CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
Compliance
AUTOSAR-CPP-2014
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
      • GDPR
      • HIPAA
      • ISO/IEC 27001:2022
      • ISO 27002:2022
      • RBI Baseline Cyber Security and Resilience Requirements
      • PCI DSS v4.0
      • SOC 2
      • MISRA-C-2012
      • MISRA-CPP-2023
      • AUTOSAR-CPP-2014
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
    Compliance

    AUTOSAR-CPP-2014

    A project shall not contain unreachable code.

    A project shall not contain infeasible paths.

    A project shall not contain unused variables.

    A project shall not contain non-volatile POD variables having only one use.

    A project shall not contain unused type declarations.

    A project shall not contain instances of non-volatile variables being given values that are not subsequently used.

    The value returned by a function having a non-void return type that is not an overloaded operator shall be used.

    All functions with void return type shall have external side effect(s).

    There shall be no dead code.

    Every defined function should be called at least once.

    Every function defined in an anonymous namespace, or static function with internal linkage, or private member function shall be used.

    There shall be no unused named parameters in non-virtual functions.

    There shall be no unused named parameters in the set of parameters for a virtual function and all the functions that override it.

    An object shall not be assigned to an overlapping object.

    Minimization of run-time failures shall be ensured by the use of at least one of: (a) static analysis tools/techniques; (b) dynamic analysis tools/techniques; (c) explicit coding of checks to handle run-time faults.

    If a function generates error information, then that error information shall be tested.

    Use of scaled-integer or fixed-point arithmetic shall be documented.

    Use of floating-point arithmetic shall be documented.

    Floating-point implementation shall comply with IEEE 754 standard.

    Type long double shall not be used.

    The implementations in the chosen compiler shall strictly comply with the C++14 Language Standard.

    All code shall conform to ISO/IEC 14882:2014 - Programming Language C++ and shall not use deprecated features.

    Multiple compilers shall only be used if they have a common, defined interface.

    A warning level of the compilation process shall be set in compliance with project policies.

    An optimization option that disregards strict standard compliance shall not be turned on in the chosen compiler.

    When using a compiler toolchain (including preprocessor, compiler itself, linker, C++ standard libraries) in safety-related software, the tool confidence level (TCL) shall be determined. In case of TCL2 or TCL3, the compiler shall undergo a ‘Qualification of a software tool’, as per ISO 26262-8.11.4.6 [5].

    Code metrics and their valid boundaries shall be defined.

    All code shall comply with defined boundaries of code metrics.

    Only those characters specified in the C++ Language Standard basic source character set shall be used in the source code.

    Trigraphs shall not be used.

    Digraphs shall not be used.

    The character \ shall not occur as a last character of a C++ comment.

    Sections of code shall not be ‘commented out’.

    All declarations of ‘user-defined’ types, static and non-static data members, functions and methods shall be preceded by documentation using ’///’ comments and ‘@tag’ tags.

    C-style comments shall not be used.

    A header file name shall be identical to a type name declared in it if it declares a type.

    Different identifiers shall be typographically unambiguous.

    An identifier declared in an inner scope shall not hide an identifier declared in an outer scope.

    A typedef name (including qualification, if any) shall be a unique identifier.

    A ‘using’ name shall be a unique identifier within a namespace.

    A ‘user-defined’ type name shall be a unique identifier within a namespace.

    The identifier name of a non-member object with static storage duration or static function shall not be reused within a namespace.

    An identifier name of a function with static storage duration or a non-member object with external or internal linkage should not be reused.

    If an identifier refers to a type, it shall not also refer to an object or a function in the same scope.

    Only those escape sequences that are defined in ISO/IEC 14882:2014 shall be used.

    Octal constants (other than zero) and octal escape sequences (other than ‘\0’ ) shall not be used.

    A ‘U’ suffix shall be applied to all octal or hexadecimal integer literals of unsigned type.

    Literal suffixes shall be upper case.

    String literals with different encoding prefixes shall not be concatenated.

    Type wchar_t shall not be used.

    It shall be possible to include any header file in multiple translation units without violating the One Definition Rule.

    Header files, that are defined locally in the project, shall have a file name extension of one of: “.h”, “.hpp” or “.hxx”.

    Implementation files, that are defined locally in the project, should have a file name extension of “.cpp”.

    Functions shall not be declared at block scope.

