Embedded Technology
The essential facts to know about the new version of MISRA C++
By Jill Britton and Richard Corden, Perforce Software I
n November 2023, after many months of hard work by the MISRA C++ working group, the latest version of the MISRA C++ coding standard was published, MISRA C++:2023 - ‘Guidelines for use of C++17 in critical systems’. It is significant because, unlike the previous version of MISRA C++, it includes specific support for C++17 — meaning it is now possible to take advantage of the improved features and benefits that C++17 has in an embedded software project. Before the new version of MISRA C++, modern C++17 features did not have an industry-recognized set of guidelines that could be applied. Now, with MISRA C++:2023, developers can use C++17 with the confidence that they are building safe, secure, high-quality code. The new standard is also more in line with modern coding practices, giving developers greater flexibility while still complying with MISRA guidelines. MISRA C++:2023 is made up of 179 guidelines, of which there are 175 rules and four are directives. The MISRA Compliance Categories have been introduced, bringing MISRA C++:2023 in line with MISRA C:2023. The guidelines are divided into five mandatory rules, which cannot be deviated from, and 122 required rules, which can be deviated, but the deviation must be agreed by the project. The final category of 48 advisory rules can be disapplied, but the developer needs to explain why they made that decision.
Decidability
Another major change is the introduction of the clarification of ‘decidability’, which allows both human and automated tools — for example, a static analyser — to answer the question: does this code comply with the rule? If the answer is a straight yes or no in every case, then it is decidable. MISRA C++:2023 contains 156 decidable rules, an example of which is Rule 6.7.2, which states that ‘Global variables shall not be used’. There are also 19 undecidable rules, to which the answer is ‘maybe’ or ‘sometimes’. An example is Rule 18.5.1, which states, ‘A noexcept function should not attempt to propagate an exception to the calling function’.
16 March 2024
Other notable features reflect how C++ is used in practice by today’s embedded software development teams. For instance, MISRA C++:2023 includes better handling of library code or code that will not feature in the final binary. Another area is where templates have been designed to work with multiple types differently. Previously, MISRA C++ required that an explicit instantiation of a template specialization be well-formed, but that does not apply to the new version.
New features
Two significant areas included with MISRA C++:2023 are the encouraged application of the “Rule of Zero”, and no guidelines relating to “Underlying Type”, as was part of MISRA C++:2008.
The previous version of MISRA C++ was very explicit, so when defining a class type, all the special members had to be defined and declared to make it obvious what the class was supposed to do.
MISRA C++:2023 encourages the use of the “Rule of Zero” because it prefers not to specify special member functions when the standard already guarantees that the compiler provides the intended implementation.
Components in Electronics
The move away from “Underlying Type” reflects the complexities of trying to have a parallel type system that works with features such as return type deduction, placeholder types, and templates. Because the compiler will follow the rules of the language, the developer does not want to be fighting against that by having to keep two type systems in their head. Among the new features, MISRA C++:2023 also acknowledges that software components, such as shared libraries, might be reused without using the entire library. However, it is required that entities with internal linkage be used or removed. There are also fewer stylistic rules, with no restrictions on identifier names, aside from issues relating to implementation- defined or undefined behaviour.
Scope bounded resource management
MISRA C++:2023 also addresses another area prevalent in C++, namely the concept of using scope bounded resource management (RAII). This is when a developer might declare some objects at the beginning of a function, and then after a while, it will go out of scope (perhaps freeing up some memory or unlocking a mutex that was initially locked). The syntax of C++ can
mean that something may appear to be the declaration of an object that will be destroyed at the end of the scope — however, it could be the declaration of a function or a temporary that is immediately destroyed, so MISRA C++:2023 includes guidance in the ruleset for catching those issues.
Finally, the feature ‘Limit use of legacy for- loop’ marks a move away from many explicit guidelines on the correct structure and form of legacy loops. (The goal was to encourage the safe use of such loops). Instead, MISRA C++:2023 recommends using a range-based for-loop or algorithm, which often can be used as a cleaner alternative to a legacy loop. This is just a top-level overview of why MISRA C++:2023 is such an essential introduction, and for any embedded software development team, immersing themselves in the details as soon as possible is highly recommended. Of course, adopting MISRA C++:2023 involves effort, time and some investment, but creating complex code for critical systems at speed that is safe, secure, and compliant with MISRA C++:2023 guidelines will deliver clear dividends.
www.perforce.com
www.cieonline.co.uk.uk
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62
