Category Archives: Safer Subsets

I have spent so much time on this in the last few years that I have pulled this subject out of its parent and given it an entry of its own. All this work relates to my efforts to catalogue known failures in programming languages so that people can then avoid them in future.

Language subsetting in an industrial context: a comparison of MISRA C 1998 and MISRA C 2004

Posted on by

A comparison of real to false positive ratios between the 1998 and 2004 versions of the MISRA C guidelines on a common population of 7 commercial software packages.

On these results, MISRA C 2004 seems a step backwards and attempts at compliance with either document are essentially pointless until something is done about improving the wording of the standard and its match with existing experimental data. In its current form, the complexity and noisiness of the rules suggest that only the tool vendors are likely to benefit.

MISRA_comp_1105.pdf (212KB)

reference

Information and Software Technology 49 (5), p. 475-482, May 2007

The second edition of the MISRA C guidelines

Posted on by

A review of the latest version (October 2004) of the MISRA C guidelines. Discusses the background of such initiatives and compares the two versions of MISRA C.

When I first wrote this, I was full of hope that MISRA would actually help in improving the software quality of embedded control systems.

Now I have had more time to look at it, its a disaster. The rules do not make use of any measurement background and the latest version is bigger, more complicated, still ambiguous and much noisier in false positives to the point where its uninhibited enforcement may well make things worse in terms of injected defect. The people most likely to benefit unfortunately are the tool vendors.

SCSC_MISRAv2.pdf (24KB)

reference

Safety Critical Systems Club Newsletter, January 2005

EC–, a measurement based safer subset of ISO C suitable for embedded system development

Posted on by

A safer subset for ISO C which is based entirely on the measurements reported in “Safer C” and the T experiments and their updated results. There are only about 20 rules but they cover nearly all of the known fault modes provided formally undefined behaviour of ISO C is avoided.

ISOC_subset.pdf (148KB)

reference

Information and Software Technology, 47 (3) (2005), p. 181-187

Safer Language Subsets: an overview and a case history, MISRA C

Posted on by

Defines some basic concepts for a programming standard based on whether a rule evolves on stylistic grounds or is known to cause failure. It argues that safer subsets should only contain the latter. Introduces a taxonomy for such rules and the concept of signal to noise ratio for standards enforcement with examples from real systems.

MISRAC.pdf (196KB)

Reference

Information and Software Technology, 46 (7) (2004), p.465-472

A MISRA C exemplary test suite

Posted on by

This incomplete suite, released under the GPL, was an exemplary set of code examples and supporting infrastructure for MISRA C Version 1 (MISRA-C 1998) which is now out of date following the release of MISRA C Version 2 (MISRA-C 2004). It is expected to be replaced in due course by a set of exemplary code examples for MISRA C 2004 produced by the MISRA-C committee, which will apparently be available through the MISRA-C website http://www.misra-c.com/. It would be far better if the exemplary code examples were produced independently but unfortunately, this will not be the case.

misrac_test.zip (260KB)

feedback

Feedback was received on the first version from Peter Devlin. This will be included in the work on version 2.