Guidelines For The Use Of The C 14 Language In Critical And Safety . PDF Free Download

1y ago

28 Views

1 Downloads

3.73 MB

510 Pages

Report/dmca

Download PDF

Transcription

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10Document TitleGuidelines for the use of theC 14 language in critical andsafety-related systemsDocument OwnerAUTOSARDocument ResponsibilityAUTOSARDocument Identification No839Document StatusFinalPart of AUTOSAR StandardAdaptive PlatformPart of Standard Release18-10Document Change HistoryDate2018-10-312018-03-292017-10-271 of 510Release18-1018-0317-10Changed byDescriptionAUTOSARReleaseManagement Added traceability for ISO 26262(B.6) New rules resulting from continuedanalysis of the C Core Guideline Finished addressing MISRA reviewcomments of the 2017-03 release Improvements of already existingrules, more details in the Changelog(D.3) Marked the specification as obsoleteAUTOSARReleaseManagement New rules resulting from the analysisof JSF, HIC, CERT, C CoreGuideline Improvements of already existingrules, more details in the Changelog(D.2) Covered smart pointers usage Reworked checked/uncheckedexception definitions and rulesAUTOSARReleaseManagement Updated traceability for HIC, CERT,C Core Guideline Partially included MISRA review ofthe 2017-03 release Changes and fixes for existing rules,more details in the Changelog (D.1)Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-102017-03-312 of 51017-03AUTOSARReleaseManagement Initial releaseDocument ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10DisclaimerThis work (specification and/or software implementation) and the material contained init, as released by AUTOSAR, is for the purpose of information only. AUTOSAR and thecompanies that have contributed to it shall not be liable for any use of the work.The material contained in this work is protected by copyright and other types ofintellectual property rights. The commercial exploitation of the material contained inthis work requires a license to such intellectual property rights.This work may be utilized or reproduced without any modification, in any form or byany means, for informational purposes only. For any other purpose, no part of the workmay be utilized or reproduced, in any form or by any means, without permission inwriting from the publisher.The work has been developed for automotive applications only. It has neither beendeveloped, nor tested for non-automotive applications.The word AUTOSAR and the AUTOSAR logo are registered trademarks.3 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10Contents1 Background92 The vision2.12.210Rationale for the production of AUTOSAR C 14 . . . . . . . . . . . .Objectives of AUTOSAR C 14 . . . . . . . . . . . . . . . . . . . . . .3 Scope3.13.2101012Allowed features of C language . . . . . . . . . . . . . . . . . . . . .Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12144 Using AUTOSAR C 14165 Introduction to the rules175.15.25.35.45.55.65.7Rule classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.1.1Rule classification according to compatibility with MISRA . .5.1.2Rule classification according to obligation level . . . . . . . .5.1.3Rule classification according to enforcement by static analysis5.1.4Rule classification according to allocated target . . . . . . . .Organization of rules . . . . . . . . . . . . . . . . . . . . . . . . . . . .Exceptions to the rules . . . . . . . . . . . . . . . . . . . . . . . . . . .Redundancy in the rules . . . . . . . . . . . . . . . . . . . . . . . . . .Presentation of rules . . . . . . . . . . . . . . . . . . . . . . . . . . . .Understanding the issue references . . . . . . . . . . . . . . . . . . . .Scope of rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 AUTOSAR C 14 coding rules6.0Language independent issues . . . .6.0.1Unnecessary constructs . .6.0.2Storage . . . . . . . . . . .6.0.3Runtime failures . . . . . .6.0.4Arithmetic . . . . . . . . . .6.1General . . . . . . . . . . . . . . . .6.1.1Scope . . . . . . . . . . . .6.1.2Normative references . . .6.1.4Implementation compliance6.2Lexical conventions . . . . . . . . . .6.2.3Character sets . . . . . . .6.2.5Alternative tokens . . . . .6.2.7Comments . . . . . . . . .6.2.8Header