"The Power of Ten" refers to a set of ten rules developed by Gerard Holzmann of the NASA Jet Propulsion Laboratory for use in writing safety-critical software. The rules are simple, but they specify strict limits on the forms code can take. These limits support code clarity and analyzability, which are especially important for safety-critical applications. In addition see the Power of Ten website for more information.
The rules and rationales are described in a 2006 paper:
Gerard J. Holzmann, "The Power of 10: Rules for Developing Safety-Critical Code,"Computer, 39(6), pp. 95-97, June 2006.
Relevant Warning Classes
The following accordion show the CodeSonar warning classes that are associated with Power of Ten rules. The tenth rule, POW10:10, is associated with some checks and also requires the use of a static analysis tool such as CodeSonar.
Mapping Definition
The table below show classes from our broad mapping which for a given warning class and category kind combines categories from four sources:
- The close mapping for the class.
- Other categories of that kind that are related to the class in a meaningful way, but not eligible for the close mapping. Usually this indicates a substantial overlap between category and warning class, but overlap that cannot be characterized as a subset or superset relationship.
- It the category kind is hierarchical (of the current category taxonomies, only We has this property): tor all categories trom sources 1 and 2, all ancestors in the taxonomy hierarchy
- In a small number of cases, all descendants of a hierarchical category source 1 or 2 are also applicable to the class. In these cases the descendants are also added to the broad mapping
Mapping Summary
Supported | All | Percent Coverage | |
---|---|---|---|
All | 10 | 10 | 100.0% |
Mapping Detail
Rule | Rule Name | Supported |
---|---|---|
POW10:1 | Restrict to simple control flow constructs. | Yes |
POW10:2 | Give all loops a fixed upper-bound. | Yes |
POW10:3 | Do not use dynamic memory allocation after initialization. | Yes |
POW10:4 | Limit functions to no more than 60 lines of text. | Yes |
POW10:5 | Use minimally two assertions per function on average. | Yes |
POW10:6 | Declare data objects at the smallest possible level of scope. | Yes |
POW10:7 | Check the return value of non-void functions, and check the validity of function parameters. | Yes |
POW10:8 | Limit the use of the preprocessor to file inclusion and simple macros. | Yes |
POW10:9 | Limit the use of pointers. Use no more than two levels of dereferencing per expression. | Yes |
POW10:10 | Compile with all warnings enabled, and use one or more source code analyzers. | Yes |