Available standardsOver the years, I have reviewed the details of many coding standards, including several specifically aimed at the use of C for firmware development. I have also studied MISRA's 2004 "Guidelines for the Use of the C Language in Safety-Critical Systems." The authors of "MISRA-C" are knowledgeable of the risks in safety-critical system design and their guidelines narrow the C language to a safer subset.
Unfortunately, although firmware coding standards and MISRA-C sometimes overlap, coding standards too often focus primarily on stylistic preferences--missing their chance to help reduce bugs. MISRA-C, by contrast, offers great advice for eliminating bugs but very little guidance on practical day-to-day issues of style.
It was thus out of necessity that my team of engineers developed its own embedded C coding standard at www.netrino.com/Coding-Standard. This coding standard was created from the ground up to help keep bugs out of firmware. In addition, we applied the following guiding principles, which served to eliminate conflict over items that are sometimes viewed by individual team members as personal stylistic preferences:
• Individual programmers do not own the software they write. All software development is work for hire for an employer or a client and, thus, the end product should be constructed in a workmanlike manner.
• For better or worse (well, mostly worse), the ANSI/ISO "standard " C programming language allows for a significant amount of variability in the decisions made by compiler implementers. These many so-called "implementation-defined," "unspecified," and "undefined" behaviors, along with "locale-specific options" (see Appendix G of the standard), mean that programs compiled from identical C source code may behave very differently at run time. These gray areas in the language greatly reduce the portability of C programs that are not carefully crafted.
• The reliability and portability of code are more important than either execution efficiency or programmer convenience.
• The MISRA-C guidelines were carefully crafted and are worthy of study. On the small number of issues where we have a difference of opinion with MISRA-C, we make this clear. Of course, followers of Netrino's coding standard may wish to adopt the other rules of MISRA-C in addition.
• To be effective in keeping out bugs, coding standards must be enforceable. Wherever two or more competing rules would be similarly able to prevent bugs but only one of those rules can be enforced automatically, the more enforceable rule is recommended.
