MISRA C 2025 Incremental Updates With Practical Improvements

MISRA C 2025 is an incremental refinement of MISRA C 2023. The key changes aim to improve safety and developer experience.

New Rules & Modifications

The guidelines include four new rules that address emerging coding risks.

• Disallowing implicit comparison of pointers to null.
• Restricting the use of inactive union members except for character arrays, which are allowed for aliasing reads.
• Ensuring unique include guard macro identifiers across a project.
• Strengthening requirements for pointer-to-integer conversions, for example, Rule 11.4 is now required instead of advisory.

Modified Rules

Two rules were incorporated into other rules. As a result, they were deleted as a part of the rule organization refactoring. Additionally, the controversial advisory rule requiring a single exit point in functions, which seemingly disappeared, became optional.

Three rules were renumbered for better organization and thirteen rules were modified to reflect current best practices and clarify ambiguities.

More About the Single-Exit Rule Disappearance

The single-exit rule has been a MISRA staple for decades. Historically tied to older modular programming practices, the change to make it optional acknowledges modern structured programming practices and reflects MISRA’s shift toward practicality without compromising safety.

This rule originated from assembly programming, where jumps could happen anywhere. But in modern structured languages like C, every return safely exits to the caller. Some organizations still enforce it, so the MISRA working group kept it—but now it’s optional.

Loosened Restrictions for Developer Flexibility

MISRA C 2025 also introduced more flexibility for developers in the following areas.

• Switch statements. Clauses can now be terminated with statements other than `break` (for example, `return`, `abort,` or `continue`), reducing the need for unreachable code.
• Pointer conversions. Exceptions were added for conversions involving `intptr_t` and `uintptr_t`, aligning with standard allowances.
• Dynamic memory. Immediate conversion of newly allocated memory to a specific pointer type is now permitted. However, dynamic memory use is still discouraged.

AI-Generated Code & MISRA Compliance

How do MISRA guidelines apply to AI-generated code? It’s a pressing question in software development.

AI-Generated Code Is Not the Same as Qualifiable Auto-Generated Code

MISRA traditionally provides leniency for auto-generated code, for example, code generated by Simulink or Stateflow. MISRA has a long history of accommodating it with certain advisory rules—reclassifying it as “disapplied” to ease compliance.

On the other hand, MISRA holds AI-generated code from LLMs, like GitHub Copilot, to the same standards as human-written code. The MISRA committee emphasizes that AI code lacks the deterministic guarantees of model-based generators, meaning that it may introduce unpredictable risks and needs extra scrutiny. With that, it requires static analysis, peer reviews, and unit testing. In fact, these testing methods are mandatory.

AI-Assisted Remediation

AI can aid in fixing MISRA violations. Solutions like Parasoft C/C++test integrate with GitHub Copilot and add contextual guidance, embedding rule documentation and using chain-of-thought reasoning to generate compliant fixes.

In short, Parasoft’s static analysis solution integrate AI, bridging it with compliance to do the following:

• Explain violations in context.
• Suggest compliant fixes for issues like pointer misuse, for one example.
• Auto-suppress legacy rule violations when migrating to MISRA C 2025.

Developers still need to review AI suggestions, but the process accelerates remediation while maintaining compliance.

Expanding MISRA’s Reach

MISRA published two new addenda beyond the core guidelines.

1. Addendum 5 maps MISRA C guidelines to CWE weaknesses tagged as being relevant to memory safety—helping developers address vulnerabilities systematically.
2. Addendum 6 assesses the applicability of MISRA C guidelines to Rust, identifying potential safety concerns. This is a foundational step toward future Rust-specific guidelines.

The Rust Question: Is MISRA Expanding Beyond C/C++?

With the Rust programming language gaining traction in safety-critical systems, many wonder if MISRA will develop guidelines for it.

While addendum 6 explores how existing C/C++ rules could map to Rust, its ownership model and memory safety features require new language-specific rules. The Rust community is actively working on safety standards, potentially leading to a future MISRA Rust guideline.

