[CSUSB]>> [CNS]>> [CSE]>> [R J Botting]>> biba.php
Bibliographic Item (1.0)
- Gerard J Holzmann
- The Power of 10: Rules for developing Safety-critical code
- IEEE Computer Magazine V39n6(Jun 2006)pp95-97
- =THEORY QUALITIES RELIABILITY RISKS TECHNIQUES LANGUAGE SAFE C CODE NASA/JPL
- Given the aim is code that can be checked for risks... here are 10 rules.
- My summary (with the first place I saw it)
- Structured control flow. (Dijkstra 1960's)
- All loops have a fixed upper bound on number of repetitions (Witty 1970's)
- Don't allocate dynamic memory after initialization.
- All functions less than one page and one line per declaration (UK Criminal records 1970's)
- At least 2 assertions per function (IK Sturtevant in the 1970's)
- Declare data objects in the smallest scope -- no globals! (1980's)
- Check all input parameters inside each function and all returned values after each call.
- Only simple preprocessing -- no ellipses or recursive macros.
- Control pointers -- only one level of dereferencing, and never hidden in a macro/typedef.
No function pointers.
- Compile, from day 1, with all warnings on. Daily static analysis.
- (dick)|-just use FORTRAN IV! The 9th rule means no object-oriented code, and rule 7 leads to an infinite regress of parameter checking. The above does nothing to control pointers and subscripts from going out of bounds.
- See the venerable "Ten Commandments of C Programming"
[ doc/C.commandments.txt ]
Search for bibliographic items containing a matching string.
Search for a specific bibliographic item by name.
To see the complete bibliography (1Mb+) select:[Bibliography]