MISRA Compliance

18th March 2021

Presented by
Chris Tapp
Technical Specialist, LDRA
Chair, MISRA C++

chris.tapp@ldra.com
chair.cpp@misra.org.uk
MISRA Compliance
– An Important Change

▪ The use of MISRA Compliance to support claims of

compliance is compulsory for:

▪ All versions of MISRA C from MISRA C:2012 AMD2.

▪ All future versions of MISRA C++.

▪ May also be used with older versions, replacing the

guidance they contain.

▪ MISRA Compliance was originally published in 2016:

▪ Current version is MISRA Compliance:2020.

▪ Available as a free download from the MISRA website.

Hitex AURIX Seminar - MISRA Compliance 2

MISRA Compliance
– What Is It?

▪ Clarifies how the guidelines

should be adopted within a
project.

▪ Defines what evidence

(artefacts) must be made
available to support a claim
of compliance.

▪ Compatible with all existing

and future versions of MISRA
C and MISRA C++.

Hitex AURIX Seminar - MISRA Compliance 3

MISRA Compliance
– Guideline Categories

▪ The various MISRA guidelines allocate a minimum

enforcement category to each guideline:
▪ Mandatory
▪ Required
▪ Advisory

▪ The category defines whether a guideline may be

violated and if a deviation is required when it is.

Category Violations
Mandatory Never permitted.
Required Only permitted when supported by a formal deviation.
Advisory Have to be acknowledged (documented), but a formal deviation is
not needed.

Hitex AURIX Seminar - MISRA Compliance 4

Required artefact
– The Guideline Enforcement Plan (GEP)

The Guideline Enforcement Plan shows how compliance

with the guidelines is be to enforced:
Guideline Compiler Analysis Tool Manual Check
Dir 1.1 Procedure “A”
Dir 2.1 No errors reported
…
Rule 4.1 Message 38
Rule 4.2 Message 97
Rule 5.1 Warning 347
…
Rule 12.1 Message 79
Rule 12.2 Message 452 Procedure ”B”
Note: “The Guideline Enforcement Plan” was previously known as ”The Compliance Matrix”.

Hitex AURIX Seminar - MISRA Compliance 5

Required activity
– Guideline Re-categorization

▪ Where possible, re-categorize as many guidelines as

possible as Mandatory.

▪ In general, most of the Required guidelines should be treated as

Mandatory within a project – they aren’t Mandatory within the
guidelines as there may be instances when violations can be
justified.

▪ Re-categorize Advisory guidelines as appropriate.

▪ Raise when stricter enforcement is of benefit (no violations to be

allows, deviations required when violating).
▪ Lower when there is no requirement to identify all violations of an
Advisory guideline (e.g. use of // comments with a C99 compiler)
– note that the “Disapplied” category has been introduced within
MISRA Compliance to allow this to be done, but use with care!

Hitex AURIX Seminar - MISRA Compliance 6

MISRA Compliance
– Guideline Re-categorization

The categories permitted after re-categorization vary

according to the category allocated in the MISRA
Guidelines.

MISRA Revised Category

Category Mandatory Required Advisory Disapplied
Mandatory ✓ ✕ ✕ ✕
Required ✓ ✓ ✕ ✕
Advisory ✓ ✓ ✓ ✓

Note: The re-categorized level can only be lower than the

level allocated in the MISRA Guidelines when the original
category is Advisory.

Hitex AURIX Seminar - MISRA Compliance 7

Required artefact
– The Guideline Re-categorization Plan (GRP)

Revised categories
Guideline MISRA Revised
Category Category Mandatory – violations are
Dir 1.1 Required Mandatory not permitted.
Dir 2.1 Required Required
… Required – deviations may
Rule 4.1 Required Required
be used and are acceptable
to the customer.
Rule 4.2 Advisory Disapplied
Rule 5.1 Advisory Mandatory
…
Advisory – violations will be
documented.
Rule 12.1 Advisory Mandatory
Rule 12.2 Required Required
Disapplied – no checks will
be made for compliance.
Hitex AURIX Seminar - MISRA Compliance 8
Required artefact
– Deviation Records

▪ Deviations allow unavoidable violations to be authorized

through a clearly defined process.

