Facts
Here are some facts regarding embedded programming with C++, as well as MISRA C++ and AUTOSAR C++14 guidelines.
We'll cover the following
MISRA C++
The current MISRA C++:2008 guidelines were published by the Motor Industry Software Reliability Association. They are based on the MISRA C guidelines from 1998. Originally designed for the automotive industry, MISRA C++ became the standard for the implementation of critical software in the aviation, military, and medical sector. Just like MISRA C, MISRA C++ also describes guidelines for a safe subset of C++.
This subset consists of more than 200 rules classified as a document, required, or advisory.
- Document:
- Mandatory requirements on the developer
- Derivations are not permitted
- Required:
- Mandatory requirements for the developer
- Formal derivation must be raised
- Advisory:
- Should be followed as closely as possible
- Formal derivation is not necessary but may be considered
MISRA C++ Rules
Lets’s look at some of the important rules regarding the C++ core language and libraries. To make it clearer, we will present a few rules from MISRA C++.
- Unnecessary construct
- The project shall not contain unreachable code. (required)
- The project shall not contain unused variables. (required)
- Assembler
- All usage of assembler shall be documented. (document)
- Arithmetic
- Use of floating-point arithmetic shall be documented. (document)
- Language
- The code shall conform to the C++03 standard (Remark: Small addition to C++98). (required)
- Comments
- No C comments shall be used to “comment out” code. (required)
- No C++ comments shall be used to “comment out” code. (advisory)
- Pointer conversions
- NULL shall not be used as an integer value. (required)
- Multiple base classes
- Classes should not be derived from virtual bases. (advisory)
- Virtual functions
- Each overriding virtual function shall be declared with the virtual keyword. (required)
- Exception handling
- Exceptions shall only be used for error handling. (document)
- Templates
- All partial and explicit specializations for a template shall be declared in the same file as the declarations of their primary template. (required)
- Macro replacements
- The # and ## operators should not be used. (advisory)
- Library
- The C library shall not be used. (required)
- All library code shall conform to MISRA C++.(document)
You can verify these and all the other MISRA C++ rules with static code analysis tools.
Conclusion
Which conclusions can we draw from the MISRA C++ rules for the usage of C++ in critical systems? Neither one feature nor the whole language is excluded by MISRA C++.
MISRA C++ also emphasizes why C++ in critical systems becomes more important. (1.1 The use of C++ in critical systems):
- C++ offers support for high-speed, low-level, input/output operations, which are essential to many embedded systems.
- The increased complexity of applications makes the use of a high-level language more appropriate than assembly language.
- C++ compilers generate code with similar size and RAM requirements to those of C.
One small issue remains, however. MISRA C++ is based on classical C++, while Modern C++ has more to offer for embedded systems. Sadly, MISRA C++ cannot keep in lockstep with the C++ standardization but there are efforts being made to fill the gap.
Get hands-on with 1400+ tech skills courses.