The Power of Ten Rules for Developing Safety Critical Code
I was reading an article when I saw a reference to how NASA’s Jet Propulsion Laboratory (JPL) was using 10 simple coding guideline to develop safe code. The article referenced the following URL: http://spinroot.com/p10/. Going to this site, you will discover that the work was originally published in the June 2006 issue of IEEE Computer in The Power of Ten Rules for Developing Safety Critical Code by Gerard J. Holzmann.
The paper and site describes 10 rules:
- Restrict to simple control flow constructs.
- Give all loops a fixed upper-bound.
- Do not use dynamic memory allocation after initialization.
- Limit functions to no more than 60 lines of text.
- Use minimally two assertions per function on average.
- Declare data objects at the smallest possible level of scope.
- Check the return value of non-void functions, and check the validity of function parameters.
- Limit the use of the preprocessor to file inclusion and simple macros.
- Limit the use of pointers. Use no more than two levels of dereferencing per expression.
- Compile with all warnings enabled, and use one or more source code analyzers.
Check the site and the paper out.