"The Power of Ten" refers to a set of ten rules developed by Gerard Holzmann of the NASA Jet Propulsion Laboratory for use in writing safety-critical software. The rules are simple, but they specify strict limits on the forms code can take. These limits support code clarity and analyzability, which are especially important for safety-critical applications. In addition see the Power of Ten website for more information.
The rules and rationales are described in a 2006 paper:
Gerard J. Holzmann, "The Power of 10: Rules for Developing Safety-Critical Code,"Computer, 39(6), pp. 95-97, June 2006.
Relevant Warning Classes
The following accordion show the CodeSonar warning classes that are associated with Power of Ten rules. The tenth rule, POW10:10, is associated with some checks and also requires the use of a static analysis tool such as CodeSonar.
Mapping Summary
Supported | All | Percent Coverage | |
---|---|---|---|
All | 10 | 10 | 100.0% |
Mapping Detail
Rule | Rule Name | Supported |
---|---|---|
POW10:1 | Restrict to simple control flow constructs. | Yes |
POW10:2 | Give all loops a fixed upper-bound. | Yes |
POW10:3 | Do not use dynamic memory allocation after initialization. | Yes |
POW10:4 | Limit functions to no more than 60 lines of text. | Yes |
POW10:5 | Use minimally two assertions per function on average. | Yes |
POW10:6 | Declare data objects at the smallest possible level of scope. | Yes |
POW10:7 | Check the return value of non-void functions, and check the validity of function parameters. | Yes |
POW10:8 | Limit the use of the preprocessor to file inclusion and simple macros. | Yes |
POW10:9 | Limit the use of pointers. Use no more than two levels of dereferencing per expression. | Yes |
POW10:10 | Compile with all warnings enabled, and use one or more source code analyzers. | Yes |