IEEE Access (Jan 2024)
Real-Time Operating Systems’ Compliance With MISRA-C Coding Standard: A Comprehensive Study
Abstract
Ensuring the security and safety of a real-time operating system (RTOS) is crucial for protecting against potential cyber-attacks. A robust system can provide reliable and uninterrupted operations in the system as well as protect sensitive data and critical functions. To help programmers develop robust programs and systems, multiple secure coding standards have been developed by different organizations. These coding standards offer guidelines for writing secure code to eliminate vulnerabilities and prevent undefined behaviors from happening. The goal of this research is to understand whether several free common RTOSs follow these secure coding standards. We chose MISRA-C:2012 for our experiment because it is a widely recognized coding standard specifically designed for the safe use of the C programming language in critical systems. To investigate whether existing RTOSs adhere to MISRA-C:2012, we utilized a static code analysis tool, Cppcheck, to analyze 16 open-source RTOSs (written in C) for compliance with 153 rules in MISRA-C:2012. The results indicate that most of the RTOSs conform to mandatory rules of MISRA-C. However, quite a few of the required rules are still violated by many of the RTOSs. Some of the violated rules can potentially result in critical issues in the RTOSs, but most of them can be avoided by simply writing better and safer C code. This paper discusses the major issues in the implementation of RTOSs found in our experiment. The analysis of the results will help programmers and researchers understand the primary concerns in RTOSs’ code and learn how to avoid them by implementing better code.
Keywords
