safety-critical real-time synchronous control command C programs, and