search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEAT


ATURE


EMBEDDED TECHNOLOGY Integration of AUTOSAR C++ Coding Guidelines into MISRA C++ By Dr. Frank van den Beuken, Perforce Software


partnership of over 1800 organisations involved in the automot ive industry. In recent years, AUTOSAR has evolved to include its Adaptive P latform standard for connected and autonomous vehicles. As well as integration wit h AUTOSAR, new guidance within C++202x will include: move-semantics (which were introduced in C++11 and will be covered by MISRA, which will be applicable to C++17); class-design; and — very likely — RAII too, a popular design pat ter that is already promoted by AUT OSAR.


I


t had been announced that two industry standards for coding best practices in C++ — MISRA and AUTOSAR — will integrate into one publication. This comes at a time when use of C++ in embedded design projects continues to grow. In a 2019 survey carried out by Perforce Software, almost 50 per cent of automotive software development professionals said their organisations were using the popular programming language. C++ is the foundation for many of t oday ’s challenging embedded software innovations. The volume of scale and sophistication of embedded software development projects means that creating efficient embedded soft


creating efficient embedded soft ware for some or many development


projects would be very difficult — even impossible — if not for C++.


The reason for C++ being so essential is that it permits direct, deterministic control of hardware, and gives flexibilit y


control of hardware, and gives flexibilit to the developer. However, this can also bring risks. T he main risk is that it is possible to compile code that has undefined behaviour, or code that is not guaranteed to behave in t he same way when compiled and run on different target hardware. For inst ance, automat ic memory management and memory allocation within C++ is notoriously easy t o get wrong, which can result in memory leaks. T hese can cause performance problems or may even be exploited by a hacker.


In safety-critical market s — such as automotive, aerospace, and medical


16 MAY 2020 | ELECTRONICS


devices — clearly these weaknesses in software can have very serious consequences. This is why coding


standards matter, as t hey give developers guidelines to help improve safety, security , compliance, and ensure t he standardisation of design across all contributors. Coding standards also encourage consistent, best practice coding within teams.


For automotive development, the use of a coding standard is already mandated within ISO 26262, though without


will be included within one publicat MISRA C++202x. T his will bring together t he best features of both, which already have a lot in common.


MISRA is a collaboration between


manufacturers, component suppliers, and engineering consultancies. The software development standard is used to promote best practices in developing safety and security-related electronic systems and other software-intensive applications. While MISRA is known for the rigour of its coding standards, C++ has contits coding standards, C++ has continued to evolve since the int roduction of MISRA C++ in 2008. This was the main reason for the creation of AUTOSAR C++, which was based on MISRA C++, but applicable to C++14.


AUTOSAR (AUTomotive O pen Sy stem Architecture) develops standardised open software architectures for automot ive electronic control units (ECUs) and is a


Perforce Software www.perforce.com


specifying a part icular one. AUTOSAR and MISRA are the two most widely-used and sometime within the near future, t he two will be included within one publication:


With electronics products of all kinds becoming more dependent on software, the growth of C++ will inevitably continue


Move-semantics provide a way to refer to and reuse t emporary objects so that unnecessary object creat ion or copy ing can be avoided. RAII stands for Resource Acquisition Is Initialization. It is a coding pattern to help ensure t hat when an automated object leaves scope, it will be dest royed and any resources it holds are released, which in turn helps prevent resource leaks.


The MISRA C++ working group is


also studying other sources besides the AUTOSAR Guidelines for new guidance. This includes High Integrit


development partner in AUTOSAR. High Integrity C++ was originally introduced in 2003 to capture C++ in the form of a publicly available standard, and since then has been updated twice. It was the first C++ coding standard to cover concurrency and it can be expected that the new MISRA standard will also provide guidance for correct implementat ion of concurrency. Static code analy sis helps to enforce efficient coding st andards. These tools automate the coding standards compliance process by continually inspect ing code in background mode, ident ify ing deviations and alleviating pot ential additional work for developers. Perforce Software supplies two st at ic code analysers — HelixQAC and Klocwork — both of which are desig ned to


is the exclusive static code analy development partner in AUT y C++ was originally int


has been updated twice. It


minimise false negatives and positives. With electronics products of all kinds becoming more dependent on soft


becoming more dependent on soft ware, the growth of C++ will inevitably continue. Adoption of coding st


compliance. This is why standardisation, security


his includes High Integrity C++ Coding Standard from Perforce Software, which atic code analy sis


Adoption of coding standards and tools that support their implementation will play an increasing role in ensuring performance, standardisation, security and safety, and his is why the merging of the


best of both MISRA and AUTOSAR is good for the electronics industry.


for the electronics indust h MISRA and AUT


/ ELECTRONICS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46