After the myths, the facts will follow. Therefore, we leave the area of half-truth and untruth statements about C++.
My reasoning in this post is based on C++98. That is for two reasons. First, the MISRA C++ guidelines and the "Technical Report C++ on Performance" are written before the C++11 standard. Second, I show that classical C++ is even powerful enough to refute the myths.
The Motor Industry Software Reliability Association published the current MISRA C++:2008 guidelines. They are based on the MISRA C guidelines from the year 1998. Originally designed for the automotive industry, they became the de facto standard for implementing critical software in the aviation, military, and medical sectors. As MISRA C, MISRA C++ describes guidelines for a safe subset of C++.
This subset consists of more than 200 rules being classified as a document, required, or advisory.
- Mandatory requirements for the developer
- Derivations are not permitted
- Mandatory requirements for the developer
- Formal derivation must be raised
- Should be followed as far as possible
- The formal derivation is not necessary but may be considered
The rules are about the C++ core language and the libraries. To clarify, I will present a few rules from MISRA C++.
- Unnecessary construct
- The project shall not contain unreachable code. (required)
- The project shall not contain unused variables. (required)
- All usage of assemblers shall be documented. (document)
- The use of floating-point arithmetic shall be documented. (document)
- The code shall conform to the C++03 standard (Remark: Small addition to C++98). (required)
- No C comments shall be used to "comment out" code. (required)
- No C++ comments shall be used to "comment out" code. (advisory)
- Pointer conversions
- NULL shall not be used as an integer value. (required)
- Multiple base classes
- Classes should not be derived from virtual bases. (advisory)
- Virtual functions
- Each overriding virtual function shall be declared with the virtual keyword. (required)
- Exception handling
- Exceptions shall only be used for error handling. (document)
- All partial and explicit specializations for a template shall be declared in the same file as the declarations of their primary template. (required)
- Macro replacements
- The # and ## operators should not be used. (advisory)
- The C library shall not be used. (required)
- All library code shall conform to MISRA C++.(document)
You can verify these and all the other MISRA C++ rules with static code analysis tools.
Which conclusions can we draw from the MISRA C++ rules for using C++ in critical systems? MISRA C++ excludes neither one feature nor the whole language.
MISRA C++ even goes one step further and emphasizes why the importance of C++ in critical systems becomes more important. (1.1 The use of C++ in critical systems):
- C++ supports high-speed, low-level input/output operations essential to many embedded systems.
- The increased complexity of applications makes using a high-level language more appropriate than assembly language.
- C++ compilers generate code similar to C's size and RAM requirements.
But one small downer remains. MISRA C++ is based on classical C++. Modern C++ has a lot more to offer for embedded systems. Sadly, MISRA C++ can not keep in lockstep with the C++ standardization. But from an online discussion, I know they want to fill the gap.
Modernes C++ Mentoring
Be part of my mentoring programs:
Do you want to stay informed about my mentoring programs: Subscribe via E-Mail.
Technical report on C++ performance
The Working Group WG 21 was published in the ISO/IEC TR 18015. The title sounds not very interesting, but that document is the ultimate source if you want to get the performance numbers of the C++ features. The document expresses its concerns directly to the point.
- to give the reader a model of time and space overheads implied by the use of various C++ language and library features,
- to debunk widespread myths about performance problems,
- to present techniques for the use of C++ in applications where performance matters, and
- to present techniques for implementing C++ Standard language and library facilities to yield efficient code.
The authors of the paper, with more than 200 pages are well-known C++ experts like Dave Abrahams, Howard Hinnand, Dietmar Kühl, Dan Saks, Bill Seymour, Bjarne Stroustrup, and Detlef Vollmann.
The scope of the document is the C++ features, their overhead and usage, the creation of efficient libraries in C++, the usage of C++ in embedded systems, and the interfaces in C++ to communicate with the hardware. In particular, the C++ features and their overhead and usage are the main topics of this post.
C++ features, overhead, and usage
The authors use for their analysis three computer architectures with five different compilers. They use compilers with different optimization options. I will give you only an idea of the results that are quite remarkable.
- Have no significant overhead in size and performance
- Type converting operator
- The C++ casts const_cast, static_cast, and reinterpret_cast differ neither in size nor performance from their C pedant.
- The runtime executed dynamic_cast has some overhead. (Remark: The conversion has no C pendant.).
- A class without virtual functions is as big as a struct.
- A class with virtual functions has the overhead of a pointer and a virtual function table. These are about 2 to 4 bytes.
