Main Content

MISRA C++:2008 and AUTOSAR C++14 Coding Rules Supported for Code Generation

When you generate C++ code from MATLAB® code, you can configure the code generator to maximize the compliance of the generated code with the required coding rules in the MISRA™ C++:2008 and AUTOSAR C++14 guidelines.

The following tables list all the required coding rules in the MISRA C++:2008 and AUTOSAR C++14 guidelines. For each directive or rule, the Compliance column has one of these entries:

  • Compliant: Generated code is compliant with this directive/rule.

  • Noncompliant: In some situations, the generated code might not be compliant with this directive/rule.

  • Not Applicable: This directive/rule does not apply to the code generation process. For some of these directives/rules, the Additional Notes section suggests actions that you can take to improve the compliance of the generated code.

Note

These tables assume that you have already followed these steps to maximize MISRA and AUTOSAR compliance of the generated code:

The generated code might include one or more files that are not compliant with MISRA and AUTOSAR guidelines. For a complete list of these files, see Scope of Code Generation Support.

In certain situations, you might be able to configure the code generator to avoid using the custom type definitions contained in the rtwtypes.h file in the generated code. For example, see Additional Settings for MISRA C++ Compliance.

The information in these tables does not apply to the C++ code generated for MATLAB code inside MATLAB Function blocks and MATLAB System blocks in Simulink® models.

The code generator interprets these rules in the same way as the Polyspace® Bug Finder™ product. To learn about how the code generator interprets a particular coding rule, see the Polyspace Implementation section in the corresponding reference page in the Polyspace Bug Finder documentation:

Language Independent Issues

RuleDescriptionComplianceAdditional Notes
M0-1-1A project shall not contain unreachable code.Compliant 
M0-1-2A project shall not contain infeasible paths.Compliant 
M0-1-3A project shall not contain unused variables.Noncompliant 
M0-1-4A project shall not contain non-volatile POD variables having only one use.Noncompliant 
A0-1-1A project shall not contain instances of non-volatile variables being given values that are not subsequently used.Noncompliant
A0-1-2The value returned by a function having a non-void return type that is not an overloaded operator shall be used.Compliant 
M0-1-8All functions with void return type shall have external side effect(s).Noncompliant
  • To add annotations to the generated code for known violations of this rule, set the JustifyMISRAViolations and GenerateComments configuration properties to true. These annotations enable static analysis tools, such as Polyspace, to automatically recognize these comments and report the annotated violations as Justified.

  • To comply with this rule, suppress generation of initialize and terminate functions by setting the configuration properties IncludeInitializeFcn and IncludeTerminateFcn to false.

M0-1-9There shall be no dead code.Noncompliant 
A0-1-3Every function defined in an anonymous namespace, or static function with internal linkage, or private member function shall be used.Compliant 
A0-1-4There shall be no unused named parameters in non-virtual functions.Compliant 
A0-1-5There shall be no unused named parameters in the set of parameters for a virtual function and all the functions that override it.Compliant 
M0-2-1An object shall not be assigned to an overlapping object.Compliant 
M0-3-1Minimization of run-time failures shall be ensured by the use of at least one of: (a) static analysis tools/techniques; (b) dynamic analysis tools/techniques; (c) explicit coding of checks to handle run-time faults.Not Applicable

To comply with this rule, you must take the appropriate actions.

M0-3-2If a function generates error information, then that error information shall be tested.Noncompliant

To reduce this violation, in your MATLAB code, include tests for the output of coder.ceval calls.

M0-4-1Use of scaled-integer or fixed-point arithmetic shall be documented.Not Applicable

To make the generated code compliant, use Requirements Toolbox™ to include comments in the generated code that contain the appropriate documentation. See Requirements Traceability for Code Generated from MATLAB Code (Requirements Toolbox).

M0-4-2Use of floating-point arithmetic shall be documented.Not Applicable

To make the generated code compliant, use Requirements Toolbox to include comments in the generated code that contain the appropriate documentation. See Requirements Traceability for Code Generated from MATLAB Code (Requirements Toolbox).

A0-4-1Floating-point implementation shall comply with IEEE 754 standard.Not Applicable

The code generator also assumes that this is the case.

A0-4-2Type long double shall not be used.Compliant 
A0-4-3The implementations in the chosen compiler shall strictly comply with the C++14 Language Standard.Not Applicable

The code generator also assumes that this is the case.

A0-4-4Range, domain and pole errors shall be checked when using math functions.Compliant 

General

RuleDescriptionComplianceAdditional Notes
A1-1-1All code shall conform to ISO/IEC 14882:2014 - Programming Language C++ and shall not use deprecated features.Compliant 
M1-0-2Multiple compilers shall only be used if they have a common, defined interface.Not Applicable 
A1-1-2A warning level of the compilation process shall be set in compliance with project policies.Not Applicable

You must use the compiler options to specify the compiler warning level.

A1-1-3An optimization option that disregards strict standard compliance shall not be turned on in the chosen compiler.Not Applicable

You must use the compiler options to appropriately configure the compiler.

