Joint Strike Fighter, C++ Coding Standards

INTRODUCTION

The intent of this document is to provide direction and guidance to C++ programmers that will enable them to employ good programming style and proven programming practices leading to safe, reliable, testable, and maintainable code. Consequently, the rules contained in this document are required for Air Vehicle C++ development and recommended for non-Air Vehicle C++ development.

As indicated above, portions of the Air Vehicle (AV) code will be developed in C++. C++ was designed to support data abstraction, object-oriented programming, and generic programming while retaining compatibility with traditional C programming techniques. For this reason, the AV Coding Standards will focus on the following:

1. Motor Industry Software Reliability Association (MISRA) Guidelines For The Use Of The C Language In Vehicle Based Software,

2. Vehicle Systems Safety Critical Coding Standards for C, and

3. C++ language-specific guidelines and standards.

The MISRA Guidelines were written specifically for use in systems that contain a safety aspect to them. The guidelines address potentially unsafe C language features, and provide programming rules to avoid those pitfalls. The Vehicle Systems Safety Critical Coding Standards for C, which are based on the MISRA C subset, provide a more comprehensive set of language restrictions that are applied uniformly across Vehicle Systems safety critical applications. The AV Coding Standards build on the relevant portions of the previous two documents with an additional set of rules specific to the appropriate use C++ language features (e.g. inheritance, templates, namespaces, etc.) in safety-critical environments.

Overall, the philosophy embodied by the rule set is essentially an extension of C++’s philosophy with respect to C. That is, by providing “safer” alternatives to “unsafe” facilities, known problems with low-level features are avoided. In essence, programs are written in a “safer” subset of a superset.