Abstract
The C programming language dominates software implementation in the automotive industry: C is small, fast, portable and has widespread compiler support.
The emergence of ISO26262 [1] however, has shone a light on C’s darker side. C encourages "programming on the edge of safety", where small mistakes can have catastrophic implications. Subsets of C help to control its worst aspects, but they do not address more fundamental software engineering challenges that arise when considering safety.
This paper proposes “a safer way to C”. The approach takes C as a starting point and removes features that are hard to use safely. The language is then extended with features that help to prevent classes of programming errors by design and provide additional semantic context that can be used to improve the possibilities for quality assurance through improved static analysis, review and/or inspection. The resulting language is called Embedded Software Development Language (ESDL).
ESDL does not rely on its own compiler technology: ESDL programs are re-written as MISRA-C:2004 compliant C code using code generation. An ESDL program abdicates the user from writing C code that would prone to error and difficult to maintain, such as automatic addition of defensive coding idioms to prevent certain classes of runtime errors. The generated C code can be compiled with any C compiler
No language can guarantee better code, but the chance of success can be maximized by designing a language that removes the pitfalls of C, enables automatic quality assurance checking but is nevertheless translatable to C code that can be used in existing tool chains.
KEYWORDS – programming, safety, code generation, static analysis