100 likes | 174 Views
Objectives of Coding Standards & MISRA C++. Clive Pygott, Systems Assurance Group, QinetiQ Chris Tapp, Keylevel Consultants & MISRA C++ chair. DARP Workshop April 2006 Conclusions. Participants at the last Defence Aerospace Research Partnership C++ workshop were asked:
E N D
Objectives of Coding Standards & MISRA C++ Clive Pygott, Systems Assurance Group, QinetiQ Chris Tapp, Keylevel Consultants & MISRA C++ chair
DARP Workshop April 2006 Conclusions Participants at the last Defence Aerospace Research Partnership C++ workshop were asked: ‘what do you want to see in a generic software vulnerabilities standard’ • Predictability: behaviour, time, memory usage • A requirement for more precise definition of the language/subset to be used in a high integrity environment • A requirement for a more structured and capable means of recording ‘intent’ and invariants in source code Verification • A requirement for a means of collecting data on the effectiveness of any high-integrity guidelines
Reasons for coding standards • To avoid undefined behaviour • To avoid implementation defined behaviour • To improve clarity for review and maintenance • To provide a consistent style across a program or set of programs • To avoid common programmer errors • To incorporate good practice, particularly with regard to ‘future proofing’
Who are MISRA? • Motor Industry Software Reliability Association • Started in 1990 • Mission: “to provide assistance to the automotive industry in the creation and application of safe and reliable software in vehicle systems” • The original project was part of the UK Government’s “SafeIT” programme • Now self-supported – and used far outside the automotive industry
MISRA C++ • Extension of MISRA-C • No language feature totally barred (except goto – for a better reason than in MISRA-C) • Target date for draft for peer review – January 2007 • Being developed by a working group including • Software safety consultants/researchers • Tool vendors • Users
MISRA C++ sources • Identification of Issues • QinetiQ Vulnerabilities Report • Evaluation of Existing Material • Other Coding Standards • MISRA-C • JSF++ • Medical Systems • Transportation • Tool Vendors (‘real world’ experience). • Other Publications • Scott Meyers • Stephen Dewhurst • Etc.
MISRA C++ Aims • Predictability – mostly functional • Portability • Clarity for review/maintenance • Avoiding common errors Not systematically addressed • Predictability – temporal, memory usage Not • Consistency of style • Good practice/future proofing
MISRA C++ (&C) rule structure • Rule Structure • Rule Number and category (Mandatory…) • Headline Text • (should be) precise and testable • Issue and Existing Material References • Explanation of the issue(s) and rule justification. • Examples of non-conforming and, where appropriate, conforming code. • Expected deviations (if appropriate and may include ‘none’!)
MISRA C++ relationship with OWGV? • Would hope that this group sets the objectives for high integrity software • MISRA C++ would then want to claim compliance