A1-2-1When using a compiler toolchain (including preprocessor, compiler itself, linker, C++ standard libraries) in safety-related software, the tool confidence level (TCL) shall be determined. In case of TCL2 or TCL3, the compiler shall undergo a "Qualification of a software tool", as per ISO 26262-8.11.4.6 [5].Not Applicable 
A1-4-1Code metrics and their valid boundaries shall be defined and code shall comply with defined boundaries of code metrics.Compliant 

Lexical Conventions

RuleDescriptionComplianceAdditional Notes
A2-3-1Only those characters specified in the C++ Language Standard basic source character set shall be used in the source code.Compliant 
A2-5-1Trigraphs shall not be used.Compliant 
A2-5-2Digraphs shall not be used.Compliant 
M2-7-1The character sequence /* shall not be used within a C-style comment.Compliant 
A2-7-1The character \ shall not occur as a last character of a C++ comment.Compliant 
A2-7-2Sections of code shall not be "commented out".Noncompliant

To reduce this violation, avoid writing comments that look like code.

Consider disabling comment generation by setting the configuration property GenerateComments to false.

A2-7-3All declarations of "user-defined" types, static and non-static data members, functions and methods shall be preceded by documentation.Noncompliant 
A2-7-5Comments shall not document any actions or sources (e.g. tables, figures, paragraphs, etc.) that are outside of the file.Not Applicable 
A2-8-1A header file name should reflect the logical entity for which it provides declarations.Noncompliant 
M2-10-1Different identifiers shall be typographically unambiguous.Compliant 
A2-10-1An identifier declared in an inner scope shall not hide an identifier declared in an outer scope.Compliant 
A2-10-6A class or enumeration name shall not be hidden by a variable, function or enumerator declaration in the same scope.Compliant 
A2-10-4The identifier name of a non-member object with static storage duration or static function shall not be reused within a namespace.Compliant 
A2-11-1Volatile keyword shall not be used.Compliant 
A2-13-1Only those escape sequences that are defined in ISO/IEC 14882:2014 shall be used.Compliant 
A2-13-6Universal character names shall be used only inside character or string literals.Compliant 
M2-13-2Octal constants (other than zero) and octal escape sequences (other than "\0" ) shall not be used.Compliant 
M2-13-3A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type.Compliant 
M2-13-4Literal suffixes shall be upper case.Compliant 
A2-13-2String literals with different encoding prefixes shall not be concatenated.Compliant 
A2-13-3Type wchar_t shall not be used.Compliant 
A2-13-4String literals shall not be assigned to non-constant pointers.Compliant 

Basic Concept

RuleDescriptionComplianceAdditional Notes
A3-1-1It shall be possible to include any header file in multiple translation units without violating the One Definition Rule.Compliant 
A3-1-2Header files, that are defined locally in the project, shall have a file name extension of one of: ".h", ".hpp" or ".hxx".Compliant 
M3-1-2Functions shall not be declared at block scope.Compliant 
A3-1-4When an array with external linkage is declared, its size shall be stated explicitly.Compliant 
A3-1-5A function definition shall only be placed in a class definition if (1) the function is intended to be inlined (2) it is a member function template (3) it is a member function of a class template.Noncompliant 
M3-2-1All declarations of an object or function shall have compatible types.Compliant 
M3-2-2The One Definition Rule shall not be violated.Compliant 
M3-2-3A type, object or function that is used in multiple translation units shall be declared in one and only one file.Compliant 
M3-2-4An identifier with external linkage shall have exactly one definition.Compliant 
A3-3-1Objects or functions with external linkage (including members of named namespaces) shall be declared in a header file.Compliant 
A3-3-2Static and thread-local objects shall be constant-initialized.Noncompliant 
M3-3-2If a function has internal linkage then all re-declarations shall include the static storage class specifier.Compliant 
M3-4-1An identifier declared to be an object or type shall be defined in a block that minimizes its visibility.Noncompliant 
A3-8-1An object shall not be accessed outside of its lifetime.Noncompliant 
M3-9-1The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations.Compliant 
A3-9-1Fixed width integer types from <cstdint>, indicating the size and signedness, shall be used in place of the basic numerical types.Noncompliant 
M3-9-3The underlying bit representations of floating-point values shall not be used.Noncompliant 

Standard Conversions

RuleDescriptionComplianceAdditional Notes
M4-5-1Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and ! =, the unary & operator, and the conditional operator.Noncompliant 
A4-5-1Expressions with type enum or enum class shall not be used as operands to built-in and overloaded operators other than the subscript operator [ ], the assignment operator =, the equality operators == and ! =, the unary & operator, and the relational operators <, <=, >, >=.Compliant 
M4-5-3Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and ! =, and the unary & operator.Noncompliant 
A4-7-1An integer expression shall not lead to data loss.Noncompliant 
M4-10-1NULL shall not be used as an integer value.Compliant 
A4-10-1Only nullptr literal shall be used as the null-pointer-constant.Compliant 
M4-10-2Literal zero (0) shall not be used as the null-pointer-constant.Compliant 

