Embedded software development for safety and mission critical systems faces growing challenges as the trend to use technology to make peoples’ lives easier, safer, and healthier continues to grow. This has changed where and what gets considered safety critical. Now there are wearable devices that not only promote fitness, they also monitor critical organs and other health issues. And, automobiles, which now provide driver-assisted systems to help people to park and avoid collisions, now use millions of MCUs processing billions of lines of code. Clearly, as the use of safety-critical systems becomes part of our daily infrastructure it ups the ante for application providers as a significant part of the safety and effectiveness of these systems relies on software. Software must adhere to stricter standards and a more meticulous approach to software development.
While no software development process or certification standard can guarantee risk free systems, attention to and prevention of typical software errors and application weaknesses can significantly reduce errors and help developers better understand potential risks. Certainly, with software being responsible for 50-70% of automotive recalls, it is high time more rigorous checking was put in place.
So where does software go wrong? Often right at the beginning, in code development. Industries that require certification or a testing and validation process start by identifying the coding areas where there’s additional risk. They use coding guidelines that help developers simplify their code making it easier to read, maintain, and verify. They use programming rules that organize the code and make software development practices consistent. These steps alone go a long ways to ensuring the quality, safety and reliability of safety-critical systems and help facilitate the certification and testing process.
One of the programming standards that help many industries work toward safer application development is the Motor Industry Software Reliability Association, commonly known as MISRA. Although the original mission of the organization was to develop a set of programming guidelines to promote safety, reliability, ease of maintenance, and portability for safety-critical systems in automobiles, the programming standard is now widely embraced across many industry areas. The first MISRA C guidelines were published in 1998, focusing on the popular, and really dominate, C programming language in safety-critical embedded systems. MISRA C has evolved to its third-generation guideline (MISRA-C:2012) and has come to be recognized as a “best practice” that improves the reliability, maintainability and ROI of all software, not just safety critical.
To aid the increased applicability of MISRA, the latest MISRA C:2012 provides Mandatory, Required, and Advisory rules coupled with definitions and comprehensive explanations identify the purpose of each rule. Companies can therefore better understand and tier the use of the rules with this insight into which rules make the most sense for them and how to apply them as a standards for their development teams. A company, for instance, might choose to allow an individual engineer to skip advisory, while required rules might need a team lead or manager review to override their use – depending on the scope of the project. MISRA C:2012 compliance reports document all of these decisions.
Figure 1: Safety checks are part of the design process – not an after thought.
As a result of this new emphasis on safe, reliable development, companies are now asking that their development tools be MISRA compliant. Fundamental building blocks, such as the integrated development environment (IDE), real-time operating system (RTOS), and middleware can now be purchased as MISRA compliant.
Using MISRA won’t guarantee risk-free development or error-free code, but MISRA limits programmers to a subset of the C language that addresses key risk areas. Features such as macros that some developers might prefer to use are tagged with an explanation of their risk. While some programmers, of course, resist such guidelines, it’s time for the sake of added safety to produce code that is more reliable, safer, and easier to read, maintain and verify.
There are a number of ways to be MISRA compliant. Among those is ThreadX from Express Logic – a royalty-free RTOS recently approved as MISRA compliant. The RTOS features a small footprint, with a Kernel as small as 2 Kbytes, and fast deterministic response, with a boot time of 300 cycles, context switch time of less than 100 cycles, and semaphore get in less than 30 cycles.
Advertisement
Learn more about Express Logic
