[DyslexicAtheist]

if safety is what they want without departing from C just use MISRA-C

> While C++, like C∀, takes an evolutionary approach to extending C, C++'s complex and interdependent features (e.g., overloading, object oriented, templates) mean idiomatic C++ code is difficult to use from C, and C programmers must expend significant effort learning C++.

the "significant effort" for learning C++ pays off (financially), while this certainly does not.

[yitchelle]

MISRA-C is just a set of rules. It does not stop humans making stupid mistakes or ignoring rules, and causing safety to be violated.

It not as hard as rust where the binary is not built if a rule is violated.

[kwhitefoot]

Is it possible to check for compliance with MISRA-C rules programmatically?

If it is then it can be made part of the build process and the effect will be the same: the binary will not get built if the rules are violated.

[pjmlp]

It is, but many developers have allergy to static analysers.

[chalst]

You quoted the key point: "idiomatic C++ code is difficult to use from C": most C++ libraries are useless in C programs.

They want the productivity improvement of C++ without leaving behind 2-way compatibility.

[Gibbon1]

> use MISRA-C

MISRA-C's idea of safety is banning function pointers.

[DyslexicAtheist]

actually that's not true. It's more complicated than that[1]:

---

Rule 104:

This is there to prevent the address of a function from being calculated at run time. i.e. the use of pointer arithmetic to calculate the value of a pointer to function is prohibited.

The reason is that an error in the calculation of the address could lead to a system failure.

Rule 105:

This is to ensure that a function pointer is only used to access functions that have the same return value type and formal parameter list. i.e. the type of the function pointer and the function to which it points must be the same.

The reason for this is to keep the use of the pointer consistent. If it is not, it is possible for the programmer to supply the wrong number of parameters when a function call is made, as it might not be clear which function the pointer is pointing at.

---

FWIW I have used function pointers twice in my career. From my personal experience you can improve readability by avoiding function pointers.

[1] https://www.misra.org.uk/forum/viewtopic.php?t=240

[mrkeen]

> you can improve readability by avoiding function pointers

How do you sort?

#include <stdlib.h>

void qsort(void base, size_t nmemb, size_t size, int (compar)(const void , const void ));