Expressions

RuleDescriptionComplianceAdditional Notes
A5-0-1The value of an expression shall be the same under any order of evaluation that the standard permits.Compliant 
M5-0-3A cvalue expression shall not be implicitly converted to a different underlying type.Noncompliant 
M5-0-4An implicit integral conversion shall not change the signedness of the underlying type.Noncompliant 
M5-0-5There shall be no implicit floating-integral conversions.Compliant 
M5-0-6An implicit integral or floating-point conversion shall not reduce the size of the underlying type.Compliant 
M5-0-7There shall be no explicit floating-integral conversions of a cvalue expression.Compliant 
M5-0-8An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression.Compliant 
M5-0-9An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.Noncompliant 
M5-0-10If the bitwise operators ~and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.Noncompliant 
M5-0-11The plain char type shall only be used for the storage and use of character values.Compliant 
M5-0-12Signed char and unsigned char type shall only be used for the storage and use of numeric values.Compliant 
A5-0-2The condition of an if-statement and the condition of an iteration statement shall have type bool.Compliant 
M5-0-14The first operand of a conditional-operator shall have type bool.Compliant 
M5-0-15Array indexing shall be the only form of pointer arithmetic.Noncompliant 
M5-0-16A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.Noncompliant 
M5-0-17Subtraction between pointers shall only be applied to pointers that address elements of the same array.Compliant 
A5-0-4Pointer arithmetic shall not be used with pointers to non-final classes.Compliant 
M5-0-18>, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array.Compliant 
A5-0-3The declaration of objects shall contain no more than two levels of pointer indirection.Compliant 
M5-0-20Non-constant operands to a binary bitwise operator shall have the same underlying type.Noncompliant 
M5-0-21Bitwise operators shall only be applied to operands of unsigned underlying type.Noncompliant 
A5-1-1Literal values shall not be used apart from type initialization, otherwise symbolic names shall be used instead.Noncompliant 
A5-1-2Variables shall not be implicitly captured in a lambda expression.Compliant 
A5-1-3Parameter list (possibly empty) shall be included in every lambda expression.Compliant 
A5-1-4A lambda expression object shall not outlive any of its reference-captured objects.Compliant 
A5-1-7A lambda shall not be an operand to decltype or typeid.Compliant 
M5-2-2A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.Compliant 
A5-2-2Traditional C-style casts shall not be used.Noncompliant 
A5-2-3A cast shall not remove any const or volatile qualification from the type of a pointer or reference.Noncompliant 
M5-2-6A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type.Compliant 
A5-2-4reinterpret_cast shall not be used.Compliant 
A5-2-6The operands of a logical && or || shall be parenthesized if the operands contain binary operators.Compliant 
M5-2-8An object with integer type or pointer to void type shall not be converted to an object with pointer type.Compliant 
M5-2-9A cast shall not convert a pointer type to an integral type.Compliant 
M5-2-10The increment (++) and decrement (--) operators shall not be mixed with other operators in an expression.Compliant 
M5-2-11The comma operator, && operator and the || operator shall not be overloaded.Compliant 
A5-2-5An array or container shall not be accessed beyond its range.Noncompliant 
M5-2-12An identifier with array type passed as a function argument shall not decay to a pointer.Noncompliant 
M5-3-1Each operand of the ! operator, the logical && or the logical || operators shall have type bool.Compliant 
M5-3-2The unary minus operator shall not be applied to an expression whose underlying type is unsigned.Noncompliant 
M5-3-3The unary & operator shall not be overloaded.Compliant 
M5-3-4Evaluation of the operand to the sizeof operator shall not contain side effects.Compliant 
A5-3-1Evaluation of the operand to the typeid operator shall not contain side effects.Compliant 
A5-3-2Null pointers shall not be dereferenced.Compliant 
A5-3-3Pointers to incomplete class types shall not be deleted.Compliant 
A5-5-1A pointer to member shall not access non-existent class members.Compliant 
A5-6-1The right hand operand of the integer division or remainder operators shall not be equal to zero.Noncompliant 
M5-8-1The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand.Compliant 
A5-10-1A pointer to member virtual function shall only be tested for equality with null-pointer-constant.Compliant 
M5-14-1The right hand operand of a logical &&, || operators shall not contain side effects.Noncompliant

In certain situations, the code generator promotes local variables to static local variables to reduce the stack usage of the generated code. This promotion might cause the generated code to violate this rule.

Increasing the value of the StackUsageMax code configuration parameter might make the generated code compliant with this rule.

