Most of the rules are automatically enforceable by static analysis.
Some are partially enforceable or even non-enforceable and they need to be enforced by a manual code review. These are marked by ☑.
Most of the rules are typical coding guidelines i.e. how to write code. However, for the sake of completeness and due to the fact that some rules are relaxed with respect to MISRA C+++:2008 (e.g. exceptions and dynamic memory is allowed), there are also some rules related to compiler toolchain and process-related rules concerning e.g. analysis or testing. These rules are included for documentation and marked by ⚯.
Finally some rules ask the user to use Imagix 4D browsing and analysis tools to determine where these situations occur. These rules are marked by ⚙.
Software being reviewed with this checklist should be loaded into Imagix 4D with the
-nosys option disabled and the
-nosysbodies option enabled.
The word AUTOSAR and the AUTOSAR logo are registered trademarks. "MISRA" is a registered trademark owned by HORIBA MIRA Ltd, held on behalf of the MISRA Consortium.
| Rule M0-1-1 | | A project shall not contain unreachable code. |
| Rule M0-1-2 | | A project shall not contain infeasible paths. |
| Rule M0-1-3 | | A project shall not contain unused variables. |
| Rule M0-1-4 | | A project shall not contain non-volatile POD variables having only one use. |
| Rule A0-1-1 | ☑ | A project shall not contain instances of non-volatile variables being given values that are never subsequently used. |
| Rule A0-1-2 | | The value returned by a function having a non-void return type that is not an overloaded operator shall always be used. |
| Rule M0-1-8 | ☑ | All functions with void return type shall have external side effect(s). |
| Rule M0-1-9 | ☑ | There shall be no dead code. |
| Rule M0-1-10 | ☑ | Every defined function shall be called at least once. |
| Rule A0-1-3 | ☑ | Every function defined in an anonymous namespace, or static function with internal linkage, or private member function shall be used. |
| Rule A0-1-4 | | There shall be no unused named parameters in non-virtual functions. |
| Rule A0-1-5 | | There shall be no unused named parameters in the set of parameters for a virtual function and all the functions that override it. |
| Rule A0-1-6 | | There should be no unused type declarations. |
| Rule M0-2-1 | ☑ | An object shall not be assigned to an overlapping object. |
| Rule M0-3-1 | ⚯ | Minimization of run-time failures shall be ensured. |
| Rule M0-3-2 | | If a function generates error information, then that error information shall be tested. |
| Rule M0-4-1 | ⚯ | Use of scaled-integer or fixed-point arithmetic shall be documented. |
| Rule M0-4-2 | ⚯ | Use of floating-point shall be documented. |
| Rule A0-4-1 | ⚯ | Floating-point implementation shall comply with IEEE 754 standard. |
| Rule A0-4-2 | | Type long double shall not be used. |
| Rule A0-4-3 | ⚯ | The implementations in the chosen compiler shall strictly comply with the C++14 Language Standard. |
| Rule A0-4-4 | ☑ | Range, domain and pole errors shall be checked when using math functions. |
| Rule A1-1-1 | | All code shall conform to ISO/IEC 14882:2014 - Programming Language C++ and shall not use deprecated features. |
| Rule M1-0-2 | ⚯ | Multiple compilers shall only be used if they have a common, defined interface. |
| Rule A1-1-2 | ⚯ | A warning level of the compilation process shall be set in compliance with project policies. |
| Rule A1-1-3 | ⚯ | An optimization option that disregards strict standard compliance shall not be turned on in the chosen compiler. |
| Rule A1-2-1 | ⚯ | Tool confidence level of the chosen compiler. |
| Rule A1-4-1 | ⚯ | Code metrics. |
| Rule A1-4-3 | ⚯ | All code should compile free of compiler warnings. |
| Rule A2-3-1 | | Only those characters specified in the C++ Language Standard basic source character set shall be used in the source code. |
| Rule A2-5-1 | | Trigraphs shall not be used. |
| Rule A2-5-2 | | Digraphs should not be used. |
| Rule M2-7-1 | | The character sequence /* shall not be used within a C-style comment. |
| Rule A2-7-2 | ☑ | Sections of code shall not be "commented out". |
| Rule A2-7-3 | | All declarations of "user-defined" types, data members, functions and methods shall be preceded by documentation. |
| Rule A2-7-4 | | The character \ shall not occur as a last character of a C++ comment. |
| Rule A2-7-5 | ⚯ | Comments shall not document any actions or sources that are outside of the file. |
| Rule A2-8-1 | ⚯ | A header file name should reflect the logical entity for which it provides declarations. |
| Rule A2-8-2 | ⚯ | An implementation file name should reflect the logical entity for which it provides definitions. |
| Rule M2-10-1 | | Different identifiers shall be typographically unambiguous. |
| Rule A2-10-1 | | An Identifier declared in an inner scope shall not hide an identifier declared in an outer scope. |
| Rule A2-10-4 | | The identifier name of a non-member object with static storage duration or static function shall not be reused within a namespace. |
