MISRA-C-2012-AMD-1

andytlz
1 ℃
2020-05-11

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

MISRAC:2012Amendment1AdditionalsecurityguidelinesforMISRAC:2012April2016FirstpublishedApril2016byHORIBAMIRALimitedWatlingStreetNuneatonWarwickshireCV100TUUK©HORIBAMIRALimited,2016.“MISRA”,“MISRAC”andthetrianglelogoareregisteredtrademarksownedbyHORIBAMIRALtd,heldonbehalfoftheMISRAConsortium.OtherproductorbrandnamesaretrademarksorregisteredtrademarksoftheirrespectiveholdersandnoendorsementorrecommendationoftheseproductsbyMISRAisimplied.Allrightsreserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanicalorphotocopying,recordingorotherwisewithoutthepriorwrittenpermissionofthePublisher.ISBN978-1-906400-16-3PDFBritishLibraryCataloguinginPublicationDataAcataloguerecordforthisbookisavailablefromtheBritishLibraryMISRAC:2012Amendment1AdditionalsecurityguidelinesforMISRAC:2012April2016iMISRAMissionStatementWeprovideworld-leadingbestpracticeguidelinesforthesafeandsecureapplicationofbothembeddedcontrolsystemsandstandalonesoftware.MISRAisacollaborationbetweenmanufacturers,componentsuppliersandengineeringconsultancieswhichseekstopromotebestpracticeindevelopingsafety-andsecurity-relatedelectronicsystemsandothersoftware-intensiveapplications.TothisendMISRApublishesdocumentsthatprovideaccessibleinformationforengineersandmanagement,andholdseventstopermittheexchangeofexperiencesbetweenpractitioners.DisclaimerAdherencetotherequirementsofthisdocumentdoesnotinitselfensureerror-freerobustsoftwareorguaranteeportabilityandre-use.Compliancewiththerequirementsofthisdocument,oranyotherstandard,doesnotofitselfconferimmunityfromlegalobligations.iiForewordThevisionofMISRACissetoutintheopeningparagraphoftheGuidelines:TheMISRACGuidelinesdefineasubsetoftheClanguageinwhichtheopportunitytomakemistakesiseitherremovedorreduced.Manystandardsforthedevelopmentofsafety-relatedsoftwarerequire,orrecommend,theuseofalanguagesubset,andthiscanalsobeusedtodevelopanyapplicationwithhighintegrityorhighreliabilityrequirements.Unfortunately,manypeoplefocusonthesafety-relatedsoftwarereference,andaperceptionexiststhatMISRACisonlysafety-relatedandnotsecurity-related.SubsequenttothepublicationofMISRAC:2012,ISO/IECJTC1/SC22/WG14(thecommitteeresponsibleformaintainingtheCStandard)publishedtheirownClanguageSecurityGuidelines,asISO/IEC17961:2013.Addendum2toMISRAC:2012setsoutthecoveragebyMISRAC:2012ofISO/IEC17961:2013andjustifiestheviewpointthatMISRACisequallyapplicableinasecurity-relatedenvironmentasitisinasafety-relatedone.TheworktocreatethatmatrixhighlightedasmallnumberofareaswhereMISRACcouldbeenhanced.ThisAmendmenttoMISRAC:2012setsoutasmallnumberofadditionalguidelines,toimprovethecoverageofthesecurityconcernshighlightedbytheISOCSecureGuidelines.Severaloftheseaddressspecificissuespertainingtotheuseofuntrustworthydata,awell-knownsecurityvulnerability.TheseadditionalGuidelinesextendMISRAC:2012andIencourageallusers,andallorganizations,toconsideradoptionattheearliestopportunity.AndrewBanksFBCSCITPChairman,MISRACWorkingGroupiiiAcknowledgementsTheMISRAconsortiumwouldliketothankthefollowingindividualsfortheirsignificantcontributiontothewritingofthisdocument:AndrewBanksFrazer-NashResearchLtd/IntuitiveConsultingMikeHennellLDRALtdClivePygottColumbusComputingLtdChrisTappLDRALtdLizWhitingLDRALtdTheMISRAconsortiumalsowishestoacknowledgecontributionsfromthefollowingmembersoftheMISRACWorkingGroupduringthedevelopmentandreviewprocess:FulvioBaccagliniProgrammingResearchLtdDaveBanhamRolls-RoyceplcMarkBradburyIndependentConsultant(FormerlyAeroEngineControls)JillBrittonProgrammingResearchLtdChrisHillsPhaedrusSystemsLtdTheMISRAconsortiumalsowishestoacknowledgecontributionsfromthefollowingindividualsduringthedevelopmentandreviewprocess:DavidWardHORIBAMIRALtdivContents1Newdirectives11.4Codedesign12Newrules32.12Expressions32.21Standardlibraries42.22Resources123Changestoexistingrules174References18AppendixASummaryofguidelines19AppendixBGuidelineattributes21v1Newdirectives1.4CodedesignDir4.14ThevalidityofvaluesreceivedfromexternalsourcesshallbecheckedC90[Undefined15,19,26,30,31,32,94]C99[Undefined15,16,33,40,43-45,48,49,113]CategoryRequiredAppliestoC90,C99Amplification“Externalsources”includedata:●Readfromafile;●Readfromanenvironmentvariable;●Resultingfromuserinput;●Receivedoveracommunicationschannel.RationaleAprogramhasnocontroloverthevaluesgiventodataoriginatingfromexternalsources.Thevaluesmaythereforebeinvalid,eitherastheresultoferrorsorduetomaliciousmodificationbyanexternalagent.Datafromexternalsourcesshallthereforebevalidatedbeforeitisused.Inthesecuritydomain,externalsourcesofdataareusuallyregardedasuntrustedastheymayhavebeenmodifiedbysomeonetryingtoharmorgaincontroloftheprogramand/orsystemitisrunningon;suchdataneedstobevalidatedbeforeitcanbeusedsafely.Inthesafetydomain,externalsourcesareregardedas“suspicious”andvaluesobtainedfromthemrequirevalidation.Inbothdomains,datafromanexternalsourceshallbetestedtoensurethatitsvaluerespectsalltheconstraintsplacedonitsuse(i.e.itsvalueisnotharmful),evenifthevaluecannot