Power of Ten

"The Power of Ten" refers to a set of ten rules developed by Gerard Holzmann of the NASA Jet Propulsion Laboratory for use in writing safety-critical software. The rules are simple, but they specify strict limits on the forms code can take. These limits support code clarity and analyzability, which are especially important for safety-critical applications. In addition see the Power of Ten website for more information.

The rules and rationales are described in a 2006 paper:

Gerard J. Holzmann, "The Power of 10: Rules for Developing Safety-Critical Code,"Computer, 39(6), pp. 95-97, June 2006.

Relevant Warning Classes

The following accordion show the CodeSonar warning classes that are associated with Power of Ten rules. The tenth rule, POW10:10, is associated with some checks and also requires the use of a static analysis tool such as CodeSonar.

Mapping Tables

Mapping Summary

  Supported All Percent Coverage
All 10 10 100.0%

Mapping Detail

Rule Rule Name Supported
POW10:1 Restrict to simple control flow constructs. Yes
POW10:2 Give all loops a fixed upper-bound. Yes
POW10:3 Do not use dynamic memory allocation after initialization. Yes
POW10:4 Limit functions to no more than 60 lines of text. Yes
POW10:5 Use minimally two assertions per function on average. Yes
POW10:6 Declare data objects at the smallest possible level of scope. Yes
POW10:7 Check the return value of non-void functions, and check the validity of function parameters. Yes
POW10:8 Limit the use of the preprocessor to file inclusion and simple macros. Yes
POW10:9 Limit the use of pointers. Use no more than two levels of dereferencing per expression. Yes
POW10:10 Compile with all warnings enabled, and use one or more source code analyzers. Yes
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.