| Rule A2-10-5 | | An identifier name of a function with static storage duration or a non-member object with external or internal linkage should not be reused. |
| Rule A2-10-6 | | A class or enumeration name shall not be hidden by a variable, function or enumerator declaration in the same scope. |
| Rule A2-11-1 | | Volatile keyword shall not be used. |
| Rule A2-13-1 | | Only those escape sequences that are defined in ISO/IEC 14882:2014 shall be used. |
| Rule A2-13-5 | | Hexadecimal constants should be upper case. |
| Rule A2-13-6 | | Universal character names shall be used only inside character or string literals. |
| Rule M2-13-2 | | Octal constants (other than zero) and octal escape sequences (other than "\0") shall not be used. |
| Rule M2-13-3 | | A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type. |
| Rule M2-13-4 | | Literal suffixes shall be upper case. |
| Rule A2-13-2 | | String literals with different encoding prefixes shall not be concatenated. |
| Rule A2-13-3 | | Type wchar_t shall not be used. |
| Rule A2-13-4 | | String literals shall not be assigned to non-constant pointers. |
| Rule A3-1-1 | | It shall be possible to include any header file in multiple translation units without violating the One Definition Rule. |
| Rule A3-1-2 | | Header files, that are defined locally in the project, shall have a file name extension of one of: ".h", ".hpp" or ".hxx". |
| Rule A3-1-3 | | Implementation files, that are defined locally in the project, should have a file name extension of ".cpp". |
| Rule M3-1-2 | | Functions shall not be declared at block scope. |
| Rule A3-1-4 | | When an array with external linkage is declared, its size shall be stated explicitly. |
| Rule A3-1-5 | | Function definition placement in class definition. |
| Rule A3-1-6 | | Trivial accessor and mutator functions should be inlined. |
| Rule M3-2-1 | | All declarations of an object or function shall have compatible types. |
| Rule M3-2-2 | | The One Definition Rule shall not be violated. |
| Rule M3-2-3 | | A type, object or function that is used in multiple translation units shall be declared in one and only one file. |
| Rule M3-2-4 | | An identifier with external linkage shall have exactly one definition. |
| Rule A3-3-1 | | Objects or functions with external linkage shall be declared in a header file. |
| Rule A3-3-2 | | Static and thread-local objects shall be constant-initialized. |
| Rule M3-3-2 | | If a function has internal linkage then all re-declarations shall include the static storage class specifier. |
| Rule M3-4-1 | | An identifier declared to be an object or type shall be defined in a block that minimizes its visibility. |
| Rule A3-8-1 | ⚙ | An object shall not be accessed outside of its lifetime. |
| Rule M3-9-1 | | The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations. |
| Rule A3-9-1 | | Fixed width integer types from , indicating the size and signedness, shall be used in place of the basic numerical types. |
| Rule M3-9-3 | | The underlying bit representations of floating-point values shall not be used. |
| Rule M4-5-1 | | Expressions with type bool shall not be used as operands to certain built-in operators. |
| Rule A4-5-1 | | Expressions with type enum or enum class shall not be used as operands to built-in and overloaded operators. |
| Rule M4-5-3 | | Expressions with type (plain) char and wchar_t shall not be used as operands to certain built-in operators. |
| Rule A4-7-1 | | An integer expression shall not lead to data loss. |
| Rule M4-10-1 | | NULL shall not be used as an integer value. |
| Rule A4-10-1 | | Only nullptr literal shall be used as the null-pointer-constant. |
| Rule M4-10-2 | | Literal zero (0) shall not be used as the null-pointer-constant. |
| Rule A5-0-1 | ☑ | The value of an expression shall be the same under any order of evaluation that the standard permits. |
| Rule M5-0-2 | | Limited dependence should be placed on C++ operator precedence rules in expressions. |
| Rule M5-0-3 | | A cvalue expression shall not be implicitly converted to a different underlying type. |
| Rule M5-0-4 | | An implicit integral conversion shall not change the signedness of the underlying type. |
| Rule M5-0-5 | | There shall be no implicit floating-integral conversions. |
| Rule M5-0-6 | | An implicit integral or floating-point conversion shall not reduce the size of the underlying type. |
| Rule M5-0-7 | | There shall be no explicit floating-integral conversions of a cvalue expression. |
| Rule M5-0-8 | | An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression. |
| Rule M5-0-9 | | An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression. |
| Rule M5-0-10 | | If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand. |
| Rule M5-0-11 | | The plain char type shall only be used for the storage and use of character values. |
| Rule M5-0-12 | | signed char and unsigned char type shall only be used for the storage and use of numeric values. |