A5-16-1The ternary conditional operator shall not be used as a sub-expression.Compliant 
M5-17-1The semantic equivalence between a binary operator and its assignment operator form shall be preserved.Not Applicable 
M5-18-1The comma operator shall not be used.Compliant 
M5-19-1Evaluation of constant unsigned integer expressions shall not lead to wrap-around.Noncompliant 

Statements

RuleDescriptionComplianceAdditional Notes
M6-2-1Assignment operators shall not be used in sub-expressions.Compliant 
A6-2-1Move and copy assignment operators shall either move or respectively copy base classes and data members of a class, without any side effects.Compliant 
M6-2-2Floating-point expressions shall not be directly or indirectly tested for equality or inequality.Noncompliant 
A6-2-2Expression statements shall not be explicit calls to constructors of temporary objects only.Compliant 
M6-2-3Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white-space character.Compliant 
M6-3-1The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement.Compliant 
M6-4-1An if ( condition ) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement.Compliant 
M6-4-2All if ... else if constructs shall be terminated with an else clause.Compliant 
M6-4-3A switch statement shall be a well-formed switch statement.Compliant 
M6-4-4A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement.Compliant 
M6-4-5An unconditional throw or break statement shall terminate every non-empty switch-clause.Compliant 
M6-4-6The final clause of a switch statement shall be the default-clause.Compliant 
M6-4-7The condition of a switch statement shall not have bool type.Compliant 
A6-4-1A switch statement shall have at least two case-clauses, distinct from the default label.Compliant 
A6-5-1A for-loop that loops through all elements of the container and does not use its loop-counter shall not be used.Noncompliant 
A6-5-2A for loop shall contain a single loop-counter which shall not have floating-point type.Compliant 
M6-5-2If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=.Compliant 
M6-5-3The loop-counter shall not be modified within condition or statement.Compliant 
M6-5-4The loop-counter shall be modified by one of: --, ++, - = n, or + = n; where n remains constant for the duration of the loop.Compliant 
M6-5-5A loop-control-variable other than the loop-counter shall not be modified within condition or expression.Compliant 
M6-5-6A loop-control-variable other than the loop-counter which is modified in statement shall have type bool.Compliant 
A6-6-1The goto statement shall not be used.Compliant 
M6-6-1Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement.Compliant 
M6-6-2The goto statement shall jump to a label declared later in the same function body.Compliant 
M6-6-3The continue statement shall only be used within a well-formed for loop.Compliant 

Declaration

RuleDescriptionComplianceAdditional Notes
A7-1-1Constexpr or const specifiers shall be used for immutable data declaration.Noncompliant 
A7-1-2The constexpr specifier shall be used for values that can be determined at compile time.Noncompliant 
M7-1-2A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified.Noncompliant 
A7-1-3CV-qualifiers shall be placed on the right hand side of the type that is a typedef or a using name.Noncompliant 
A7-1-4The register keyword shall not be used.Compliant 
A7-1-5The auto specifier shall not be used apart from following cases: (1) to declare that a variable has the same type as return type of a function call, (2) to declare that a variable has the same type as initializer of non-fundamental type, (3) to declare parameters of a generic lambda expression, (4) to declare a function template using trailing return type syntax.Compliant 
A7-1-6The typedef specifier shall not be used.Compliant 
A7-1-7Each expression statement and identifier declaration shall be placed on a separate line.Compliant 
A7-1-8A non-type specifier shall be placed before a type specifier in a declaration.Compliant 
A7-1-9A class, structure, or enumeration shall not be declared in the definition of its type.Compliant 
A7-2-1An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.Compliant 
A7-2-2Enumeration underlying base type shall be explicitly defined.Compliant 
A7-2-3Enumerations shall be declared as scoped enum classes.Compliant 
A7-2-4In an enumeration, either (1) none, (2) the first or (3) all enumerators shall be initialized.Compliant 
M7-3-1The global namespace shall only contain main, namespace declarations and extern "C" declarations.Noncompliant 
M7-3-2The identifier main shall not be used for a function other than the global function main.Compliant 
M7-3-3There shall be no unnamed namespaces in header files.Compliant 
M7-3-4Using-directives shall not be used.Compliant 
A7-3-1All overloads of a function shall be visible from where it is called.Compliant 
M7-3-6Using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files.Compliant 
A7-4-1The asm declaration shall not be used.Compliant 
M7-4-1All usage of assembler shall be documented.Compliant

The code generator does not produce inline assembly language code.

M7-4-2Assembler instructions shall only be introduced using the asm declaration.Compliant 
M7-4-3Assembly language shall be encapsulated and isolated.Compliant 
M7-5-1A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function.Compliant 
M7-5-2The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.Compliant 
A7-5-1A function shall not return a reference or a pointer to a parameter that is passed by reference to const.Compliant 
A7-5-2Functions shall not call themselves, either directly or indirectly.Compliant 
A7-6-1Functions declared with the [[noreturn]] attribute shall not return.Compliant 

