Could MISRA-C have prevented the Apple iPhone SSL Bug?

The mainstream media has been reporting a vulnerability in the SSL, in Apple's iPhone

What Was The Problem?

According to a diff of the source code, an extra gotowas inserted in the nest of conditions.

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
    goto fail;
    goto fail;  // This one added by mistake

By a quirk of the C language, only the single statement (or compound statement) after an if is executed when the condition is met – so the second goto (line 62) becomes unconditional.

At first glance, this could be put down to "one of those things" – but errors such as this are easily preventable.

Compound Statements

Most coding guidelines, (for example, MISRA C produced by the MISRA Consortium) require [Rule 15.6 MISRA C:2012] that the body of … a selection statement shall be a compound statement.

So in the Apple example, this would have become:

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
{
    goto fail;
    goto fail;
}

Which would not have been a problem!

Use of Goto

The second aspect that requires scrutiny is the use of multiple goto statements – quite simply, the code snippet at the heart of this bug could very easily be restructured to an if … else if … else if … else ladder, therefore removing the need of the goto statements.

Although the subject can be divisive, Rule 15.1 of MISRA C:2012 recommends that the goto statement should not be used. Note that MISRA C:2012 has relaxed the required status of previous editions, and now additionally provides guidance on how to use goto statements, if you do choose to use them…

Static Analysis

ALthough it is said that the bug was not discovered in testing, it was entirely preventable, by adopting the simple process of running static analysis. Most compilers provide some static analysis support, and I am very surprised that Apple does not require static analysis to be performed on all of its code.

Perhaps it will now…

Posted in MISRA | Leave a comment

BSI relaunches UK C Panel

After a number of years without an "official" UK mirror panel, the British Standards Institute has launched a new panel IST/5/-/24 to act as the UK's contribution to ISO/IEC JTC1/SC22/WG14 – the C language standards body.

The previous UK panel IST/5/-/14 was disbanded in 2008.

The new panel, chaired by Joseph Myers, will provide input to WG14 during future work to improve ISO/IEC 9899 – the C standard.  I have joined in a two-hatted way: firstly purely in a personal capacity; but also as a representative of the MISRA C Working Group.

I look forward to being able to contribute usefully…

 

Posted in BSI, Standards | Leave a comment

Andrew becomes “Osprey”

For the last year, my eldest daughter, Emily, has been a member of the 7th Farnborough Beaver Colony… and I've been an occasional helper on an informal basis.

However, with the imminent departure of the current Beaver Scout Leader (aka Nightingale) and her Assistant (her son, aka Hawk) to pastures new, this is about to change!

osprey_perched_uprightWhile the Group Scout Leader (aka Kingfisher) will be taking over as the Beaver Scout Leader, I have agreed to become a Beaver Scout Sectional Assistant.

Within the Colony, all leaders take the name of birds; I have chosen the name of my favourite bird…

So now (at least from a Beaver Scouting perspective) I have become Osprey!

Posted in Beavers | Tagged Beavers | Leave a comment

Graze NibbleBox Review – Week 1

Get your own free sample box

The Wait Is Over

Saturday's postman arrives, and delivers my first Graze box…

A robust (recyclable) cardboard carton, held closed by two sealing strips…

Unpacking my Graze Box

graze-week1

But the important thing is: what's inside the box?

And a single paper napkin…!

Reviewing my Graze NibbleBox

Apple and Cinnamon FlapJack

Disappeared very quickly… need I say more?

Bonnie Wee Oatcakes

Found the oatcakes a bit dry on their own, but the accompanying onion chutney made all the difference…

Copacabana

graze-copacabanaA mix of Belgium dark and milk chocolate buttons and brazil nuts

Consumed as a mid-morning snack, provided a pleasant mix of the sweet milk-chocolate, the slightly bitter dark-chocolate and the crunchy Brazil nuts.

