The many paths to safe, reliable firmware development - Embedded.com

The many paths to safe, reliable firmware development

Just after the creation of the MISRA C/C++ standard by the automotiveindustry as a guideline for writing C code for safety-critical applications,Embedded.com in 2002 ran one of the first tutorials on the guidelines, titled“Introductionto MISRA C.” 

Since then we have regularly published information on the standard andhow to use it as it evolved and matured. Some of the more recent design articles,webinars, tech papers, product and news stories are included in this week’sEmbedded Tech Focus newsletter on “MISRA C and safety-critical design . ” The reason we have continued to focus so much on this standard overthe years is that the need for such a disciplined approach is growing morenecessary as embedded devices move into areas beyond automotive, military/aerospaceand medical equipment to automate more and more aspects of our lives.

Beyond the more obvious Roomba robotic vacuum cleaners, numerous aspectsof our lives are becoming dependent on automated operation: refrigerators,ovens, microwaves, dishwashers. And much of the “smart grid,” which willbe supplying electric power to our homes is dependent on the use of more,not less, automation of basic home operations.

Also, to make them “safer,” and protect them from human error, operationof many common medical devices are being automated. And mobile smart phonesare being adapted for such uses with Android and iPhone health apps developedwithout any thought given to the need for their reliable and safety-criticaloperation.

And since the introduction of MISRA C/C++ for automobiles, the use ofmicroprocessors and microcontrollers there has only increased to the pointthat fully automated vehicles are already being tested. As a result, theautomobile, the focus of the original standard, is even more dependent ofsafe and reliable firmware and software, not only for use in the drive trainand engine electronics, but in applications being developed to aid the driverin operating the vehicle.

Given this growing need for safety-critical operation of embedded systems,Jack Ganssle in “MISRAC 2012 standard: bigger and better,” is breathing a sigh of reliefwith the newest update of the standard. While there are some aspects of thenew standard that need even further improvement and others that have himscratching his head, he is generally impressed. “I'm a strong advocateof MISRA, ” he writes. “No one (well, with the possible exception ofthose who crafted the standard) likes all of the rules, but most of themmake a lot of sense. MISRA is one way to get a firmware standard in placefast, one that has plenty of street cred.

He points out that one of the things that MISRA has going for it is thatthere are numerous static analysis tool vendors who have in the past incorporatedthe standard into their tools. As noted in the newsletter this week ,several companies, including LDRA and PRQA, are already offering upgradesto support the 2012 version of MISRA.

For a more full explanation of the new version, be sure to read “MISRAC 2012 takes on automotive and safety-critical software apps ,”in which Paul Burden of the PRQA Technical Consulting Group details the keydifferences compared to the previous version, especially in the areas ofrule classification, a new rule class and enhancements to rule complianceand enforceability enhancements to make sure the rules are amenable to automaticenforcement.

But before you jump into the 2012 version I think it would be a goodidea to a thorough understanding of the benefits and features of the earlierversion by reading “AutomatingCompliance to MISRA C/C++ Standards,” by LDRA’s Paul Humphries, and“Buildsecure and reliable embedded systems with MISRA C/C++,” by Greg Davisof Green Hills Software, a tutorial on the earlier version of the standard,with examples on how and where to use it.

But there is only so far that minding your Ps and Qs during the code development stage will take you. To be completely assuredthat your application is of the highest quality level and following the safety-criticalrules for reliable operation, you will have to be aware of the proper implementationof all aspects of your software design. In addition to “Thecost of quality,” by Jack Ganssle, some recent Embedded.com designarticles that may be useful include:

Picking the right embedded system design methodology
Building in RTOS support for safety and security
Seventeensteps to safer C code
Makesource code analysis part of the development process
Usingrequirements traceability with model-driven development 

Embedded.com Site Editor Bernard Cole is also editor of thetwice-a-week Embedded.comnewsletters as well as a partner in the TechRite Associates editorialservices consultancy. He welcomes your feedback. Send an email to , or call928-525-9087.

See more articles and column like this one on Embedded.com. Signup for the Embedded.com newsletters .Copyright © 2013 UBM–All rights reserved.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.