    When an array with external linkage is declared, its size shall be stated explicitly.

    All declarations of an object or function shall have compatible types.

    The One Definition Rule shall not be violated.

    A type, object or function that is used in multiple translation units shall be declared in one and only one file.

    An identifier with external linkage shall have exactly one definition.

    Objects or functions with external linkage (including members of named namespaces) shall be declared in a header file.

    Non-POD type objects with static storage duration shall not be used.

    If a function has internal linkage then all re-declarations shall include the static storage class specifier.

    An identifier declared to be an object or type shall be defined in a block that minimizes its visibility.

    The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations.

    Fixed width integer types from cstdint, indicating the size and signedness, shall be used in place of the basic numerical types.

    The underlying bit representations of floating-point values shall not be used.

    Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and ! =, the unary & operator, and the conditional operator.

    Expressions with type enum or enum class shall not be used as operands to built-in and overloaded operators other than the subscript operator [ ], 57 of 397 — AUTOSAR CONFIDENTIAL — Document ID 839: AUTOSAR_RS_CPP14Guidelines Guidelines for the use of the C++14 language in critical and safety-related systems AUTOSAR AP Release 17-10 the assignment operator =, the equality operators == and ! =, the unary & operator, and the relational operators

    Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and ! =, and the unary & operator.

    An integer expression shall not lead to data loss.

    NULL shall not be used as an integer value.

    Only nullptr literal shall be used as the null-pointer-constant.

    Literal zero (0) shall not be used as the null-pointer-constant.

    The value of an expression shall be the same under any order of evaluation that the standard permits.

    Limited dependence should be placed on C++ operator precedence rules in expressions.

    A cvalue expression shall not be implicitly converted to a different underlying type.

    An implicit integral conversion shall not change the signedness of the underlying type.

    There shall be no implicit floating-integral conversions.

    An implicit integral or floating-point conversion shall not reduce the size of the underlying type.

    There shall be no explicit floating-integral conversions of a cvalue expression.

    An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression.

    An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.

    If the bitwise operators ~ are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.

    The plain char type shall only be used for the storage and use of character values.

    Signed char and unsigned char type shall only be used for the storage and use of numeric values.

    The condition of an if-statement and the condition of an iteration statement shall have type bool.

    The first operand of a conditional-operator shall have type bool.

    Array indexing shall be the only form of pointer arithmetic.

    A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.

    Subtraction between pointers shall only be applied to pointers that address elements of the same array.

    Comparator shall not be applied to objects of pointer type, except where they point to the same array.

    The declaration of objects shall contain no more than two levels of pointer indirection.

    Non-constant operands to a binary bitwise operator shall have the same underlying type.

    Bitwise operators shall only be applied to operands of unsigned underlying type.

    Literal values shall not be used apart from type initialization, otherwise symbolic names shall be used instead.

    Variables shall not be implicitly captured in a lambda expression.

    Parameter list (possibly empty) shall be included in every lambda expression.

    A lambda expression object shall not outlive any of its reference-captured objects.

    If a lambda expression is used in the same scope in which it has been defined, the lambda should capture objects by reference.

    Return type of a non-void return type lambda expression should be explicitly specified.

    A lambda shall not be an operand to decltype or typeid.

    Lambda expressions should not be defined inside another lambda expression.

    Each operand of a logical &&, || shall be a postfix expression.

    A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.

    Casts from a base class to a derived class should not be performed on polymorphic types.

    dynamic_cast should not be used.

    Traditional C-style casts shall not be used.

    A cast shall not remove any const or volatile qualification from the type of a pointer or reference.

    A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type.

    reinterpret_cast shall not be used.

    An object with integer type or pointer to void type shall not be converted to an object with pointer type.

    A cast shall not convert a pointer type to an integral type.

    The increment (++) and decrement (−−) operators shall not be mixed with other operators in an expression.

    The comma operator, && operator and the || operator shall not be overloaded.

    An array shall not be accessed beyond its range.

    An identifier with array type passed as a function argument shall not decay to a pointer.

    Each operand of the ! operator, the logical && or the logical || operators shall have type bool.

    The unary minus operator shall not be applied to an expression whose underlying type is unsigned.

    The unary & operator shall not be overloaded.

    Evaluation of the operand to the sizeof operator shall not contain side effects.

