[CSUSB]>> [CNS]>> [CSE]>> [R J Botting]>> biba.php

Bibliographic Item (1.0)

Holzmann06

  1. Gerard J Holzmann
  2. The Power of 10: Rules for developing Safety-critical code
  3. IEEE Computer Magazine V39n6(Jun 2006)pp95-97
  4. =THEORY QUALITIES RELIABILITY RISKS TECHNIQUES LANGUAGE SAFE C CODE NASA/JPL
  5. Given the aim is code that can be checked for risks... here are 10 rules.
  6. My summary (with the first place I saw it)
    1. Structured control flow. (Dijkstra 1960's)
    2. All loops have a fixed upper bound on number of repetitions (Witty 1970's)
    3. Don't allocate dynamic memory after initialization.
    4. All functions less than one page and one line per declaration (UK Criminal records 1970's)
    5. At least 2 assertions per function (IK Sturtevant in the 1970's)
    6. Declare data objects in the smallest scope -- no globals! (1980's)
    7. Check all input parameters inside each function and all returned values after each call.
    8. Only simple preprocessing -- no ellipses or recursive macros.
    9. Control pointers -- only one level of dereferencing, and never hidden in a macro/typedef. No function pointers.
    10. Compile, from day 1, with all warnings on. Daily static analysis.


  7. (dick)|-just use FORTRAN IV! The 9th rule means no object-oriented code, and rule 7 leads to an infinite regress of parameter checking. The above does nothing to control pointers and subscripts from going out of bounds.
  8. See the venerable "Ten Commandments of C Programming" [ doc/C.commandments.txt ]

Search for bibliographic items containing a matching string.


(Search uses POSIX regular expressions and ignores case)

Search for a specific bibliographic item by name.



To see the complete bibliography (1Mb+) select:[Bibliography]