Declarators

RuleDescriptionComplianceAdditional Notes
M8-0-1An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively.Compliant 
A8-2-1When declaring function templates, the trailing return type syntax shall be used if the return type depends on the type of parameters.Compliant 
M8-3-1Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments.Compliant 
A8-4-1Functions shall not be defined using the ellipsis notation.Compliant 
M8-4-2The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration.Compliant 
A8-4-2All exit paths from a function with non-void return type shall have an explicit return statement with an expression.Compliant 
M8-4-4A function identifier shall either be used to call the function or it shall be preceded by &.Compliant 
A8-4-5consume parameters declared as X && shall always be moved from.Compliant 
A8-4-6forward parameters declared as T && shall always be forwarded.Compliant 
A8-4-7in parameters for "cheap to copy" types shall be passed by value.Noncompliant 
A8-4-8Output parameters shall not be used.Noncompliant 
A8-4-9in-out parameters declared as T & shall be modified.Noncompliant 
A8-4-10A parameter shall be passed by reference if it can't be NULLNoncompliant 
A8-4-11A smart pointer shall only be used as a parameter type if it expresses lifetime semanticsCompliant 
A8-4-12A std::unique_ptr shall be passed to a function as: (1) a copy to express the function assumes ownership (2) an lvalue reference to express that the function replaces the managed object.Compliant 
A8-4-13A std::shared_ptr shall be passed to a function as: (1) a copy to express the function shares ownership (2) an lvalue reference to express that the function replaces the managed object (3) a const lvalue reference to express that the function retains a reference count.Compliant 
A8-4-14Interfaces shall be precisely and strongly typed.Noncompliant 
A8-5-0All memory shall be initialized before it is read.Noncompliant 
A8-5-1In an initialization list, the order of initialization shall be following: (1) virtual base classes in depth and left to right order of the inheritance graph, (2) direct base classes in left to right order of inheritance list, (3) non-static data members in the order they were declared in the class definition.Compliant 
M8-5-2Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures.Compliant 
A8-5-2Braced-initialization {}, without equals sign, shall be used for variable initialization.Compliant 
A8-5-3A variable of type auto shall not be initialized using {} or ={} braced-initialization.Compliant 

Classes

RuleDescriptionComplianceAdditional Notes
M9-3-1Const member functions shall not return non-const pointers or references to class-data.Compliant 
A9-3-1Member functions shall not return non-const "raw" pointers or references to private or protected data owned by the class.Compliant 
M9-3-3If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const.Noncompliant 
A9-5-1Unions shall not be used.Compliant 
M9-6-1When the absolute positioning of bits representing a bit-field is required, then the behavior and packing of bit-fields shall be documented.Compliant

Generated code does not rely on the memory layout of bit-fields.

A9-6-1Data types used for interfacing with hardware or conforming to communication protocols shall be trivial, standard-layout and only contain members of types with defined sizes.Compliant 
A9-6-2Bit-fields shall be used only when interfacing to hardware or conforming to communication protocols.Not Applicable 
M9-6-4Named bit-fields with signed integer type shall have a length of more than one bit.Compliant 

Derived Classes

RuleDescriptionComplianceAdditional Notes
A10-0-1Public inheritance shall be used to implement "is-a" relationship.Not Applicable

To generate compliant code, design the class hierarchy in your MATLAB code to be compliant with this rule.

A10-0-2Membership or non-public inheritance shall be used to implement "has-a" relationship.Not Applicable

To generate compliant code, design the class hierarchy in your MATLAB code to be compliant with this rule.

A10-1-1Class shall not be derived from more than one base class which is not an interface class.Compliant 
M10-1-2A base class shall only be declared virtual if it is used in a diamond hierarchy.Compliant 
M10-1-3An accessible base class shall not be both virtual and non-virtual in the same hierarchy.Compliant 
A10-2-1Non-virtual public or protected member functions shall not be redefined in derived classes.Compliant 
A10-3-1Virtual function declaration shall contain exactly one of the three specifiers: (1) virtual, (2) override, (3) final.Compliant 
A10-3-2Each overriding virtual function shall be declared with the override or final specifier.Compliant 
A10-3-3Virtual functions shall not be introduced in a final class.Compliant 
A10-3-5A user-defined assignment operator shall not be virtual.Compliant 
M10-3-3A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual.Compliant 

Member Access Control

RuleDescriptionComplianceAdditional Notes
M11-0-1Member data in non-POD class types shall be private.Noncompliant 
A11-0-2A type defined as struct shall: (1) provide only public data members, (2) not provide any special member functions or methods, (3) not be a base of another struct or class, (4) not inherit from another struct or class.Compliant 
A11-3-1Friend declarations shall not be used.Compliant 

