Guidelines for the use of the C++14 language in critical and
safety-related systems Sample code compile list(75)
https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-03/AUTOSAR_RS_CPP14Guidelines.pdf
Autosar Guidelines C++14, example code compile list(
目的(purpose)
AutosarのC++ GuidelineをOS, 制御のプログラムで利用するにあたって、(1)hosted, freestandingのどちらを基本にすべきか。(2)C++2014,C++2017, C++202aのどれを用いると良いか, (3)どの処理系を併用すると良いかを検討するため、-std=c++14, -std=c++17, -std=c++2aの3種類で、複数のコンパイラでコンパイルすることにより、誤(error)、警告(warning)、関数・変数連携(link)、出力(output)、にどのような影響があるかを確認する。
成果(outcome)
複数の処理系の特徴が明確になるとともに、各標準段階, hosted, freestandingの特徴と課題を明確にする。
A8-5-2.cpp
算譜(source code)
A8-5-2.cpp
//Guidelines for the use of the C++14 language in critical and safety-related systems
const char* msg="Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp";
//https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-03/AUTOSAR_RS_CPP14Guidelines.pdf
// There is no description about Autosar declear hosted or freestanding.
// If the Autosar intended both depending on the cases, autosar.h can choose one.
// Compile with -DHOSTED work as hosted environment, -DFREESTANDING work as freestanding.
#include "autosar.h"/// @line add header file https://qiita.com/kaizen_nagoya/items/4bde8f21ab059b96cf2a
using namespace std;/// @line add using
///start AUTOSAR: From here to the "///end AUTOSAR" is from AUTOSAR without code having /// comment in line.
// $Id: A8-5-2.cpp 271715 2017-03-23 10:13:51Z piotr.tanski $
#include <cstdint>
#include <initializer_list>
void f1() noexcept
{
std::int32_t x1 =
7.9; // Non-compliant - x1 becomes 7 without compilation error
// std::int32_t y {7.9}; // Compliant - compilation error, narrowing
std::int8_t x2{50}; // Compliant
std::int8_t x3 = {50}; // Non-compliant - std::int8_t x3 {50} is equivalent
// and more readable
std::int8_t x4 =
1.0; // Non-compliant - implicit conversion from double to std::int8_t
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
std::int8_t x6(x5); // Non-compliant
cout << "x1="<<x1<<" x2="<<x2<<" x3="<<x3<<" x4="<<(int)x4<<" x5="<<x5<<" x6="<<x6<<endl;
}
class A
{
public:
A(std::int32_t first, std::int32_t second) : x{first}, y{second} {}
void f() {
cout <<"x="<<x<<" y="<<y<<endl; ///@ line for output
}
private:
std::int32_t x;
std::int32_t y;
};
struct B
{
std::int16_t x;
std::int16_t y;
};
class C
{
public:
C(std::int32_t first, std::int32_t second) : x{first}, y{second} {}
C(std::initializer_list<std::int32_t> list) : x{0}, y{0} {}
void f() {
cout <<"x="<<x<<" y="<<y<<endl; ///@ line for output
}
private:
std::int32_t x;
std::int32_t y;
};
void f2() noexcept
{
A a1{1, 5}; // Compliant - calls constructor of class A
A a2 = {1, 5}; // Non-compliant - calls a default constructor of class A
// and not copy constructor or assignment operator.
A a3(1, 5); // Non-compliant
B b1{5, 0}; // Compliant - struct members initialization
C c1{2, 2}; // Compliant - C(std::initializer_list<std::int32_t>)
// constructor is
// called
C c2(2, 2); // Compliant by exception - this is the only way to call
// C(std::int32_t, std::int32_t) constructor
C c3{{}}; // Compliant - C(std::initializer_list<std::int32_t>) constructor
// is
// called with an empty initializer_list
C c4({2, 2}); // Compliant by exception -
// C(std::initializer_list<std::int32_t>)
// constructor is called
};
template <typename T, typename U>
void f1(T t, U u) noexcept(false)
{
std::int32_t x = 0;
T v1(x); // Non-compliant
T v2{x}; // Compliant - v2 is a variable
// auto y = T(u); // Non-compliant - is it construction or cast?
// Compilation error
};
void f3() noexcept
{
f1(0, "abcd"); // Compile-time error, cast from const char* to int
}
///end AUTOSAR
int start() { /// @{} for start
f1();
f2();
cout<< msg << endl;
ShutdownOS() EXIT_SUCCESS;
/// Autosar OS 3.1.1, 2009: 7.1.2.2 Undefined Behaviour in OSEK OS
/// OS425 If ShutdownOS is called and ShutdownHook() returns then the operating system shall disable all interrupts and enter an endless loop.
}
編纂・実行結果(compile and go)
cpa.sh
$ ../cpa.sh a8-5-2
$ clang++ a8-5-2.cpp -I./ -std=c++14 -Wall
a8-5-2.cpp:19:1: warning: implicit conversion from 'double' to 'std::int32_t' (aka 'int') changes value from 7.9 to 7
[-Wliteral-conversion]
7.9; // Non-compliant - x1 becomes 7 without compilation error
^~~
a8-5-2.cpp:26:19: warning: implicit conversion from 'int' to 'std::int8_t' (aka 'signed char') changes value from 300 to 44
[-Wconstant-conversion]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
~~ ^~~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^
a8-5-2.cpp:84:2: note: in instantiation of function template specialization 'f1<int, const char *>' requested here
f1(0, "abcd"); // Compile-time error, cast from const char* to int
^
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^
5 warnings generated.