names . . . . . . .6.2.10Identifiers . . . . . . . . . .6.2.11Keywords . . . . . . . . . .6.2.13Literals . . . . . . . . . . .6.3Basic concepts . . . . . . . . . . . .4 of 38404344494954Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-106.46.56.66.76.86.95 of 5106.3.1Declarations and definitions . . . . . . . . . . . . .6.3.2One Definition Rule . . . . . . . . . . . . . . . . .6.3.3Scope . . . . . . . . . . . . . . . . . . . . . . . . .6.3.4Name lookup . . . . . . . . . . . . . . . . . . . . .6.3.8Object lifetime . . . . . . . . . . . . . . . . . . . .6.3.9Types . . . . . . . . . . . . . . . . . . . . . . . . .Standard conversions . . . . . . . . . . . . . . . . . . . . .6.4.5Integral promotions . . . . . . . . . . . . . . . . .6.4.7Integral conversion . . . . . . . . . . . . . . . . . .6.4.10Pointer conversions . . . . . . . . . . . . . . . . .Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.0General . . . . . . . . . . . . . . . . . . . . . . . .6.5.1Primary expression . . . . . . . . . . . . . . . . .6.5.2Postfix expressions . . . . . . . . . . . . . . . . .6.5.3Unary expressions . . . . . . . . . . . . . . . . . .6.5.5Pointer-to-member . . . . . . . . . . . . . . . . . .6.5.6Multiplicative operators . . . . . . . . . . . . . . .6.5.8Shift operators . . . . . . . . . . . . . . . . . . . .6.5.10Equality operators . . . . . . . . . . . . . . . . . .6.5.14Logical AND operator . . . . . . . . . . . . . . . .6.5.16Conditional operator . . . . . . . . . . . . . . . . .6.5.18Assignment and compound assignment operation6.5.19Comma operator . . . . . . . . . . . . . . . . . . .6.5.20Constant expression . . . . . . . . . . . . . . . . .Statements . . . . . . . . . . . . . . . . . . . . . . . . . . .6.6.2Expression statement . . . . . . . . . . . . . . . .6.6.3Compound statement or block . . . . . . . . . . .6.6.4Selection statements . . . . . . . . . . . . . . . .6.6.5Iteration statements . . . . . . . . . . . . . . . . .6.6.6Jump statements . . . . . . . . . . . . . . . . . . .Declaration . . . . . . . . . . . . . . . . . . . . . . . . . . .6.7.1Specifiers . . . . . . . . . . . . . . . . . . . . . . .6.7.2Enumeration declaration . . . . . . . . . . . . . .6.7.3Namespaces . . . . . . . . . . . . . . . . . . . . .6.7.4The asm declaration . . . . . . . . . . . . . . . . .6.7.5Linkage specification . . . . . . . . . . . . . . . .6.7.6Attributes . . . . . . . . . . . . . . . . . . . . . . .Declarators . . . . . . . . . . . . . . . . . . . . . . . . . . .6.8.0General . . . . . . . . . . . . . . . . . . . . . . . .6.8.2Ambiguity resolution . . . . . . . . . . . . . . . . .6.8.3Meaning of declarators . . . . . . . . . . . . . . .6.8.4Function definitions . . . . . . . . . . . . . . . . .6.8.5Initializers . . . . . . . . . . . . . . . . . . . . . . .Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.9.3Member function . . . . . . . . . . . . . . . . . . .6.9.5Unions . . . . . . . . . . . . . . . . . . . . . . . 2152152153153171179179182Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-106.9.6Bit-fields . . . . . . . . . . . . . . . . . .6.10 Derived Classes . . . . . . . . . . . . . . . . . . . .6.10.0General . . . . . . . . . . . . . . . . . . .6.10.1Multiple base Classes . . . . . . . . . . .6.10.2Member name lookup . . . . . . . . . . .6.10.3Virtual functions . . . . . . . . . . . . . .6.10.4Abstract Classes . . . . . . . . . . . . . .6.11 Member access control . . . . . . . . . . . . . . . .6.11.0General . . . . . . . . . . . . . . . . . . .6.11.3Friends . . . . . . . . . . . . . . . . . . .6.12 Special member functions . . . . . . . . . . . . . .6.12.0General . . . . . . . . . . . . . . . . . . .6.12.1Constructors . . . . . . . . . . . . . . . .6.12.4Destructors . . . . . . . . . . . . . . . . .6.12.6Initialization . . . . . . . . . . . . . . . . .6.12.7Construction and destructions . . . . . .6.12.8Copying and moving class objects . . . .6.13 Overloading . . . . . . . . . . . . . . . . . . . . . .6.13.1Overloadable declarations . . . . . . . .6.13.2Declaration matching . . . . . . . . . . .6.13.3Overload resolution . . . . . . . . . . . .6.13.5Overloaded operators . . . . . . . . . . .6.13.6Build-in operators . . . . . . . . . . . . .6.14 Templates . . . . . . . . . . . . . . . . . . . . . . .6.14.0General . . . . . . . . . . . . . . . . . . .6.14.1Template parameters . . . . . . . . . . .6.14.5Template declarations . . . . . . . . . . .6.14.6Name resolution . . . . . . . . . . . . . .6.14.7Template instantiation and specialization6.14.8Function template specializations . . . .6.15 Exception handling . . . . . . . . . . . . . . . . . .6.15.0General . . . . . . . . . . . . . . . . . . .6.15.1Throwing an exception . . . . . . . . . .6.15.2Constructors and destructors . . . . . . .6.15.3Handling an exception . . . . . . . . . . .6.15.4Exception specifications . . . . . . . . . .6.15.5Special functions . . . . . . . . . . . . . .6.16 Preprocessing directives . . . . . . . . . . . . . . .6.16.0General . . . . . . . . . . . . . . . . . . .6.16.1Conditional inclusion . . . . . . . . . . . .6.16.2Source file inclusion . . . . . . . . . . . .6.16.3Macro replacement . . . . . . . . . . . .6.16.6Error directive . . . . . . . . . . . . . . .6.16.7Pragma directive . . . . . . . . . . . . . .6.17 Library introduction - partial . . . . . . . . . . . . .6.17.1General . . . . . . . . . . . . . . . . . . .6 of 276287291301309318318321321324325326326326Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-106.186.196.206.216.236.256.276.17.2The C standard library . . . . . . .6.17.3Definitions . . . . . . . . . . . . .6.17.6Library-wide requirements . . . .Language support library - partial . . . . . .6.18.0General . . . . . . . . . . . . . . .6.18.1Types . . . . . . . . . . . . . . . .6.18.2Implementation properties . . . .6.18.5Dynamic memory management .6.18.9Other runtime support . . . . . . .Diagnostics library - partial . . . . . . . . . .6.19.4Error numbers . . . . . . . . . . .General utilities library - partial . . . . . . .6.20.8Smart pointers . . . . . . . . . . .Strings library . . . . . . . . . . . . . . . . .6.21.8Null-terminated sequence utilitiesContainers library - partial . . . . . . . . . .6.23.1General . . . . . . . . . . . . . . .Algorithms library . . . . . . . . . . . . . . .6.25.1General . . . . . . . . . . . . . . .6.25.4Sorting and related operations . .6.26.5Random number generation . . .Input/output library - partial . . . . . . . . .6.27.1General . . . . . . . . . . . . . . 703723723753763783787 References383A Allocation of rules to work products385A.1A.2A.3A.4A.5A.6A.7A.8A.9Rules allocated to architecture . . .Rules allocated to design . . . . .Rules allocated to toolchain . . . .Rules allocated to infrastructure . .Rules allocated to analysis . . . . .Rules allocated to hardware . . . .Rules allocated to management . .Rules allocated to verification . . .Rules allocated to implementation .B Traceability to existing standardsB.1B.2B.3B.4B.5B.6Traceability to MISRA C :2008 . .Traceability to HIC v4.0 . . . . .Traceability to JSF . . . . . . . . .Traceability to SEI CERT C . . .Traceability to C Core GuidelinesTraceability to ISO 26262 . . . . . .C Glossary7 of 95503Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10D ChangelogD.1D.2D.38 of 510Release 17-10Release 18-03Release 18-10509. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-101BackgroundSee chapter 1. Background" in MISRA C :2008, which is applicable for this documentas well.This document specifies coding guidelines for the usage of the C 14 language asdefined by ISO/IEC 14882:2014 [3], in the safety-related and critical systems. Themain application sector is automotive, but it can be used in other embedded applicationsectors.This document is defined as an update of MISRA C :2008 [7]. The rules that areadopted from MISRA C without modifications, are only referred in this documentby ID and rule text, without repeating their complete contents. Therefore, MISRAC :2008 is required prerequisite for the readers of this document. MISRA C :2008can be purchased over MISRA web store. The reference to the adopted MISRAC :2008 rules is not considered as a reproduction of a part of MISRA C :2008.Most of the rules are automatically enforceable by static analysis. Some are partiallyenforceable or even non-enforceable and they need to be enforced by a manual codereview.Most of the rules are typical coding guidelines i.e. how to write code. However, forthe