Special Member Functions

RuleDescriptionComplianceAdditional Notes
A12-0-1If a class declares a copy or move operation, or a destructor, either via "=default", "=delete", or via a user-provided declaration, then all others of these five special member functions shall be declared as well.Compliant 
A12-0-2Bitwise operations and operations that assume data representation in memory shall not be performed on objects.Compliant 
A12-1-1Constructors shall explicitly initialize all virtual base classes, all direct non-virtual base classes and all non-static data members.Noncompliant 
M12-1-1An object's dynamic type shall not be used from the body of its constructor or destructor.Compliant 
A12-1-2Both NSDMI and a non-static member initializer in a constructor shall not be used in the same type.Compliant 
A12-1-3If all user-defined constructors of a class initialize data members with constant values that are the same across all constructors, then data members shall be initialized using NSDMI instead.Noncompliant 
A12-1-4All constructors that are callable with a single argument of fundamental type shall be declared explicit.Compliant 
A12-1-5Common class initialization for non-constant members shall be done by a delegating constructor.Compliant 
A12-1-6Derived classes that do not need further explicit initialization and require all the constructors from the base class shall use inheriting constructors.Compliant 
A12-4-1Destructor of a base class shall be public virtual, public override or protected non-virtual.Compliant 
A12-6-1All class data members that are initialized by the constructor shall be initialized using member initializers.Noncompliant 
A12-7-1If the behavior of a user-defined special member function is identical to implicitly defined special member function, then it shall be defined "=default" or be left undefined.Compliant 
A12-8-1Move and copy constructors shall move and respectively copy base classes and data members of a class, without any side effects.Compliant 
A12-8-3Moved-from object shall not be read-accessed.Compliant 
A12-8-4Move constructor shall not initialize its class members and base classes using copy semantics.Compliant 
A12-8-5A copy assignment and a move assignment operators shall handle self-assignment.Compliant 
A12-8-6Copy and move constructors and copy assignment and move assignment operators shall be declared protected or defined "=delete" in base class.Compliant 

Overloading

RuleDescriptionComplianceAdditional Notes
A13-1-2User defined suffixes of the user defined literal operators shall start with underscore followed by one or more letters.Compliant 
A13-1-3User defined literals operators shall only perform conversion of passed parameters.Compliant 
A13-2-1An assignment operator shall return a reference to "this".Compliant 
A13-2-2A binary arithmetic operator and a bitwise operator shall return a "prvalue".Compliant 
A13-2-3A relational operator shall return a boolean value.Compliant 
A13-3-1A function that contains "forwarding reference" as its argument shall not be overloaded.Compliant 
A13-5-1If "operator[]" is to be overloaded with a non-const version, const version shall also be implemented.Compliant 
A13-5-2All user-defined conversion operators shall be defined explicit.Compliant 
A13-5-4If two opposite operators are defined, one shall be defined in terms of the other.Compliant 
A13-5-5Comparison operators shall be non-member functions with identical parameter types and noexcept.Compliant 
A13-6-1Digit sequences separators ' shall only be used as follows: (1) for decimal, every 3 digits, (2) for hexadecimal, every 2 digits, (3) for binary, every 4 digits.Compliant 

Templates

RuleDescriptionComplianceAdditional Notes
A14-5-1A template constructor shall not participate in overload resolution for a single argument of the enclosing class type.Compliant 
M14-5-3A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter.Compliant 
M14-6-1In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this->.Compliant 
A14-7-1A type used as a template argument shall provide all members that are used by the template.Compliant 
A14-7-2Template specialization shall be declared in the same file (1) as the primary template (2) as a user-defined type, for which the specialization is declared.Compliant 
A14-8-2Explicit specializations of function templates shall not be used.Compliant 

Exception Handling

RuleDescriptionComplianceAdditional Notes
A15-0-1A function shall not exit with an exception if it is able to complete its task.Compliant 
A15-0-2At least the basic guarantee for exception safety shall be provided for all operations. In addition, each function may offer either the strong guarantee or the nothrow guaranteeCompliant 
A15-0-3Exception safety guarantee of a called function shall be considered.Compliant 
A15-0-4Unchecked exceptions shall be used to represent errors from which the caller cannot reasonably be expected to recover.Compliant 
A15-0-5Checked exceptions shall be used to represent errors from which the caller can reasonably be expected to recover.Compliant 
A15-0-6An analysis shall be performed to analyze the failure modes of exception handling. In particular, the following failure modes shall be analyzed: (a) worst time execution time not existing or cannot be determined, (b) stack not correctly unwound, (c) exception not thrown, other exception thrown, wrong catch activated, (d) memory not available while exception handling.Compliant 
A15-0-7Exception handling mechanism shall guarantee a deterministic worst-case time execution time.Compliant 
A15-0-8A worst-case execution time (WCET) analysis shall be performed to determine maximum execution time constraints of the software, covering in particular the exceptions processing.Not Applicable

To generate compliant code, you must perform the WECT analysis.

