[clang-tidy][RFC] Add Autosar C++14 clang-tidy module?

Hi!

We are following the Autosar C++14 guidelines and were thinking to add a clang-tidy module for it and start implementing checks. There’s a couple local forks with some checks here and there but never made it upstream. I believe quite a lot of them are already covered by the existing checks (e.g. cppcoreguidelines) so most of the work would be about creating aliases and adding some extra configuration.

What do you think, would that be ok? Both about adding the Autosar module itself, but also making aliases from one coding guideline (e.g. cppcoreguidelines) to another coding guideline (autosar). Typically the alias is from a non-coding guideline (e.g. bugprone) to a coding guideline (cppcoreguidelines).

We can of course have our own local fork but it’s nice to be able to contribute upstream so everyone can benefit. Autosar would fit well together with the existing guidelines (CppCoreGuidlines, CERT, HiCPP, etc).

Best regards,
Carlos

Hi!

We are following the Autosar C++14 guidelines and were thinking to add a clang-tidy module for it and start implementing checks. There's a couple local forks with some checks here and there but never made it upstream. I believe quite a lot of them are already covered by the existing checks (e.g. cppcoreguidelines) so most of the work would be about creating aliases and adding some extra configuration.

What do you think, would that be ok? Both about adding the Autosar module itself, but also making aliases from one coding guideline (e.g. cppcoreguidelines) to another coding guideline (autosar). Typically the alias is from a non-coding guideline (e.g. bugprone) to a coding guideline (cppcoreguidelines).

We can of course have our own local fork but it's nice to be able to contribute upstream so everyone can benefit. Autosar would fit well together with the existing guidelines (CppCoreGuidlines, CERT, HiCPP, etc).

As a clang-tidy user, I would be interested in an Autosar C++14 module.

-Tom

Hi!

We are following the Autosar C++14 guidelines and were thinking to add a clang-tidy module for it and start implementing checks. There's a couple local forks with some checks here and there but never made it upstream. I believe quite a lot of them are already covered by the existing checks (e.g. cppcoreguidelines) so most of the work would be about creating aliases and adding some extra configuration.

What do you think, would that be ok? Both about adding the Autosar module itself, but also making aliases from one coding guideline (e.g. cppcoreguidelines) to another coding guideline (autosar). Typically the alias is from a non-coding guideline (e.g. bugprone) to a coding guideline (cppcoreguidelines).

We can of course have our own local fork but it's nice to be able to contribute upstream so everyone can benefit. Autosar would fit well together with the existing guidelines (CppCoreGuidlines, CERT, HiCPP, etc).

Personally, I'm okay with adding a module for AUTOSAR checks. It's an
industry standard set of coding conventions like many of the other
modules we have. However, one issue we've run into with things like
the C++ Core Guidelines is a lack of a useful feedback loop when there
are enforcement questions. Do you have contacts with anyone
maintaining AUTOSAR so that if we run into questions we'll have some
guidance on how to resolve them?

As for aliases from one coding guideline to another; I think that's
fine. We already have the issue where changing the primary check may
cause the alias to no longer be valid, so I don't think this would
introduce any new problems we don't already have to watch out for. One
thing that could get a bit weird is with documentation (aliases
typically automatically redirect back to their primary check, so it
might be weird to go to the docs for an AUTOSAR check and wind up in
CERT C++ or something. But if that causes problems in practice, I
think they can be handled as they come up.

~Aaron

That’s great to hear, thanks! Will give it a kickstart one of these days :slight_smile:

You have a very valid point about the feedback loop, and that’s one of the pain points of Autosar. Therefore some rules might need to be left out or enforced in a “best effort” way. Or made configurable so that if they are ambiguous they can be enforced following a handful of interpretations. At least Autosar makes it clear which rules are meant to be “automatically enforceable” and which ones aren’t. Some rules are also impractical to follow strictly so I can foresee the need for partial deviations via configuration. Autosar also inherits some MISRA rules, for which one can actually ask questions in the MISRA forums directly, so that’s good.

Would be interesting to have several companies contributing to it and openly discuss those rules that are more ambiguous or poorly written. Who knows, maybe the Autosar authors come across these checks and help clarifying!

All in all, Autosar is not perfect but it’s an important enabler for e.g. the automotive industry to finally leave MISRA C++08 and move to modern C++14. There’s plans for new MISRA guidelines covering C++17 but it’s unclear when they’ll be published, so we need to live with Autosar for a little more.