Key Takeaways for Developers

MISRA C 2025 refines the standard with updates that prioritize practicality without compromising safety. Here are some important points.

• AI-generated code requires scrutiny. Treat it like human-written code and enforce full compliance.
• Tooling is critical. Solutions like Parasoft C/C++test streamline compliance with AI-assisted fixes and seamless integration into workflows.
• Stay up to date. MISRA’s new mappings for CWE and Rust show the standard’s evolving role in modern software safety.

Conclusion: Safety in the Age of AI & New Languages

MISRA C 2025 demonstrates how safety standards must evolve alongside technology. By addressing AI-generated code, reconsidering outdated rules, and exploring Rust compatibility, MISRA ensures it remains a trusted framework for mission-critical software.

For developers, it’s clear: automation and AI can aid coding, but human oversight and robust testing remain indispensable. As the industry moves forward, staying informed and adaptable will be crucial in maintaining both innovation and safety.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.

The post How MISRA C 2025 Is Tackling AI & Rust Challenges appeared first on Parasoft.

What Is MISRA C++ 2023?

Working together, AUTOSAR and MISRA prepared a set of coding guidelines to enable safe and secure programming using C++17. This published document is MISRA C++ 2023.

MISRA C++ is a set of coding guidelines that define a subset of the C++ language to use in critical systems to reduce the risk of making mistakes and minimize the danger of having a nonconforming program.

The C++ standard does not define the language completely. There are situations when the behavior is undefined, unspecified, or implementation-defined. If a C++ program relies on these, there’s no guarantee it will behave in a predictable way or that it will be portable.

MISRA guidelines are intended to detect such situations to ensure the safety and reliability of the software. Additionally, conformant programs may be written in a way that clearly suggests a mistake in the code or may highly likely be misinterpreted by the developers. MISRA guidelines target such situations.

The Evolution of MISRA C++

The first release of MISRA C++ in 2008 focused on C++03. It gained a lot of popularity, but with C++ advancements and the new features added in C++11, it became outdated. To bridge this gap, in March 2017, AUTOSAR consortium released AUTOSAR C++ guidelines as part of their Adaptive Platform.

Adaptive AUTOSAR uses C++14 as the language of choice, and the platform required a safety and security-oriented coding standard to support developers. Approximately 70% of unmodified MISRA C++2008 guidelines were included in the AUTOSAR C++.

But with continuous language evolution, new language features were added in C++ 17, generating a need for new coding guidelines. MISRA and AUTOSAR decided to merge standards into one publication, and MISRA took over the work on the new edition of the standard with all the updates required for C++17. The result of this work is MISRA C++ 2023, published in October 2023.

MISRA C++ 2023 Guidelines and Rules

MISRA C++ 2023 guidelines are classified as Rules or Directives. Rules are those guidelines that contain a complete definition of compliance and noncompliance. For Directives, it’s not possible to provide the full description necessary to perform a compliance check, as it depends, for example, on the design decisions made in the context of a specific project.

Each guideline is categorized as one of the following:

• Mandatory
• Required
• Advisory

Rules are additionally classified for Decidability and Scope analysis.

Mandatory guidelines must be followed without the possibility of deviation. Required guidelines may be deviated, assuming the formal deviation procedure is followed and all the potential issues have been otherwise mitigated. Advisory guidelines are a sort of recommendation that should be followed as far as it is practical.

The Decidability attribute defines whether the rule is generally analyzable by the automated tool or not. The Scope attribute defines whether a guideline should be checked by analyzing a single translation unit or the whole system.

There are 179 MISRA C++ 2023 guidelines, four Directives, and 175 Rules that are grouped into sections corresponding to the sections of the C++ standard, including the following:

• Basic concepts
• Standard conversions
• Expressions
• Statements
• Special member functions
• Exception handling

Some of these rules are derived from the AUTOSAR Coding Guidelines or the old MISRA C++ 2008. However, MISRA guidelines focused on implementation only, whereas AUTOSAR also provided recommendations related to design, toolchain infrastructure, or documentation. Generally, MISRA C++ 2023 is oriented on the semantics of the code and on avoiding mistakes without giving too much stylistic guidance.

