After the myths the facts will follow. Therefore, we leave the area of half truth and untruth statements about C++.
My reasoning in this post is based on C++98. That is for two reasons. First, both the MISRA C++ guidelines and the "Technical Report C++ on Performance" are written before the C++11 standard. Second, I show that classical C++ even powerful enough to refute the myths.
The current MISRA C++:2008 guidelines were published by the Motor Industry Software Reliability Association. They are based on the MISRA C guidelines from the year 1998. Originally designed for the automotive industry they became the de facto standard for the implementation of critical software in the aviation, military and medical sector. As MISRA C, MISRA C++ describes guidelines for a safe subset of C++.
This subset consists of more than 200 rules being classified as document, required, or advisory.
- Mandatory requirements on the developer
- Derivations are not permitted
- Mandatory requirements on the developer
- Formal derivation must be raised
- Should be followed as far as possible
- Formal derivation is not necessary but maybe considered
The rules are about the C++ core language and the libraries. To make it clearer I will present a few rules from MISRA C++.
- Unnecessary construct
- The project shall not contain unreachable code. (required)
- The project shall not contain unused variables. (required)
- All usage of assembler shall be documented. (document)
- Use of floating-point arithmetic shall be documented. (document)
- The code shall conform to the C++03 standard (Remark: Small addition to C++98). (required)
- No C comments shall be used to "comment out" code. (required)
- No C++ comments shall be used to "comment out" code. (advisory)
- Pointer conversions
- NULL shall not be used as an integer value. (required)
- Multiple base classes
- Classes should not be derived from virtual bases. (advisory)
- Virtual functions
- Each overriding virtual function shall be declared with the virtual keyword. (required)
- Exception handling
- Exceptions shall only be used for error handling.(document)
- All partial and explicit specializations for a template shall be declared in the same file as the declarations of their primary template. (required)
- Macro replacements
- The # and ## operators should not be used. (advisory)
- The C library shall not be used. (required)
- All library code shall conform to MISRA C++.(document)
You can verify these and all the other MISRA C++ rules with static code analysis tools.
Which conclusions can we draw from the MISRA C++ rules for the usage of C++ in critical systems? Neither one feature nor the whole language is excluded by MISRA C++.
MISRA C++ even goes one step further and emphasises why the importance of C++ in critical systems becomes more important. (1.1 The use of C++ in critical systems):
- C++ gives good support for high-speed, low-level, input/output operations, which are essential to many embedded systems.
- The increased complexity of applications make the use of a high-level language more appropriate than assembly language.
- C++ compilers generate code with similar size and RAM requirements to those of C.
But one small downer remains. MISRA C++ is based on classical C++. Modern C++ has a lot more to offer for embedded systems. Sadly, MISRA C++ can not keep in lockstep with the C++ standardization. But from discussion on online forums I know that they want to fill the gap.
Technical report on C++ performance
The Working Group WG 21 published in the year the ISO/IEC TR 18015. The title sounds not very interesting but that document is the ultimate source if you want to get the performance numbers of the C++ features. The document expresses its concerns directly to the point.
- to give the reader a model of time and space overheads implied by use of various C++ language and library features,
- to debunk widespread myths about performance problems,
- to present techniques for use of C++ in applications where performance matters, and
- to present techniques for implementing C++ Standard language and library facilities to yield efficient code.
Authors of the paper with more than 200 pages are well known C++ experts like Dave Abrahams, Howard Hinnand, Dietmar Kühl, Dan Saks, Bill Seymour, Bjarne Stroustrup, and Detlef Vollmann.
The scope of the document are the C++ features, their overhead and usage, the creation of efficient libraries in C++, the usage of C++ in embedded system, and the interfaces in C++ to communicate with hardware. In particular the C++ features and their overhead and usage are the main topic of this post.
C++ features, overhead, and usage
The authors use for their analysis three computer architectures with five different compilers. They use the compilers with different optimization options. I will give you only an idea of the results that are quite remarkable.
- Have no significant overhead in size and performance
- Type converting operator
- The C++ casts const_cast, static_cast, and reinterpret_cast differ neither in size nor in performance from their C pedant.
- The at runtime executed dynamic_cast has some overhead. (Remark: The conversion has no C pedant.).
- A class without virtual functions is as big as a struct.
- A class with virtual functions has the overhead of a pointer and a virtual function table. These are about 2 to 4 bytes.
- Function calls
- The call of a non-virtual, non-static, and non-inline function is as expensive as the call of a free function.
- The call of a virtual function is an expensive as the call of a free function with the help of a pointer that is stored in a table.
- Virtual functions of a class template can cause overhead in size. (Remark: Functions that not depend on template parameters should be extracted in a base class. Therefore, the functionality - independent of template parameters - can be shared between all derived class templates.)
- The inlining of a function causes significant performance benefits and is close to the performance of a C macro.
- Multiple inheritance
- Can cause time and/or space overhead.
- Virtual base classes have overhead compared to non-virtual base classes.
- Run-time type information (RTTI)
- There are about 40 additional bytes for each class necessary.
- The typeid call is quite slow. That seems due to the quality of the implementation.
- The conversion during runtime with dynamic_cast is slow. According to the reports that should also be due to the quality of the implementation.
- Exception handling
- There are two strategies for dealing with exceptions. These are the code and the table strategy. The code strategy has to move and manage additional data structures for the dealing with exceptions. The table strategy has the execution context in a table.
- The code strategy has a size overhead for the stack and the runtime. The runtime overhead is about 6%. This overhead exists even without the throwing of an exception.
- The table strategy has neither overhand in program size nor in runtime. (Remarks: That statements hold only if no exceptions was thrown.). The table strategy is more difficult to implement.
- You get for each template instanziation a new class template or function template. Therefore, the naive use of temples can cause code bloat. Modern C++ compilers can massively reduce the number of template instanziations. The usage of partial or full specialisation helps to reduce the template instanziations.
You can read the details, the exact number and few additionals topics directly in the report: TR18015.pdf.
There is also a small downer in the "Technical Report on C++ Performance". The report is from 2006. In particular C++11 has a lot of features for writing faster code. I asked Detelf Vollmann, an author of the paper, on the Meeting C++ if they plan update the report to modern C++. His request to Bjarne Stroustrup gave the result that he has no time. Understandable but a small downer.
I will write in the next post about the automatic type deduction with auto. What has auto in common with safety critical systems? A lot!
Thanks a lot to my Patreon Supporters: Matt Braun, Roman Postanciuc, Tobias Zindl, Marko, G Prvulovic, Reinhold Dröge, Abernitzke, Frank Grimm, Sakib, Broeserl, António Pina, Darshan Mody, Sergey Agafyin, Андрей Бурмистров, Jake, GS, Lawton Shoemake, Animus24, Jozo Leko, John Breland, espkk, Wolfgang Gärtner, Louis St-Amour, Stephan Roslen, Venkat Nandam, Jose Francisco, Douglas Tinkham, Kuchlong Kuchlong, Avi Kohn, Robert Blanch, Truels Wissneth, Kris Kafka, Mario Luoni, Neil Wang, Friedrich Huber, Sudhakar Balagurusamy, lennonli, and Pramod Tikare Muralidhara.
Thanks in particular to Jon Hess, Lakshman, Christian Wittenhorst, Sherhy Pyton, and Dendi Suhubdy
I'm happy to give online-seminars or face-to-face seminars world-wide. Please call me if you have any questions.
Here is a compilation of my standard seminars. These seminars are only meant to give you a first orientation.