Testing C++17 in safety critical systems

Asked 5/7, 2018 at 6:24 Answered 10/7, 2018 at 12:47

I'm currently thinking about C++ in safety-critical software (DO-178C DAL-D) and definitions of a coding standard. I was looking at MISRA C++ which is again 10 years old and misses all the C++11…17 features.

While being conservative regarding safety is often not a bad idea, the new language features might be beneficial to safety.

During reviews one has to argue about why you made certain decisions. And one can always argue that the new language features make the code clearer …thus fewer errors regarding misunderstandings; especially if the compiler is able to test and verify your assumptions.

But it is hard to find language features that carry the safety aspects more prominently than "make things clearer". What aspects of modern C++ really help regarding safety?

I'm setting up a small exercise project to test these ideas and currently totally focused on the "let the compiler check your assumptions". For example, we have just started to use [[nodiscard]] and found at least two bugs this way within the first hour. But what aspects of modern c++ were designed and shall be used with safety in mind?

Sculpture answered 5/7, 2018 at 6:24 Comment(2)

Google "AUTOSAR C++" – Mcpeak 5/7, 2018 at 7:31

This isn't specific to c++17, but keeping your build-chain reasonably up to date would provide additional safety. Additional compiler warnings and static analysis tools are always getting better. Keeping those up to date would only make it easier to support future versions. – Ski 5/7, 2018 at 7:34

These come to my mind first :

atomic and memory_model : they allow writing portable code in concurrent / lockfree contexts.
unique_ptr : helps simplify memory handling
override lets you find bugs at compile time.
constexpr if makes the code be written closer to where it is used, which helps writing less bugs (sometimes, to specialize a behaviour according to a template parameter, you would write a class with n specializations. Now you can use if constexpr with n branches instead).

etc... in a way, considering the benefits on code clarity and portability, I think every feature of C++11/14/17 helps.

Molal answered 5/7, 2018 at 7:26 Comment(0)

And one can always argue that the new language features make the code clearer …thus fewer errors regarding misunderstandings; especially if the compiler is able to test and verify your assumptions.

In my not so humble opinion, there are few language features, that is, standard general purpose programming language features that both, fall outside of the allowed standards AND are worth the time and energy to argue your way through in an assessment. If you are aiming for a higher level of abstraction (which is a good thing also for safety, although you'll hardly find anyone openly admitting this, because it would render half of the safety industry unemployed and the other half severly outdated) then you'd be better off to resort to a domain specific language and put the effort in a flawless compilation (to source) to a standard conforming platform. If you don't work in an engineering culture which allows this, then you can resort to some of the patches that the other answer here proposes, but it is always difficult to convincingly transport the intention and meaning of non-specific measures to other safety engineers (a dedicated domain specific language is much easier both to support or object).

That said I think the advances in parallel programming of modern C++ will find their way into the standards relatively quickly.

Sleave answered 10/7, 2018 at 12:47 Comment(0)

Recommended topics

Hot tags