[Oberon] Oberon as (embedded) rtos.

Chris Burrows chris at cfbsoftware.com
Mon Nov 12 08:12:01 CET 2018

> -----Original Message-----
> From: Oberon [mailto:oberon-bounces at lists.inf.ethz.ch] On Behalf Of
> Paul Reed
> Sent: Monday, 12 November 2018 12:26 AM
> To: ETH Oberon and related systems
> Subject: Re: [Oberon] Oberon as (embedded) rtos.
> > https://en.wikipedia.org/wiki/Rate-monotonic_scheduling#cite_note-
> 12
> > ..."What really happened on Mars Rover Pathfinder"
> > http://www.rvs.uni-
> bielefeld.de/lectures/TechInf/TI2/download/19.49-1.
> > 1.ht
> > ml
> > ...Some lessons learned...
> > https://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf
> Thanks, nice reading!  It reminded me that Chris Burrows has already
> pointed out how much you need to do of MISRA-C when writing in C,
> which with Oberon you get out-of-the-box.

Thanks for remembering, Paul!

For those who were not fortunate enough to be able to attend Oberon Day 2011
this is a summary of my attempts to get some measure of the comparative
reliability of C and Oberon-07 when used for embedded software development. 

>From Wikipedia: "MISRA C is a set of software development guidelines for the
C programming language developed by MISRA (Motor Industry Software
Reliability Association). Its aims are to facilitate code safety, security,
portability and reliability in the context of embedded systems"

I took the 142 rules of the MISRA-C:2004 "Guidelines for the use of the C
language in critical systems" and applied them to Oberon-07. I discovered
that more than 70% of the rules are NOT required when programming in
Oberon-07. They are either already enforced by the language or are not

Examples of MISRA rules that are not applicable to Oberon-07: 

  Rule 14.4: The goto statement shall not be used. (Oberon-07 does not have

  Rule 14.5: The continue statement shall not be used. (Oberon-07 does not

Examples of MISRA rules that are enforced by the design of Oberon-07: 

  Rule 14.7: A function shall have a single point of exit at the end of the

  Rule 16.6: The number of arguments passed to a function shall match the
number of parameters.

The remaining 30% of MISRA rules would need to be followed if using
Oberon-07 for critical systems. They include: 

  Rule 2.4 (advisory): Sections of code should not be "commented out".

  Rule 20.4: Dynamic heap memory allocation shall not be used.

More information about MISRA and their guidelines can be found on their


Chris Burrows
CFB Software

More information about the Oberon mailing list