sake of completeness and due to the fact that some rules are relaxed with respectto MISRA C :2008 (e.g. exceptions and dynamic memory is allowed), there arealso some rules related to compiler toolchain and process-related rules concerninge.g. analysis or testing.This document is not about the style of code in a sense of naming conventions, layoutor indentation. But as there are several C code examples, they need some form ofstyle guide convention. Therefore, the code examples are written in a similar way likethe MISRA C :2008 code examples.9 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-102The vision2.1Rationale for the production of AUTOSAR C 14Currently, no appropriate coding standards for C 14 or C 11 exist for the usein critical and safety-related software. Existing standards are incomplete, coveringold C versions or not applicable for critical/safety-related. In particular, MISRAC :2008 does not cover C 11/14. Therefore this document is to cover this gap.MISRA C :2008 is covering the C 03 language, which is 13 years old at the time ofwriting this document. In the meantime, the market evolved, by:1. substantial evolution/improvement of C language2. more widespread use of object-oriented languages in safety-related and criticalenvironments3. availability of better compilers4. availability of better testing, verification and analysis tools appropriate for C 5. availability of better development methodologies (e.g. continuous integration) thatallow to detect/handle errors earlier6. higher acceptance of object-oriented languages by safety engineers and7. strong needs of development teams for a powerful C language features8. creation of ISO 26262 safety standard, which HIC , JSF , CERT C , C Core GuidelinesAs a result, MISRA C :2008 requires an update. This document is therefore anadd-on on MISRA and it specifies:1. which MISRA rules are obsolete and do not need to be followed2. a number of updated MISRA rules (for rules that only needed someimprovements)3. several additional rules.Moreover, at the time of writing, MISRA C :2008 was already not complete / fullyappropriate. For example, it completely disallows dynamic memory, standard librariesare not fully covered, security is not covered.2.2Objectives of AUTOSAR C 14This document specifies coding guidelines for the usage of the C 14 language, inthe safety-related and critical environments, as an update of MISRA C :2008, basedon other leading coding standards and the research/analysis done by AUTOSAR. The10 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10main application sector is automotive, but it can be used in other embedded applicationsectors.The AUTOSAR C 14 Coding Guidelines addresses high-end embedded microcontrollers that provide efficient and full C 14 language support, on 32 and 64 bitmicro-controllers, using POSIX or similar operating systems.For the ISO 26262 clauses allocated to software architecture, unit design andimplementation, the document provides an interpretation of how these clauses applyspecifically to C .11 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-103ScopeSee also chapter "3. Scope" in MISRA C :2008, which is applicable for this documentas well.This document specifies coding guidelines for the usage of the C 14 language asdefined by ISO/IEC 14882:2014 [3], in the safety-related and critical environments, asan update of MISRA C :2008. The main application sector is automotive, but it canbe used in other embedded application sectors.The document is built using the MISRA C :2008 document structure, document logicand convention and formatting. Each rule is specified using the MISRA C :2008pattern and style.Several rules from MISRA C :2008 were adopted without modifications. See B.1 forthe comparison. The adopted MISRA rules are only referenced by ID and title, withoutproviding the full contents. The inclusion of ID and of the rule title for the adopted rulesis considered not be a "reproduction".Several other coding standards and resources are referenced in this document or usedas a basis of the rules in this document:1. Joint Strike Fighter Air Vehicle C Coding Standards [8]2. High Integrity C Coding Standard Version 4.0 [9]3. CERT C Coding Standard [10]4. C