| Rule A5-0-2 | | The condition of an if-statement and the condition of an iteration statement shall have type bool. |
| Rule M5-0-14 | | The first operand of a conditional-operator shall have type bool. |
| Rule M5-0-15 | | Array indexing shall be the only form of pointer arithmetic. |
| Rule M5-0-16 | ☑ | A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. |
| Rule M5-0-17 | ☑ | Subtraction between pointers shall only be applied to pointers that address elements of the same array. |
| Rule A5-0-4 | ☑ | Pointer arithmetic shall not be used with pointers to non-final classes. |
| Rule M5-0-18 | ☑ | >, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array. |
| Rule A5-0-3 | | The declaration of objects shall contain no more than two levels of pointer indirection. |
| Rule M5-0-20 | | Non-constant operands to a binary bitwise operator shall have the same underlying type. |
| Rule M5-0-21 | | Bitwise operators shall only be applied to operands of unsigned underlying type. |
| Rule A5-1-1 | | Literal values shall not be used apart from type initialization, otherwise symbolic names shall be used instead. |
| Rule A5-1-2 | | Variables shall not be implicitly captured in a lambda expression. |
| Rule A5-1-3 | | Parameter list (possibly empty) shall be included in every lambda expression. |
| Rule A5-1-4 | ☑ | A lambda expression object shall not outlive any of its reference-captured objects. |
| Rule A5-1-6 | ☑ | Return type of a non-void return type lambda expression should be explicitly specified. |
| Rule A5-1-7 | | A lambda shall not be an operand to decltype or typeid. |
| Rule A5-1-8 | | Lambda expressions should not be defined inside another lambda expression. |
| Rule A5-1-9 | | Identical unnamed lambda expressions shall be replaced with a named function or a named lambda expression. |
| Rule A5-2-1 | | dynamic_cast should not be used. |
| Rule M5-2-2 | | A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast. |
| Rule M5-2-3 | | Casts from a base class to a derived class should not be performed on polymorphic types. |
| Rule A5-2-2 | | Traditional C-style casts shall not be used. |
| Rule A5-2-3 | | A cast shall not remove any const or volatile qualification from a pointer or reference. |
| Rule A5-2-4 | | reinterpret_cast shall not be used. |
| Rule A5-2-5 | ⚙ | An array or container shall not be accessed beyond its range. |
| Rule A5-2-6 | | The operands of a logical && or \\ shall be parenthesized if the operands contain binary operators. |
| Rule M5-2-6 | | A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type. |
| Rule M5-2-8 | | An object with integer type or pointer to void type shall not be converted to an object with pointer type. |
| Rule M5-2-9 | | A cast should not convert a pointer type to an integral type. |
| Rule M5-2-10 | | The increment (++) and decrement (--) operators should not be mixed with other operators in an expression. |
| Rule M5-2-11 | | The comma operator, && operator and the || operator shall not be overloaded. |
| Rule M5-2-12 | | An identifier with array type passed as a function argument shall not decay to a pointer. |
| Rule A5-3-1 | ☑ | Evaluation of the operand to the typeid operator shall not contain side effects. |
| Rule M5-3-1 | | Each operand of the ! operator, the logical && or the logical || operators shall have type bool. |
| Rule A5-3-2 | | Null pointers shall not be dereferenced. |
| Rule A5-3-3 | | Pointers to incomplete class types shall not be deleted. |
| Rule M5-3-2 | | The unary minus operator shall not be applied to an expression whose underlying type is unsigned. |
| Rule M5-3-3 | | The unary & operator shall not be overloaded. |
| Rule M5-3-4 | | Evaluation of the operand to the sizeof operator shall not contain side effects. |
| Rule A5-5-1 | ☑ | A pointer to member shall not access non-existent class members. |
| Rule A5-6-1 | | The right hand operand of the integer division or remainder operators shall not be equal to zero. |
| Rule M5-8-1 | ☑ | The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand. |
| Rule A5-10-1 | ☑ | A pointer to member virtual function shall only be tested for equality with null-pointer-constant. |
| Rule M5-14-1 | ☑ | The right hand operand of a logical && or || operator shall not contain side effects. |
| Rule A5-16-1 | ☑ | The ternary conditional operator shall not be used as a sub-expression. |
| Rule M5-17-1 | ☑ | The semantic equivalence between a binary operator and its assignment operator form shall be preserved. |
| Rule M5-18-1 | | The comma operator shall not be used. |
| Rule M5-19-1 | | Evaluation of constant unsigned integer expressions should not lead to wrap-around. |
| Rule M6-2-1 | | Assignment operators shall not be used in sub-expressions. |
| Rule A6-2-1 | | Move and copy assignment operators shall either move or respectively copy base classes and data members of a class, without any side effects. |
| Rule A6-2-2 | | Expression statements shall not be explicit calls to constructors of temporary objects only. |
| Rule M6-2-2 | | Floating-point expressions shall not be directly or indirectly tested for equality or inequality. |
