How can you avoid the C/C++ traps and pitfalls

Wed, 02/06/2019 - 15:33

In our previous blog, we looked at the complexities of MISRA C compliance and the necessity
of robust veri cation tools. However, simply installing a tool is not suf cient. The MISRA
compliance documents speci cally state that, in order to describe a project as "MISRA
Compliant", staff must be competent and fully understand the issues underlined by each
guideline. This is especially important for personnel involved in the approval of deviations
from the guidelines.
Ensuring your developers and quality assessors are effectively trained is also crucial to the
smooth and effective adoption of the tool. Developers can make mistakes (and lose signi cant
time) when they don’t fully understand the rationale behind each of the MISRA guidelines.
This blog looks at some of those potential misunderstandings.

A worthwhile investment
Over 50% of the developers who come on our courses are unaware of many of the traps and
pitfalls of C/C++. Even though they are highly quali ed and experienced, this is not something
they have studied in-depth, either at university or in their industry training. This is a global
issue; it’s not speci c to any one country or industry.
That is why we spend the rst half-day of our two day course really drilling down into the
traps and pitfalls. We’ll give them real-world examples of seemingly reasonable and innocuous
pieces of code and how they can go horribly wrong. Here are just two of the simplest examples
that many programmers are surprised to see:
 

1. The following code violates the MISRA C rule that you must not mix signed and
unsigned expressions (this prescription is formulated using the often-misunderstood
concept of "essential type"):
uint32_t MAX_TEMP = 90;

_Bool is_overheated(int32_t temp) {

return temp > MAX_TEMP;
}

The problem here is that the call is_overheated(-1) returns true – even though the
temperature is minus.
2. This snippet violates a MISRA C rule that forbids line splicing in // comments:
…
// see critical.* in c:\project\src\
critical_function();
…

In this example, the developer did something seemingly innocuous. But the
critical_function(); becomes part of the comments and therefore is not executed. This is
potentially very dangerous.

Once developers see these examples, they quickly appreciate the importance of each MISRA
rule in preventing potential disasters. They will also see the value of effectively using a tool
that reliably ags the MISRA C/C++ violations. Taking time to gain a solid grounding in MISRA
C is a worthwhile investment because developers should not rely completely on the output of
veri cation tools.
For example, veri cation tools may produce false positives and ag violations that don’t exist.
Developers need the expertise to judge such situations. Otherwise, they will probably feel
compelled to change the code in order to silence the tool. This, more often than not, creates
signi cantly poorer code. Or, they may erroneously think that a tool message is a false
positive, when in fact it is a true positive, and change the tool con guration not to show that
message anymore (a case of ‘shooting the messenger because you don’t like the message’).

Good quality training is a logical step

Understanding why the MISRA rules are there and the importance of using a veri cation tool
to detect code violations is a good start. But, of course, developers also need to know how to
correct any problems the tool ags. Without effective training, they will probably use a trial
and error approach – wasting time and reducing code quality.
Effective MISRA C training will show them how they can con gure ECLAIR and give them time
for hands-on practice. Sometimes it is even possible to use your own code from real live
projects (subject to con dentiality). This is the best way to show your developers how to solve
any violations.
Ensuring smooth and effective implementation
EGICON is an award-winning developer of mission-critical embedded and Automated Testing
Solutions (ATS) across the automotive, industrial, medical, aerospace and defence sectors.
When they bought a site license for our ECLAIR/MISRA tool, they also asked us to train a
team of 12 developers and quality assessors.
“We are committed to excellence in all our products and processes,” says Paolo Monari, CTO
at EGICON. “We know we need to be proactive in ensuring our people continue to develop
their skills. After all, it is their expertise that drives our innovation.
“Working with BUGSENG was a logical step for us. With their highly-quali ed instructors and
formal training, tailored speci cally to our needs, we have implemented MISRA C into our
software production and veri cation process smoothly and successfully. We’ve also
signi cantly strengthened the skills and competences of our development and veri cation
teams.”
For more details of BUGSENG’s MISRA C training please see
https://www.bugseng.com/services/education (http://www.bugseng.com/services/education)
Roberto Bagnara, Ph.D is CTO of BUGSENG, a leading provider of solutions and services for
static code analysis. He is also a member of the ISO/IEC JTC1/SC22/WG14 - C
Standardization Working Group and the MISRA C Working Group.

Meet us at the Embedded World Conference in Nuremberg, 26-28 February 2019

The BUGSENG team will be exhibiting at the Embedded World Conference in Nuremberg.
We’d love to meet you and answer any questions you may have about our veri cation services,
education and training. You’ll nd us on stand 4-545.
Our CTO, Roberto Bagnara, will also be speaking at the conference. His presentation: "The
MISRA C Coding Standard: A Key Enabler for the Development of Safety and Security Critical
Embedded Software" is at 10:30AM on Tuesday 26 February 2019.
For more details visit https://www.embedded-world.eu/home.html (https://www.embedded-
world.eu/home.html)

 
 

Subscribe here for the BUGSENG updates.

Email address
  
Sign me up!

WE ARE A PASSIONATE TEAM OF EXPERTS. DO NOT HESITATE TO LET US HAVE YOUR

FEEDBACK:
YOU MAY BE SURPRISED TO DISCOVER JUST HOW MUCH YOUR SUGGESTIONS MATTER TO
US.

CONTACT US (/COMPANY/CONTACT-US)

PRODUCTS

ECLAIR (http://www.bugseng.com/eclair)
ECLAIR for MISRA (http://www.bugseng.com/eclair/eclair-misra-c%3A2012-his-metrics-package)
ECLAIR Bug Finder (http://www.bugseng.com/eclair/eclair-bug- nder)
PPL (http://www.bugseng.com/parma-polyhedra-library)

SERVICES

Veri cations services (http://www.bugseng.com/services/veri cation-services)

Education (http://www.bugseng.com/services/education)
Technical support (http://www.bugseng.com/services/technical-support)

RESOURCES

Documentation (http://www.bugseng.com/content/documentation)
Scienti c pubblications (http://www.bugseng.com/academy/scienti c-publications)

COMPANY

About (http://www.bugseng.com/company)
Customers (http://www.bugseng.com/customers)
Perspectives (http://www.bugseng.com/perspectives)
News (http://www.bugseng.com/news)
Careers (http://www.bugseng.com/company/careers)
Contacts (http://www.bugseng.com/company/contact-us)

Copyright © 2010-2019 BUGSENG srl | All rights reserved | VAT No. 02592690347 | Privacy Policy
(http://www.bugseng.com/privacy-policy) | Company Pro le & Legal Notes (http://www.bugseng.com/company-
legal)