Effective MISRA C

Abstract

This course provides a thorough understanding of MISRA C, disposing of common misconceptions that are ultimately responsible for its ineffective and counterproductive adoption. The course begins with a presentation of the safety and security pitfalls that are inherent in C programming; the most common and dangerous programming errors (with a particular emphasis on embedded systems programming) are then explained in detail. Each MISRA C rule is presented along with its rationale and the role it plays in achieving safety, testability, maintainability and portability. Most importantly, each rule is presented along with a clear explanation of the right corrective measures (those that do increase overall code quality) and with instructions about why, when and how rule deviations might be necessary or advisable. The use of tools for the automatic verification of MISRA C rules is then introduced, with a particular emphasis on their proper configuration and integration with the development environment. The course concludes with the demonstrative analysis of a portion of an automotive software project: this gives the opportunity to review and practice all the learned concepts and abilities.

Importance

MISRA C compliance is not about making sure the analysis tool remains silent. If it is silenced at the expense of code quality (something that is always possible), then this defeats the very purpose of compliance and can increase the costs incurred by the company due to poor code quality. There is just one reason why this really does happen: only fully trained development and quality assurance teams will be able to successfully adopt MISRA C (or any other coding standard).

Contents

The two day course consists of the following topics:

  • Undefined, unspecified and implementation-defined behaviors in C.
  • How the compilers may take advantage of undefined behavior.
  • Explicit casts and implicit casts: balancing, promotion, usual arithmetic conversions, etc.
  • Enumerated, integer and floating-point types: representation and operations.
  • Common integer pitfalls: overflow, sign error, extension, truncation, etc.
  • Common floating-point pitfalls: error propagation, comparison, excess precision, etc.
  • Arrays, strings, pointer types and associated programming errors: access outside bounds, null-termination, truncation, off-by-one errors, etc.
  • The purpose of MISRA C and its role in improving code quality.
  • The rules of MISRA C: this is based on the 2nd revision (2004) but with reference to the 1st (1998) and the 3rd (forthcoming) revisions.
  • Automatic verification of compliance to the MISRA C rules: the tools and their proper configuration and use.
  • Compliance matrices and deviation procedures.
  • Demonstrative analysis of the MISRA C violations in an automotive software project along with the correct remediation measures.

Benefits

Besides a first-class training experience, participants will receive:

  • full course material including examples and exercises for individual study;
  • certificate of achievement;
  • one month of free email consultancy on the course topics.

Prerequisites

This training requires an advanced understanding of the C programming language. It does not require the previous knowledge of MISRA C.

Instructors

The course is mainly taught by Roberto Bagnara.

Roberto is CEO/CTO and Chief Scientist at BUGSENG. He coauthored more than 35 papers on programming languages, static analysis and other techniques for software verification published in international journals and conference proceedings. Roberto is a full professor of Computer Science at the University of Parma, where he teaches courses on programming languages and (automated) software verification. Roberto started professional programming in 1984, initially for the University of Bologna, then at CERN (the European Laboratory for Particle Physics) where he worked on low-level software for embedded systems and on cross development tools for microprocessors. Still at CERN, he also worked with Tim Berners-Lee on the development of remote procedure call systems (RPC). Roberto is the Italian representative in the ISO JTC1/SC22/WG14 international standardization working group for the C programming language.

Venues

Standard locations are Parma, Milan or Rome depending on requests. The courses can also be delivered on-site. Contact us at training@bugseng.com to express your interest, specifying your preferred locations and dates. To obtain a quote for an on-site course, please also specify the number of participants.

Variants

A one day version of the course is available for an audience that already has some knowledge of MISRA C.

The course is usually delivered in English. It can be delivered in Italian if all participants prefer this.

The course participants can help decide which revision of MISRA C should emphasized.

Fees

Parma:
EUR 1,000.00 + VAT per person, 25% discount for any participant of the same company after the first one (one day version: EUR 700.00 + VAT per person, same discount conditions).
Milan, Rome:
EUR 1,200.00 + VAT per person, 25% discount for any participant of the same company after the first one (one day version: EUR 800.00 + VAT per person, same discount conditions).