0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

AUTOSAR CountdownAdvent Calendar 2022

Day 16

Guidelines for the use of the C++14 language in critical and safety-related systems, No.839 , AUTOSAR 21-11 (36) AP

Last updated at Posted at 2022-05-05

Guidelines for the use of the C++14 language in critical and safety-related systems, No.839 , 2021-11

他の文書は、改定がなくても新しい文書としてNoChangeで発行する。C++は2019年からNoChangeでは発行していない。ただし、最新の文書で検索すると出てくる。

一覧はこちら。

AUTOSAR R21-11(0) 仕様ダウンロード一覧。単語帳。参考文献資料作成

ソースコードをコンパイルしてみた報告一覧はこちら。

Autosar Guidelines C++14 example code compile list(1-169)

用語(terms)

Term Description
Real-time application (RTA) A real-time application is a program that guarantees response within defined time constraints. The latency must be less than a defined value, usually measured in seconds or milliseconds. Whether or not a given application program qualifies as an RTA depends on the worst-case execution time (WCET) - themaximum length of time a defined task requires on a given hardware platform.
MISRA Motor Industry Software Reliability Association.
HIC++ High Integrity C++ Coding Standard.
cvalue expression An expression that should not undergo further conversions, either implicitly or explicitly, is called a cvalue expression.
Ownership Ownership of a resource means that the resource’s lifetime is fully managed by the single class instance or tied with the class instance lifetime. See also: chapter 6.18.5
One definition rule The rule states that: There shall be one and only one definition of any variable, function, class type, enumeration type, or template in a translation unit. Some of these may have multiple declarations, but only one definition is allowed. There shall be one and only one definition of every noninline function or variable that is odr-used in the entire program. An inline function definition is required in every translation unit where it is odr-used. There shall be one and only one definition of a class in any translation unit where the class is used in a way that requires it to be complete. There can be more than one definition of any class, enumeration type, inline function with external linkage, class template, non-static function template, static data member of a class template, member function of a class template, partial template specialization in a program, as long as all of the following is true: – each definition consists of the same sequence of tokens (typically, appears in the same header file) – name lookup from within each definition finds the same entities (after overload-resolution), except that constants with internal or no linkage may refer to different objects as long as they are not ODR-used and have the same values in every definition. – overloaded operators, including conversion, allocation, and deallocation functions refer to the same function from each definition (unless referring to one defined within the definition) – the language linkage is the same (e.g. the include file isn’t inside an extern “C” block) – the three rules above apply to every default argument used in each definition – if the definition is for a class with an implicitlydeclared constructor, every translation unit where it is odr-used must call the same constructor for the base and members – if the definition is for a template, then all these requirements apply to both names at the point of definition and dependent names at the point of instantiation If all these requirements are satisfied, the program behaves as if there is only one definition in the entire program. Otherwise, the behavior is undefined.
ODR-use An object is odr-used if its address is taken, or a reference is bound to it. A function is odr-used if a function call to it is made or its address is taken.
POD Type POD (Plain Old Data) type is the type that is compatible with types used in the C programming language, can be manipulated using C library functions, and can be exchanged with C libraries directly in its binary form.
Trivially Copyable Class A class (C++ Language Standard [3], chapter 9): where each copy constructor, move constructor, copy assignment operator, move assigment operator is either deleted or trivial that has at least one non-deleted copy constructor, move constructor, copy assignment operator, or move assignment operator, and that has a trivial, non-deleted destructor
Standard-Layout Class A class that (C++ Language Standard [3], chapter 9): has no non-static data members of type non-standardlayout class (or array of such types) or reference has no virtual functions and no virtual base classes has the same access control for all non-static data members has no non-standard-layout base classes has at most one base class subobject of any given type has all non-static data members and bit-fields in the class and its base classes first declared in the same class has no element of the set M(X) of types as a base class where M(X) is defined as follows: – If X is a non-union class type, the set M(X) is empty if X has no (possibly inherited) non-static data members; otherwise, it consists of the type of the first non-static data member of X (where said member may be an anonymous union), X0, and the elements of M(X0). – If X is a union type, the set M(X) is the union of all M(Ui) and the set containing all Ui, where each Ui is the type of the i-th non-static data member of X. – If X is a non-class type, the set M(X) is empty.
Dataflow Anomaly The state of a variable at a point in a program can be described using the following terms: Undefined (U): The value of the variable is indeterminate. Referenced (R): The variable is used in some way (e.g. in an expression). Defined (D): The variable is explicitly initialized or assigned a value. Given the above, the following dataflow anomalies can be defined: UR dataflow anomaly: Variable not assigned a value before the specified use (this may result in undefined behavior). DU dataflow anomaly: Variable is assigned a value that is never subsequently used. DD dataflow anomaly: Variable is assigned a value twice with no intermediate use.