▪ Deviations may not be used:

▪ Without the support of a process.
▪ When a reasonable alternative is available / for developer
convenience.
▪ Without identifying and recording the potential risks.
▪ Without the consent of a designated technical authority.

▪ Deviation records are used to document the issue, the

rationale for deviation under a specific use case, a risk
analysis and formal approval.

▪ Deviations take time and effort (cost), so…

Hitex AURIX Seminar - MISRA Compliance 9
Deviation permits
– New Artefact (optional)

▪ Templates, allowing the background work required for a

deviation to be re-used within a project or organization
(including third-parties).

▪ Used to restrict deviations for a specific guideline to a defined

use case.
▪ E.g., converting an integer constant to a pointer when accessing
hardware.

▪ Allow a strong rationale to be given and specific mitigations

developed to ensure code integrity is maintained.
▪ Rationale are likely to be related to code quality (performance,
reusability, …).

▪ Can be created before code is written, allowing a customer to

approve a deviation use case before final delivery.
▪ The same/similar hardware is often used for different projects, so it is
likely there will be a similar need for deviations.

Hitex AURIX Seminar - MISRA Compliance 10

Required artefact
– The Guideline Compliance Summary (GCS)

▪ The Guideline Compliance Summary records the

project’s compliance level.
▪ The compliance level for each guideline is declared, with
the original MISRA category determining if the result is
permitted (compliant):

Level Meaning MISRA Category

Claimed Mandatory Required Advisory
Compliant No violations ✓ ✓ ✓
Deviations Violations, with deviations ✕ ✓ ✓
Violations Unsupported violations ✕ ✕ ✓
Disapplied No checks for compliance ✕ ✕ ✓

Hitex AURIX Seminar - MISRA Compliance 11

Required artefact
– The Guideline Compliance Summary(GCS)

Guideline MISRA Compliance Notes (not part of GCS)

Category
Dir 1.1 Required Compliant Deviations are permitted by MISRA but
have not been used.
Dir 2.1 Required Deviations Deviations are permitted by MISRA and
have been used.
…
Rule 4.1 Required Deviations
Rule 4.2 Advisory Disapplied Compliant, but checking has been
suspended.
Rule 5.1 Advisory Compliant No violations, so compliance is above
what is needed.
…
Rule 12.1 Advisory Violations Deviations provided, so compliance is
above what is needed.
Rule 12.2 Required Deviations
Hitex AURIX Seminar - MISRA Compliance 12
MISRA Compliance
– Delivery scope

▪ The following artefacts must always be made available:

▪ The Guideline Enforcement Plan.
▪ The Guideline Compliance Summary.
▪ Details of any Deviation Permits (if used).
▪ Deviation Records covering all violations of Required guidelines.

▪ The following artefacts must be provided on request:

▪ Documentation required to demonstrate how compliance has
been enforced.
▪ Documentary evidence proving which tool checks have been
performed.
▪ Documentary evidence to show the number of violations
identified.

Hitex AURIX Seminar - MISRA Compliance 13

Example deviation permit

Hitex AURIX Seminar - MISRA Compliance 14

Example deviation record

Hitex AURIX Seminar - MISRA Compliance 15

Example deviation record

Hitex AURIX Seminar - MISRA Compliance 16

Example deviation record

Hitex AURIX Seminar - MISRA Compliance 17

Example deviation record

Hitex AURIX Seminar - MISRA Compliance 18

Any Questions

Q & A
Hitex AURIX Seminar - MISRA Compliance 19
Contact Us

Need more information?

.com info@ldra.com

Hitex AURIX Seminar - MISRA Compliance 20