What is MISRA?

Definition

MISRA (the Motor Industry Software Reliability Association) provides guidelines for developing safety- and security-related electronic systems, embedded control systems, software-intensive applications, and standalone software.

MISRA is a collaborative effort among vehicle manufacturers, component suppliers, and engineering consultancies. It is managed by a Steering Committee that includes Ford Motor Company, Bentley Motors, Jaguar Land Rover, HORIBA MIRA, ZF TRW, and the University of Leeds. 

Though born in the automotive industry, MISRA has gained acceptance in other markets such as aerospace, biomedical, and financial. It is accepted across embedded, IoT, and industrial control systems as well. While MISRA compliance doesn’t guarantee that software will be free from all quality or security issues, it does produce code that is more robust, easier to maintain, and more portable.

How is MISRA different from ISO 26262 and ASILs?

MISRA focuses on coding security standards. ISO 26262 focuses on functional safety measures and establishes risk classes known as ASILs.

How do MISRA guidelines work?

The most prominent of MISRA guidelines are for projects developed using the C and C++ programming languages. These include MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.

MISRA guidelines are classified as mandatory, required, or advisory. Compliance demands that no “mandatory” guidelines are violated. However, “required” guidelines permit certain violations if there are documented justifications. These deviations are allowed if and only if safety and security are not impacted and there is no acceptable workaround. An example would be third-party custom code that can’t be altered.

Coverity Support for MISRA Coding Standards 

Download the Datasheet

What are the challenges of MISRA compliance?

Software now controls everything from anti-lock brakes and power steering to navigation and infotainment systems. These systems all come from different vendors. And the software supply chain is getting longer―with multiple vendors contributing to the code that goes into each final product.

MISRA C/C++ has become the de facto coding standard for automotive systems. However, it does not cover more recent C++ language improvements nor does it reflect knowledge from the latest security breaches and vulnerabilities.

How is MISRA evolving?

In January 2019, MISRA announced that it will merge AUTOSAR guidelines with their own established best practice to develop a single "go to" language subset for safety-related C++ development. The MISRA-led guidelines will incorporate the latest version of the language (AUTOSAR’s C++17) and, when available, its successor (AUTOSAR’s C++20). 

The integrated MISRA–AUTOSAR C++ rule set will deliver a unified industry standard with a common set of rules―a single point of reference for all developers across the supply chain. 

What are the benefits of MISRA compliance?

Today’s car contains more than 100 million lines of code. In the next decade, the average car could contain 300 million lines of code. MISRA coding guidelines facilitate the development of code that is:

  • Reliable enough to run in safety-critical systems
  • Secure against common code exploits
  • Portable (reusable) throughout the supply chain

MISRA compliance defines more than just coding guidelines―it also defines the criteria for software quality as that software moves from a supplier to an acquirer. The compliance process is not only robust (based on C/C++ coding standards) but also practical, explaining how to handle exceptions to the rules when necessary.

How does Synopsys support MISRA compliance?

Synopsys is poised to help you offset automotive software attacks with the Coverity static analysis solution, a comprehensive and scalable solution for MISRA compliance.