    Evaluation of the operand to the typeid operator shall not contain side effects.

    The right hand operand of the integer division or remainder operators shall not be equal to zero.

    The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand.

    A pointer to member virtual function shall only be tested for equality with null-pointer-constant.

    The right hand operand of a logical &&, || operators shall not contain side effects.

    The ternary conditional operator shall not be used as a sub-expression.

    The semantic equivalence between a binary operator and its assignment operator form shall be preserved.

    The comma operator shall not be used.

    Evaluation of constant unsigned integer expressions shall not lead to wraparound.

    Assignment operators shall not be used in sub-expressions.

    Floating-point expressions shall not be directly or indirectly tested for equality or inequality.

    Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white-space character.

    The statement forming the body of a switch, while, do … while or for statement shall be a compound statement.

    An if ( condition ) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement.

    All if … else if constructs shall be terminated with an else clause.

    A switch statement shall be a well-formed switch statement.

    A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement.

    An unconditional throw or break statement shall terminate every non-empty switch-clause.

    The final clause of a switch statement shall be the default-clause.

    The condition of a switch statement shall not have bool type.

    A switch statement shall have at least two case-clauses, distinct from the default label.

    A for-loop that loops through all elements of the container and does not use its loop-counter shall not be used.

    A for loop shall contain a single loop-counter which shall not have floatingpoint type.

    If loop-counter is not modified by −− or ++, then, within condition, the loopcounter shall only be used as an operand to Comparator operators

    The loop-counter shall not be modified within condition or statement.

    The loop-counter shall be modified by one of: −−, ++, − = n, or + = n; where n remains constant for the duration of the loop.

    A loop-control-variable other than the loop-counter shall not be modified within condition or expression.

    A loop-control-variable other than the loop-counter which is modified in statement shall have type bool.

    Do statements should not be used.

    The goto statement shall not be used.

    Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement.

    The goto statement shall jump to a label declared later in the same function body.

    The continue statement shall only be used within a well-formed for loop.

    Constexpr or const specifiers shall be used for immutable data declaration.

    The constexpr specifier shall be used for values that can be determined at compile time.

    A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified.

    CV-qualifiers shall be placed on the right hand side of the type that is a typedef or a using name.

    The register keyword shall not be used.

    The auto specifier shall not be used apart from following cases: (1) to declare that a variable has the same type as return type of a function call, (2) to declare that a variable has the same type as initializer of non-fundamental type, (3) to declare parameters of a generic lambda expression, (4) to declare a function template using trailing return type syntax.

    The typedef specifier shall not be used.

    Each expression statement and identifier declaration shall be placed on a separate line.

    A non-type specifier shall be placed before a type specifier in a declaration.

    An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.

    Enumeration underlying base type shall be explicitly defined.

    Enumerations shall be declared as scoped enum classes.

    In an enumeration, either (1) none, (2) the first or (3) all enumerators shall be initialized.

    The global namespace shall only contain main, namespace declarations and extern “C” declarations.

    The identifier main shall not be used for a function other than the global function main.

    There shall be no unnamed namespaces in header files.

    Using-directives shall not be used.

    Multiple declarations for an identifier in the same namespace shall not straddle a using-declaration for that identifier.

    Using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files.

    The asm declaration shall not be used.

    All usage of assembler shall be documented.

    Assembler instructions shall only be introduced using the asm declaration.

    Assembly language shall be encapsulated and isolated.

    A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function.

    The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.

    A function shall not return a reference or a pointer to a parameter that is passed by reference to const.

    Functions shall not call themselves, either directly or indirectly.

    An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively.

    When declaring function templates, the trailing return type syntax shall be used if the return type depends on the type of parameters.

    Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments.

    Functions shall not be defined using the ellipsis notation.

    The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration.

    All exit paths from a function with non-void return type shall have an explicit return statement with an expression.

    A function identifier shall either be used to call the function or it shall be preceded by &.

    Multiple output values from a function should be returned as a struct or tuple.

    All variables shall have a defined value before they are used.

    In an initialization list, the order of initialization shall be following: (1) virtual base classes in depth and left to right order of the inheritance graph, (2) direct base classes in left to right order of inheritance list, (3) non-static data members in the order they were declared in the class definition.

    Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures.

    Braced-initialization , without equals sign, shall be used for variable initialization.

