Software coding standards play an important role in preventing unreliable programming constructs in software development processes. For embedded systems, important coding standards include:
The ability to check whether your model and code complies with coding standards can help to prevent security vulnerabilities. Embedded Coder® and Simulink® offer capabilities to minimize issues that affect compliance with MISRA C:2012 and secure coding standards. Capabilities include:
Code Generation Advisor, which helps you configure a model or subsystem so that the code generator is most likely to produce MISRA C:2012 compliant code. For more information, see Configure Model for Code Generation Objectives by Using Code Generation Advisor.
Model Advisor checks, which you can use as you developed your model or subsystem to increase the likelihood of generating code that complies with MISRA C:2012 and secure coding standards. For more information, see:
The MISRA C and MISRA C++ standards are a set of coding guidelines for the C and C++ programing languages that promote safety, security, and reliability in embedded system software. These guidelines, published by the Motor Industry Software Reliability Association (MISRA®) define a “safe-subset” of the C language to protect against language aspects that can compromise the safety and security of embedded systems. For more information, see What is MISRA C?
When using MISRA C:2012 coding guidelines to evaluate the quality of your generated C code, you are required per section 5.3 of the MISRA C:2012 Guidelines for the Use of C Language in Critical Systems document to prepare a compliance statement for the project being evaluated. To assist you in the development of this compliance statement, MathWorks® evaluates the MISRA C:2012 guidelines against C code generated by using Embedded Coder. The results of the evaluation are published as:
For more information, see Developing a MISRA C:2012 Compliance Statement.
CERT® C, ISO/IEC 17961, and CWE are coding rule guidelines developed specifically to address the growing number of cyber security concerns within embedded systems. These coding standards are for software developers to use in the development of code in the C language:
CERT C — Provides secure coding practices for the C languages. Security vulnerabilities in embedded software increase chances of attacks from malicious actors. These guidelines help eliminate constructs with undefined behavior that can lead to unexpected results at runtime and expose security weaknesses. For more information, see What is CERT C?
Common Weakness Enumeration (CWE™) — Identifies common software weakness types that can occur in software architecture, design, code, or implementation. These weaknesses can lead to security vulnerabilities.
ISO/IEC TS 19761:2013 Information Technology — Programming Languages, Their Environments And System Software Interfaces — C Secure Coding Rules — The formal ISO® standard for secure coding in C. This standard is designed to be enforced by using static analysis tools without excessive false positives.