Core Guidelines [11]5. Google C Style Guide [12]3.1Allowed features of C languageThis document allows most of C language features, but with detailed restrictions, asexpressed by the rules. This has an important impact on the compiler toolchains, aswell as other software development tools, as these tools need to provide a full supportof the C features (as long as these features are used in accordance to the codingguidelines).The document allows in particular the usage of dynamic memory, exceptions,templates, inheritance and virtual functions. On the other side, the compiler toolchainneeds to provide them correctly. In most cases, this requires a tool qualification.The explanatory summary table 3.1 lists features introduced in C 11 and C 14and it also summarizes pre-C 11 features, together with their support by the codingstandard.12 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10Category:6.0 LanguageissuesFeature:Since:May beused:Shall notbe used:Dynamic memory managementFloating-point arithmetic-XXOperators new and deletemalloc and free functions-XSized deallocationC 11XNamespaces-XFixed width integer typesC 11XNullptr pointer literalC 11XC-style casts-Xconst cast conversion-Xdynamic cast conversion-Xreinterpret cast conversion-Xstatic cast conversionLambda expressionsBinary literalsC 11C 14XXXRange-based for loopsgoto statementC 11-Xconstexpr specifierauto specifierdecltype specifierGeneric lambda expressionsTrailing return type syntaxReturn type deductionC 11C 11C 11C 14C 11C 14XXXXXtypedef specifier-using specifierScoped enumerationsstd::initializer listasm declarationC 11C 11C 11-XXXDefault argumentsVariadic arguments-Xindependent6.1 GeneralX6.2 Lexical conventions6.3 Basic Concepts6.4 Standard Conversions6.5 Expressions6.6 StatementsX6.7 DeclarationXXX6.8 Declarators13 of 510XDocument ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-10List initializationC 11XUnions-Bit-fields-XInheritanceMultiple inheritance-XVirtual functionsoverride specifierfinal specifierC 11C 11XXXfriend declaration-Defaulted and deleted functionsDelegating constructorsMember initializer listsNon-staticdatamemberinitializerexplicit specifierMove semanticsC 11C 11C 11XXXXC 11XXUser-defined literalsDigit sequences separators ’C 11C 14XXVariadic templatesVariable templatesC 11C 14XXExceptionsFunction-try-blocks-XDynamic exception specification-noexcept specifierC 11XStatic assertionImplementationbehaviorcontroldirective)C 11-X6.9 ClassesX6.10 Derived ClassesX6.11 Member Access ControlX6.12 Special Member Functions6.13 Overloading6.14 Templates6.15 Exception HandlingXX6.16 Preprocessing Directivesdefined(#pragmaXTable 3.1: C 14 features3.2LimitationsIn the current release, the following are known limitations:1. The rule set for parallel computing is not provided14 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-102. The rule set for security (as long as it is not common to critical software or safetyrelated software) is not provided3. The rule set for C standard libraries is partial (incomplete)4. All remaining non-analyzed rules from CERT and HIC are concurrency/securityrelated5. The traceability to C Core Guidelines contains some non-analyzed rulesThe limitations will be addressed in future versions of this document.If the user of this document uses parallel computing, C standard libraries or developssecurity-related software, then they are responsible to apply their own guidelines forthese topics.Further analysis of the following rules will be made for a future release: A2-10-1, A51-8, A7-1-3, A7-1-5, A12-1-1, A12-1-2, A12-1-3, A12-4-1, A12-4-2, A13-5-3, A14-7-1,A16-0-1, A16-2-2, A16-7-1, A17-1-1, A18-9-2, A27-0-2, A27-0-4.15 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-104Using AUTOSAR C 14See chapter "4. Using MISRA C " in MISRA C :2008, which is applicable for thisdocument as well.16 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-105Introduction to the rules5.15.1.1Rule classificationRule classification according to compatibility with MISRAThe rules in this document are defined as a “delta” to MISRA C :2008. Therefore,the rules are of two types from this perspective:5.1.2Rule classification according to obligation levelThe rules are classified