- Function calls
- The call of a non-virtual, non-static, and non-inline function is as expensive as a free function.
- The call of a virtual function is as expensive as a free function with the help of a pointer stored in a table.
- Virtual functions of a class template can cause overhead in size. (Remark: Functions that depend not on template parameters should be extracted in a base class. Therefore, the functionality - independent of template parameters - can be shared between all derived class templates.)
- The inlining of a function causes significant performance benefits and is close to the performance of a C macro.
- Multiple inheritances
- It can cause time and/or space overhead.
- Virtual base classes have overhead compared to non-virtual base classes.
- Run-time type information (RTTI)
- There are about 40 additional bytes for each class necessary.
- The typeid call is relatively slow. That seems to be due to the quality of the implementation.
- The conversion during runtime with dynamic_cast is slow, according to the reports; that should also be due to the quality of the implementation.
- Exception handling
- There are two strategies for dealing with exceptions. These are the code and the table strategy. The coding strategy must move and manage additional data structures for exceptions. The table strategy has the execution context in a table.
- The coding strategy has a size overhead for the stack and the runtime. The runtime overhead is about 6%. This overhead exists even without the throwing of an exception.
- The table strategy has neither overhand in program size nor in runtime. (Remarks: That statements hold only if no exceptions were thrown.). The table strategy is more challenging to implement.
- You get for each template instantiation a new class template or function template. Therefore, the naive use of temples can cause code bloat. Modern C++ compilers can massively reduce the number of template instantiations. The usage of partial or full specialization helps to reduce template instantiations.
You can read the details, the exact number, and a few additional topics directly in the report: TR18015.pdf.
The "Technical Report on C++ Performance" also has a minor downer. The report is from 2006. In particular, C++11 has a lot of features for writing faster code. I asked Detlef Vollmann, an author of the paper on the Meeting C++, if they plan to update the report to modern C++. His request to Bjarne Stroustrup gave the result that he has no time. That is understandable but a minor downer.
I will write in the next post about the automatic type deduction with auto. What has auto in common with safety-critical systems? A lot!
Thanks a lot to my Patreon Supporters: Matt Braun, Roman Postanciuc, Tobias Zindl, G Prvulovic, Reinhold Dröge, Abernitzke, Frank Grimm, Sakib, Broeserl, António Pina, Sergey Agafyin, Андрей Бурмистров, Jake, GS, Lawton Shoemake, Animus24, Jozo Leko, John Breland, Venkat Nandam, Jose Francisco, Douglas Tinkham, Kuchlong Kuchlong, Robert Blanch, Truels Wissneth, Kris Kafka, Mario Luoni, Friedrich Huber, lennonli, Pramod Tikare Muralidhara, Peter Ware, Daniel Hufschläger, Alessandro Pezzato, Bob Perry, Satish Vangipuram, Andi Ireland, Richard Ohnemus, Michael Dunsky, Leo Goodstadt, John Wiederhirn, Yacob Cohen-Arazi, Florian Tischler, Robin Furness, Michael Young, Holger Detering, Bernd Mühlhaus, Matthieu Bolt, Stephen Kelley, Kyle Dean, Tusar Palauri, Dmitry Farberov, Juan Dent, George Liao, Daniel Ceperley, Jon T Hess, Stephen Totten, Wolfgang Fütterer, Matthias Grün, Phillip Diekmann, Ben Atakora, Ann Shatoff, and Rob North.
Thanks, in particular, to Jon Hess, Lakshman, Christian Wittenhorst, Sherhy Pyton, Dendi Suhubdy, Sudhakar Belagurusamy, Richard Sargeant, Rusty Fleming, John Nebel, Mipko, Alicja Kaminska, and Slavko Radman.
My special thanks to Embarcadero
My special thanks to PVS-Studio
My special thanks to Tipi.build
My special thanks to Take Up Code
I'm happy to give online seminars or face-to-face seminars worldwide. Please call me if you have any questions.
Standard Seminars (English/German)
Here is a compilation of my standard seminars. These seminars are only meant to give you a first orientation.
- C++ - The Core Language
- C++ - The Standard Library
- C++ - Compact
- C++11 and C++14
- Concurrency with Modern C++
- Design Pattern and Architectural Pattern with C++
- Embedded Programming with Modern C++
- Generic Programming (Templates) with C++
- Clean Code with Modern C++
- Phone: +49 7472 917441
- Mobil:: +49 176 5506 5086
- German Seminar Page: www.ModernesCpp.de
- Mentoring Page: www.ModernesCpp.org
RSS feed for comments to this post