Safer C++: MISRA-C++:202x Rules and Beyond

By Peter Sommerlad

C++ is a language of choice for implementing software for safety critical or modern embedded systems, however, since its inheritance of many C features and low-level and performance focus it allows for problematic code that still compiles.

Not only the risk of incorporating undefined behaviour and non-portability of implementation-defined behaviour can cause safety risks, but also developers misunderstanding the underlying rules of the language.

Limiting C++ to a safer core language is the goal of many guidelines in this talk we show rules of a safer subset of C++ for the automotive industry by MISRA-C++:202x.

Expect well-known stuff and surprising aspects to be addressed by such rules and what you will get as warnings from the corresponding static analysis tools.

However, we will also look at safer C++ design beyond MISRA-C++ rules, because such design issues usually cannot be checked by analysis tools, for example, the use of strong typing and mechanisms that ease following some of the rules, such as the use of sized integeger types.