Whitepaper: A Practical Guide to Accelerating MISRA C 2012 Compliance with Test Automation

Achieve MISRA C 2012 compliance without disrupting your entire development process. It’s all in using a phased approach with a clearly defined endpoint.

Gain a full understanding of how to effectively leverage static analysis in conjunction with automated unit testing, test management and analytics to make a powerful tool suite to achieve MISRA compliance efficiently.


Download the whitepaper to learn the process of achieving, documenting and maintaining MISRA compliance with test automation.

The original MISRA principles were created to be applied as code was being developed. Even the document itself has a warning:

“...a project that checks for MISRA C compliance late in its cycle is likely to spend a considerable amount of time re-coding, re-reviewing and re-testing. It’s therefore expected that the software development process will require the early application of MISRA C principles.”

Because many organizations need to reuse legacy codebases, the MISRA Compliance: 2016 guidance document was created in response. There’s clear distinction between the new, native code developed in the scope of a current project and the “adopted” code developed outside of the scope of the project.

 Software development teams need a practical approach to dealing with legacy code and MISRA C compliance.

For example, an initial prototype developed without following MISRA guidelines is productized, but then management realizes that compliance is a requirement for the intended marketplace. Typically, the legacy codebase was never developed with coding guidelines in mind. As a result, a codebase can’t be automatically classified as “adopted code” if updates are required in the context of a new project adding to the complexity of the situation.

Fortunately, there are ways to make code compliant without interfering with ongoing development, explained in detail in the full whitepaper.

In response, the MISRA Consortium provided a reasonably well-defined framework of what MISRA compliant truly means in the document MISRA Compliance: 2016. The document is helping organizations use a common language articulating compliance requirements by defining several artifacts.

 The key document for focusing on what to do with legacy and existing code is the Guideline Re-categorization Plan, which captures all directives and rules and identifies which categories have been re-categorized.

The MISRA Com­pliance: 2016 document has worked to clear this up. A recommended approach to improving the evaluation of compliance readiness is to use existing templates for both the final compliance and tool qualification report.

To combat the tendency to add more information into the reports than is required, refer to the list provided by MISRA Compliance 2016:

  • Guideline Enforcement Plan
  • Guideline Compliance Summary
  • Details of all Approved deviation permits
  • Deviation records covering all violations of guidelines re-categorized as Required
  • Establish the end goal early. 
  • Use a phased approach. Establish a workflow to fix the violations over time, without disrupting the development process and degrading the quality of the software.
  • Key feature recommendations for static analysis tools:
- Baselining
- Line in the sand
- Severity-based prioritization 
  • A less obvious component of MISRA compliance often left until the end of the project is the qualification of the development tools used in the product proven fit for purpose to the pertinent safety standard. If a tool needs qualification, what level of validation needs to be performed? Tool qualification needs to start with tool selection, ensuring you’re using a development tool certified by an organization such as TÜV SÜD. This will significantly reduce the effort when it comes to tool qualification.
  • Only qualify the tools you use. For instance, it’s not productive to make developers sift through qualification material for DO-178B/C when they’re doing an automotive project that requires ISO 26262.
  • Test automation tools can be used to automate their own testing. The tool qualification requires tests be run and results verified as outlined in qualification kits. Automating this as much as possible is key to making the process painless.
  • The expertise and training of development staff is another key factor overlooked by software organizations frequently being identified by auditors as the number one issue when evaluating the readiness of a product. According to MISRA Guidelines, staff competency is an important part of compliance. It’s best to conduct training in the beginning of the project. Record the training date and developer participation.

About Parasoft

Parasoft helps organizations continuously deliver quality software with its market-proven, integrated suite of automated software testing tools. Supporting the embedded, enterprise, and IoT markets, Parasoft’s technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to web UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. Bringing all this together, Parasoft’s award winning reporting and analytics dashboard delivers a centralized view of quality enabling organizations to deliver with confidence and succeed in today’s most strategic ecosystems and development initiatives — security, safety-critical, Agile, DevOps, and continuous testing.