| Rule M6-2-3 | | Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white-space character. |
| Rule M6-3-1 | | The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. |
| Rule M6-4-1 | | An if ( condition ) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement. |
| Rule M6-4-2 | | All if ... else if constructs shall be terminated with an else clause. |
| Rule M6-4-3 | | A switch statement shall be a well-formed switch statement. |
| Rule M6-4-4 | | A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement. |
| Rule M6-4-5 | | An unconditional throw or break statement shall terminate every non-empty switch-clause. |
| Rule M6-4-6 | | The final clause of a switch statement shall be the default-clause. |
| Rule M6-4-7 | | The condition of a switch statement shall not have bool type. |
| Rule A6-4-1 | | A switch statement shall have at least two case-clauses, distinct from the default label. |
| Rule A6-5-1 | ☑ | A for-loop that loops through all elements of the container and does not use its loop-counter shall not be used. |
| Rule A6-5-2 | | A for loop shall contain a single loop-counter which shall not have floating-point type. |
| Rule M6-5-2 | | If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <,> or >=. |
| Rule M6-5-3 | ☑ | The loop-counter shall not be modified within condition or statement. |
| Rule M6-5-4 | | The loop-counter shall be modified by one of --, ++, -=n, or +=n; where n remains constant for the duration of the loop. |
| Rule M6-5-5 | ☑ | A loop-control-variable other than the loop-counter shall not be modified within condition or expression. |
| Rule M6-5-6 | | A loop-control-variable other than the loop-counter which is modified in statement shall have type bool. |
| Rule A6-5-3 | | Do statements should not be used. |
| Rule A6-5-4 | | For-init-statement and expression should not perform actions other than loop-counter initialization and modification. |
| Rule A6-6-1 | | The goto statement shall not be used. |
| Rule M6-6-1 | | Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement. |
| Rule M6-6-2 | | The goto statement shall jump to a label declared later in the same function body. |
| Rule M6-6-3 | | The continue statement shall only be used within a well-formed for loop. |
| Rule A7-1-1 | | Constexpr or const specifiers shall be used for immutable data declaration. |
| Rule A7-1-2 | ☑ | The constexpr specifier shall be used for values that can be determined at compile time. |
| Rule M7-1-2 | | A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified. |
| Rule A7-1-3 | | CV-qualifiers shall be placed on the right hand side of the type that is a typedef or a using name. |
| Rule A7-1-4 | | The register keyword shall not be used. |
| Rule A7-1-5 | | Restictions on use of auto specifier. |
| Rule A7-1-6 | | The typedef specifier shall not be used. |
| Rule A7-1-7 | | Each expression statement and identifier declaration shall be placed on a separate line. |
| Rule A7-1-8 | | A non-type specifier shall be placed before a type specifier in a declaration. |
| Rule A7-1-9 | | A class, structure, or enumeration shall not be declared in the definition of its type. |
| Rule A7-2-1 | ☑ | An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration. |
| Rule A7-2-2 | | Enumeration underlying base type shall be explicitly defined. |
| Rule A7-2-3 | | Enumerations shall be declared as scoped enum classes. |
| Rule A7-2-4 | | In an enumeration, either (1) none, (2) the first or (3) all enumerators shall be initialized. |
| Rule A7-2-5 | ⚯ | Enumerations should be used to represent sets of related named constants. |
| Rule M7-3-1 | | The global namespace shall only contain main, namespace declarations and extern "C" declarations. |
| Rule M7-3-2 | | The identifier main shall not be used for a function other than the global function main. |
| Rule M7-3-3 | | There shall be no unnamed namespaces in header files. |
| Rule M7-3-4 | | using-directives shall not be used. |
| Rule A7-3-1 | | All overloads of a function shall be visible from where it is called. |
| Rule M7-3-6 | | using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files. |
| Rule A7-4-1 | | The asm declaration shall not be used. |
| Rule M7-4-1 | ⚯ | All usage of assembler shall be documented. |
| Rule M7-4-2 | | Assembler instructions shall only be introduced using the asm declaration. |
| Rule M7-4-3 | | Assembly language shall be encapsulated and isolated. |
| Rule M7-5-1 | | A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function. |
| Rule M7-5-2 | ☑ | The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. |
| Rule A7-5-1 | | A function shall not return a reference or a pointer to a parameter that is passed by reference or const reference. |
| Rule A7-5-2 | ☑ | Functions should not call themselves, either directly or indirectly. |
| Rule A7-6-1 | | Functions declared with the [[noreturn]] attribute shall not return. |
| Rule M8-0-1 | | An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively. |