That's great to hear, thanks! Will give it a kickstart one of these days :slight_smile:

Excellent, thank you!

You have a very valid point about the feedback loop, and that's one of the pain points of Autosar. Therefore some rules might need to be left out or enforced in a "best effort" way. Or made configurable so that if they are ambiguous they can be enforced following a handful of interpretations. At least Autosar makes it clear which rules are meant to be "automatically enforceable" and which ones aren't. Some rules are also impractical to follow strictly so I can foresee the need for partial deviations via configuration. Autosar also inherits some MISRA rules, for which one can actually ask questions in the MISRA forums directly, so that's good.

Would be interesting to have several companies contributing to it and openly discuss those rules that are more ambiguous or poorly written. Who knows, maybe the Autosar authors come across these checks and help clarifying!

All in all, Autosar is not perfect but it's an important enabler for e.g. the automotive industry to finally leave MISRA C++08 and move to modern C++14. There's plans for new MISRA guidelines covering C++17 but it's unclear when they'll be published, so we need to live with Autosar for a little more.

Agreed, and to be clear, we don't have a requirement that there is a
feedback loop with the proposal authors before adding a new module to
clang-tidy. I mostly brought it up as an existing source of pain with
the C++ Core Guideline checks. I'd like to avoid similar issues with
new modules because lacking a feedback loop makes the code review
process significantly harder when the rule is unclear (which
negatively impacts reviewers, patch authors, and clang-tidy users).

~Aaron

Hi All,

I am the current chair of the MISRA C++ Working Group.

As a bit of background, the Autosar guidelines are currently being merged into an updated MISRA C++ document (support for C++17, with C++20 and later planned). Autosar C++ will be retired when this work is complete, with Autosar moving to the updated MISRA guidelines. There will be significant differences between the MISRA and Autosar documents - for example, MISRA will not be including any guidelines that are related to (software development) process, coding style nor most of those related to software design.

As part of this ongoing work, a number of the Autosar team have joined the MISRA group. I therefore have good contacts with Autosar and the people who developed Autosar C++14. I would be more than happy to answer any questions that you may have related to Autosar or MISRA.

Note - it may also be worth looking at MISRA Compliance:2020 (https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf), as this defines what is required to make a claim of "MISRA compliance”.

Chris

MISRA_LOGO x.png

Chris,

Thanks a lot for the reply, it’s really great to have a feedback loop with MISRA. As a starting point we are trying to understand if it’s OK to implement open-source clang-tidy checks based on the Autosar C++14 guidelines, from a legal/license point of view. I’ve sent a mail about this to admin@autosar.org - is that correct or should I direct my questions to MISRA directly?

Regarding technical questions, should we direct them to your email directly, via this mailing list or by some other means? There’s also the MISRA forums which I think work pretty well, even though the feedback time is rather high. I have asked there whether it makes sense to post Autosar-related questions or not.

Best regards,
Carlos

MISRA_LOGO x.png

Hi Carlos,

I am not able to comment on the legal position with respect to Autosar. The request you have sent to their admin email address is the best way to get an answer on that.

From the MISRA perspective, I can put you in touch (off list) with the relevant contact so you can discuss how to do this. From memory, I think it is ok to add the checks (and quote the guideline numbers), but a license would be needed if the MISRA headline text (“Don’t do this…”) is used.

I am happy for technical questions to be sent directly to me, but it is better for the MISRA user community if they are posted on the forum. New questions (in the MISRA C++ section) currently get reviewed every week or so at the moment, but feel free to send me an email as well so I can make sure any you add are actioned as soon as possible. I’ve located the one you posted re Autosar and will post a reply.

Chris

MISRA_LOGO x.png

David,

Thanks a lot for the help, we now have a Forum where we can ask Autosar C++14-related questions directly to MISRA! This is great news.
https://forum.misra.org.uk/forum-185.html

Regarding licensing, I’ll wait for the reply from the Autosar admin email address. Reading about similar questions in the MISRA forums, I reach your same conclusion - we may only refer to the rule numbers without mentioning the rule text. This is done in order to preserve the original text (one source of truth) to avoid confusion, which I think makes sense. I hope Autosar has a similar view.

Best regards,
Carlos

MISRA_LOGO x.png