Dead Code Dead code (also known as redundant code) consists of evaluated expressions whose removal would not affect the output program.
Unreachable Code Unreachable code is code to which there is no syntactic (control flow) path, e.g. a function which is never called, either directly or indirectly.
Diamond Problem The “diamond problem” is an ambiguity that arises when two classes B and C inherit from A, and class D inherits from both B and C. If there is a method provided by class A, that is overriden in both B and C and D does not override it, then there is an ambiguity which version of the method does D actually inherit. See: Wikipedia.org for more details.
Interface class An interface class is a class which has following properties: if there are any, all member functions are public pure virtual if there are any, all data members are public static constexpr
Extended precision format The IEEE Standard for Floating-Point Arithmetic (IEEE 754) specifies extended precision formats, that are recommended for allowing a greater precision format than that provided by the basic formats. For an extended format the exponent range must be as great as that of the next wider basic format. For instance, 64-bit extended precision binary number must have an “exponent max” of at least 16383, which is equal to “exponent max” of 128- bit binary floating-point. The 80-bit extended format meets this requirement.
Fundamental types C++ built-in types defined in C++ Language Standard [3] in chapter 3.9.1, e.g. char, signed char, unsigned char, int, long long int, wchar_t, bool, float, double, void, std::nullptr_t, etc.
Scalar types The following types are scalar types: integral types floating point types pointers and pointers to members enumerations std::nullptr_t
glvalue A glvalue is an expression whose evaluation determines the identity of an object, bit-field, or function.
xvalue An xvalue refers to an object, usually near the end of its lifetime, so that its resources may be moved.
prvalue A prvalue is an expression whose evaluation initializes an object or a bit-field, or computes the value of the operand of an operator.
rvalue An rvalue is an xvalue or a prvalue.
lvalue An lvalue is a glvalue that is not an xvalue.
Implicitly-defined default constructor Implicitly-defined default constructor calls default constructors of its base classes and non-static data members. It has exactly the same effect as a user-defined constructor with empty body and empty initializer list.
Implicitly-defined copy constructor Implicitly-defined copy constructor of a class type (class or struct) performs full member-wise copy of the object’s bases and nonstatic data members, in their initialization order, using direct initialization.
Implicitly-defined move constructor Implicitly-defined move constructor of a class type (class or struct) performs full member-wise move of the object’s bases and non-static members, in their initialization order, using direct initialization with an xvalue argument.
Implicitly-defined copy assignment operator Implicitly-defined copy assignment operator of a class type (class or struct) performs full member-wise copy assignment of the object’s bases and non-static data members, in their initialization order, using built-in assignment for the scalars and copy assignment operator for class types.
Implicitly-defined move assignment operator Implicitly-defined move assignment operator of a class type (class or struct) performs full member-wise move assignment of the object’s direct bases and immediate non-static data members, in their initialization order, using built-in assignment for the scalars, member-wise move-assignment for arrays, and move assignment operator for class types (called non-virtually).
Implicitly-defined destructor Implicitly-defined destructor has an empty body. After the body of the destructor is executed, the destructors for all non-static nonvariant data members of the class are called, in reverse order of declaration. Then it calls destructors of all direct non-virtual base classes, in reverse order of construction, and then it calls the destructors of all virtual bases.
Is-a relationship Subsumption relationship between types. If one class B is a subclass of another class A (i.e. B is a more specialized concept than A), then B class specification implies A class specification and a B class object can be used for any expression that requires an A class object.
Has-a relationship Composition relationship where one object is a part or member of another object with respect to the rules of ownership.
Single point of exit Approach background: IEC 61508 [19], as one of methods for providing modular approach. ISO26262 part 6 [5] with the requirement for ASIL A-D. MISRA-C++ 2008 with the rule M6-6-5. AUTOSAR Coding Guidelines consider that the only reason for such an approach is improving robustness of resource handling, e.g. ensuring that resources are properly released in case of an early exit from the function. However, it is fully ensured by other rules existing in the document that: enforce usage of smart pointers and memory management objects for expressing lifetime semantics (A18-5-2) enforce allocate local objects on stack (A18-5-8) recommend usage of RAII (A15-1-4, A18-5-2) Single point of exit is considered to decrease code readability and will not bring any additional benefits for improving coding standards, thus it is not enforced by the AUTOSAR Coding Guidelines.