    A variable of type auto shall not be initialized using or = bracedinitialization.

    A constructor taking parameter of type std::initializer_list shall only be defined in classes that internally store a collection of objects.

    Const member functions shall not return non-const pointers or references to class-data.

    Member functions shall not return non-const ‘raw’ pointers or references to private or protected data owned by the class.

    If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const.

    Unions shall not be used.

    When the absolute positioning of bits representing a bit-field is required, then the behavior and packing of bit-fields shall be documented.

    Bit-fields shall be either unsigned integral, or enumeration (with underlying type of unsigned integral type).

    Class shall not be derived from more than one base class which is not an interface class.

    Classes should not be derived from virtual bases.

    A base class shall only be declared virtual if it is used in a diamond hierarchy.

    An accessible base class shall not be both virtual and non-virtual in the same hierarchy.

    All accessible entity names within a multiple inheritance hierarchy should be unique.

    Non-virtual member functions shall not be redefined in derived classes.

    Virtual function declaration shall contain exactly one of the three specifiers: (1) virtual, (2) override, (3) final.

    Each overriding virtual function shall be declared with the override or final specifier.

    Virtual functions shall not be introduced in a final class.

    A user-defined assignment operator shall not be virtual.

    A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual.

    Member data in non-POD class types shall be private.

    A non-POD type should be defined as class.

    A type defined as struct shall: (1) provide only public data members, (2) not provide any special member functions or methods, (3) not be a base of another struct or class, (4) not inherit from another struct or class.

    Friend declarations shall not be used.

    If a class defines any special member function ‘=default’, ‘=delete’ or with a function definition, then all of the special member functions shall be defined.

    Constructors shall explicitly initialize all virtual base classes, all direct nonvirtual base classes and all non-static data members.

    An object’s dynamic type shall not be used from the body of its constructor or destructor.

    Both NSDMI and a non-static member initializer in a constructor shall not be used in the same type.

    If all user-defined constructors of a class initialize data members with constant values that are the same across all constructors, then data members shall be initialized using NSDMI instead.

    All constructors that are callable with a single argument of fundamental type shall be declared explicit.

    Common class initialization for non-constant members shall be done by a delegating constructor.

    Derived classes that do not need further explicit initialization and require all the constructors from the base class shall use inheriting constructors.

    Destructor of a base class shall be public virtual, public override or protected non-virtual.

    If a public destructor of a class is non-virtual, then the class should be declared final.

    All class data members that are initialized by the constructor shall be initialized using member initializers.

    If the behavior of a user-defined special member function is identical to implicitly defined special member function, then it shall be defined ‘=default’ or be left undefined.

    Move and copy constructors shall only move and respectively copy base classes and data members of a class, without any side effects.

    User-defined copy and move assignment operators should use user-defined no-throw swap function.

    Moved-from object shall not be read-accessed.

    Move constructor shall not initialize its class members and base classes using copy semantics.

    A copy assignment and a move assignment operators shall handle selfassignment.

    Copy and move constructors and copy assignment and move assignment operators shall be declared protected or defined ‘=delete’ in base class.

    Assignment operators should be declared with the ref-qualifier &.

    User-defined literals shall not be used.

    User defined suffixes of the user defined literal operators shall start with underscore followed by one or more letters.

    User defined literals operators shall only perform conversion of passed parameters.

    An assignment operator shall return a reference to ‘this’.

    A binary arithmetic operator and a bitwise operator shall return a ‘prvalue’.

    A relational operator shall return a boolean value.

    A function that contains ‘forwarding reference’ as its argument shall not be overloaded.

    If ‘operator[]’ is to be overloaded with a non-const version, const version shall also be implemented.

    All user-defined conversion operators shall be defined explicit.

    Digit sequences separators ’ shall only be used as follows: (1) for decimal, every 3 digits, (2) for hexadecimal, every 2 digits, (3) for binary, every 4 digits.

    A template should check if a specific template argument is suitable for this template.

    A copy constructor shall be declared when there is a template constructor with a single parameter that is a generic parameter.

    A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter.

    In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this->.

    A type used as a template argument shall provide all members that are used by the template.

    All partial and explicit specializations for a template shall be declared in the same file as the declaration of their primary template.

    Overloaded function templates shall not be explicitly specialized.

    The set of function overloads should not contain function templates, functions specializations and non-template overloading functions.

