MISRA AC Conformance with the LDRA tool suite


What is MISRA AC?

MISRA, the Motor Industry Software Reliability Association, is a collaboration between vehicle manufacturers, component suppliers and engineering consultancies which seeks to promote best practice in developing safety-related electronic systems in road vehicles and other embedded systems. MISRA has developed a set of guidelines for users of control system modelling packages. The aim of the guidelines is to provide a set of rules, in a similar fashion to the MISRA C rules, which encourage good modelling practices and avoid poorly-defined features of the modelling language. In light of automotive industry trends, some rules will be aimed at the use of automatic code generators in safety-related systems.

The available documents are:

  • MISRA AC GMG - Generic modelling design and style guidelines
  • MISRA AC SLSF - Modelling design and style guidelines for the application of Simulink and Stateflow
  • MISRA AC TL - Modelling style guidelines for the application of TargetLink in the context of automatic code generation
  • MISRA AC AGC - Guidelines for the application of MISRA-C:2004 in the context of automatic code generation

The MISRA AC documents are organized in a hierarchy representing the complete workflow of model-based development, from the generic level (MISRA AC GMG) through a graphical language (MISRA AC SLSF), an autocode generator (MISRA AC TL) and the target language (MISRA AC AGC). MISRA intends to develop additional coverage of autocode languages and tools in the future. We would therefore value feedback on future items that should be covered, and volunteers to join Working Groups are very welcome.

Since its first release the MISRA standard has gained wide-spread acceptance within the automotive industry. The standard has subsequently evolved as a widely accepted model for best practices by leading developers in other business sectors including aerospace, telecom, medical devices, defence, railway, and others.

Obtaining Further Information

For further information on compliance to MISRA AC and availability please complete the LDRA reply form or email .

MISRA AC Certification with the LDRA Tool Suite

The MISRA AC guidelines consist of a set of rules to be followed in developing safe and reliable software in automotive industry. The LDRA tool suite can be used for the enforcement of the coding rules of which these standards are comprised.

A lot of companies use manual inspection methods to enforce these standards. This method is both very labour intensive and also often lacks consistency. The automated approach used by the LDRA tool suite takes away the inconsistent element from the inspection process and allows the LDRA tool suite to do that which computers are best at doing, repetitive and consistent process. This has two major advantages for the user, firstly the process is always accurate and secondly it is much quicker.

Implementing MISRA AC with the LDRA tool suite

Implementing MISRA AC with the LDRA tool suite

The LDRA tool suite can be configured with additional analysis facilities to automate the checking of source code for conformance to the MISRA AC standard.

This process can be undertaken during Unit, System and Integration testing to ensure compliance throughout the software development cycle, enabling both Developers and Managers to benefit from faster adoption of the standard in new or existing projects.

Code review information available from TBvision which
lists the identified MISRA AC violations

The LDRA tool suite locates and highlights areas of code that are non-conforming to aid documentation and modification. Extensive reports and graphical displays enhance understanding of the source code, facilitating improvements in testability, understandability and maintainability in line with MISRA AC guidelines. TBvision, a code quality reporting tool, provides users with the ability to quickly and easily view results in callgraphs, flowgraphs, code review reports and summary reports. The advanced reporting measures supported by TBvision also enable users to quickly access the portability, dependability, testability, maintainability, complexity and style of the code designed and generated by project teams.

TBvision reporting on the generated code

The LDRA tool suite also enables coverage measures to be taken to ensure software testedness is measured and maintained, as recommended by the MISRA AC standard.

Summary review report listing MISRA AC violations
which include recommended and obligatory standards

Is the tool suite easy to use?

The tool suite’s ease of use is a key issue when incorporating it into project procedures. The LDRA tool suite has been specifically enhanced to enable simple measurement of conformance to the MISRA AC standard. The LDRA tool suite provides a simple user interface with the ability to quickly and easily view various reports. These reports are specifically tailored to give users MISRA AC information quickly and concisely, speeding up the testing procedure. Reports can be produced in either ASCII or HTML. Either format can be easily incorporated into a word processor or DTP system. HTML has the added advantage of links which can provide access to the MISRA documentation, and the ability to publish on the Internet or an Intranet.

Proven Track Record in MISRA Certification

The LDRA tool suite is being utilised by companies around the world to meet the MISRA standard. A cross-section of clients currently utilizing the LDRA tool suite includes:




Obtaining Further Information

For further information on compliance to MISRA AC and availability please complete the LDRA reply form or email .

Compliance

The MISRA C++:2008 guidelines consist of a set of rules to be followed in developing safe and reliable software in the automotive industry. Great emphasis is placed on the usage of static checking tools to enforce compliance with the subset and it is hoped to become common practice by the developers of critical systems.

The LDRA tool suite provides the most comprehensive C++ coding standards enforcement available on the market today and this has now been enhanced to support the imminent launch of MISRA C++:2008. Already within the scope of the C++ language we have worked with Lockheed Martin in developing the JSF AV C++ standard, as well as enforcing the High-Integrity C++ Coding Standard* and the LM Train Control Program (LMTCP) standard.

When choosing a static checking tool it is clearly desirable that the tool enforces as many of the rules in this document as possible. To this end it is essential that the tool is capable of performing checks across the whole program, and not only within a single source file. In addition, LDRA tool suite has capabilities for performing the extra checks other than the scope of the MISRA C++. Of the 228 Rules mentioned in the guidelines, 176 rules are fully implemented by LDRA, 32 rules are partially implemented and 14 not deemed to be statically analysable.