A15-1-2An exception object shall not be a pointer.Compliant 
M15-0-3Control shall not be transferred into a try or catch block using a goto or a switch statement.Compliant 
M15-1-1The assignment-expression of a throw statement shall not itself cause an exception to be thrown.Compliant 
M15-1-2NULL shall not be thrown explicitly.Compliant 
M15-1-3An empty throw (throw;) shall only be used in the compound statement of a catch handler.Compliant 
A15-1-4If a function exits with an exception, then before a throw, the function shall place all objects/resources that the function constructed in valid states or it shall delete them.Compliant 
A15-1-5Exceptions shall not be thrown across execution boundaries.Compliant 
A15-2-1Constructors that are not noexcept shall not be invoked before program startup.Noncompliant 
A15-2-2If a constructor is not noexcept and the constructor cannot finish object initialization, then it shall deallocate the object's resources and it shall throw an exception.Compliant 
M15-3-1Exceptions shall be raised only after start-up and before termination.Compliant 
A15-3-2If a function throws an exception, it shall be handled when meaningful actions can be taken, otherwise it shall be propagated.Compliant 
A15-3-3Main function and a task main function shall catch at least: base class exceptions from all third-party libraries used, std::exception and all otherwise unhandled exceptions.Compliant 
A15-3-4Catch-all (ellipsis and std::exception) handlers shall be used only in(a) main,(b) task main functions,(c) in functions that are supposed to isolate independent components and(d) when calling third-party code that uses exceptions not according to AUTOSAR C++14 guidelines.Compliant 
M15-3-3Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases.Compliant 
M15-3-4Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point.Compliant 
A15-3-5A class type exception shall be caught by reference or const reference.Compliant 
M15-3-6Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class.Compliant 
M15-3-7Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last.Compliant 
A15-4-1Dynamic exception-specification shall not be used.Compliant 
A15-4-2If a function is declared to be noexcept, noexcept(true) or noexcept(<true condition>), then it shall not exit with an exception.Compliant 
A15-4-3The noexcept specification of a function shall either be identical across all translation units, or identical or more restrictive between a virtual member function and an overrider.Compliant 
A15-4-4A declaration of non-throwing function shall contain noexcept specification.Noncompliant 
A15-4-5Checked exceptions that could be thrown from a function shall be specified together with the function declaration and they shall be identical in all function declarations and for all its overriders.Compliant 
A15-5-1All user-provided class destructors, deallocation functions, move constructors, move assignment operators and swap functions shall not exit with an exception. A noexcept exception specification shall be added to these functions as appropriate.Noncompliant 
A15-5-2Program shall not be abruptly terminated. In particular, an implicit or explicit invocation of std::abort(), std::quick_exit(), std::_Exit(), std::terminate() shall not be done.Noncompliant 
A15-5-3The std::terminate() function shall not be called implicitly.Compliant 

Preprocessing Directives

RuleDescriptionComplianceAdditional Notes
A16-0-1The pre-processor shall only be used for unconditional and conditional file inclusion and include guards, and using the following directives: (1) #ifndef, (2) #ifdef, (3) #if, (4) #if defined, (5) #elif, (6) #else, (7) #define, (8) #endif, (9) #include.Noncompliant 
M16-0-1#include directives in a file shall only be preceded by other pre-processor directives or comments.Compliant 
M16-0-2Macros shall only be #define'd or #undef'd in the global namespace.Compliant 
M16-0-5Arguments to a function-like macro shall not contain tokens that look like pre-processing directives.Compliant 
M16-0-6In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##.Compliant 
M16-0-7Undefined macro identifiers shall not be used in #if or #elif pre-processor directives, except as operands to the defined operator.Compliant 
M16-0-8If the # token appears as the first token on a line, then it shall be immediately followed by a pre-processing token.Compliant 
M16-1-1The defined pre-processor operator shall only be used in one of the two standard forms.Compliant 
M16-1-2All #else, #elif and #endif pre-processor directives shall reside in the same file as the #if or #ifdef directive to which they are related.Compliant 
M16-2-3Include guards shall be provided.Compliant 
A16-2-1The ', ", /*, //, \ characters shall not occur in a header file name or in #include directive.Compliant 
A16-2-2There shall be no unused include directives.Noncompliant 
A16-2-3An include directive shall be added explicitly for every symbol used in a file.Noncompliant 
M16-3-1There shall be at most one occurrence of the # or ## operators in a single macro definition.Compliant 
A16-6-1#error directive shall not be used.Compliant 
A16-7-1The #pragma directive shall not be used.Compliant 

Library Introduction

RuleDescriptionComplianceAdditional Notes
A17-0-1Reserved identifiers, macros and functions in the C++ standard library shall not be defined, redefined or undefined.Compliant 
M17-0-2The names of standard library macros and objects shall not be reused.Compliant 
M17-0-3The names of standard library functions shall not be overridden.Compliant 
A17-0-2All project's code including used libraries (including standard and user-defined libraries) and any third-party user code shall conform to the AUTOSAR C++14 Coding Guidelines.Compliant 
M17-0-5The setjmp macro and the longjmp function shall not be used.Compliant 
A17-1-1Use of the C Standard Library shall be encapsulated and isolated.Compliant 
A17-6-1Non-standard entities shall not be added to standard namespaces.Compliant 

Language Support Library

RuleDescriptionComplianceAdditional Notes
A18-0-1The C library facilities shall only be accessed through C++ library headers.Compliant 
A18-0-2The error state of a conversion from string to a numeric value shall be checked.Compliant 
M18-0-3The library functions abort, exit, getenv and system from library <cstdlib> shall not be used.Compliant 
M18-0-4The time handling functions of library <ctime> shall not be used.Noncompliant

To reduce this violation, in your MATLAB code, avoid using functions such as tic, toc, and pause.

