Facts

MISRA C++

The current MISRA C++:2008 guidelines were published by the Motor Industry Software Reliability Association. They are based on the MISRA C guidelines from 1998. Originally designed for the automotive industry, MISRA C++ became the standard for the implementation of critical software in the aviation, military, and medical sector. Just like MISRA C, MISRA C++ also describes guidelines for a safe subset of C++.

This subset consists of more than 200 rules classified as a document, required, or advisory.

• Document:
  • Mandatory requirements on the developer
  • Derivations are not permitted
• Required:
  • Mandatory requirements for the developer
  • Formal derivation must be raised
• Advisory:
  • Should be followed as closely as possible
  • Formal derivation is not necessary but may be considered

MISRA C++ Rules

Lets’s look at some of the important rules regarding the C++ core language and libraries. To make it clearer, we will present a few rules from MISRA C++.

• Unnecessary construct
  • The project shall not contain unreachable code. (required)
  • The project shall not contain unused variables. (required)
• Assembler
  • All usage of assembler shall be documented. (document)
• Arithmetic
  • Use of floating-point arithmetic shall be documented. (document)
• Language
  • The code shall conform to the C++03 standard (Remark: Small addition to C++98). (required)
• Comments
  • No C comments shall be used to “comment out” code. (required)
  • No C++ comments shall be used to “comment out” code. (advisory)
• Pointer conversions
  • NULL shall not be used as an integer value. (required)
• Multiple base classes
  • Classes should not be derived from virtual bases. (advisory)
• Virtual functions
  • Each overriding virtual function shall be declared with the virtual keyword. (required)
• Exception handling
  • Exceptions shall only be used for error handling. (document)
• Templates
  • All partial and explicit specializations for a template shall be declared in the same file as the declarations of their primary template. (required)
• Macro replacements
  • The # and ## operators should not be used. (advisory)
• Library
  • The C library shall not be used. (required)
  • All library code shall conform to MISRA C++.(document)

You can verify these and all the other MISRA C++ rules with static code analysis tools.

Conclusion

Which conclusions can we draw from the MISRA C++ rules for the usage of C++ in critical systems? Neither one feature nor the whole language is excluded by MISRA C++.

MISRA C++ also emphasizes why C++ in critical systems becomes more important. (1.1 The use of C++ in critical systems):

• C++ offers support for high-speed, low-level, input/output operations, which are essential to many embedded systems.
• The increased complexity of applications makes the use of a high-level language more appropriate than assembly language.
• C++ compilers generate code with similar size and RAM requirements to those of C.

One small issue remains, however. MISRA C++ is based on classical C++, while Modern C++ has more to offer for embedded systems. Sadly, MISRA C++ cannot keep in lockstep with the C++ standardization but there are efforts being made to fill the gap.