[cfe-dev] [clang-tidy][RFC] Add Autosar C++14 clang-tidy module?

Mon Nov 1 03:56:35 PDT 2021

Hi All,

I am the current chair of the MISRA C++ Working Group.

As a bit of background, the Autosar guidelines are currently being merged into an updated MISRA C++ document (support for C++17, with C++20 and later planned). Autosar C++ will be retired when this work is complete, with Autosar moving to the updated MISRA guidelines. There will be significant differences between the MISRA and Autosar documents - for example, MISRA will not be including any guidelines that are related to (software development) process, coding style nor most of those related to software design.

As part of this ongoing work, a number of the Autosar team have joined the MISRA group. I therefore have good contacts with Autosar and the people who developed Autosar C++14. I would be more than happy to answer any questions that you may have related to Autosar or MISRA.

Note - it may also be worth looking at MISRA Compliance:2020 (https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf), as this defines what is required to make a claim of "MISRA compliance”.

Chris
—
[cid:D79607F2-F77F-446E-8AC0-9669B2D7A122 at durham.keylevel.com]

Chris Tapp, MISRA C++ Chair

On 28 Oct 2021, at 13:55, Aaron Ballman via cfe-dev <cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>> wrote:

On Wed, Oct 27, 2021 at 5:12 PM Carlos Galvez <carlosgalvezp at gmail.com<mailto:carlosgalvezp at gmail.com>> wrote:

That's great to hear, thanks! Will give it a kickstart one of these days :)

Excellent, thank you!

You have a very valid point about the feedback loop, and that's one of the pain points of Autosar. Therefore some rules might need to be left out or enforced in a "best effort" way. Or made configurable so that if they are ambiguous they can be enforced following a handful of interpretations. At least Autosar makes it clear which rules are meant to be "automatically enforceable" and which ones aren't. Some rules are also impractical to follow strictly so I can foresee the need for partial deviations via configuration. Autosar also inherits some MISRA rules, for which one can actually ask questions in the MISRA forums directly, so that's good.

Would be interesting to have several companies contributing to it and openly discuss those rules that are more ambiguous or poorly written. Who knows, maybe the Autosar authors come across these checks and help clarifying!

All in all, Autosar is not perfect but it's an important enabler for e.g. the automotive industry to finally leave MISRA C++08 and move to modern C++14. There's plans for new MISRA guidelines covering C++17 but it's unclear when they'll be published, so we need to live with Autosar for a little more.

Agreed, and to be clear, we don't have a requirement that there is a
feedback loop with the proposal authors before adding a new module to
clang-tidy. I mostly brought it up as an existing source of pain with
the C++ Core Guideline checks. I'd like to avoid similar issues with
new modules because lacking a feedback loop makes the code review
process significantly harder when the rule is unclear (which
negatively impacts reviewers, patch authors, and clang-tidy users).

~Aaron

On Wed, Oct 27, 2021 at 7:47 PM Aaron Ballman <aaron at aaronballman.com<mailto:aaron at aaronballman.com>> wrote:

On Wed, Oct 27, 2021 at 11:29 AM Carlos Galvez via cfe-dev
<cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>> wrote:

Hi!

We are following the Autosar C++14 guidelines and were thinking to add a clang-tidy module for it and start implementing checks. There's a couple local forks with some checks here and there but never made it upstream. I believe quite a lot of them are already covered by the existing checks (e.g. cppcoreguidelines) so most of the work would be about creating aliases and adding some extra configuration.

What do you think, would that be ok? Both about adding the Autosar module itself, but also making aliases from one coding guideline (e.g. cppcoreguidelines) to another coding guideline (autosar). Typically the alias is from a non-coding guideline (e.g. bugprone) to a coding guideline (cppcoreguidelines).

We can of course have our own local fork but it's nice to be able to contribute upstream so everyone can benefit. Autosar would fit well together with the existing guidelines (CppCoreGuidlines, CERT, HiCPP, etc).

Personally, I'm okay with adding a module for AUTOSAR checks. It's an
industry standard set of coding conventions like many of the other
modules we have. However, one issue we've run into with things like
the C++ Core Guidelines is a lack of a useful feedback loop when there
are enforcement questions. Do you have contacts with anyone
maintaining AUTOSAR so that if we run into questions we'll have some
guidance on how to resolve them?

As for aliases from one coding guideline to another; I think that's
fine. We already have the issue where changing the primary check may
cause the alias to no longer be valid, so I don't think this would
introduce any new problems we don't already have to watch out for. One
thing that could get a bit weird is with documentation (aliases
typically automatically redirect back to their primary check, so it
might be weird to go to the docs for an AUTOSAR check and wind up in
CERT C++ or something. But if that causes problems in practice, I
think they can be handled as they come up.

~Aaron

Best regards,
Carlos
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

The MISRA Consortium is a limited company registered in England and Wales
Registered number: 13152596
Registered office: 1 St James Court Whitefriars, Norwich, Norfolk, England, NR3 1RU
VAT number GB 377 2093 78
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211101/99828485/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MISRA_LOGO x.png
Type: image/png
Size: 2907 bytes
Desc: MISRA_LOGO x.png
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211101/99828485/attachment-0001.png>