英日

日本語は仮訳

no. count word 日本語
1 5014 a 一つの
2 3682 the その
3 2736 of
4 2035 std standard(短縮名)
5 2015 c c
6 1699 to
7 1610 and
8 1591 in
9 1460 not ない
10 1425 be です
11 1370 is です
12 1261 guidelines 指針
13 1240 for にとって
14 1174 compliant 準拠
15 1143 rule 規則
16 1140 autosar AUTomotive Open System Architecture(短縮名)
17 1022 _t _t
18 966 use 使用する
19 911 shall しなければならない
20 905 int integer(短縮名)
21 807 non 非(接頭辞)
22 803 m m
23 780 class
24 749 id identifier, 識別子(短縮名)
25 739 an
26 714 differences 違い
27 713 or また
28 704 that それ
29 682 no いいえ
30 662 type
31 633 language 言語
32 631 required 必要
33 579 function 働き
34 578 related 関連している
35 576 document 資料
36 558 f f
37 556 see 見る
38 554 safety 安全性
39 554 void 空所
40 545 small 小さい
41 544 implementation 実装
42 543 release 公開
43 524 critical 致命的
44 523 used 使用済み
45 521 systems
46 510 ap adaptive platform(短縮名)
47 509 autosar_rs_cpp autosar_rs_cpp
48 509 confidential 信頼
49 495 if もしも
50 494 include 含む
51 487 const constant(短縮名)
52 482 b b
53 459 except それ外
54 459 with
55 456 by により
56 451 x x
57 448 it それ
58 435 this これ
59 431 are それは
60 411 exception 例外
61 407 t t
62 401 automated 自動化
63 397 as なので
64 392 return 戻る
65 374 cpp c plus plus(短縮名)
66 371 e e
67 362 also また
68 360 operator 操作者
69 340 object 物体
70 337 only それだけ
71 327 public 公衆
72 307 av av
73 302 example
74 298 from から
75 289 functions 関数
76 285 i
77 280 uint unsigned integer(短縮名)
78 278 do 行う
79 278 rejected 拒否した
80 276 rationale 理論的根拠
81 275 will 意思
82 273 misra Motor Industry Software Reliability Association(短縮名)
83 263 all すべて
84 263 v v
85 260 standard 標準
86 259 error 誤り
87 255 pointer 指示子
88 255 z z
89 251 name 名前
90 246 defined 定義済み
91 239 on の上
92 238 default 既定値
93 232 using 使って
94 230 code 符号
95 225 template 雛形
96 222 memory 記憶装置
97 217 d d
98 216 new 新着
99 216 should したほうがいい
100 214 can できる

参考(reference)

bibliographyとして一覧を示している。

ISO/IEC 14882:2003, The C++ Standard Incorporating Technical Corrigendum 1, International Organization for Standardization, 2003.
ISO/IEC 14882:2011, ISO International Standard ISO/IEC 14882:2011(E) - Programming
Language C++, International Organization of Standardization, 2011.
ISO/IEC 14882:2014, ISO International Standard ISO/IEC 14882:2014(E) - Programming
Language C++, International Organization for Standardization, 2016.
ISO 26262-6, Road vehicles - Functional safety - Part 6: Product development at the software level, International Organization for Standardization, 2011.
ISO 26262-6, Road vehicles - Functional safety - Part 6: Product development at the software level, International Organization for Standardization, 2011.
ISO 26262-8, Road vehicles - Functional safety - Part 8: Supporting processes,
International Organization for Standardization, 2011.
MISRA C++:2008 Guidelines for the use of the C++ language in critical systems, The
Motor Industry Software Reliability Association, 2008.
Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program, Document Number 2RDU00001 Rev C, Lockheed
Martin Corporation, 2005.
High Integrity C++ Coding Standard Version 4.0, Programming Research Ltd, 2013.
Software Engineering Institute CERT C++ Coding Standard, Software Engineering
Institute Division at Carnegie Mellon University, 2016.
Bjarne Stroustrup, Herb Sutter, C++ Core Guidelines, 2017.
Google C++ Style Guide, Google, 2017.
Scott Meyers, Effective Modern C++, ISBN: 978-1-491-90399-5, O’Reilly, 2015.
Bjarne Stroustrup, The C++ Programming Language, Fourth Edition, ISBN: 978-
0-321-56384-2, Addison-Wesley, 2013.
Joshua Bloch, Effective Java, Second Edition, ISBN: 978-0321356680, AddisonWesley, 2008
cppreference.com, online reference for the C and C++ languages and standard
libraries, 2017
stackoverflow.com, community of programmers, 2017
open-std.org, site holding a number of web pages for groups producing open
standards, 2017
IEC 61508-3, Functional safety of electrical/electronic/programmable electronic
safety-related systems – Annex C, Overview of techniques and measures for
achieving software safety integrity, International Electrotechnical Commission,
2010.

全く同じ行があるが、その後、3年以上治っていない。

ISO 26262-6, Road vehicles - Functional safety - Part 6: Product development at the software level, International Organization for Standardization, 2011.

ならびから行くと、-7の可能性はある。

ISO 26262-7:2011
Road vehicles — Functional safety — Part 7: Production and operation

その後継の規格が出ている。言及がないのはなぜかわかっていない。

ISO 26262-6:2018
Road vehicles — Functional safety — Part 6: Product development at the software level

ISO 26262-8:2018
Road vehicles — Functional safety — Part 8: Supporting processes

IEC TS 61508-3-1:2016
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3-1: Software requirements - Reuse of pre-existing software elements to implement all or part of a safety function

Glossary も 参考に入れましょう。
https://www.autosar.org/fileadmin/standards/foundation/22-11/AUTOSAR_TR_Glossary.pdf

関連文書(Related document)

Guidelines for the use of the C++14 language in critical and safety-related systems , AUTOSAR 22-11, AP, No.839

文書履歴(document history)

ver. 0.01 初稿 20221229
ver. 0.02 URL追記 20230102

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?