While I can munch my way through a packet of brazil nuts for fun, I'm not normally a fan of dark chocolate, but the three together worked well. Copacabana gets a LIKE.

Tutti Fruiti

graze-tuttifruitiA mix of pineapple, cherry infused raisins, blueberry infused cranberries and green raisins.

The first one out of the box, and it disappeared very quickly – leaving a feeling of just-about-the-right-amount.

I absolutely love fresh pineapple, but (I think) this is the first time ever that I've tried it dried. Slightly chewier than I was expecting, but retaining most of the flavour. On the other hand, I'm not a huge fan of cherry flavouring, and I felt the cherry-infusion spoilt some nice raisins. On balance, doesn't quite deserve a LOVE, so a LIKE for Tutti Frutti.

Posted in Graze | Leave a comment

Andrew starts to Graze

According to the Garfield school, I'm not so much over-weight as under-tall… but given that I'm now unlikely to grow, it is the weight I need to manage.

This isn't helped by my eating habits – skipping breakfast (and often lunch) and then pigging out at (a late) dinner – which I have resolved to improve.

To add into the mix, I've recently been diagnosed as wheat-gluten intolerent, which (as well as explaining a lot) eliminates many of the obvious snacks.

Enter Graze

GrazeBoxFor a few months now, every time I've bought something in WH Smiths, I've received a voucher for a free sample box from Graze… and having looked at the graze.com website, I was tempted. But for one reason or another, I'd never proceeded… until now.

The idea behind Graze is the delivery of healthy snacks… everything is managed via their website, which allows you to designate each snack as one of four categories:

  • Bin - never receive it
  • Try - give it a go
  • Like – send occasionally
  • Love – send regularly

There is also a Send Soon tick-box to request an item.

The first box is free, and £3.89 per box thereafter – so less than £1.00 per snack. 

The Graze Range

Currently there are over 140 products to choose from… to avoid any pre-conceived ideas, I only flagged those containing wheat gluten to be binned (so I don't get any) but pretty much left everything else to chance…

Review to follow…

 

Posted in Graze | Leave a comment

National Blood Week 2013

On Friday, I did something that I hadn't done for nearly three years – In recognition of National Blood Week I gave blood.

nbw_2013

Having completed 52 donations, in a largely uninterrupted run over 23 years, I had not given blood since August 2010, after which the new appointments based system (supposedly introduced for donor's convenience…) meant I couldn't just turn up when I was able to.

But I thought I'd give it another go. So shortly after 2:30pm I arrived at a quiet St Peter's Church-hall… "Do you have an appointment?" The next free appointment was 3:10 – OK, I'll wait…

Ten past three arrived.  Because it had been over two years since my last donation, I had an extended questionaire (fair enough)… but because I ticked the "wrong" box on three questions (for reasons that had been declared at the previous 52 donations) I had to see the nurse (no longer a doctor)… there was only one nurse, and she was busy.

At 3:45 she became free.  And approved my answers with a quick swish of the pen.

One thing had changed over the past three years… the old rickerty beds have been replaced with reclining chairs!

Twenty minutes later I was done… a few minutes rest, a drink and a packet of crisps, and at just before half-past-four I was free to go.

Hopefully, see you in three months…

Posted in Uncategorized | Leave a comment

Empire Avenue

Andrew has joined EmpireAvenue – the site that combines social media analysis, games and networking to help you increase your reputation and reach.

You can interact with the world's top social media profiles and unlock your value. Sign up for free at http://www.empireavenue.com and BUY (e)AndrewBanks

Posted in Social Media | Tagged EmpireAvenue, social media | Leave a comment

MISRA C:2012 Published

MISRA is very pleased to announce today that the new edition of MISRA C Guidelines for the use of the C language in critical systems, known as MISRA C:2012, is now available from the MISRA webstore. Initially PDF copies are available to purchase.  Printed copies can be pre-ordered, but will be shipped from 8 April 2013 onwards in the order in which they were purchased.

