MISRA C/C++ Situation Report

On first acquaintance, the MISRA language subsets can appear overbearing. MISRA C:2012, for example, runs to 236 pages of rules, explanations of rules, and appendices explaining underlying concepts relating to those rules – and that’s before the subsequent security amendments. A casual glance might also leave the impression that MISRA C:2012 is draconian; maybe even impossible to work with. The first rule, for example, dictates that “the program shall contain no violations of the standard C syntax.” – and yet it is impossible to write a non-trivial embedded program without resorting to a variety of compiler extensions. Closer inspection however reveals a deviation procedure, when “it may be necessary to deviate from the guidelines given in [the standard]“.This mechanism allows deviations to be recorded and authorized, provided there is justification to do so – as in the case of the compiler extensions. But what constitutes a valid deviation? This paper will discuss the principles and mechanism surrounding MISRA C Project- and Specific Deviations. It will discuss how the deviation procedure is intended to work, and how it prevents the unscrupulous from implementing deviations for mere convenience. And it will conclude that the standard as a whole really can apply to almost any critical system.