MISRA-C++:2008 Conformance with the LDRA tool suite

Overview

MISRA (Motor Industry Safety Reliability Association) is a collaboration between automotive manufacturers, component suppliers and engineering consultancies which seeks to promote best practice and commonality in the development of safety-related automotive electronic and other embedded systems through the publication of standard guidelines. Since its launch, the success of MISRA-C as a "best practice" solution has not only seen its application spread throughout the worldwide automotive industry but also increasingly adopted for safety-related and safety-critical software development projects and applications in a wide variety of other industries including the rail, aerospace, military and medical sectors.

The MISRA C++ committee was established in 2005 to work towards the creation of standard MISRA guidelines for the C++ programming language. As a long-standing MISRA committee member, LDRA has been closely involved with the development of the new MISRA C++:2008 standard, facilitating its early support in the LDRA tool suite.

Obtaining Further Information

For further information on compliance to MISRA C++:2008 and availability please complete the LDRA reply form or email .

Why use MISRA C++:2008?

No programming language can guarantee that the final executable code will behave exactly as the programmer intended. There are number of problems that can arise with any language, and these are:

  • The developer can make mistakes like mistyping a variable name, or perhaps something more complicated such as misunderstanding an algorithm.
  • The developer can misunderstand the effect of constructs in a language. There are number of areas in C++ like the rules for operator precedence which are well defined but complex and are prone to developer introduced errors.
  • Situations where the compiler does not do what the developer expects.
  • Errors in a compiler. The compiler itself is a software tool and may not always compile code correctly and so they may not comply with the language standard.
  • Runtime errors can occur due to particular data supplied to an application during the execution. C++ is generally poor in providing run time checking for example arithmetic exceptions like divide by zero.

From the above points it is very clear that great care should be taken with the use of C++ for safety-related systems.

MISRA published the document regarding the usage of C++ programming language and it does not intend to promote the usage of C++ but it recognises the widespread usage of C++ and the document seeks only to promote the safest possible use of the language.

The LDRA tool suite meets all of these criteria.

Obtaining Further Information

For further information on compliance to MISRA C++:2008 and availability please complete the LDRA reply form or email .

Compliance

The MISRA C++:2008 guidelines consist of a set of rules to be followed in developing safe and reliable software in the automotive industry. Great emphasis is placed on the usage of static checking tools to enforce compliance with the subset and it is hoped to become common practice by the developers of critical systems.

The LDRA tool suite provides the most comprehensive C++ coding standards enforcement available on the market today and this has now been enhanced to support the imminent launch of MISRA C++:2008. Already within the scope of the C++ language we have worked with Lockheed Martin in developing the JSF AV C++ standard, as well as enforcing the High-Integrity C++ Coding Standard* and the LM Train Control Program (LMTCP) standard.

When choosing a static checking tool it is clearly desirable that the tool enforces as many of the rules in this document as possible. To this end it is essential that the tool is capable of performing checks across the whole program, and not only within a single source file. In addition, LDRA tool suite has capabilities for performing the extra checks other than the scope of the MISRA C++. Of the 228 Rules mentioned in the guidelines, 176 rules are fully implemented by LDRA, 32 rules are partially implemented and 14 not deemed to be statically analysable.

Implementing MISRA-C++:2008 with the LDRA tool suite

The LDRA tool suite can be configured with additional analysis facilities to automate the checking of source code for conformance to the MISRA C++:2008 standard. This process can be undertaken during Unit, System and Integration testing to ensure compliance throughout the software development cycle, enabling both Developers and Managers to benefit from faster adoption of the standard in new or existing projects.

Compliance can be claimed for a product and not for an organisation. When claiming MISRA C++ compliance for a product, a developer should state that evidence exists to show:

  • A compliance matrix has been completed which shows how compliance has been enforced.
  • All of the C++ code in the product is compliant with the rules of this document or subject to documented deviations.
  • A list of all instances of rules not being followed is maintained, and for each instance there is an appropriately signed-off deviation.

The LDRA tool suite locates and highlights areas of code that are non-conforming to aid documentation and modification. Extensive reports and graphical displays enhance understanding of the source code, facilitating improvements in testability, understandability and maintainability in line with MISRA C++:2008 guidelines. During software unit design and implementation, coding standards enforcement ensures the use of sound design principles for software unit implementation. LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA C++ 2008 standard.

TBvision a Code Quality Reporting tool provides users with the ability to quickly and easily view results in callgraphs, flowgraphs, code review reports and summary reports. The advanced reporting measures of TBvision enable users to quickly access the portability, dependability, Testability, maintainability, complexity and style of code generated by project teams. Figure 2 illustrates how MISRA C++ 2008 violations are reported in TBvision. Such graphical representation makes it easy for developers to immediately spot such things as code that does not complaint to the standards.

The LDRA tool suite also enables coverage measures to be taken to ensure software testedness is measured and maintained, as recommended by the MISRA C++:2008 standard.

Obtaining Further Information

For further information on compliance to MISRA C++:2008 and availability please complete the LDRA reply form or email .

For specific information on the MISRA standards visit the MISRA web site: http://www.misra.org.uk.

"MISRA" is a registered trademark of MIRA Ltd, held on behalf of the MISRA Consortium. Parts of this document are Copyright © The Motor Industry Research Association, 1998, 1999. No endorsement by MISRA is claimed or implied for any product.

*The High-Integrity C++ Coding Standard: © The Programming Research Group

LDRA tool suite highlights - ISO/DIS 26262 (Part 6)

Software Design, Implementation and Testing

ISO/DIS 26262 (part 6) details the software development process of the product as design and coding work continues. It specifically addresses:

  • The software architectural design
  • Software unit design and implementation
  • Software unit testing, and
  • Software integration and testing

As these themes are developed in this part of the standard, it becomes clear that irrespective of the ASIL level involved assistance is available from the LDRA tool suite every step of the way.

Software Architectural Design

For instance, the standard calls for the "verification of the architectural design". Graphical artefacts generated by the LDRA tool suite are ideally suited to the review the implemented design against the design artefacts either by walkthroughs or inspections.

Software Unit Design and Implementation

During software unit design and implementation, ISO/DIS26262 calls for coding standards to ensure the use of sound design principles for software unit implementation.

LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA C and C++ standards mentioned in the ISO/DIS 26262 standard itself.

Software Unit Testing

The standard requires that "Software unit testing shall be planned, specified and executed..." TBrun provides a graphical user interface for unit test specification, to create tests according to the defined specification, and to present a list of all defined test cases with appropriate pass/fail status.

Automatic creating of the test harness, stubbed functions and even test vectors (if desired) mean that unit test execution becomes a quick and easy process, requiring a minimum of specialist knowledge.

Software Integration and Testing

LDRA Testbed and TBrun have the capability to provide Structural Coverage Analysis, both at system test level and at unit test level. The coverage data derived from these approaches can also be combined to provide the most effective way of working for the particular needs of a development project.

Addressing all ASIL levels with the LDRA tool suite

The LDRA tool suite is widely used for on target testing of embedded systems, in the development of software to meet DO-178B and in other IEC 61508 based standards such as CENELEC prEN 50128. This illustrates how the LDRA tool suite is equipped to support even the most demanding ASIL level D application.

Seamless integration with the target hardware ensures that target testing is as efficient and effective as possible, with a host of mechanisms available to optimise the extraction of test data from the target system.

Integration with Eclipse based operating systems takes that integration one step further, whilst upstream integration with UML tools such as IBM Rational Rhapsody provides an integrated test environment throughout the software development process.

Obtaining Further Information

For further information on compliance to ISO/DIS 26262 and availability please complete the LDRA reply form or email .