Safety Critical Applications

 

Comply with Coding Standards

 
 
 

For safety-critical and security-critical software, coding standards are essential to meet requirements and avoid errors and vulnerabilities. 
On this page you will find an overview of all the coding standards that we can serve.

 
On this page

AUTOSAR

​AUTOSAR (Automotive Open System Architecture) is a global development partnership of automotive industry stakeholders that aims to create an open and standardized software architecture for automotive electronic control units (ECUs). AUTOSAR provides a set of standards, specifications, and guidelines for developing software in the automotive domain, including coding guidelines.

The AUTOSAR coding guidelines are a set of rules and recommendations for writing C or C++ code in the context of AUTOSAR-compliant software development. These guidelines are designed to ensure code quality, reliability, and safety in automotive software systems. They are crucial for developing software components that can be integrated into AUTOSAR-compliant ECUs from various suppliers while maintaining consistency and interoperability.

Developers and teams working on AUTOSAR-compliant software projects need to follow these coding guidelines to ensure that their code integrates seamlessly with other components and meets the high standards of safety and quality required in the automotive sector. Additionally, adherence to these guidelines can aid in achieving certification for safety-critical applications, such as ISO 26262 compliance for functional safety.

Ensure Code Safety with PC-lint Plus

Discover PC-lint Plus, our tool for compliance with the most important coding standards. It is certified for ISO 26262 and IEC 61508 and ensures that your code meets the highest safety and quality standards.

Read More

MISRA

​MISRA (Motor Industry Software Reliability Association) is an organization that develops and publishes a set of coding guidelines and best practices for the development of safety-critical and embedded software in the automotive industry. MISRA guidelines are widely used to ensure the reliability, safety, and quality of software in vehicles and other systems where safety and security are paramount. The guidelines are not limited to coding but also cover aspects like software architecture, quality assurance, and development processes.

MISRA guidelines come in various versions, with MISRA C and MISRA C++ being two of the most well-known sets of guidelines. Each version is tailored to a specific programming language (C or C++), and the specific set of guidelines evolves over time to reflect changes in industry practices and requirements.

Overall, MISRA guidelines provide a valuable framework for developing software in safety-critical and embedded systems, helping developers reduce the risk of errors, vulnerabilities, and safety-related issues while ensuring compliance with relevant industry standards and regulations.

PC-lint Plus provides support for the following guidelines:

MISRA C:2023

MISRA C:2012, Amendments 1, 2, 3 and 4

MISRA C:2004

MISRA C++:2023

MISRA C++:2008

CERT-C

​The CERT-C Coding Standard, developed by the CERT Division at the Software Engineering Institute (SEI) of Carnegie Mellon University, is a set of coding guidelines and best practices for the C programming language. These guidelines are designed to improve the security and reliability of software written in C, particularly in safety-critical and security-critical applications. The CERT-C Coding Standard focuses on identifying and preventing common programming errors and vulnerabilities that can lead to security breaches or software failures.

The CERT-C Coding Standard is widely recognized and used in industries where software security and reliability are paramount, including aerospace, automotive, healthcare, and financial sectors. It is often adopted for projects that require a high degree of assurance and compliance with security standards, such as the Common Criteria and ISO 27001.

The coding guidelines provided by CERT-C are intended to help developers write more secure and reliable C code, but they are not specific to any particular application domain. Developers can use these guidelines as a basis for secure coding practices and adapt them to their specific needs and requirements. Compliance with CERT-C guidelines can significantly reduce the risk of software vulnerabilities and security breaches in C code, making it a valuable resource for those involved in security-critical software development.​

PC-lint Plus provides support for many of the statically enforceable guidelines of CERT-C.

Custom Coding Guidelines

​The analysis capabilities of PC-lint Plus are not limited to the built-in messages. It offers the possibility to define custom checks and diagnostics. They are realized by specifying queries that are executed while inspecting and walking the abstract syntax tree (AST). The AST is generated by PC-lint Plus as a representation of the source code under analysis. Each query is composed of query expressions, which constitute a statically-typed, domain-specific language.

​Queries cannot only help enforcing custom coding guidelines. They can also be used to specify precise exceptions for each finding. Before reporting a finding the corresponding queries are executed. If the finding matches a specified exception the finding will be suppressed. In this way, you can define permissible deviations without having to justify each individual occurrence.

More About PC-lint Plus

Common Weakness Enumeration

CWE, the Common Weakness Enumeration, is a list of common software and hardware weakness types. A "weakness" could contribute to the introduction of vulnerabilities. The list is community-developed and freely available. The main goal of CWE is to stop vulnerabilities at the source by making them known so that they can be fixed during development.
The weaknesses listed in the CWE uses data reported by the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) to determine the prevalence and severity of vulnerabilities. The outcome of this analysis are Top-N lists, like the CWE Top 25 and the CWE Top 10 KEV Weaknesses List.
In addition to the lists, CWE helps developers and security practitioners to evaluate coverage of tools targeting these weaknesses. PC-lint Plus Version 2.1 is certified to be CWE compatible and covers all weaknesses relevant for C/C++ of the Top 10 KEV Weaknesses list and most of the CWE Top 25.
 

Learn more

Connect with Our Experts

Whether you're seeking advice, looking for solutions, or just curious about our services, we're here to help.
Our team of experienced developers is here to provide the support, and technical expertise you need. Contact us to schedule your consultation and start your journey with us. 

Contact Us

Subscribe To Our Newsletter

Are you passionate about software development?
Want to stay updated with the latest, tools, and best practices we offer?

Join our community by subscribing today! 

Sign Up