MISRA Q&A: Frequently Ask Questions and Answers

Expert Insights on MISRA C++:2023, Compliance Challenges & Best Practices

Our experts Dr. Sebastian Krings and Dr. Daniel Simon answer the latest questions around MISRA Coding Guidelines. Read the entire blog post or jump directly to the respective question by clicking the shortcuts on the right.

To dive in even deeper into the realm of MISRA Coding Guidelines, we highly recommend to watch our successful webinar series MISRA Monday, that Daniel and Sebastian recently hosted. You will be served even more expert knowledge around MISRA in digestible 20-minute bites: Watch MISRA Mondays on demand.

What to expect: We asked Sebastian and Daniel about:

MISRA fundamentals and MISRA C++:2023 / MISRA C:2025
Common technical challenges
Best practices for MISRA compliance and efficiency
MISRA in mixed-language environments
Developer pain-points in adopting MISRA coding guidelines

What are the most impactful changes in MISRA C++:2023?

The level of the exhaustiveness: they have been updated for modern C++ versions.
Greater involvement from tool vendors led to a more practical rule-set. Rules are more decidable and are better checkable nowadays.
If you are interested in MISRA C and want to know what changed there, see our blog post on the new MISRA C:2025 rules.

Is security equally important as safety in MISRA?

Both are important and often overlap.
Later MISRA updates have added security-relevant rules.
Code quality affects both areas.

What challenges come with automating MISRA compliance in large projects?

The need for flexible, scalable toolchains.
Different development workflows, feature branches, CI/CD add complexity.
MISRA checks must handle cause/effect across teams and be enforceable at scale.
In the end its an organizational and workflow challenge because in large-scale-projects cause and effect can be in different teams.

Can MISRA benefit from machine learning–assisted rule validation?

Possibly for prioritization, grouping similar violations, or aiding fix suggestions.
Machine Learning can assist but not replace developer judgment—especially in safety contexts.

Can ChatGPT handle MISRA checks?

ChatGPT can help generate MISRA-style code, but it's not accountable or consistent.
This can put you in trouble in environments where you need to be 100% compliant.
Developers are still responsible for validation and therefore will need to use tools to check for compliance anyway.

Can MISRA succeed using free, or cheap tools?

Success of all Coding Guidelines depends on: Are there tools to automatically check and enforce them?
Manual checks are impractical; tools are essential.
Free tools exist, though commercial tools offer better coverage, additional support and a more comprehensive check of the rules: Axivion for instance covers all rules.

How does MISRA C++:2023 compare to the C++ Core Guidelines and tools like Clang-Tidy?

C++ Core Guidelines are broader and more general.
MISRA standards are more focused on safety-critical and embedded systems, which means they have a different focus; neither of them is better.
MISRA offers versioned, certifiable rule sets, while core guidelines evolve continuously and don't give you a version that you can pinpoint. It is a question of certification and processes.

How should we address MISRA’s slower update cycles?

Safety-critical domains prefer stability over frequent changes.
Frequent updates (like in AUTOSAR) cause fragmentation.
MISRA 2023 is a stable base, and future updates will likely follow a moderate pace.
The approach of extension via the MISRA amendments is quite practical because it is guaranteed that the rest of the rules stay as they were.

How is MISRA perceived outside the automotive industry?

MISRA coding standards are widely respected also in medical, avionics, and industrial fields.
Often used as a baseline, with industry-specific additions the usage of MISRA rules makes a lot of sense.
Developers may adapt or extend the rules for their own context.

What are the interoperability challenges with MISRA standards when integrating Rust, Python, etc.?

Language bridges may break MISRA rules (e.g., heap use, pointer operations).
Some compliance issues are unavoidable—one must document deviations.
The C/C++ side should remain compliant as much as possible.

How does MISRA interact with parallel programming frameworks (OpenMP, CUDA)?

