ISO-26262 states that “criteria that are not sufficiently addressed by the language itself shall be covered by the corresponding guidelines or by the development environment” and goes on to suggest “exclusion of language constructs which might result in unhandled runtime errors”.
The catch is, for typical embedded programming languages like C or C++, such errors can be caused by any pointer or array access, any arithmetic computation, etc. Obviously, excluding such basic language constructs wholesale is not an option. As a result, the only way to really guarantee the absence of runtime errors is to use appropriate tools as part of the development environment.
The same is true for timing and stack behavior, which is not captured in the current programming language semantics and thus has to be addressed by the corresponding specific tools such as aiT and StackAnalyzer.
