MISRA C++:2023 and AUTOSAR - Navigating Modern C++ Standards for Safety and Security
Long overdue, the new MISRA C++:2023 is now here!
C++ is becoming more and more popular these days, especially for large, complicated, AI-based applications where object-oriented architecture makes C++ superior to C. Modern C++ is becoming more and more popular across all industrial sectors, with the automotive sector adopting it at the fastest rate. However, to create safety and security essential systems using modern C++, teams require coding guidelines to get rid of code constructs that can result in unpredictable code. AUTOSAR C++ 14 was the leading player for a long time. However, as a result of the language’s ongoing progress, C++ 17 incorporated new features, necessitating the creation of new coding standards. In support of C++17, AUTOSAR and MISRA joined forces in the development of safe and secure coding guidelines for the use of C++17 with plans to continue into C++20. MISRA C++ 2023, which was released in October 2023, is the outcome of this study.
MISRAC++:2023 - Its significance in the automotive industry
The automotive industry places great importance on MISRA (Motor Industry Software Reliability Association) standards, especially when it comes to developing safety-critical systems for automobiles. Software faults pose serious hazards to the automotive sector, particularly when it comes to safety-critical systems. Developers can lower the likelihood of software-related failures by adhering to the rules and guidelines provided by MISRA standards, which assist mitigate these risks.
Additionally, developers can spot any problems early in the software development process by adhering to MISRA rules. This proactive strategy can save costs by lowering the requirement for costly post-production modifications and recalls.
New Challenges
This document supports the use of ISO/IEC 14882:2017, commonly referred to as “C++17”, within a project. The guidance given in the current edition of MISRA Compliance shall be followed when making a claim of compliance with MISRA C++.
Organizations currently using earlier versions of MISRA C++ may face challenges during the transition to the new standard. Adapting existing codebases and development processes to comply with the updated guidelines requires careful planning and execution.
AUTOSAR and MISRA C++:2008
Synergies between AUTOSAR and MISRA C++ previous version
MISRA C++: 2008 was released in 2008 and is defined by ISO IEC 14882: 2003. There are 228 coding rules. MISRA C++2008 was already quite outdated and only covered the C++03 version of the language.
The AUTOSAR C++14 guideline is an update to MISRA C++ 2008 and provides the latest C++ coding guidelines compliant with ISO/IEC 14882: 2014. Approximately 70% of AUTOSAR rules are adopted unchanged from MISRA C++ 2008. The new MISRA C++2023 is a guideline with 179 rules and directives that combines AUTOSAR C++14 and MISRA C++2008. MISRA C++ 2023 provides a set of guidelines to improve the reliability and security of your C++ code. This guide addresses common language pitfalls and challenges, integrates AUTOSAR C++ as a de facto guideline, and builds on existing MISRA C++ guidelines to help you create safety-critical and reliable systems.
MISRA C++:2023 vs MISRA C++:2008
MISRA C++ 2023 builds upon the existing guidelines initially published in 2008 and integrates the AUTOSAR C++ guidelines into one industry standard for best practice to:
- Maintain uniformity with C++17, or Modern C++, as it develops further.
- Provide updated guidelines backed by strong rationale.
- Fixes known issues from previous editions.
- When applicable, improve the guidelines’ specifications and justifications.
- Eliminate rules lacking sufficient reasoning.
- Improve the decidability of the guidelines to facilitate processing by static analysis tools.
AUTOSAR & MISRA C++:2023
Synergies with C++14, C++17 & C++20
The development of safe and secure code recommendations for the use of C++17 in MISRA C++:2023 guideline was a joint effort between AUTOSAR (C++11, C++14) and MISRA (C++03), with intentions to extend into C++20. The guideline is designed to be backward-compatible with C++11 and C++14, meaning that code written in previous standards should generally compile and run correctly in C++17 environment.
The new guideline includes:
- Improved support for modern C++ features and new standard attributes, including constexpr if, structured bindings, constexpr lambdas and fold expression.
