In the field of automotive applications, software development is becoming more and more important. As the demands for safety, environment and convenience grow, the number of electronic systems used in vehicles is also growing rapidly. 90% of these innovative applications are based on software-driven electronic components. The research and development cost of these components accounts for 40% of the vehicle development cost. Rapid and stable development requires the integration of more functions and control units, which is a serious challenge for automakers. This white paper provides a brief overview of the new AUTOSAR (Automotive Open System Architecture) coding guidelines and indicates how to comply with the guidelines.
What is AUTOSAR?
AUTOSAR (Automotive Open System Architecture) aims to standardize and demonstrate basic software units, interfaces, and bus systems, and to help automakers better manage increasingly complex systems while reducing costs. It creates an open software architecture for standardization of automotive electronic control units (ECUs).
As a partner to more than 180 car manufacturers, automotive suppliers, tool suppliers and semiconductor suppliers, AUTOSAR's core members include: BMW, Bosch, Continental, Daimler, Ford, GM, PSA, Toyota and Volkswagen .
The first open-architecture "classic platform" derived from AUTOSAR, implemented on a basic microcontroller, for vehicle functions with stringent real-time and safety requirements. At present, AUTOSAR has developed a new standard called "adaptive platform" for car connectivity and autonomous driving. This standard is designed to meet the rapidly growing market demand for vehicle connectivity and highly autonomous driving technologies. Examples of technologies driving adaptive platform standards include: high-performance 32-bit/64-bit microprocessors with external memory, parallel processing, and high-bandwidth communications.
.jpg)
Software developed according to the adaptive platform standard can be effectively integrated with the system established according to the AUTOSAR classic platform standard.
Classic platforms allow implementations in C, C++, and Java, but are usually dominated by C. Currently, the Application Programming Interface (API) provided by the Adaptive AUTOSAR Platform is implemented using C++ definitions, which means that AUTOSAR uses C++ as the preferred programming language in the new Adaptive Platform Components.
C and C++ languages are the main programming languages for automotive embedded systems. This is because these two languages can achieve direct and effective control of hardware systems, which brings great flexibility to development, but also carries risks. It is possible to compile code with undefined behavior, or there is no guarantee that the same code will behave correctly when compiled and run on different target hardware. Even the most experienced developers inevitably introduce defects.
What are the AUTOSAR coding guidelines?
In order to ensure the safety of code written in accordance with the AUTOSAR standard, AUTOSAR invited PRQA as a partner to study "Guidelines for the use of the C++14 language in safety-critical systems" ("Guidelines")1. As the only AUTOSAR static analysis partner, PRQA has contributed more than 30 years of C++ language programming expertise and rich experience accumulated in a large number of software development practices.
AUTOSAR has a total of 342 coding rules. 154 of them are directly reused from the MISRA C++ standard; 131 are based on rules defined by other commonly used coding standards, such as PRQA's HIC++ standard; and 57 are based on research or other resources. Some language features prohibited in previous standards are allowed in the programming guide, such as: dynamic memory, exceptions, templates, inheritance, and virtual functions. This guideline regulates the application of these language features within the security context.
One of the principles of AUTOSAR development is that verification specification and standardization are carried out in parallel. The adaptive platform is written in C++ language and verified by AUTOSAR internal implementation. AUTOSAR uses advanced QA·C++ analysis tools from PRQA (AUTOSAR's only static analysis partner) to ensure the quality of the demo source code and compliance with coding guidelines.
Why do you need AUTOSAR coding guidelines?
Before the formation of AUTOSAR coding guidelines, the C++ standards (C++11 and C++14) for safety-critical software lacked appropriate coding standard constraints. Existing specifications for traditional C++ standards are either incomplete or not suitable for applications of safety-critical software. MISRA C++:2008, the most widely used C++ coding standard in the automotive industry, is based on C++03 and has been around for 14 years.
Due to the lack of relevant MISRA standard descriptions based on AUTOSAR engineering in the introduction of C++03, there are currently the following changes:
1. Evolution of C++
2. Improvements to compilers
3. Improvements to testing, verification and analysis tools
4. ISO 26262 vehicles Development of functional safety standards
_ Stroustrup and ▾ Herb Sutter) 5
The coding guidelines developed for AUTOSAR can be used as an extension to the existing MISRA C++ standard. It created new rules and updated old MISRA rules.
Who will use the AUTOSAR coding guidelines?
The coding guide states: "Mainly applicable to the automotive industry, but also applicable to other embedded application parts... AUTOSAR C++14 coding guide supports high-end embedded microcontrollers, it provides efficient, complete C++ +14 language support for both 32-bit and 64-bit microcontrollers, as well as microcontrollers using POSIX or similar operating systems."
How can I ensure that the code complies with the AUTOSAR coding guidelines?
传统上,工程师会采用繁复的人工代码审查方式开展代码审查,以确保代码是否按照既定标准编写。这个过程很容易出错,并且不适用于当今大型、复杂的代码量工程中。幸运的是,这些检查现在可以使用工具实现自动化。“静态分析器”就是为这个目的设计的工具。静态分析器不仅报告违反编码规则的情况,而且执行深度代码检查,以突出显示任何未定义的、未指定的或与编译器相关的行为。它分析程序中所有可能执行的路径,标记潜在的运行时错误。通常,它可以发现测试中没有发现的问题,因为测试中要达到覆盖所有可能的执行路径是很不实际的。静态分析器在用于开发安全、可靠类软件的工具链中,属于一个重要组成部分。
就AUTOSAR而言,使用PRQA的静态分析工具QA·C++,是为了保证其源代码的质量,并在遵守编码准则方面提供了宝贵的见解。结合PRQA在编码指南方面的贡献,这些建议推动了静态分析解决方案的发展,且该方案符合AUTOSAR标准的软件开发优化。
PRQA的AUTOSAR符合性模块对QA·C++标准消息进行扩充,使其与AUTOSAR指南更为契合。对于中型或大型开发团队,PRQA提供了质量管理控制系统QA·Verify,可实现对工程的有效管理。这保证了所有团队成员除了在项目持续期间跟踪和报告代码质量外,还能够始终应用编码指南。
总结
AUTOSAR标准将作为一个基准平台,通过最小化功能域之间的障碍有效应用于以后的汽车行业。该标准几乎独立于相关硬件,旨在实现将功能和功能网络映射到系统中不同的控制节点这一目标。虽然该标准是由汽车行业发展而来,但这些准则同样适用于使用C++ 14开发嵌入式软件的其他行业。在应用中,PRQA静态分析工具QA·C++可确保代码没有错误且符合编码规范。