    A function shall not exit with an exception if it is able to complete its task.

    At least the basic guarantee for exception safety shall be provided for all operations. In addition, each function may offer either the strong guarantee or the nothrow guarantee 206 of 397 — AUTOSAR CONFIDENTIAL — Document ID 839: AUTOSAR_RS_CPP14Guidelines Guidelines for the use of the C++14 language in critical and safety-related systems AUTOSAR AP Release 17-10 Rationale Exceptions introduce additional data flow into a program. It is important to consider all the effects of code taking such paths to always recover from an exception error properly and always preserve object’s invariants.

    Exception safety guarantee of a called function shall be considered.

    Unchecked exceptions shall be used to represent errors from which the caller cannot reasonably be expected to recover.

    Checked exceptions shall be used to represent errors from which the caller can reasonably be expected to recover.

    An analysis shall be performed to analyze the failure modes of exception handling. In particular, the following failure modes shall be analyzed: (a) worst time execution time not existing or cannot be determined, (b) stack not correctly unwound, (c) exception not thrown, other exception thrown, wrong catch activated, (d) memory not available while exception handling.

    Exception handling mechanism shall guarantee a deterministic worst-case time execution time.

    A worst-case execution time (WCET) analysis shall be performed to determine maximum execution time constraints of the software, covering in particular the exceptions processing.

    Only instances of types derived from std::exception shall be thrown.

    An exception object shall not be a pointer.

    Control shall not be transferred into a try or catch block using a goto or a switch statement.

    The assignment-expression of a throw statement shall not itself cause an exception to be thrown.

    NULL shall not be thrown explicitly.

    An empty throw (throw;) shall only be used in the compound statement of a catch handler.

    All thrown exceptions should be unique.

    If a function exits with an exception, then before a throw, the function shall place all objects/resources that the function constructed in valid states or it shall delete them.

    Exceptions shall not be thrown across execution boundaries.

    Constructors that are not noexcept shall not be invoked before program startup.

    If a constructor is not noexcept and the constructor cannot finish object initialization, then it shall deallocate the object’s resources and it shall throw an exception.

    Exceptions shall be raised only after start-up and before termination.

    Unchecked exceptions should be handled only in main or thread’s main functions.

    If a function throws a checked exception, it shall be handled when meaningful actions can be taken, otherwise it shall be propagated.

    There shall be at least one exception handler to catch all otherwise unhandled exceptions.

    Catch-all (ellipsis and std::exception) handlers shall be used only in (a) main, (b) task main functions, (c) in functions that are supposed to isolate independent components and (d) when calling third-party code that uses exceptions not according to AUTOSAR C++14 guidelines.

    Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases.

    Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point.

    A class type exception shall be caught by reference or const reference.

    Where multiple handlers are provided in a single try-catch statement or 243 of 397 — AUTOSAR CONFIDENTIAL — Document ID 839: AUTOSAR_RS_CPP14Guidelines Guidelines for the use of the C++14 language in critical and safety-related systems AUTOSAR AP Release 17-10 function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class.

    Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last.

    Dynamic exception-specification shall not be used.

    If a function is declared to be noexcept, noexcept(true) or noexcept(true condition), then it shall not exit with an exception.

    Function’s noexcept specification shall be either identical or more restrictive across all translation units and all overriders.

    A declaration of non-throwing function shall contain noexcept specification.

    Checked exceptions that could be thrown from a function shall be specified together with the function declaration using the ‘@throw ExceptionName 249 of 397 — AUTOSAR CONFIDENTIAL — Document ID 839: AUTOSAR_RS_CPP14Guidelines Guidelines for the use of the C++14 language in critical and safety-related systems AUTOSAR AP Release 17-10 description’ syntax, and they shall be identical in all function declarations and for all its overriders.

    Unchecked exceptions should not be specified together with a function declaration.

    A class destructor, ‘delete’ operators, move constructor, move assignment 252 of 397 — AUTOSAR CONFIDENTIAL — Document ID 839: AUTOSAR_RS_CPP14Guidelines Guidelines for the use of the C++14 language in critical and safety-related systems AUTOSAR AP Release 17-10 operator and ‘swap’ function shall not exit with an exception. They shall be all specified as ‘noexcept’.