Implementing MISRA-C++:2008 with the LDRA tool suite

The LDRA tool suite can be configured with additional analysis facilities to automate the checking of source code for conformance to the MISRA C++:2008 standard. This process can be undertaken during Unit, System and Integration testing to ensure compliance throughout the software development cycle, enabling both Developers and Managers to benefit from faster adoption of the standard in new or existing projects.

Compliance can be claimed for a product and not for an organisation. When claiming MISRA C++ compliance for a product, a developer should state that evidence exists to show:

  • A compliance matrix has been completed which shows how compliance has been enforced.
  • All of the C++ code in the product is compliant with the rules of this document or subject to documented deviations.
  • A list of all instances of rules not being followed is maintained, and for each instance there is an appropriately signed-off deviation.
    • The developer can make mistakes like mistyping a variable name, or perhaps something more complicated such as misunderstanding an algorithm.
    • The developer can misunderstand the effect of constructs in a language. There are number of areas in C++ like the rules for operator precedence which are well defined but complex and are prone to developer introduced errors.
    • Situations where the compiler does not do what the developer expects.
    • Errors in a compiler. The compiler itself is a software tool and may not always compile code correctly and so they may not comply with the language standard.
    • Runtime errors can occur due to particular data supplied to an application during the execution. C++ is generally poor in providing run time checking for example arithmetic exceptions like divide by zero.

The LDRA tool suite locates and highlights areas of code that are non-conforming to aid documentation and modification. Extensive reports and graphical displays enhance understanding of the source code, facilitating improvements in testability, understandability and maintainability in line with MISRA C++:2008 guidelines. During software unit design and implementation, coding standards enforcement ensures the use of sound design principles for software unit implementation. LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA C++ 2008 standard.

TBvision a Code Quality Reporting tool provides users with the ability to quickly and easily view results in callgraphs, flowgraphs, code review reports and summary reports. The advanced reporting measures of TBvision enable users to quickly access the portability, dependability, Testability, maintainability, complexity and style of code generated by project teams. Figure 2 illustrates how MISRA C++ 2008 violations are reported in TBvision. Such graphical representation makes it easy for developers to immediately spot such things as code that does not complaint to the standards.

The LDRA tool suite also enables coverage measures to be taken to ensure software testedness is measured and maintained, as recommended by the MISRA C++:2008 standard.

Obtaining Further Information

For further information on compliance to MISRA AC and availability please complete the LDRA reply form or email .

For specific information on the MISRA standards visit the MISRA web site: http://www.misra.org.uk.

"MISRA" is a registered trademark of MIRA Ltd, held on behalf of the MISRA Consortium. Parts of this document are Copyright © The Motor Industry Research Association, 1998, 1999. No endorsement by MISRA is claimed or implied for any product.

*The High-Integrity C++ Coding Standard: © The Programming Research Group

LDRA tool suite highlights - ISO/DIS 26262 (Part 6)

Software Design, Implementation and Testing

ISO/DIS 26262 (part 6) details the software development process of the product as design and coding work continues. It specifically addresses:

  • The software architectural design
  • Software unit design and implementation
  • Software unit testing, and
  • Software integration and testing

As these themes are developed in this part of the standard, it becomes clear that irrespective of the ASIL level involved assistance is available from the LDRA tool suite every step of the way.

Software Architectural Design

For instance, the standard calls for the "verification of the architectural design". Graphical artefacts generated by the LDRA tool suite are ideally suited to the review the implemented design against the design artefacts either by walkthroughs or inspections.

Software Unit Design and Implementation

During software unit design and implementation, ISO/DIS26262 calls for coding standards to ensure the use of sound design principles for software unit implementation.

LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA C and C++ standards mentioned in the ISO/DIS 26262 standard itself.

Software Unit Testing

The standard requires that "Software unit testing shall be planned, specified and executed..." TBrun provides a graphical user interface for unit test specification, to create tests according to the defined specification, and to present a list of all defined test cases with appropriate pass/fail status.

Automatic creating of the test harness, stubbed functions and even test vectors (if desired) mean that unit test execution becomes a quick and easy process, requiring a minimum of specialist knowledge.

Software Integration and Testing

LDRA Testbed and TBrun have the capability to provide Structural Coverage Analysis, both at system test level and at unit test level. The coverage data derived from these approaches can also be combined to provide the most effective way of working for the particular needs of a development project.

Addressing all ASIL levels with the LDRA tool suite

The LDRA tool suite is widely used for on target testing of embedded systems, in the development of software to meet DO-178B and in other IEC 61508 based standards such as CENELEC prEN 50128. This illustrates how the LDRA tool suite is equipped to support even the most demanding ASIL level D application.

Seamless integration with the target hardware ensures that target testing is as efficient and effective as possible, with a host of mechanisms available to optimise the extraction of test data from the target system.

Integration with Eclipse based operating systems takes that integration one step further, whilst upstream integration with UML tools such as IBM Rational Rhapsody provides an integrated test environment throughout the software development process.

Obtaining Further Information

For further information on compliance to ISO/DIS 26262 and availability please complete the LDRA reply form or email .