How to Achieve MISRA C++ 2023 Compliance

MISRA C++ 2023 imposes requirements to follow compliance processes defined in the MISRA Compliance document. It’s a separate document shared between MISRA C and MISRA C++ standards. The most recent version was released in 2020 and supersedes the earlier version from 2016.

MISRA Compliance introduces a collection of requirements regarding compliance process and reporting. It defines special reports expected as compliance artifacts.

• Guidelines Enforcement Plan is a document that specifies all of the technical means that will be used to enforce guidelines.
• Guidelines Recategorization Plan is a document that describes all the changes in the guidelines categories introduced for the specific project.
• Guidelines Compliance Summary is a report documenting the level of compliance for every guideline.

In addition, the Compliance document recommends a complete process for handling deviations that include requirements for deviation records, use of deviation permits, and a list of reasons for which deviations are acceptable.

Having a standardized set of requirements for claiming projects to be MISRA-compliant helps organizations to ensure an appropriate level of confidence and to have the ability to combine the compliance reports when integrating multiple modules provided by contractors, assuming that MISRA C/C++ code checking has been performed for each of them.

Some of the guidelines could be checked using the code review process, although it would be cumbersome. Others, especially those that require whole system analysis, including guidelines that require data and control flow analysis to be performed on the complete set of the application source code, are practically impossible to check manually. Therefore, it’s important to use automated static code analysis tools, like Parasoft C/C++test, that provide complete support for MISRA C++ 2023 to analyze the code against MISRA guidelines and generate the appropriate set of compliance documents.

Why Is MISRA C++ 2023 Critical for Safe & Secure Software?

MISRA C++ aims to provide a safe subset of the C++ language. This is achieved by several requirements and limitations on the C++ source code to enhance the safety and security of the applications.

Error Prevention

The C++ Standard specifies certain situations as undefined behavior, mostly to allow compilers to generate more efficient code. Compilers are allowed to assume that the undefined behavior situation will never occur and to perform additional optimizations based on that assumption. This comes with a risk that, if the situation occurs, the behavior of the program is unpredictable. And in some cases, it means that the program behaves perfectly fine when running the tests and fails in production, which may cause the whole verification process to be futile. MISRA C++ provides guidelines that directly or indirectly guard against undefined behavior. An example case would be evaluating the indeterminate value of an object, which is guarded against by Rule 11.6.2 The value of an object must not be read before it has been set.

Code Maintainability

Certain aspects of the abstract machine are described in the C++ Standard as implementation-defined. That means the behavior of the code is well-defined and needs to be documented, but it may differ between implementations.

A program that depends on the implementation-defined behavior may be hard to port to another target. An example of such behavior would be the sizeof(int), which affects the behavior of the arithmetic operations, such as all operands with narrower types being promoted before the actual operation occurs. That in the end may result in different outcomes of the arithmetic operation depending on the compilation target. MISRA C++ guidelines guard against such problems with their Standard conversion rules, like the following:

• Rule 7.0.5 Integral promotion and the usual arithmetic conversions shall not change the signedness or the type category of an operand.
• Rule 7.0.6 Assignment between numeric types shall be appropriate.

Risk Management

MISRA guidelines also address a class of potential risks caused by the developer’s confusion or incorrect understanding of the valid C++ source code. For example, the code if (x = y) is perfectly valid C++ but is very likely to be a result of a typing error where the assignment operator has been accidentally used instead of the equality operator. Rule 8.18.2 The result of an assignment operator should not be used ensures that such code will be reported and reviewed for correctness.

Conclusion

Using a reasonable set of coding guidelines and a safe language subset is required by the functional safety standards for a reason. Organizations that can claim MISRA C++ 2023 compliance enhance the safety and security of their modern C++ applications.

Check out our MISRA C++ 2023 webinar for more details about the contents of the MISRA C++ 2023 document and the differences between AUTOSAR and MISRA C++ guidelines.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.

The post MISRA C++ 2023 Guide: Everything You Need to Know appeared first on Parasoft.