null
July 19, 2018

3 Coding Best Practices for C++

Static Analysis
Security & Compliance

Software is everywhere today. And that means that code is everywhere. It’s in practically everything — from your smartphone to your automobile to your refrigerator.

So, product development requires code. And no matter what type of product you’re building, your code needs to be reliable.

Why You Need Reliable Code

You need reliable code to ensure that your software is safe and stable. This is especially important in safety-critical industries, such as medical devices and automotive.

But it remains important in any organization. Your product could be hacked. An undetected coding error could cause a malfunction. A device your product connects to could have malware — and endanger your device.

The security risks are countless. Without reliable code, your reputation can be damaged — and the future of your product will be at stake.

That leads to recalls. And recalls are no stranger to the embedded industry — particularly medical devices and automobiles.

In 2017, the FDA recalled thousands of medical devices due to hacking risks and failures to work as they should. And 2014 was a particularly dangerous year for automotive recalls. Vehicles were recalled for software flaws that caused incidents, such as unintended acceleration.

Your code needs to be reliable, safe, and secure from the start. And coding best practices ensure that it is.

3 Best Practices for Coding in C++

There are plenty of best practices for coding. But here are a few to consider for coding in C++.

Write Readable Code

Your code should be easy for any developer on your team to understand and maintain. And you can do that by writing clean, readable code. Avoid unnecessary parentheses. Use consistent indentation. Beware of using too many levels of nesting.

Follow Coding Rules

Coding rules ensure developers don’t make common mistakes that lead to security vulnerabilities. These rules may come from a published coding standard. Or they may be developed internally by your organization. Whatever the case may be, make sure your code obeys the rules.

Here’s an example of a coding rule from MISRA C++:2008 (Rule 4-10-1):

NULL shall not be used as an integer value

Inspect Your Code Regularly

Every line of code should be thoroughly inspected to ensure it’s safe, secure, and reliable. Use code reviews and automated toolsets to verify your code.

Automated tools can scan your code and verify it against your coding rules. Manual code reviews can help you ensure the code is readable.

Coding Standards for Your Version of C++

Selecting the right coding standard will help you ensure that your code is safe, secure, and reliable. The right coding standard may depend on your industry — and which version of the C++ language you are using. There are key differences to each version of the programming language.

C++17 Is the Latest, However…

C++17 is the latest version of C++. However, adoption of new programming languages is slow — particularly for the embedded industry. There are some coding standards that support C++17, but it’s more practical to code in C++14 (or earlier versions) if you’re compliance-minded.

C++03 vs. C++11 vs. C++14

C++03, C++11, and C++14 are the most frequently used versions of C++, particularly for safety-critical industries.

C++03 is a minor update to C++98. At the time it was released, C++03 was noted for greater consistency and portability over C++98.

MISRA C++ supports C++03.

C++11 is a major update to C++03. It includes performance improvements, such as multithreading support. It also features usability improvements, such as uniform initialization. And it includes functionality improvements, such as new string literals.

High Integrity C++ supports C++11.

C++14 is a minor update to C++11. It includes functionality updates to the language (e.g., function return type deduction) and the library (e.g., shared mutexes and locking).

AUTOSAR supports C++ 14.

How to Migrate to Modern C++

There are many reasons why your company might be using an older version of C++. For instance, the MISRA coding standard specifies use of C++03. If you’re already using modern C++ it will be more difficult to demonstrate MISRA compliance.

The AUTOSAR C++ Coding Guidelines were recently developed to bridge the gap between MISRA compliance for C++03 and more modern versions of C++. So, convincing your company to make the move to modern C++ may involve educating them on the benefits of this new coding standard.

There are other coding standards that support C++ as well. It’s important to know which standards support which language version, in order to make your case for modern C++.

Make the Case for Modern C++

Ready to convince your company to adopt modern C++? Download “Moving to Modern C++”.

Move to Modern C++