Inside the F‑35’s C++ Rulebook: Why Safety-Critical Code Looks Different

A new explainer revisits the Joint Strike Fighter (JSF) Air Vehicle C++ Coding Standards-the rulebook behind the F‑35’s flight software. What’s notable here is how aggressively the standard fences off foot‑guns to make avionics code predictable: no exceptions or RTTI, no multiple inheritance, no recursion, tightly constrained dynamic memory (typically only during initialization), and heavy reliance on static analysis. Under the hood, the document defines a small, deterministic subset of C++ paired with process requirements-traceability, code reviews, and warnings‑as‑errors-so timing, resource use, and behavior can be reasoned about before anything flies.

The bigger picture: this is a template for high‑integrity C++ where worst‑case execution time and analyzability rule. It overlaps with MISRA/AUTOSAR guidance and foreshadows parts of the C++ Core Guidelines. Worth noting: while the standard predates modern C++, its principles align with current practice-value semantics, RAII, bounded containers, and no‑throw error handling to keep control flow explicit. For everyday teams, the takeaway isn’t to ban features wholesale, but to define a verifiable profile your tooling can enforce. Engineering for determinism scales surprisingly well-from jets to servers.