Coding Safe Modern C++ With AUTOSAR Guidelines

© Perforce Software Inc. All Rights Reserved.
Coding Safe, Modern C++
with AUTOSAR Guidelines

2© Perforce Software Inc. All Rights Reserved.
Presenters
Richard Bellairs
Product Marketing Manager
Richard Corden
Lead Software Developer

Here’s What We’ll Cover Today
1
Introduction
to AUTOSAR
Guidelines
2
Key Features &
Recent Updates
3
What’s Next?
(AUTOSAR &
MISRA C++)

Introduction to the AUTOSAR Coding Guidelines

90% of innovations driven by electronics and software.
40% of vehicle development costs.
You need to manage complexity
and keep costs down.
Why AUTOSAR?

Standard Open Software Architecture
for Automotive ECUs

The Rise of C++

• Guidelines for the use of the C++14 language in critical
and safety-related systems.
What Are the AUTOSAR Coding Guidelines?

• MISRA C++:2008 was written for C++03.
• Language evolved.
• Compilers improved.
• Tools improved.
• ISO 26262 released.
• Body of knowledge expanded.
Why Use the AUTOSAR Guidelines?

Key Features of the Guidelines

• Rule A10-3-2: Virtual Functions
Changes to C++ Language
// Non-compliant
struct Base { virtual void f(); };
struct Derived : Base {
void f();
};
// Compliant
struct Base { virtual void f(); };
struct Derived : Base {
void f() override;
};

• Rule A8-4-1: Variadic Templates
Changes to C++ Language
// Non-compliant
void f9a(const char *s, ...)
{
// ...
}
// Compliant
template <typename First, typename... Rest>
void f9b(First const & first, Rest const & ... rest)
{
// ...
}

// Non-compliant
int32_t myInt{0};
for_each(v.begin(), v.end(), [&] (int32_t) {
myInt++;
});
//Compliant
myInt = 0;
for_each(v.begin(), v.end(), [&myInt] (int32_t rhs) {
myInt += rhs;
});
• Rule A5-1-2: Lambdas
• No implicit capture
Safe Usage of New C++ Features

Lambdas — Rule A5-1-2
void f8(std::vector<int> const & v1, std::vector<int> const & v2) {
int eS = 0;
for (auto e1 : v1) {
std::for_each (v2.begin ()
, v2.end ()
, [&](auto e2) { e1 += e1 * e2 ; });
}
}

void f8(std::vector<int> const & v1, std::vector<int> const & v2) {
int eS = 0;
for (auto e1 : v1) {
std::for_each (v2.begin ()
, v2.end ()
, [e1,&eS](auto e2) { e1 += e1 * e2 ; });
// ^
// Error
}
}
Lambdas — Rule A5-1-2 (Continued)

• Multi return:
• MISRA C++ “Single exit” rule
not included in AUTOSAR.
• A key rationale for SE/SE is to
ensure correct releasing of
resources.
Less Restrictive Guidelines
bool f1 (unsigned cnt) {
int * i = new int (10);
while (--cnt) {
if ( cnt == 27 ) {
delete i;
return false;
}
}
delete i;
return true;
}

Multi Return (Continued)
• Uses RAII
(Resource Acquisition
Is Initialization).
• Correct, even in
‘exceptional’
circumstances.
bool f2 (unsigned cnt) {
auto i { std::make_unique<int> (10) } ;
while (--cnt) {
if ( cnt == 27 ) {
return false;
}
}
return true;
}
AUTOSAR with RAII

Multi Return (Continued)
// Single Return
bool f3(std::string const & file1, std::string const & file2){
int result = false;
std::filebuf fromBuf;
if (fromBuf.open (file1, std::ios::in)){
std::filebuf outBuf;
if (outBuf.open (file2, std::ios::out)){
result = ...;
}
else{
result = ...;
}
}
else{
result = ...;
}
return result;
}
// Multi Return
bool f4(std::string const & file1, std::string const & file2){
std::filebuf fromBuf;
if (! fromBuf->open(file1, std::ios::in)) return false;
std::filebuf outBuf;
if (! outBuf->open(file2, std::ios::out)) return false;
//...

Who Should Use AUTOSAR?

Recent Updates to the Guidelines

Initial release
Evolution of the Guidelines
10 new rules
Traceability
updates
63 new rules
18 rules
removed
Traceability
updates
7 new rules
ISO 26262
traceability
17.03 17.10 18.03 18.10

• Chapter B.6 traces principles and
recommendations from:
• ISO 26262, Part 6, Section 8
(Software unit design and
implementation).
• It’s easier to demonstrate that by
following AUTOSAR you have
(partially) fulfilled specific ISO
26262 requirements.
ISO 26262 Traceability

Enforced By Static Code Analysis

Helix QAC — Core Functions
Detects coding defects.
Finds the most defects, with the
lowest number of false positives.
Detects rule violations.
The broadest and deepest coverage
of popular coding standards.
Calculates code quality metrics.
Supplies all commonly-used metrics,
with trend reporting.
Generates compliance reports.
Certified for safety-critical
development.

AUTOSAR Guidelines and MISRA C++
• MISRA recently announced that it will integrate AUTOSAR
guidelines and MISRA C++ into one publication.

• Helix QAC aids in compliance with industry-specific safety and
security standards.
Helix QAC for Faster Compliance
Standard-specific compliance reports.
Independently certified.
Supports formal rule deviations
and compliance auditing.

• Helix QAC improves your code quality.
Helix QAC for Higher Quality
Report code metrics.
Remove more defects — earlier in your dev cycle.
Prioritize and assign fixes.
Report code quality trends.

• Helix QAC increases confidence in the safety, security, and reliability
of software-based systems.
Helix QAC for Accelerated Development
High speed analysis across multiple
processor cores.
Analyze very large codebases (millions
of lines of code, thousands of files).
Integrate with IDE, VCS, and build tools.
Spend less time finding and fixing bugs,
more time developing!

Recap
1
Introduction
to AUTOSAR
Guidelines
2
Key Features &
Recent Updates
3
What’s Next?
(AUTOSAR &
MISRA C++)

Contact us to schedule a demo!
info@perforce.com

Follow us for news and insights!
Visit www.perforce.com

Coding Safe Modern C++ With AUTOSAR Guidelines

More Related Content

What's hot

Similar to Coding Safe Modern C++ With AUTOSAR Guidelines

More from Perforce

Recently uploaded

Coding Safe Modern C++ With AUTOSAR Guidelines