| Rule A8-2-1 | | When declaring function templates, the trailing return type syntax shall be used if the return type depends on the type of parameters. |
| Rule M8-3-1 | | Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments. |
| Rule A8-4-1 | | Functions shall not be defined using the ellipsis notation. |
| Rule M8-4-2 | | The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration. |
| Rule A8-4-2 | | All exit paths from a function with non-void return type shall have an explicit return statement with an expression. |
| Rule M8-4-4 | | A function identifier shall either be used to call the function or it shall be preceded by a &. |
| Rule A8-4-3 | ☑ | Common ways of passing parameters should be used. |
| Rule A8-4-4 | | Multiple output values from a function should be returned as a struct or tuple. |
| Rule A8-4-5 | | "consume" parameters declared as X && shall always be moved from. |
| Rule A8-4-6 | | "forward" parameters declared as T && shall always be forwarded. |
| Rule A8-4-7 | | "in" parameters for "cheap to copy" types shall be passed by value. |
| Rule A8-4-8 | | Output parameters shall not be used. |
| Rule A8-4-9 | | "in-out" parameters declared as T & shall be modified. |
| Rule A8-4-10 | | A parameter shall be passed by reference if it can't be NULL. |
| Rule A8-4-11 | | A smart pointer shall only be used as a parameter type if it expresses lifetime semantics. |
| Rule A8-4-12 | | std::unique_ptr passed to a function. |
| Rule A8-4-13 | | std::shared_ptr passed to a function. |
| Rule A8-4-14 | ☑ | Interfaces shall be precisely and strongly typed. |
| Rule A8-5-0 | | All memory shall be initialized before it is read. |
| Rule A8-5-1 | | Order of initialization in an initialization list. |
| Rule M8-5-2 | | Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures. |
| Rule A8-5-2 | | Braced-initialization {}, without equals sign, shall be used for variable initialization. |
| Rule A8-5-3 | | A variable of type auto shall not be initialized using {} or ={} braced-initialization. |
| Rule A8-5-4 | | User-declared constructor with parameter of type std::initializer_list. |
| Rule M9-3-1 | | const member functions shall not return non-const pointers or references to class-data. |
| Rule A9-3-1 | | Member functions shall not return non-const "raw" pointers or references to private or protected data owned by the class. |
| Rule M9-3-3 | | If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const. |
| Rule A9-5-1 | | Unions shall not be used. |
| Rule M9-6-1 | ⚯ | When the absolute positioning of bits representing a bit-field is required, then the behaviour and packing of bit-fields shall be documented. |
| Rule A9-6-1 | | Data types used for interfacing with hardware or conforming to communication protocols shall be trivial, standard-layout and only contain members of types with defined sizes. |
| Rule A9-6-2 | ⚯ | Bit-fields shall be used only when interfacing to hardware or conforming to communication protocols. |
| Rule M9-6-4 | | Named bit-fields with signed integer type shall have a length of more than one bit. |
| Rule A10-0-1 | ☑ | Public inheritance shall be used to implement "is-a" relationship. |
| Rule A10-0-2 | ☑ | Membership or non-public inheritance shall be used to implement "has-a" relationship. |
| Rule A10-1-1 | | Class shall not be derived from more than one base class which is not an interface class. |
| Rule M10-1-1 | | Classes should not be derived from virtual bases. |
| Rule M10-1-2 | | A base class shall only be declared virtual if it is used in a diamond hierarchy. |
| Rule M10-1-3 | | An accessible base class shall not be both virtual and non-virtual in the same hierarchy. |
| Rule M10-2-1 | | All accessible entity names within a multiple inheritance hierarchy should be unique. |
| Rule A10-2-1 | | Non-virtual public or protected member functions shall not be redefined in derived classes. |
| Rule A10-3-1 | | Virtual function declaration shall contain exactly one of the three specifiers: (1) virtual, (2) override, (3) final. |
| Rule A10-3-2 | | Each overriding virtual function shall be declared with the override or final specifier. |
| Rule A10-3-3 | | Virtual functions shall not be introduced in a final class. |
| Rule A10-3-5 | | A user-defined assignment operator shall not be virtual. |
| Rule M10-3-3 | | A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual. |
| Rule A10-4-1 | ☑ | Hierarchies should be based on interface classes. |
| Rule M11-0-1 | | Member data in non-POD class types shall be private. |
| Rule A11-0-1 | | A non-POD type should be defined as class. |
| Rule A11-0-2 | | Restrictions on struct definitions. |
| Rule A11-3-1 | | Friend declarations shall not be used. |
| Rule A12-0-1 | | Special member functions in classes. |
| Rule A12-0-2 | | Bitwise operations and operations that assume data representation in memory shall not be performed on objects. |
| Rule M12-1-1 | | An object's dynamic type shall not be used from the body of its constructor or destructor. |