according to obligation level: required: These are mandatory requirements placed on the code. C code thatis claimed to conform to AUTOSAR C 14 shall comply with every “Required”rule. Formal deviations must be raised where this is not the case. advisory: These are requirements placed on the code that should normallybe followed. However they do not have the mandatory status of “Required”rules. Note that the status of “Advisory” does not mean that these items canbe ignored, but that they should be followed as far as is reasonably practical.Formal deviations are not necessary for “Advisory” rules, but may be raised if itis considered appropriate.5.1.3Rule classification according to enforcement by static analysisThe rules are classified according to enforcement by static code analysis tools: automated: These are rules that are automatically enforceable by means of staticanalysis. partially automated: These are the rules that can be supported by static codeanalysis, e.g. by heuristic or by covering some error scenarios, as a support fora manual code review. non-automated: These are the rules where the static analysis cannot provide anyreasonable support by a static code analysis and they require other means, e.g.manual code review or other tools.Most of the rules are automatically enforceable by a static analysis. A static codeanalysis tool that claims a full compliance to this standard shall fully check all“enforceable static analysis” rules and it shall check the rules that are “partiallyenforceable by static analysis” to the extent that is possible/reasonable.The compliance to all rules that are not “enforceable by static analysis” shall be ensuredby means of manual activities like review, analyses.17 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-105.1.4Rule classification according to allocated targetFinally, the rules are classified according to the target: implementation: These are the rules that apply to the implementation of theproject (code and to software design and architecture). verification: These are the rules that apply to the verification activities (e.g. codereview, analysis, testing). toolchain: These are the rules that apply to the toolchain (preprocessor, compiler,linker, compiler libraries). infrastructure: These are the rules that apply to the operating system and thehardware.5.2Organization of rulesThe rules are organized in chapter 6, similar to the structure of ISO/IEC 14882:2014document. In addition, rules that do not fit to this structure are defined in chapter 6.0.5.3Exceptions to the rulesSome rules contain an Exception section that lists one or more exceptional conditionsunder which the rule need not be followed. These exceptions effectively modify theheadline rule.5.4Redundancy in the rulesThere are a few cases within this document where rules are partially overlapping(redundant). This is intentional.Firstly, this approach brings often more clarity and completeness. Secondly, it isbecause several redundant rules are reused from MISRA C :2008. Third, it may bethat the developer chooses to raise a deviation against one of the partially overlappingrules, but not against others.For example, goto statement is prohibited by rule A6-6-1 and the usage of goto isrestricted by rules M6-6-1 and M6-6-2 that are overlapping to A6-6-1. So if thedeveloper decides to deviate from A6-6-1, they can still comply to M6-6-1 and M6-6-2.18 of 510Document ID 839: AUTOSAR RS CPP14Guidelines— AUTOSAR CONFIDENTIAL —

Guidelines for the use of the C 14 language incritical and safety-related systemsAUTOSAR AP Release 18-105.5Presentation of rulesThe individual rules are presented in the format similar to the format of MISRAC :2008.5.6Understanding the issue referencesIn this document release, references to C Language Standard are not provided.5.7Scope of rulesWhile the majority of rules can be applied within a single translation unit, all rules shallbe applied with the widest possible interpretation.In general, the intent is that all the rules shall be applied to templates. However, somerules are only meaningful for instantiated templates.Unless otherwise specified, all rules shall apply to implicitly-declared or implicitlydefined special member functions (e.