AUTOSAR has published coding guidelines for using C++ in critical and safety-related applications.
Nobody likes a gap, and until October 2017 a gap existed when it came to coding standards for C++ 14 and C++ 11 for critical and safety related software. What did exist were standards for older C++ versions, and there was nothing for the types of critical and safety related systems becoming more important in automotive and other industries. MISRA C++: 2008, for example, only went up to C++ 03 and there has been a significant evolution since then.
The AUTOSAR partnership has thus stepped in with coding guidelines that it sees as an update to MISRA C++: 2008, bringing that document in line with current practices, in particular the more widespread use of object-oriented languages in safety related and critical environments.
There have been other changes since the MISRA document, the most significant of which when it comes to safety critical systems was the publication of the ISO 26262 automotive functional safety standard. The guidelines also take into account other guidelines that have been published, in particular PRQA’s own High Integrity C++ (HIC++) coding standard.
We were part of the working group that developed the AUTOSAR guidelines, in fact we were the only static language development partner and contributed our expertise in C++ and best practice software development.
The working group wanted such input as it knew the industry had moved on since the MISRA document was produced. There are now better compilers available as well as better testing, verification and analysis tools for C++. Today, there are also more complete development methodologies, such as continuous integration, that let software engineers detect and handle errors earlier in the development process.
There is no doubt that MISRA C++: 2008 needed updating, particularly when it comes to security and safety, and therefore this document – “Guidelines for the use of the C++ 14 language in critical and safety-related systems” – is a welcome addition as it shows which of the MISRA rules are now obsolete and which needed updating, as well as providing some additional rules. And, of course, several rules from MISRA C++: 2018 – accounting for about two-thirds of the original document – have been adopted without modification.
However, the MISRA document completely disallowed dynamic memory, standard libraries were not fully covered, and security was not covered. The new AUTOSAR document allows in particular the use of dynamic memory, exceptions, templates, inheritance and virtual functions.
The document itself is not small, running to nearly 400 pages, but coding guidelines are essential if we are to produce the robust code needed for safety-critical functions. This is especially true in automotive where driver assistance functions are becoming more sophisticated as the industry moves down the road towards autonomous driving. For these self-driving cars to be accepted by the public, safety is paramount, thus the code that controls the vehicle’s functions must be written to the highest standards possible. Coding guidelines are a necessary part of that, and we welcome this latest publication from AUTOSAR. Using a static analysis tool such as our QA·C++ will help you produce error-free code that complies with the guidelines.