The many paths to safe, reliable firmware development
Just after the creation of the MISRA C/C++ standard by the automotive industry as a guideline for writing C code for safety-critical applications, Embedded.com in 2002 ran one of the first tutorials on the guidelines, titled “Introduction to MISRA C.”
Since then we have regularly published information on the standard and how to use it as it evolved and matured. Some of the more recent design articles, webinars, tech papers, product and news stories are included in this week’s Embedded Tech Focus newsletter on “MISRA C and safety-critical design.” The reason we have continued to focus so much on this standard over the years is that the need for such a disciplined approach is growing more necessary as embedded devices move into areas beyond automotive, military/aerospace and medical equipment to automate more and more aspects of our lives.
Beyond the more obvious Roomba robotic vacuum cleaners, numerous aspects of our lives are becoming dependent on automated operation: refrigerators, ovens, microwaves, dishwashers. And much of the “smart grid,” which will be supplying electric power to our homes is dependent on the use of more, not less, automation of basic home operations.
Also, to make them “safer,” and protect them from human error, operation of many common medical devices are being automated. And mobile smart phones are being adapted for such uses with Android and iPhone health apps developed without any thought given to the need for their reliable and safety-critical operation.
And since the introduction of MISRA C/C++ for automobiles, the use of microprocessors and microcontrollers there has only increased to the point that fully automated vehicles are already being tested. As a result, the automobile, the focus of the original standard, is even more dependent of safe and reliable firmware and software, not only for use in the drive train and engine electronics, but in applications being developed to aid the driver in operating the vehicle.
Given this growing need for safety-critical operation of embedded systems, Jack Ganssle in “MISRA C 2012 standard: bigger and better,” is breathing a sigh of relief with the newest update of the standard. While there are some aspects of the new standard that need even further improvement and others that have him scratching his head, he is generally impressed. “I'm a strong advocate of MISRA,” he writes. “No one (well, with the possible exception of those who crafted the standard) likes all of the rules, but most of them make a lot of sense. MISRA is one way to get a firmware standard in place fast, one that has plenty of street cred.”
He points out that one of the things that MISRA has going for it is that there are numerous static analysis tool vendors who have in the past incorporated the standard into their tools. As noted in the newsletter this week, several companies, including LDRA and PRQA, are already offering upgrades to support the 2012 version of MISRA.
For a more full explanation of the new version, be sure to read “MISRA C 2012 takes on automotive and safety-critical software apps,” in which Paul Burden of the PRQA Technical Consulting Group details the key differences compared to the previous version, especially in the areas of rule classification, a new rule class and enhancements to rule compliance and enforceability enhancements to make sure the rules are amenable to automatic enforcement.
But before you jump into the 2012 version I think it would be a good idea to a thorough understanding of the benefits and features of the earlier version by reading “Automating Compliance to MISRA C/C++ Standards,” by LDRA’s Paul Humphries, and “Build secure and reliable embedded systems with MISRA C/C++,” by Greg Davis of Green Hills Software, a tutorial on the earlier version of the standard, with examples on how and where to use it.
But there is only so far that minding your Ps and Qs during the code development stage will take you. To be completely assured that your application is of the highest quality level and following the safety-critical rules for reliable operation, you will have to be aware of the proper implementation of all aspects of your software design. In addition to “The cost of quality,” by Jack Ganssle, some recent Embedded.com design articles that may be useful include:
Picking the right embedded system design methodology
Building in RTOS support for safety and security
Seventeen steps to safer C code
Make source code analysis part of the development process
Using requirements traceability with model-driven development
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to firstname.lastname@example.org, or call 928-525-9087.