| Rule A12-1-1 | | Constructors shall explicitly initialize all virtual base classes, all direct non-virtual base classes and all non-static data members. |
| Rule A12-1-2 | | Both NSDMI and a non-static member initializer in a constructor shall not be used in the same type. |
| Rule A12-1-3 | | Same member constant initializers in contructors. |
| Rule A12-1-4 | | All constructors that are callable with a single argument of fundamental type shall be declared explicit. |
| Rule A12-1-5 | ☑ | Common class initialization for non-constant members shall be done by a delegating constructor. |
| Rule A12-1-6 | | Derived classes that do not need further explicit initialization and require all the constructors from the base class shall use inheriting constructors. |
| Rule A12-4-1 | | Destructor of a base class shall be public virtual, public override or protected non-virtual. |
| Rule A12-4-2 | | If a public destructor of a class is non-virtual, then the class should be declared final. |
| Rule A12-6-1 | | All class data members that are initialized by the constructor shall be initialized using member initializers. |
| Rule A12-7-1 | | Behavior of a user-defined special member function identical to implicitly defined special member function. |
| Rule A12-8-1 | | Move and copy constructors shall move and respectively copy base classes and data members of a class, without any side effects. |
| Rule A12-8-2 | | User-defined copy and move assignment operators should use user-defined no-throw swap function. |
| Rule A12-8-3 | ☑ | Moved-from object shall not be read-accessed. |
| Rule A12-8-4 | | Move constructor shall not initialize its class members and base classes using copy semantics. |
| Rule A12-8-5 | | A copy assignment and a move assignment operators shall handle self-assignment. |
| Rule A12-8-6 | | Copy and move constructors and copy assignment and move assignment operators shall be declared protected or defined "=delete" in base class. |
| Rule A12-8-7 | | Assignment operators should be declared with the ref-qualifier &. |
| Rule A13-1-2 | | User defined suffixes of the user defined literal operators shall start with underscore followed by one or more letters. |
| Rule A13-1-3 | | User defined literals operators shall only perform conversion of passed parameters. |
| Rule A13-2-1 | | An assignment operator shall return a reference to "this". |
| Rule A13-2-2 | | A binary arithmetic operator and a bitwise operator shall return a "prvalue". |
| Rule A13-2-3 | | A relational operator shall return a boolean value. |
| Rule A13-3-1 | | A function that contains "forwarding reference" as its argument shall not be overloaded. |
| Rule A13-5-1 | | If "operator[]" is to be overloaded with a non-const version, const version shall also be implemented. |
| Rule A13-5-2 | | All user-defined conversion operators shall be defined explicit. |
| Rule A13-5-3 | | User-defined conversion operators should not be used. |
| Rule A13-5-4 | | If two opposite operators are defined, one shall be defined in terms of the other. |
| Rule A13-5-5 | | Comparison operators shall be non-member functions with identical parameter types and noexcept. |
| Rule A13-6-1 | | Digit sequences separators ' usage. |
| Rule A14-1-1 | ⚙ | A template should check if a specific template argument is suitable for this template. |
| Rule A14-5-1 | ⚙ | A template constructor shall not participate in overload resolution for a single argument of the enclosing class type. |
| Rule A14-5-2 | ⚙ | Class members that are not dependent on template class parameters should be defined in a separate base class. |
| Rule A14-5-3 | ⚙ | A non-member generic operator shall only be declared in a namespace that does not contain class (struct) type, enum type or union type declarations. |
| Rule M14-5-3 | ⚙ | A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter. |
| Rule M14-6-1 | ⚙ | In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this-> |
| Rule A14-7-1 | ⚙ | A type used as a template argument shall provide all members that are used by the template. |
| Rule A14-7-2 | ⚙ | Template specialization shall be declared in the same file (1) as the primary template (2) as a user-defined type, for which the specialization is declared. |
| Rule A14-8-2 | ⚙ | Explicit specializations of function templates shall not be used. |
| Rule A15-0-1 | ☑ | A function shall not exit with an exception if it is able to complete its task. |
| Rule A15-0-2 | ⚯ | Basic guarantee for exception safety shall be provided. |
| Rule A15-0-3 | ☑ | Exception safety guarantee of a called function shall be considered. |
| Rule A15-0-4 | ☑ | Unchecked exceptions shall be used to represent errors from which the caller cannot reasonably be expected to recover. |
| Rule A15-0-5 | ☑ | Checked exceptions shall be used to represent errors from which the caller can reasonably be expected to recover. |
| Rule A15-0-6 | ⚯ | Analysis of failure modes of exception handling. |
| Rule A15-0-7 | ⚯ | Exception handling mechanism shall guarantee a deterministic worst-case time execution time. |