MISRA C:2012 extends support to the C99 version of the C language (while maintaining guidelines for C90), in addition to including a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent, safe use of C in critical systems. Improvements, many of which have been made as a result of user feedback, include: better rationales for every guideline, identified decidability so users can better interpret the output of checking tools, greater granularity of rules to allow more precise control, a number of expanded examples and integration of MISRA AC AGC.

A cross-reference for ISO 26262 has also been produced, and a similar cross-reference for DO-178C is in progress.

Keep up to date on the latest MISRA C:2012 news at www.misra.org.uk/MC2012

Posted in MISRA | Leave a comment

MISRA C:2012 Announcement

MISRA C:2012 release date announced at Embedded World 2013

De facto standard for embedded C programming to be available from 18 March 2013

26 February 2013 – MISRA, the organisation behind many guidelines for critical systems, is pleased to announce, at Embedded World 2013, that the latest version of MISRA C, its world-recognised standard for embedded C programming, will be available at www.misra.org.uk/shop from 18 March 2013.

MISRA C:2012 extends support to the C99 version of the C language (while maintaining guidelines for C90), in addition to including a number of improvements that can reduce the cost and complexity of compliance, whilst aiding consistent, safe use of C in critical systems.

Improvements, many of which have been made as a result of user feedback, include: better rationales for every guideline, identified decidability so users can better interpret the output of checking tools, greater granularity of rules to allow more precise control, a number of expanded examples and integration of MISRA AC AGC. A cross reference for ISO 26262 has also been produced.

“More than 1,000 combined days and 250 years of expertise – all donated by leading figures across industry and academia – have gone into MISRA C:2012,” said Steve Montgomery, Chairman of the MISRA C Working Group which, combined with the MISRA Steering Group, includes 18 representatives from across manufacturers, component suppliers, tool vendors and consultancies. “The aim of everything we publish is always to base it on practical, real-world experience and to create something that is clear, versatile and practical.”

MISRA C was first created for the automotive industry in 1990s when Ford Motor Company and Rover Group combined efforts to create a C language subset, and has since become the de facto standard for embedded C programming across the majority of safety-related industries, from aerospace to medical. It is also increasingly used within organisations where security and reliability of critical systems are essential.

Montgomery concluded; “All of us involved in MISRA C:2012 are excited to hear how it is received. Like any new version of such a widely used standard there will no doubt be adjustment for organisations, but we believe that the changes will make compliance easier and – ultimately – all of our lives safer.”

The PDF of MISRA C:2012 can be purchased from www.misra.org.uk/shop from 18 March 2013 with the printed version available by the end of March 2013.

Ends

Notes to Editors

MISRA is a collaboration between vehicle manufacturers, component suppliers and engineering consultancies which seeks to promote best practice in developing safety-related electronic systems in road vehicles and other embedded systems. To this end MISRA publishes documents that provide accessible information for engineers and management, and holds events to permit the exchange of experience between practitioners.

All contributors to MISRA donate their time as a personal commitment to the development of safer systems.
MISRA C, originally created when Ford Motor Company and Rover Group decided to combine their individual efforts to create a C language subset, has gone on to become the de facto standard for embedded C programming across the majority of safety-related industries. MISRA C:2012 follows MISRA C:2004.

For more information visit www.misra.org.uk or contact Tel: +44 (0) 24 7 635 5695.

MISRA and MISRA C are registered trademarks of MIRA Ltd, held on behalf of the MISRA Consortium.

Posted in MISRA | Tagged MISRA | Leave a comment

Update on MISRA C:2012

MISRA C:2012 is now nearing completion, and will be available via the MISRA website by Easter 2013.

An official update, with all relevant details relating to the new version, will be made on 26 February 2013. This information will be available via all MISRA channels (web site, newsletter) and at Embedded World 2013.

Posted in Uncategorized | Leave a comment