The Power of 10: Rules for Developing Safety-Critical Code

• …

Excerpts from The Power of 10: Rules for Developing Safety-Critical Code - Wikipedia by Contributors to Wikimedia projects:

From Wikipedia, the free encyclopedia

Coding guidelines by Gerald J. Holzmann

The Power of 10 Rules were created in 2006 by Gerard J. Holzmann of the NASA/JPL Laboratory for Reliable Software.¹ The rules are intended to eliminate certain C coding practices which make code difficult to review or statically analyze. These rules are a complement to the MISRA C guidelines and have been incorporated into the greater set of JPL coding standards.²

The ten rules are:¹

1. Avoid complex flow constructs, such as goto and recursion.
2. All loops must have fixed bounds. This prevents runaway code.
3. Avoid heap memory allocation.
4. Restrict functions to a single printed page.
5. Use a minimum of two runtime assertions per function.
6. Restrict the scope of data to the smallest possible.
7. Check the return value of all non-void functions, or cast to void to indicate the return value is useless.
8. Use the preprocessor sparingly.
9. Limit pointer use to a single dereference, and do not use function pointers.
10. Compile with all possible warnings active; all warnings should then be addressed before release of the software.

The NASA study of the Toyota electronic throttle control firmware found at least 243 violations of these rules.³⁴

• Life critical system

• Coding conventions

• Software quality

• Software assurance

• G.J. Holzmann (2006-06-19). “The Power of 10: Rules for Developing Safety-Critical Code”. IEEE Computer. 39 (6): 95–99. doi:10.1109/MC.2006.212.

• NASA Technical Standards System Software Assurance and Software Safety Standard
• Open Source Satellite: How do you make software that is reliable enough for space missions?