Facts

Here are some facts regarding embedded programming with C++, as well as MISRA C++ and AUTOSAR C++14 guidelines.

MISRA C++

The current MISRA C++:2008 guidelines were published by the Motor Industry Software Reliability Association. They are based on the MISRA C guidelines from 1998. Originally designed for the automotive industry, MISRA C++ became the standard for the implementation of critical software in the aviation, military, and medical sector. Just like MISRA C, MISRA C++ also describes guidelines for a safe subset of C++.

This subset consists of more than 200 rules classified as a document, required, or advisory.

  • Document:
    • Mandatory requirements on the developer
    • Derivations are not permitted
  • Required:
    • Mandatory requirements for the developer
    • Formal derivation must be raised
  • Advisory:
    • Should be followed as closely as possible
    • Formal derivation is not necessary but may be considered

MISRA C++ Rules

Lets’s look at some of the important rules regarding the C++ core language and libraries. To make it clearer, we will present a few rules from MISRA C++.

  • Unnecessary construct
    • The project shall not contain unreachable code. (required)
    • The project shall not contain unused variables. (required)
  • Assembler
    • All usage of assembler shall be documented. (document)
  • Arithmetic
    • Use of floating-point arithmetic shall be documented. (document)
  • Language
    • The code shall conform to the C++03 standard (Remark: Small addition to C++98). (required)
  • Comments
    • No C comments shall be used to “comment out” code. (required)
    • No C++ comments shall be used to “comment out” code. (advisory)
  • Pointer conversions
    • NULL shall not be used as an integer value. (required)
  • Multiple base classes
    • Classes should not be derived from virtual bases. (advisory)
  • Virtual functions
    • Each overriding virtual function shall be declared with the virtual keyword. (required)
  • Exception handling
    • Exceptions shall only be used for error handling. (document)
  • Templates
    • All partial and explicit specializations for a template shall be declared in the same file as the declarations of their primary template. (required)
  • Macro replacements
    • The # and ## operators should not be used. (advisory)
  • Library
    • The C library shall not be used. (required)
    • All library code shall conform to MISRA C++.(document)

You can verify these and all the other MISRA C++ rules with static code analysis tools.

Conclusion

Which conclusions can we draw from the MISRA C++ rules for the usage of C++ in critical systems? Neither one feature nor the whole language is excluded by MISRA C++.

MISRA C++ also emphasizes why C++ in critical systems becomes more important. (1.1 The use of C++ in critical systems):

  • C++ offers support for high-speed, low-level, input/output operations, which are essential to many embedded systems.
  • The increased complexity of applications makes the use of a high-level language more appropriate than assembly language.
  • C++ compilers generate code with similar size and RAM requirements to those of C.

One small issue remains, however. MISRA C++ is based on classical C++, while Modern C++ has more to offer for embedded systems. Sadly, MISRA C++ cannot keep in lockstep with the C++ standardization but there are efforts being made to fill the gap.

Get hands-on with 1400+ tech skills courses.