    Program shall not be abruptly terminated. In particular, an implicit or explicit invocation of std::abort(), std::quick_exit(), std::_Exit(), std::terminate() shall not be done.

    The std::terminate() function shall not be called implicitly.

    The pre-processor shall only be used for unconditional and conditional file inclusion and include guards, and using the following directives: (1) #ifndef, (2) #ifdef, (3) #if, (4) #if defined, (5) #elif, (6) #else, (7) #define, (8) #endif, (9) #include.

    #include directives in a file shall only be preceded by other pre-processor directives or comments.

    Macros shall only be #define’d or #undef’d in the global namespace.

    Arguments to a function-like macro shall not contain tokens that look like pre-processing directives.

    In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##.

    Undefined macro identifiers shall not be used in #if or #elif pre-processor directives, except as operands to the defined operator.

    If the # token appears as the first token on a line, then it shall be immediately followed by a pre-processing token.

    The defined pre-processor operator shall only be used in one of the two standard forms.

    All #else, #elif and #endif pre-processor directives shall reside in the same file as the #if or #ifdef directive to which they are related.

    Include guards shall be provided.

    The ’, ”, /*, //, \ characters shall not occur in a header file name or in #include directive.

    There shall be no unused include directives.

    All used include directives shall be explicitly stated.

    There shall be at most one occurrence of the # or ## operators in a single macro definition.

    The # and ## operators should not be used.

    #error directive shall not be used.

    The #pragma directive shall not be used.

    Reserved identifiers, macros and functions in the C++ standard library shall not be defined, redefined or undefined.

    The names of standard library macros and objects shall not be reused.

    The names of standard library functions shall not be overridden.

    All project’s code including used libraries (including standard and userdefined libraries) and any third-party user code shall conform to the AUTOSAR C++14 Coding Guidelines.

    The setjmp macro and the longjmp function shall not be used.

    Use of the C Standard Library shall be encapsulated and isolated.

    The C library facilities shall only be accessed through C++ library headers.

    The library functions atof, atoi and atol from library cstdlib shall not be used.

    The library functions abort, exit, getenv and system from library cstdlib shall not be used.

    The time handling functions of library ctime shall not be used.

    The unbounded functions of library cstring>shall not be used.

    The library clocale (locale.h) and the setlocale function shall not be used.

    C-style arrays should not be used.

    The std::vector:bool shall not be used.

    The std::auto_ptr shall not be used.

    The std::shared_ptr shall not refer to an array type.

    The std::unique_ptr shall not be passed to a function by const reference.

    All std::hash specializations for user-defined types shall have a noexcept function call operator.

    The macro offsetof shall not be used.

    Functions malloc, calloc, realloc and free shall not be used.

    Operators new and delete shall not be called explicitly.

    The form of delete operator shall match the form of new operator used to allocate the memory.

    If a project has sized or unsized version of operator ‘delete’ globally defined, then both sized and unsized versions shall be defined.

    Memory management functions shall ensure the following: (a) deterministic behavior resulting with the existence of worst-case execution time, (b) avoiding memory fragmentation, (c) avoid running out of memory, (d) avoiding mismatched allocations or deallocations, (e) no dependence on non-deterministic calls to kernel.

    An analysis shall be performed to analyze the failure modes of dynamic memory management. In particular, the following failure modes shall be analyzed: (a) non-deterministic behavior resulting with nonexistence of worst-case execution time, (b) memory fragmentation, (c) running out of memory, (d) mismatched allocations and deallocations, (e) dependence on non-deterministic calls to kernel.

    If non-realtime implementation of dynamic memory management functions is used in the project, then memory shall only be allocated and deallocated during non-realtime program phases.

    Local objects shall be allocated on the stack.

    The signal handling facilities of csignal shall not be used.

    The std::bind shall not be used.

    Forwarding values to other functions shall be done via: (1) std::move if the value is an rvalue reference, (2) std::forward if the value is forwarding reference.

    The std::move shall not be used on objects declared const or const&.

    An argument to std::forward shall not be subsequently used.

    The error indicator errno shall not be used.

    An iterator shall not be implicitly converted to const_iterator.

    The stream input/output library cstdio shall not be used.

    Inputs from independent components shall be validated.

    A C-style string shall guarantee sufficient space for data and the null terminator.

    MISRA-CPP-2023Pyspark
    twitterlinkedin
    Powered by Mintlify