M18-0-5The unbounded functions of library <cstring> shall not be used.Compliant 
A18-0-3The library <clocale> (locale.h) and the setlocale function shall not be used.Compliant 
A18-1-1C-style arrays shall not be used.Noncompliant 
A18-1-2The std::vector<bool> specialization shall not be used.Compliant 
A18-1-3The std::auto_ptr type shall not be used.Compliant 
A18-1-4A pointer pointing to an element of an array of objects shall not be passed to a smart pointer of single object type.Compliant 
A18-1-6All std::hash specializations for user-defined types shall have a noexcept function call operator.Compliant 
M18-2-1The macro offsetof shall not be used.Compliant 
A18-5-1Functions malloc, calloc, realloc and free shall not be used.Compliant 
A18-5-2Non-placement new or delete expressions shall not be used.Compliant 
A18-5-3The form of the delete expression shall match the form of the new expression used to allocate the memory.Compliant 
A18-5-4If a project has sized or unsized version of operator "delete" globally defined, then both sized and unsized versions shall be defined.Compliant 
A18-5-5Memory management functions shall ensure the following: (a) deterministic behavior resulting with the existence of worst-case execution time, (b) avoiding memory fragmentation, (c) avoid running out of memory, (d) avoiding mismatched allocations or deallocations, (e) no dependence on non-deterministic calls to kernel.Compliant 
A18-5-6An analysis shall be performed to analyze the failure modes of dynamic memory management. In particular, the following failure modes shall be analyzed: (a) non-deterministic behavior resulting with nonexistence of worst-case execution time, (b) memory fragmentation, (c) running out of memory, (d) mismatched allocations and deallocations, (e) dependence on non-deterministic calls to kernel.Not Applicable

To generate compliant code, you must perform the failure mode analysis.

A18-5-7If non-realtime implementation of dynamic memory management functions is used in the project, then memory shall only be allocated and deallocated during non-realtime program phases.Compliant 
A18-5-8Objects that do not outlive a function shall have automatic storage duration.Noncompliant 
A18-5-9Custom implementations of dynamic memory allocation and deallocation functions shall meet the semantic requirements specified in the corresponding "Required behaviour" clause from the C++ Standard.Compliant 
A18-5-10Placement new shall be used only with properly aligned pointers to sufficient storage capacity.Compliant 
A18-5-11operator new and "operator delete" shall be defined together.Compliant 
M18-7-1The signal handling facilities of <csignal> shall not be used.Compliant 
A18-9-1The std::bind shall not be used.Compliant 
A18-9-2Forwarding values to other functions shall be done via: (1) std::move if the value is an rvalue reference, (2) std::forward if the value is forwarding reference.Compliant 
A18-9-3The std::move shall not be used on objects declared const or const&.Compliant 
A18-9-4An argument to std::forward shall not be subsequently used.Compliant 

Diagnostics Library

RuleDescriptionComplianceAdditional Notes
M19-3-1The error indicator errno shall not be used.Compliant 

General Utilities Library

RuleDescriptionComplianceAdditional Notes
A20-8-1An already-owned pointer value shall not be stored in an unrelated smart pointer.Compliant 
A20-8-2A std::unique_ptr shall be used to represent exclusive ownership.Noncompliant 
A20-8-3A std::shared_ptr shall be used to represent shared ownership.Noncompliant 
A20-8-4A std::unique_ptr shall be used over std::shared_ptr if ownership sharing is not required.Compliant 
A20-8-5std::make_unique shall be used to construct objects owned by std::unique_ptr.Compliant 
A20-8-6std::make_shared shall be used to construct objects owned by std::shared_ptr.Compliant 
A20-8-7A std::weak_ptr shall be used to represent temporary shared ownership.Compliant 

Strings Library

RuleDescriptionComplianceAdditional Notes
A21-8-1Arguments to character-handling functions shall be representable as an unsigned char.Compliant 

Containers Library

RuleDescriptionComplianceAdditional Notes
A23-0-1An iterator shall not be implicitly converted to const_iterator.Compliant 
A23-0-2Elements of a container shall only be accessed via valid references, iterators, and pointers.Compliant 

Algorithms Library

RuleDescriptionComplianceAdditional Notes
A25-1-1Non-static data members or captured values of predicate function objects that are state related to this object's identity shall not be copied.Compliant 
A25-4-1Ordering predicates used with associative containers and STL sorting and related algorithms shall adhere to a strict weak ordering relation.Compliant 
A26-5-1Pseudorandom numbers shall not be generated using std::rand().Compliant 
A26-5-2Random number engines shall not be default-initialized.Compliant 

Input Output Library

RuleDescriptionComplianceAdditional Notes
M27-0-1The stream input/output library <cstdio> shall not be used.Noncompliant

To reduce this violation, in your MATLAB code, avoid using functions such as fopen, fclose, fprintf, fscanf, fread, fwrite, and coder.read.

A27-0-1Inputs from independent components shall be validated.Noncompliant 
A27-0-4C-style strings shall not be used.Noncompliant 
A27-0-3Alternate input and output operations on a file stream shall not be used without an intervening flush or positioning call.Compliant 

See Also

|

Related Topics

External Websites

Go to top of page