We are pleased to see many companies in the automotive, industrial, medical, aviation, robotics and railway industries taking the safety of critical C++ applications seriously. With the latest safety-critical applications handling real-time data from cameras, radars and other sensors, the need for a mature programming language that closely matches the performance of C, while offering a higher level of abstraction, has never been greater. To make full use of C++ you need a qualified C++ library. But how do you qualify that?
The C++ Standard Library is huge and continues to grow with every language update. To qualify the library requires some major design decisions, a lot of hard work and myriad small details to be taken into account.
Typical C++ applications do not use all the C++ library components. When customers ask us to qualify the C++ library for specific applications, it means we actually end up looking at the qualification of small subsets of the C++ library. But there is a risk: it restricts future changes to the application to use only the qualified subset of the library.
Qualifying single functions in the C standard library is (relatively) easy. Most are independent and defined in separate files, which makes it straightforward to see which code needs to be verified and analyzed. For C++ the story is completely different. Firstly, a large part of the implementation is contained in header files, which means there is no single unique file for every function declaration. Secondly, header code is typically template-based and evaluated at compile time, which makes coverage analysis challenging. Furthermore, the C++ library is class-based, which means that functions are grouped together and their implementation intertwined.
This is what gravitates us towards qualifying complete headers instead of single functions. It is very beneficial for the transparency of reports on both the qualification process and its results. Functional safety is only improved if these reports are clear and accessible, so that a reviewer can be confident the task has been fully completed.
Clearly, there is a potential mismatch here between our complete header qualification approach and the list of qualified functions that our customers ask us for. Fortunately, they fully understand the advantages of working with headers. Besides the more transparent qualification process, it provides way more freedom if the application needs changes in the future.
If you want to know more about our progress with a requirements-based test suite for qualification of the C++ library, do not hesitate to contact us.
Dr. Marcel Beemster, CTO
Subscribe to our monthly blog!