Der Blätterkatalog benötigt Javascript.
Bitte aktivieren Sie Javascript in Ihren Browser-Einstellungen.
The Blätterkatalog requires Javascript.
Please activate Javascript in your browser settings.
Messe-News Donnerstag 16 3 2023 27 MISRA C 2023 Addressing contemporary challenges in embedded development The MISRA Working Group’s announcement of two new editions of its MISRA C Guidelines marks a critical step in the development of safetyand securitycritical devices MISRA C 2012 Amendment 4 AMD4 and MISRA C 2023 bring essential guidance to developers By Mark Pitchford From automotive software to medical devices MISRA Chas long been the guiding force behind safe secure and reliable code With explosive growth in the need for featurerich and connected devices manufacturers have naturally turned to more sophisticated techniques to squeeze more value out of their processors and peripherals After years of realworld research and development the MISRA C Working Group addresses these modern software complexities with new guidance on multithreading and atomic types in support of C11 and C18 Why Cprogrammers need MISRA Software safety security and reliability are critical imperatives for many embedded systems Our smart home devices must minimize the risk of data breach for example and our car’s engine control units must behave only in ways intended by the developer While quite popular among embedded development teams the Clanguage allows developers to control application behavior and memory in ways that could compromise their systems The ISO standards that define the language ISO IEC 9899 201 1 and 2018 colloquially known as “C1 1” and “C18” do not provide a complete specification of runtime intention leaving some aspects up to the implementation to decide As a result there are nondeterministic components to the Clanguage that give license to developers in ways that could pose risks to the system • Undefined behavior – the Cstandard does not specify a requirement • Unspecified behavior – the Cstandard allows for two or more possibilities and does not specify requirements for which one s is used • Implementation defined – the compiler and runtime are free to define their own behaviors and must document the behaviors themselves Over the years developers have become proficient at exploiting such behaviors to extract higher performance out of their applications One example is leaving variables of large array types uninitialized to avoid incurring the memset cost of zeroinitializing the storage while undefined in the Cstandard many compilers and static analyzers will flag this It’s the unpredictable consequences of these loopholes that the MISRA C Guidelines aim to eliminate For example • Writing to a file stream opened as readonly leading to potentially undesirable behavior • Using recursive functions leading to a potential stack overflow • Accessing memory outside the bounds of a data structure which could lead to a potential attack surface for hackers The philosophy behind the MISRA C Guidelines The MISRA C Guidelines restrict the Clanguage to a predictable subset in line with the needs of safetyand securitycritical systems Through rules and directives these guidelines minimize or eliminate coding practices that are known to be hazardous and insecure • Rule Asource code requirement that is complete objective and unambiguous The guidelines further classify rules as decidable if they can be conclusively verified through techniques like static analysis and undecidable if no verification guarantee is possible • Example rule “The value of an object with automatic storage duration shall not be read before it has been set ” MISRA C 2012 Rule 9 1 • Directive Aguideline that may be satisfied through code processes documentation or functional requirement Directives can be subject to interpretation and analysis tools may be able to assist in checking compliance • Example directive “Any implementationdefined behavior on which the output of the program depends shall be documented and understood ” MISRA C 2012 Directive 1 1 MISRA C 2023 addresses the growing use of concurrency With increasing reliance on multiprocessor systems and multithreaded applications to support embedded applications the MISRA Working Group released new guidelines in AMD4 and consolidated all prior editions in the MISRA C 2023 edition Focused on the growing use of concurrency in embedded systems AMD4 extends support to many new features introduced by the C11 and C18 standards Guidance on multithreading AMD4 addresses concurrency issues not covered by the Cstandard by adding new rules and directives to restrict multithreading features to a safe subset These guidelines cover critical elements of thread usage • Restricting dynamic thread creation to foster more deterministic approaches to concurrency Mark Pitchford has over 30 years’ experience in software development for engineering applications He has worked on many significant industrial and commercial projects in development and management both in the UK and internationally Since 2001 he has worked with development teams looking to achieve compliant software development in safety and security critical environments working with standards such as DO-178 IEC 61508 ISO 26262 IIRA and RAMI 4 0 Im ag e LD RA • Ensuring threads are created before mutexes are linked to them • Minimizing the risk of deadlocks and data races in the system • Managing the safe use of thread objects and thread identifiers Guidance on Catomic types C11 introduced atomic types and operations that enabled developers to manipulate data objects indivisibly or without risk of interference by another thread to avoid the chance of data races in multithreaded applications AMD4 adds new rules and modifies some existing rules to address undefined behaviors in the Clanguage that may compromise atomicity in the system • Ensuring the correct configuration of atomic types • Preventing the unintended removal of atomicity when referencing atomic types through pointers • Restricting the use of multiple atomic types in the same statement MISRA Cfor the modern age The AMD4 additions also include other types of rules covering Clanguage features known to be problematic and minor updates to clarify existing rules and directives These include restricting the use of small integer macros and certain use cases of designated initializers Perhaps the biggest change from a process perspective is the consolidation of earlier MISRA Ceditions and the recent AMD4 enhancements to provide a single comprehensive baseline Now in one document MISRA C 2013 simplifies compliance and configuration management for existing users of MISRA Cand eases entry for organizations starting new projects By understanding and adopting the MISRA C Guidelines embedded development teams can improve the safety security and reliability of their code while also demon strating a commitment to core business objectives Such teams will find it valuable to deploy static analysis tools that rapidly and comprehensively check code for any deviations against the MISRA guidelines hs LDRA Hall 4 Stand 505 Small Integrated Current Sensors for a Wide Range of Isolation Requirements Visit us at Embedded World - 3A-322 Learn More 3kV RMS Isolation in SOIC-8 Immune Against Gradient Stray Fields Lowest Noise in 3x3mm 2 QFN TZ MPS-Print-Banners-1 Magazine-Markt Technik bleeds+trimmarks pdf S 1 Format 120 00 x 83 00 mm 27 Feb 2023 15 56 4