F35 Fighter Jet’s C++ Coding Standards
26 points by azhenley
26 points by azhenley
LaurieWired's video talking about this standard: https://www.youtube.com/watch?v=Gv4sDL9Ljww
Wait, I didn't watch the whole thing, but did she write her own flight controller for an actual jet and run it in a simulator?
How realistic is this sim? Can a real flight controller be run on this and tested?
This could be a lot of fun and a good entry to working on flight sims.
As she mentions in the video, she's using X-Plane 12. The simulation publishes real-time data about the aircraft through a websocket or similar.
She wrote code to access the data and do some processing on it in C++, and used a Python script to run the user interface on the MFD panel.
X-Plane is used by some people as the basis for creating their own sophisticated flight simulator systems, which have basically all the controls of a real aircraft.
This is from December 2005, was this made public recently?
Do we know which compiler they used?
Many of the rules are purely syntactic or very simple to check with a tool (rule 10, 11, 12, 14, 108, 67, 63, 60, 59, 57, 54, 107, 99, 98). Surely they must've had their own tools to check for violations of these kind of simple rules at least, right?
I'm disappointed to not see the rationale in some of the rules. E.g.
AV Rule 18 (MISRA Rule 120) The macro offsetof, in library <stddef.h>, shall not be used.
(There are a bunch of these)
I'm also wondering what they mean by this in rule 178:
Dynamic casts are not allowed at this point due to lack of tool support, but could be considered at some point in the future after appropriate investigation has been performed for SEAL1/2 software. Dynamic casts are fine for general purpose software.
Do we know which tool is this talking about?
I was somewhat surprised by this rule initially: (rule 181)
Redundant explicit casts will not be used.
Rationale: Unnecessary casting clutters the code and could mask later problems if variable types change over time.
I think the solution here (that won't keep working as you change the code) would be a cast function that specifies both the source and target types. I wonder why they don't do this instead of using implicit casts?
This has been public for years, archive.org dates back to 2012. Stroustrup AFAIK published it as a showcase on how you can practise C++ safel.
AV Rule 43 Tabs should be avoided
My approach is "spaces for alignment, tabs for indentation", because then everyone can set their preferred tab-width in their editor, which can be 2 spaces or 8 spaces. I never really liked the spaces-only approach, as it forces the tab-width on people. Personally, I hate reading code with 2-space-indentations, for instance.