| Rule A15-0-8 | ⚯ | A worst-case execution time (WCET) analysis shall be performed to determine maximum execution time constraints of the software, covering in particular the exceptions processing. |
| Rule A15-1-1 | | Only instances of types derived from std::exception should be thrown. |
| Rule A15-1-2 | | An exception object shall not be a pointer. |
| Rule M15-0-3 | | Control shall not be transferred into a try or catch block using a goto or a switch statement. |
| Rule M15-1-1 | ☑ | The assignment-expression of a throw statement shall not itself cause an exception to be thrown. |
| Rule M15-1-2 | | NULL shall not be thrown explicitly. |
| Rule M15-1-3 | | An empty throw (throw;) shall only be used in the compound-statement of a catch handler. |
| Rule A15-1-3 | | All thrown exceptions should be unique. |
| Rule A15-1-4 | ☑ | If a function exits with an exception, then place all objects/resources in valid states. |
| Rule A15-1-5 | ⚯ | Exceptions shall not be thrown across execution boundaries. |
| Rule A15-2-1 | | Constructors that are not noexcept shall not be invoked before program startup. |
| Rule A15-2-2 | ☑ | Behavior of a constructor that is not noexcept and cannot finish object initialization. |
| Rule M15-3-1 | ☑ | Exceptions shall be raised only after start-up and before termination of the program. |
| Rule A15-3-2 | ☑ | If a function throws an exception, it shall be handled when meaningful actions can be taken, otherwise it shall be propagated. |
| Rule A15-3-3 | | Main function and a task main function shall catch at least certain exceptions. |
| Rule A15-3-4 | ☑ | If a function throws an exception, it shall be handled when meaningful actions can be taken, otherwise it shall be propagated. |
| Rule M15-3-3 | | Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases. |
| Rule M15-3-4 | ☑ | Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point. |
| Rule A15-3-5 | | A class type exception shall be caught by reference or const reference. |
| Rule M15-3-6 | | Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class. |
| Rule M15-3-7 | | Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last. |
| Rule A15-4-1 | | Dynamic exception-specification shall not be used. |
| Rule A15-4-2 | | If a function is declared to be noexcept then it shall not exit with an exception. |
| Rule A15-4-3 | | The noexcept specification of a function shall either be identical across all translation units, or identical or more restrictive between a virtual member function and an overrider. |
| Rule A15-4-4 | | A declaration of non-throwing function shall contain noexcept specification. |
| Rule A15-4-5 | | Checked exceptions that could be thrown from a function shall be specified together with the function declaration and they shall be identical in all function declarations and for all its overriders. |
| Rule A15-5-1 | ☑ | All user-provided class destructors, deallocation functions, move constructors, move assignment operators and swap functions shall not exit with an exception. |
| Rule A15-5-2 | | Program shall not be abruptly terminated. |
| Rule A15-5-3 | | The std::terminate() function shall not be called implicitly. |
| Rule A16-0-1 | | The pre-processor shall only be used for unconditional and conditional file inclusion and include guards. |
| Rule M16-0-1 | | #include directives in a file shall only be preceded by other preprocessor directives or comments. |
| Rule M16-0-2 | | Macros shall only be #define'd or #undef'd in the global namespace. |
| Rule A16-2-2 | | There shall be no unused include directives. |
| Rule A16-2-3 | | An include directive shall be added explicitly for every symbol used in a file. |
| Rule M16-0-5 | | Arguments to a function-like macro shall not contain tokens that look like preprocessing directives. |
| Rule M16-0-6 | | In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##. |
| Rule M16-0-7 | | Undefined macro identifiers shall not be used in #if or #elif preprocessor directives, except as operands to the defined operator. |
| Rule M16-0-8 | | If the # token appears as the first token on a line, then it shall be immediately followed by a preprocessing token. |
| Rule M16-1-1 | | The defined preprocessor operator shall only be used in one of the two standard forms. |
| Rule M16-1-2 | | All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if or #ifdef directive to which they are related. |
| Rule M16-2-3 | | Include guards shall be provided. |
| Rule A16-2-1 | | The ', ", /*, //, \ characters shall not occur in a header file name or in #include directive. |
| Rule M16-3-1 | | There shall be at most one occurrence of the # or ## operators in a single macro definition. |
| Rule M16-3-2 | | The # and ## operators should not be used. |
| Rule A16-6-1 | ⚯ | #error directive shall not be used. |
| Rule A16-7-1 | ⚯ | The #pragma directive shall not be used. |
| Rule A17-0-1 | | Reserved identifiers, macros and functions in the C++ standard library shall not be defined, redefined or undefined. |