These extend language semantics in ways MISRA doesn’t always cover.
Using them may require documented rule deviations.
Projects need to assess risk and formally accept justified exceptions.

Can MISRA principles be used for other languages?

MISRA provides rationale and intent behind rules, which can inspire equivalent rules in other languages.
There’s active effort to map MISRA principles to Rust and other languages.

What are the gaps in MISRA when applied to multi-language projects?

No standard yet addresses cross-language pitfalls (e.g., C ↔ Rust ↔ Python).
Experience and community maturity are needed before formal rules can emerge.

Are there psychological hurdles for developers adopting MISRA?

Developers may feel restricted or overwhelmed by rule-based coding.
It requires a mindset shift from creativity to professionalism and long-term maintainability.
Education and clear rationale are key to success.

What are the trade-offs between strict MISRA enforcement and practical software engineering flexibility?

Benefits of guidelines can be enforced with different means.
MISRA can be restrictive and of course code can be correct while not being MISRA compliant, so it takes time and effort to be compliant.

How to balance MISRA compliance with developer productivity, especially in fast-paced development environments?

Check early and often
Baselining

Have past MISRA iterations led to unintended consequences in code maintenance and readability?

MISRA guidelines are written in human language, so there will always be room for interpretation.
You can never be sure things are not misunderstood. And also the MISRA consortium cannot know all code on earth. This is why there will be always some movement and improvement.
Also rules might have been too strict or impractical in the past.
If there are any doubts, the MISRA consortium can be contacted.

What are the most common reasons developers resist MISRA adoption, and how can those concerns be addressed?

There are usually two reasons for a lack of motivation to use MISRA:
- Large legacy code bases that might have worked without MISRA before:
  - Solution: Baselining and to only apply rules that have a higher runtime impact onto that legacy code.
- Not understanding the reasoning between rules:
  - Solution: Through training and access to descriptions those concerns can be addressed.
- All in all: automation, baselining and tracking issues over time are the solution.

Can certain MISRA rules be adapted to UI-heavy applications without compromising their core usability?

Certain rules can be adapted, maybe not all. It was never meant that way.
Recommendation: Pick what seems right.

Are there existing deviations or exemptions that non-safety projects regularly rely on?

Special components, e.g. direct hardware access, special memory requirements (or lack thereof), etc.

Do safety regulations in industries outside of automotive encourage MISRA-like compliance?

Yes, other regulated environments such as medical, aerospace, industrial automation etc. can benefit of MISRA compliance and usually enforce ensuring safety and security just like the automotive world.
MISRA is a good starting point for any industry that is using C/C++ and that is safety reliant (also regarding the extensions towards Rust).

Key Takeaways

MISRA is complex, but worth adopting thoughtfully.
Staying at a strategic level of discussion helps broaden the understanding across different roles.
MISRA is not only beneficial in the automotive industry but also in other regulated industries.

Meet the Experts

Dr. Daniel Simon studied computer science at the Saarland University and University of Stuttgart in Germany. After several roles in consulting of different businesses in quality management, he took over responsibility for Axivion's Professional Services.

Following the acquisition of Axivion by the Qt Group, Daniel now supports customers of Qt Quality Assurance with the best possible integration and application of the products Axivion Static Code Analysis and Axivion Architecture Verification.

Dr. Sebastian Krings is an R&D manager and software engineer specializing in tools for static software analysis. He previously worked as a Postdoc at the Institute for Information Security at Niederrhein University of Applied Sciences and was part of the Software Engineering and Programming Languages chair at Heinrich-Heine University in Düsseldorf. In 2017, he earned his PhD with research on formal methods for verifying safety-critical software systems.

At Axivion, he focuses on developing new code quality analyses, defining technical requirements, and overseeing the implementation of innovations in their tools.

Got Questions?

Interested in improving your code quality and finding out more on the possibilities of Axivions MISRA Checker? Explore how Axivion can help. Contact us anytime and take our interactive tour here.