• Thursday, 15 May 15:30 - 15:55 (Europe/Lisbon)
• Your timezone: Thursday, 15 May 15:30 - 15:55 (Europe/Lisbon)
• Keynote room | Floriana II

Bringing an existing codebase into MISRA compliance is known to be a challenging, risky, and time-consuming task. Yet, it is a necessity when a product needs functional safety certifications. Such an endeavor requires facing multiple tradeoffs and, consequently, lots of experience on both the codebase and MISRA. The choices between deviating a guideline and changing the code, which way to modify the code, and how to formulate a deviation, are tough and have far-reaching consequences not immediately evident. While a project undertaking MISRA compliance at a late development stage is likely to rely on deviations more than other projects, one should take into account the interdependencies among MISRA guidelines and the impact that one deviation might have on them. Deviations need to be rock-solid as they always catch the assessors' attention. In this presentation, we will illustrate our experience and the lessons learned while undertaking MISRA compliance work for the Xen hypevisor. We will go through the key takeaways, including the most effective deviation strategies, and the way to tackle the MISRA C essential type model, which typically accounts for a large number of violations in existing codebases. We will also discuss how to marry MISRA with open-source development processes and communities.