| Rule M17-0-2 | | The names of standard library macros and objects shall not be reused. |
| Rule M17-0-3 | | The names of standard library functions shall not be overridden. |
| Rule A17-0-2 | ⚯ | All project's code including used libraries and any third-party user code shall conform to the AUTOSAR C++14 Coding Guidelines. |
| Rule M17-0-5 | | The setjmp macro and the longjmp function shall not be used. |
| Rule A17-1-1 | | Use of the C Standard Library shall be encapsulated and isolated. |
| Rule A17-6-1 | | Non-standard entities shall not be added to standard namespaces. |
| Rule A18-0-1 | | The C library facilities shall only be accessed through C++ library headers. |
| Rule A18-0-2 | | The error state of a conversion from string to a numeric value shall be checked. |
| Rule M18-0-3 | | The library functions abort, exit, getenv and system from library shall not be used. |
| Rule M18-0-4 | | The time handling functions of library shall not be used. |
| Rule M18-0-5 | | The unbounded functions of library shall not be used. |
| Rule A18-0-3 | | The library (locale.h) and the setlocale function shall not be used. |
| Rule A18-1-1 | | C-style arrays shall not be used. |
| Rule A18-1-2 | | The std::vector specialization shall not be used. |
| Rule A18-1-3 | | The std::auto_ptr type shall not be used. |
| Rule A18-1-4 | | A pointer pointing to an element of an array of objects shall not be passed to a smart pointer of single object type. |
| Rule A18-1-6 | | All std::hash specializations for user-defined types shall have a noexcept function call operator. |
| Rule M18-2-1 | | The macro offsetof shall not be used. |
| Rule A18-5-1 | | Functions malloc, calloc, realloc and free shall not be used. |
| Rule A18-5-2 | | Non-placement new or delete expressions shall not be used. |
| Rule A18-5-3 | ☑ | The form of the delete expression shall match the form of the new expression used to allocate the memory. |
| Rule A18-5-4 | | If a project has sized or unsized version of operator "delete" globally defined, then both sized and unsized versions shall be defined. |
| Rule A18-5-5 | ⚯ | Criteria for memory management functions. |
| Rule A18-5-6 | ⚯ | An analysis shall be performed to analyze the failure modes of dynamic memory management. |
| Rule A18-5-7 | ⚯ | Non-realtime implementation of dynamic memory management. |
| Rule A18-5-8 | ☑ | Objects that do not outlive a function shall have automatic storage duration. |
| Rule A18-5-9 | ☑ | Custom implementations of dynamic memory allocation and deallocation functions. |
| Rule A18-5-10 | ☑ | Placement new shall be used only with properly aligned pointers to sufficient storage capacity. |
| Rule A18-5-11 | ☑ | "operator new" and "operator delete" shall be defined together. |
| Rule M18-7-1 | | The signal handling facilities of shall not be used. |
| Rule A18-9-1 | | The std::bind shall not be used. |
| Rule A18-9-2 | | Forwarding values to other functions. |
| Rule A18-9-3 | | The std::move shall not be used on objects declared const or const&. |
| Rule A18-9-4 | | An argument to std::forward shall not be subsequently used. |
| Rule M19-3-1 | | The error indicator errno shall not be used. |
| Rule A20-8-1 | | An already-owned pointer value shall not be stored in an unrelated smart pointer. |
| Rule A20-8-2 | | A std::unique_ptr shall be used to represent exclusive ownership. |
| Rule A20-8-3 | | A std::shared_ptr shall be used to represent shared ownership. |
| Rule A20-8-4 | | A std::unique_ptr shall be used over std::shared_ptr if ownership sharing is not required. |
| Rule A20-8-5 | | std::make_unique shall be used to construct objects owned by std::unique_ptr. |
| Rule A20-8-6 | | std::make_shared shall be used to construct objects owned by std::shared_ptr. |
| Rule A20-8-7 | ☑ | A std::weak_ptr shall be used to represent temporary shared ownership. |
| Rule A21-8-1 | | Arguments to character-handling functions shall be representable as an unsigned char. |
| Rule A23-0-1 | | An iterator shall not be implicitly converted to const_iterator. |
| Rule A23-0-2 | ☑ | Elements of a container shall only be accessed via valid references, iterators, and pointers. |
| Rule A25-1-1 | | Non-static data members or captured values of predicate function objects. |
| Rule A25-4-1 | ☑ | Ordering predicates used with associative containers and STL sorting and related algorithms shall adhere to a strict weak ordering relation. |
| Rule A26-5-1 | | Pseudorandom numbers shall not be generated using std::rand(). |
| Rule A26-5-2 | | Random number engines shall not be default-initialized. |
| Rule M27-0-1 | | The stream input/output library shall not be used. |
| Rule A27-0-1 | ⚯ | Inputs from independent components shall be validated. |
| Rule A27-0-2 | ☑ | A C-style string shall guarantee sufficient space for data and the null terminator. |
| Rule A27-0-3 | ☑ | Alternate input and output operations on a file stream shall not be used without an intervening flush or positioning call. |
| Rule A27-0-4 | | C-style strings shall not be used. |
