The Power of 10: Rules for Developing Safety-Critical Code: Difference between revisions

The Power of 10 Rules were created in 2006 by Gerard J. Holzmann of the NASA/JPL Laboratory for Reliable Software.^[1] The rules are intended to eliminate certain C coding practices which make code difficult to review or statically analyze. These rules are a complement to the MISRA C guidelines and have been incorporated into the greater set of JPL coding standards.^[2]

The ten rules are:^[1]

1. Avoid complex flow constructs, such as goto and recursion.
2. All loops must have fixed bounds. This prevents runaway code.
3. Avoid heap memory allocation.
4. Restrict functions to a single printed page.
5. Use a minimum of two runtime assertions per function.
6. Restrict the scope of data to the smallest possible.
7. Check the return value of all non-void functions, or cast to void to indicate the return value is useless.
8. Use the preprocessor sparingly.
9. Limit pointer use to a single dereference, and do not use function pointers.
10. Compile with all possible warnings active; all warnings should then be addressed before release of the software.

The NASA study of the Toyota electronic throttle control firmware found at least 243 violations of these rules.^[3][4]

• Life critical system
• Coding conventions
• Software quality
• Software assurance

• G.J. Holzmann (2006-06-19). "The Power of 10: Rules for Developing Safety-Critical Code". IEEE Computer. 39 (6): 95–99. doi:10.1109/MC.2006.212.

• Open Source Satellite: How do you make software that is reliable enough for space missions?