NASA’s 10 rules for developing safety-critical code
-
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, direct or indirect recursion. I like that point. I eschew recursion. There are other, better ways to do it. But, recursion is the nifty-bang thing that all the Universities like to teach. Well the University of Adversity says don't use it in production code if you can help it. Also I wonder if that one is related to the rocket that blew up because it kept feeding fuel into the system? A recursive algorithm maybe? Oh, just looked it up. It wasn't recursion that killed the rocket: http://www.cs.jhu.edu/~jorgev/cs106/bug.pdf[^]
-
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
#11 - Never try to eat an ice cream while holding a recently captured feral cat.
-
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
Those rules are very similar to the JSF++ coding guidelines developed for the Joint-Strike Fighter. This document was developed by Lockheed Martin and published in 2005. Stroustrup and a few other C++ experts, whom I can't remember their names for certain, were consulted on this standard. The document can be found here: http://www.stroustrup.com/JSF-AV-rules.pdf[^] Most C++ static analysis tools have a preset configuration to enforce the guidelines defined in this document.
-
Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, direct or indirect recursion. I like that point. I eschew recursion. There are other, better ways to do it. But, recursion is the nifty-bang thing that all the Universities like to teach. Well the University of Adversity says don't use it in production code if you can help it. Also I wonder if that one is related to the rocket that blew up because it kept feeding fuel into the system? A recursive algorithm maybe? Oh, just looked it up. It wasn't recursion that killed the rocket: http://www.cs.jhu.edu/~jorgev/cs106/bug.pdf[^]
newton.saber wrote:
It wasn't recursion that killed the rocket:
Great read. I love this line: The work of software engineers is radically different from the type of work done by a student programmer. They spend more time specifying, designing and testing than they do writing code. Riiight. It's a rare thing when I work with someone on a project that actually wants to spend time specifying and designing. After all, refactoring and agile, while all the rage, are misconstrued into anti-patterns of specifying and designing. Marc
Imperative to Functional Programming Succinctly Contributors Wanted for Higher Order Programming Project!
-
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
Nice Read...Thanks for sharing :)
-
#11 - Never try to eat an ice cream while holding a recently captured feral cat.
#11.1 Never try to code when your decidedly non-feral cat wants to lay on your keyboard.
Software Zen:
delete this; -
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
I think sdtimes.com has to be the most annoying software-related web site I've ever seen. EVERY page navigation triggered the stupid fucking ad overlay or a "how do you like SDTimes?" prompt.
Software Zen:
delete this; -
#11 - Never try to eat an ice cream while holding a recently captured feral cat.
#12 Mail the captured feral cat to someone on eBay.
-
Those rules are very similar to the JSF++ coding guidelines developed for the Joint-Strike Fighter. This document was developed by Lockheed Martin and published in 2005. Stroustrup and a few other C++ experts, whom I can't remember their names for certain, were consulted on this standard. The document can be found here: http://www.stroustrup.com/JSF-AV-rules.pdf[^] Most C++ static analysis tools have a preset configuration to enforce the guidelines defined in this document.
In various forms NASA's been following the general practices laid out in the top 10 list for decades. Hyper paranoid defensive coding rules haven't really needed to change much in a long time.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
The NASA Jet Propulsion Laboratory’s (JPL) Laboratory for Reliable Software recently published a set of code guidelines, “The Power of Ten—Rules for Developing Safety Critical Code.” The paper’s author, JPL lead scientist Gerard J. Holzmann, explained that the mass of existing coding guidelines is inconsistent and full of arbitrary rules, rarely allowing for now-essential tasks such as tool-based compliance checks. Existing guidelines, he said, inundate coders with vague rules, causing code quality of even the most critical applications to suffer.
My number one rule: Treat all code as safety critical! ;P
With those rules, you might as well have a rule "just don't write any code", because it is clearly impossible to comply and still do anything nontrivial. Rules 1 and 2 together mean that it's not even Turing complete, and rules 3 and 9 together mean that the only possible data structure is a fixed size array. You could create a variable size array during initialization, but then rule 2 means you can never use more than a constant piece of it.