logo slogan

Phaedsys Logo

MISRA-Matters Column
MTE vol **.1 Jan 2010

MISRA-Matters: Where it all started

By Chris Hills

Chris Hills

 

This is the first of a regular, quarterly, column to keep you up to date with the work the MISRA teams are doing.  For those of you not familiar with the MISRA standards: A brief history.

 

In the early 1990s the UK government noted an emerging use of computer-based technology in applications with safety implications. The Government funded a research programme, SafeIT, to look at the implications of this technology in various industrial sectors and particular with the early work going in to the standard that became IEC 61508: Functional Safety.

 

One project co-funded by SafeIT and the automotive industry was MISRA which developed a set of guidelines for safety-related software development in the automotive context. The MISRA Guidelines as they became known, which were first published in 1994, were notable in codifying for the first time the emerging principles of IEC 61508 for an automotive context. Some 15 years later in 2009, ISO released the draft of ISO 26262 the automotive variant of IEC 61508.

 

Although the publicly-funded part of the MISRA project ended in 1995, members of the MISRA consortium agreed to continue working together. One of the first results of this ongoing collaboration was the release of the first version of MISRA-C in 1998. 

 

Since then, partly due to the global take up of MISRA-C, a second version of MISRA-C was published in 2004 and additional documents have been issued covering automotive software readiness for production, safety analysis, the model-based development or Auto-Code generation series and MISRA-C++ with other work and documents in the pipeline for 2010 and beyond.

 

So much for history! Now we present a short round up of each of the active MISRA working groups, what they are doing and where they are going in 2010.

 

MISRA-SA (Safety Analysis)

MISRA-SA is currently working on the allocation of safety requirements. ISO 26262 introduces a process called ASIL decomposition which permits the tailoring of safety requirements allocated to independent and redundant elements of an architecture. Furthermore both IEC 61508 and ISO 26262  permit allocation of safety requirements between electrical/electronic elements as well as other technology safety-related systems and external risk reduction measures; however SIL and ASIL are only used to designate risk reduction allocated to a specific electronic item. This activity will provide new guidance on how safety requirements should be allocated between different measures and items or elements at different levels of the design process.

 

MISRA-AC (Automatic Code Generation)


MISRA-AC kicked off the work in Q3 2005 with a meeting at BMW in Munich. We discussed the framework and levels (generic, modelling language, code generator, target code) at that meeting and embarked on the Simulink (modelling language), TargetLink (code generator) and target code (C) documents. The idea behind the project was to create a set of guidelines, akin to MISRA C, that would provide a suitable subset of the modelling language as highly recommended by IEC 61508 at SIL 3 and above.

 

WE  published MISRA-AC SLSF and and MISRA-AC GMG documents in Q2 2009, following on from the MISRA-AC AGC, MISRA-AC TL and MISRA-AC INT documents that were released in Q3 2007. MISRA AC INT gives more background and explains the structure of the documents including the naming convention.

The team are not working on any documents at the moment, though they would like to expand the code generator coverage.  Currently the only code generator covered by the documents is dSPACE's TargetLink. The MISRA-AC team would like to hear from users of other code generators who would be willing to contribute   their experience and time to developing documents to cover their use. Contact MISRA-C.com giving your relevant experience. NOTE the input required is from the end users not the tool manufacturers. Examples of code generators are MathWorks' Embedded Coder, Esterel's SCADE-Drive and ETAS' ASCET.

 

MISRA-C:

After the success of C1 (1998) and C2 with exemplar suite (2004) the team have been working on the 3rd version of MISRA-C since Q4 2007 and intend to publish a draft for public comment late Q2 2010 with publication of the final document some 9-12 months later. MISRA-C gained Category C liaison status with ISO WG14 in Q3 2009 giving it a direct sight of and influence on the next ISO C standard.

 

MISRA-C++:

MISRA-C++ has had a quiet year to allow the group to recover after the generation of MISRA-C++:2008. Work has been done analysing feedback the team received and this will form the basis of a Technical Corrigendum which is planned for release in 2010. Work will start in 2010 on an exemplar suite for MISRA-C++:2008 which will be similar to the one that already exists for MISRA-C:2004.  Should anyone be interested in joining the team please contact the chairman with your relevant experience.

 

MISRA-L (Languages)

After the development of three MISRA guides related to programming Languages in 2009 it was decided to set up the MISRA-Languages working group to harmonise the terms, definitions, and where appropriate the rules used between MISRA-C, C++ and AC groups.  This has been extended to look at generic programming language problems and ties-in with the IS0 SC22/WG23 Language Vulnerabilities group. This group are looking at both safety and security vulnerabilities in programming languages.

 

MISRA-L gained Category C liaison status with ISO WG23 in Q4 2009 giving it a direct communications with the ISO SC22/WG23 Vulnerabilities group. Thus the MISRA working groups will be able to take into account the ISO work on programming language vulnerabilities and incorporate them into future MISRA documents where appropriate.

 

MISRA Web site

The MISRA web site www.misra.org.uk  has information on all the MISRA projects and an active forum (see www.misra.org.uk/forum ) for discussion of all topics. This is also where MISRA working groups will post official replies to technical queries.  The teams will only reply to questions on the forum so please do not email technical questions to the working group chairmen.

 

The MISRA Project Team are working on a new version of the MISRA website for launch sometime in 2010.  So any feedback on the current one would be appreciated by the MISRA Project Manager. misra@misra.org.uk

 

Further information on all aspects of the MISRA work and the forum can be found at www.misra.org.uk

 

 

Author Details and contact

 

Eur Ing Chris Hills BSc CEng MIET MBCS MIEEE  FRGS   FRSA is a Technical Specialist and can be reached at This Contact

 

Copyright Chris A Hills  2003 -2010
The right of Chris A Hills to be identified as the author of this work has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988