- Better compatibility with C++17 and C++20, which are the latest versions of the C++ standard
- Improved code quality and maintainability, thanks to the use of modern C++ features
- Reduced risk of errors and vulnerabilities, due to the use of safer and more secure coding practices
Why is MISRA C++:2023 critical for Safe & Secure Software?
MISRA C++:2023 guidelines are designed to enhance the safety and reliability of software. Adhering to these guidelines helps developers avoid common pitfalls and potential vulnerabilities that could compromise the integrity of critical systems.
Improved safety and security of automotive software:
The C++ standard specifies certain situations as undefined behavior, primarily to help the compiler generate more efficient code. The compiler assumes that undefined behavioral conditions never occur and can perform additional optimizations based on this assumption. This has the risk that the program will behave unexpectedly in such cases. MISRA C++ provides guidelines that directly or indirectly guard against undefined behavior.
A program that depends on the implementation-defined behavior may be hard to port to another target. An example of such behavior would be the sizeof(int), which affects the behavior of the arithmetic operations, such as all operands with narrower types being promoted before the actual operation occurs. That in the end may result in different outcomes of the arithmetic operation depending on the compilation target. MISRA C++ guidelines guard against such problems with their Standard conversion rules.
Better compliance with industry standards, regulations and references:
Many automotive safety standards, such as IEC 6108 or ISO 26262 for functional safety, can be seamlessly integrated with MISRA 2023. This compliance ensures that safety requirements are met during the development process, leading to safer automotive software systems. The new guideline used following source references to gain a fuller understanding of the rationale:
- ISO/IEC 9899:2011
- ISO/IEC/IEEE 60559:2011
- IEC 61508
- ISO 26262
- DO-178C
- MISRA Development guidelines for vehicle based software
- C Traps and Pitfalls
Adopting MISRA C++:2023 for automotive software development
Make use of static code analysis tools, which are intended to verify code compliance with MISRA standards. Automated analysis reduces the possibility that non-compliant code will infiltrate the codebase by assisting in the early identification of violations throughout the development process. A number of steps will help ensure that the software development cycle is completed in accordance with MISRA C++: 2023. Furthermore, there are systems that oversee the actual certification of the compliance.
Ensuring compliance with the new standard
Ensuring compliance with the new MISRA C++ 2023 standard involves a systematic approach to software development. Here are ways in which we can assist in achieving and maintaining compliance:
- Conduct thorough code audits and assessments to identify any deviations from MISRA C++ 2023 guidelines. This involves reviewing existing code bases and providing recommendations for achieving compliance.
- Perform risk assessments to identify potential safety and security risks in the software. Provide guidance on mitigating these risks while aligning with MISRA standards.
- Assist in selecting and integrating static code analysis tools and other development tools that support MISRA C++ 2023. Ensure that the tools are configured to effectively identify and report compliance issues.
- Assist in creating and maintaining documentation related to MISRA C++ 2023 compliance. This includes documenting coding standards, traceability matrices, and compliance reports.
- Integrate MISRA compliance checks into your CI/CD pipelines. Automated checks at each build or integration step help maintain code consistency and prevent non-compliant code from progressing through the development lifecycle.
- Offer ongoing support to address any challenges or questions that may arise after the initial implementation of MISRA C++ 2023 compliance.
Conclusion
Older coding standards, such as MISRA C++ 2008 and AUTOSAR C++ 14, do not support the new C++17 coding features and will mark your code as non-compliant. Organizations that need to suppress violations of detected C++17 features or create their own rules will not promote application security and may even hinder the organization’s migration to C++17. With the announcement of MISRA C++ 2023, organizations can now take advantage of C++17 and the guidelines needed to build high-quality C++ applications.
For safety-critical industries that require certification, meeting the certification requirements based on MISRA C++ 2023 may introduce additional challenges. Successfully addressing these challenges requires a proactive approach, including thorough training, careful planning, resource allocation, and ongoing commitment to maintaining compliance throughout the software development process. By leveraging the expertise of CS Group, organizations can benefit from specialized knowledge and resources to navigate the complexities of achieving and maintaining compliance with MISRA C++ 2023.