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
$ clang++ a8-5-2.cpp -I./ -std=c++17 -Wall
a8-5-2.cpp:19:1: warning: implicit conversion from 'double' to 'std::int32_t' (aka 'int') changes value from 7.9 to 7
[-Wliteral-conversion]
7.9; // Non-compliant - x1 becomes 7 without compilation error
^~~
a8-5-2.cpp:26:19: warning: implicit conversion from 'int' to 'std::int8_t' (aka 'signed char') changes value from 300 to 44
[-Wconstant-conversion]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
~~ ^~~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^
a8-5-2.cpp:84:2: note: in instantiation of function template specialization 'f1<int, const char *>' requested here
f1(0, "abcd"); // Compile-time error, cast from const char* to int
^
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^
5 warnings generated.
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
$ clang++ a8-5-2.cpp -I./ -std=c++2a -Wall
a8-5-2.cpp:19:1: warning: implicit conversion from 'double' to 'std::int32_t' (aka 'int') changes value from 7.9 to 7
[-Wliteral-conversion]
7.9; // Non-compliant - x1 becomes 7 without compilation error
^~~
a8-5-2.cpp:26:19: warning: implicit conversion from 'int' to 'std::int8_t' (aka 'signed char') changes value from 300 to 44
[-Wconstant-conversion]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
~~ ^~~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^
a8-5-2.cpp:84:2: note: in instantiation of function template specialization 'f1<int, const char *>' requested here
f1(0, "abcd"); // Compile-time error, cast from const char* to int
^
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^
5 warnings generated.
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
$ g++-8 a8-5-2.cpp -I./ -std=c++14 -Wall
a8-5-2.cpp: In function 'void f1()':
a8-5-2.cpp:26:19: warning: overflow in conversion from 'int' to 'int8_t' {aka 'signed char'} changes value from '300' to '4' [-Woverflow]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
^~~
a8-5-2.cpp: In function 'void f2()':
a8-5-2.cpp:57:4: warning: variable 'a2' set but not used [-Wunused-but-set-variable]
A a2 = {1, 5}; // Non-compliant - calls a default constructor of class A
^~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^~
a8-5-2.cpp: In instantiation of 'void f1(T, U) [with T = int; U = const char*]':
a8-5-2.cpp:84:14: required from here
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^~
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^~
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
$ g++-8 a8-5-2.cpp -I./ -std=c++17 -Wall
a8-5-2.cpp: In function 'void f1()':
a8-5-2.cpp:26:19: warning: overflow in conversion from 'int' to 'int8_t' {aka 'signed char'} changes value from '300' to '4' [-Woverflow]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
^~~
a8-5-2.cpp: In function 'void f2()':
a8-5-2.cpp:57:4: warning: variable 'a2' set but not used [-Wunused-but-set-variable]
A a2 = {1, 5}; // Non-compliant - calls a default constructor of class A
^~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^~
a8-5-2.cpp: In instantiation of 'void f1(T, U) [with T = int; U = const char*]':
a8-5-2.cpp:84:14: required from here
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^~
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^~
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
$ g++-8 a8-5-2.cpp -I./ -std=c++2a -Wall
a8-5-2.cpp: In function 'void f1()':
a8-5-2.cpp:26:19: warning: overflow in conversion from 'int' to 'int8_t' {aka 'signed char'} changes value from '300' to '4' [-Woverflow]
std::int8_t x5 = 300; // Non-compliant - narrowing occurs implicitly
^~~
a8-5-2.cpp: In function 'void f2()':
a8-5-2.cpp:57:4: warning: variable 'a2' set but not used [-Wunused-but-set-variable]
A a2 = {1, 5}; // Non-compliant - calls a default constructor of class A
^~
a8-5-2.cpp:60:4: warning: unused variable 'b1' [-Wunused-variable]
B b1{5, 0}; // Compliant - struct members initialization
^~
a8-5-2.cpp: In instantiation of 'void f1(T, U) [with T = int; U = const char*]':
a8-5-2.cpp:84:14: required from here
a8-5-2.cpp:77:4: warning: unused variable 'v1' [-Wunused-variable]
T v1(x); // Non-compliant
^~
a8-5-2.cpp:78:4: warning: unused variable 'v2' [-Wunused-variable]
T v2{x}; // Compliant - v2 is a variable
^~
x1=7 x2=2 x3=2 x4=1 x5=, x6=,
Rule A8-5-2 (required, implementation, automated)Braced-initialization {}, without equals sign, shall be used for variable initialization.(75)A8-5-2.cpp
検討事項(agenda)
1. 自律(freestanding)環境. 接待(hosted)環境
C++N4606 1.4 Implementation compliance p.4
2. 対応OSの水準、対応通信規約、応用機能による分類
freestanding用の関数、ライブラリ等
3. C++2014, C++2017, C++202aの比較項目
本件なし
4. clang++, g++の比較検討項目
clang++警告なし, g++警告あり
5 役立つまたは意味のある出力
参考文献(reference)
C++N4741 2018
Working Draft, Standard for Programming Language C++
http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2017/n4741.pdf
C++N4741, 2018 Standard Working Draft on ISO/IEC 14882 sample code compile list
https://qiita.com/kaizen_nagoya/items/3294c014044550896010
C++N4606 2016
Working Draft, Standard for Programming Language C++
http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/n4606.pdf
C++N4606, 2016符号断片編纂一覧(example code compile list)
Working Draft 2016, ISO/IEC 14882(1)
https://qiita.com/kaizen_nagoya/items/df5d62c35bd6ed1c3d43/
文書履歴
ver 0.10 初稿 20180611