MISRA for Automotive Systems
In the realm of C and C++ development and particularly within the automotive and safety-critical sectors, the MISRA coding guidelines are crucial for ensuring software reliability and safety. These guidelines, first established by the Motor Industry Software Reliability Association (MISRA) in the early 1990s, aim to promote best practices for developing embedded control systems and standalone software. Originating from the UK government's research into road vehicle electronics, MISRA's guidelines have become widely accepted in other industries beyond automotive such as aerospace, defense, and medical devices. MISRA’s primary goal is to enhance code safety, security, and reliability, especially in embedded systems, and originally carved out a "safe subset" of the C language.
The automotive industry's increasing reliance on software for critical functions underscores the importance of MISRA compliance. Failures in these systems can have severe consequences, making adherence to MISRA guidelines a common requirement for automotive OEMs and suppliers to improve software quality and safety. Beyond automotive, MISRA principles are vital in any safety-critical domain.
Recognizing the growing use of C++ in critical applications, MISRA introduced guidelines for C++ in 2008. The latest version, MISRA C++:2023, is a significant update targeting the C++17 standard. This version provides a defined subset of C++ that minimizes the potential for errors, making it ideal for high-integrity applications. Based both on MISRA C++:2008 and on AUTOSAR, it offers a comprehensive framework for safe and secure C++17 programming, moving towards a unified industry standard.
MISRA C++:2023's explicit support for C++17 ensures its relevance for modern software projects. It addresses the evolution of the language, incorporating new features from C++17, making the guidelines more applicable to current safety-critical development. This standard also improves the decidability of guidelines, enhancing their suitability for automated verification by static analysis tools.
MISRA C++:2023 Compliance with SonarQube
SonarQube is the industry leading integrated code quality and code security analysis tool. It helps developers find and fix coding errors and security issues while promoting continuous learning. SonarQube integrates seamlessly in the DevSecOps workflow, providing real-time feedback on code health within the tools developers use such as the IDE and DevOps platforms. By providing actionable code intelligence, SonarQube enables teams to tackle potential issues proactively, reducing risk and saving cost from late discovery in the SDLC. SonarQube for IDE offers immediate feedback on code quality and code security as developers write code, supporting a "start left" approach.
Sonar is pleased to announce the development of full MISRA C++:2023 compliance capability in SonarQube. We have launched an early access program for compliance with MISRA C++:2023 available now in SonarQube Server 2025 Release 2. SonarQube MISRA Compliance is available at no additional charge to SonarQube Server Enterprise Edition and Data Center Edition customers during the early access period to give you the opportunity to try it out and provide feedback. This early access release includes 26 new MISRA C++:2023 rules boosting our coverage to 84 out of a total of 179 rules. We will keep adding rules and additional capability in future releases of SonarQube Server.
Future releases of SonarQube MISRA Compliance will focus on:
- 100% detection: Our target is to have complete coverage of the MISRA C++:2023 guideline while maintaining our standard of highly accurate issue detection and preserving fast analysis times. Additionally, the SonarQube rules for meeting MISRA C++:2023 compliance will contain details about our implementation including any potential known limitations of the detection we provide. This way when issues are detected by SonarQube, you have the documented details needed to determine compliance.
- MISRA compliance workflow: MISRA defines guideline categories, deviation records, and other concepts that will be supported in SonarQube to keep your projects in compliance as you develop.
- “Start left”: We want to help developers and teams produce MISRA compliant source code as they write it. When connected with SonarQube Server, SonarQube for IDE will identify issues as developers code in their IDE. Real-time feedback on compliance with MISRA is provided in the form of a quality gate pass-fail status results which ensure only code that complies with the standard makes it to production.
- Compliance reporting: Reports not only allow teams and managers to assess their compliance status, they also help simplify the compliance claim process by reducing the effort to build documentation required to support claiming compliance.
We are excited to give you access to the SonarQube MISRA C++:2023 Compliance feature as we build it out and add more capability over the coming SonarQube Server releases. We look forward to your ongoing feedback in order to provide you with the most valuable tool to meet your MISRA compliance needs.
Don't have SonarQube Server Enterprise or Data Center edition? Try it out now and see the Sonar MISRA Compliance early access feature at work. Read through our docs content to find out how to configure Early Access for Sonar MISRA Early Access.