MISRA Discussion Forums

Full Version: Memory allocation when throwing an exception.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Dear all

While doing a memory audit of our framework for autonomous driving cars we realized that throwing any kind of exception dynamically allocates memory on compilers using the Itanium C++ ABI (notably gcc and clang). Further, throwing an exception may block for which is not acceptable for safety-critical real-time systems.

Neither Misra 2008 nor Autosar 14 or other guidelines forbid exceptions in safety-critical environments. What were the considerations when investigating this issue?

To solve this issue we created a library which replaces the dynamic memory allocation with a memory pool. This library is freely available here: https://github.com/ApexAI/static_exception

Any inputs or other approaches would be very welcome!

Best regards,

MISRA rules only apply to source code, not the binary. So any allocation of memory 'behind the scenes' by the compiler, without the explicit use of new or malloc in the source, doesn't violate the 'no dynamic memory' requirement.

However, it would be prudent to consider the suitability of the compiler's runtime system, e.g. whether the system may run out of memory whilst throwing the exception