Conversation

Notices

Embed this notice
mdn (mangeurdenuage@shitposter.club)'s status on Tuesday, 08-Aug-2023 10:16:42 JST mdn

>The Power of 10 Rules were created in 2006 by Gerard J. Holzmann of the NASA/JPL Laboratory for Reliable Software.[1] The rules are intended to eliminate certain C coding practices which make code difficult to review or statically analyze

The ten rules are:[1]

Avoid complex flow constructs, such as goto and recursion.
All loops must have fixed bounds. This prevents runaway code.
Avoid heap memory allocation.
Restrict functions to a single printed page.
Use a minimum of two runtime assertions per function.
Restrict the scope of data to the smallest possible.
Check the return value of all non-void functions, or cast to void to indicate the return value is useless.
Use the preprocessor sparingly.
Limit pointer use to a single dereference, and do not use function pointers.
Compile with all possible warnings active; all warnings should then be addressed before release of the software.

>The NASA study of the Toyota electronic throttle control firmware found at least 243 violations of these rules.
Proprietary cars yes.

https://en.wikipedia.org/wiki/The_Power_of_10:_Rules_for_Developing_Safety-Critical_Code
In conversation Tuesday, 08-Aug-2023 10:16:42 JST from shitposter.club permalink
Attachments
1. Domain not in remote thumbnail source whitelist: login.wikimedia.org
  
  The Power of 10: Rules for Developing Safety-Critical Code
  
  The Power of 10 Rules were created in 2006 by Gerard J. Holzmann of the NASA/JPL Laboratory for Reliable Software. The rules are intended to eliminate certain C coding practices which make code difficult to review or statically analyze. These rules are a complement to the MISRA C guidelines and have been incorporated into the greater set of JPL coding standards. Rules The ten rules are: Avoid complex flow constructs, such as goto and recursion. All loops must have fixed bounds. This prevents runaway code. Avoid heap memory allocation. Restrict functions to a single printed page. Use a minimum of two runtime assertions per function. Restrict the scope of data to the smallest possible. Check the return value of all non-void functions, or cast to void to indicate the return value is useless. Use the preprocessor sparingly. Limit pointer use to a single dereference, and do not use function pointers. Compile with all possible warnings active; all warnings should then be addressed before release of the software.Uses...
- Embed this notice
  Sexy Moon (moon@shitposter.club)'s status on Tuesday, 08-Aug-2023 10:16:41 JST Sexy Moon
  in reply to
  
  @mangeurdenuage stop using C for safety-critical code
  
  In conversation Tuesday, 08-Aug-2023 10:16:41 JST permalink
- Embed this notice
  Doughnut Lollipop 【記録係】:blobfoxgooglymlem: (tk@bbs.kawa-kun.com)'s status on Tuesday, 08-Aug-2023 10:22:47 JST Doughnut Lollipop 【記録係】:blobfoxgooglymlem:
  in reply to
  - Sexy Moon
  @Moon @mangeurdenuage
  stop using C for safety-critical code
  Fixed it for you. :blobfoxthumbsup:
  
  In conversation Tuesday, 08-Aug-2023 10:22:47 JST permalink
- Embed this notice
  Johnny Peligro (mischievoustomato@marsey.moe)'s status on Tuesday, 08-Aug-2023 10:31:36 JST Johnny Peligro
  in reply to
  - Sexy Moon
  @Moon @mangeurdenuage rust is da future
  
  In conversation Tuesday, 08-Aug-2023 10:31:36 JST permalink
  
  Sexy Moon likes this.
- Embed this notice
  翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Tuesday, 08-Aug-2023 20:49:01 JST 翠星石
  in reply to
  - Sexy Moon
  @Moon The only way to write decent safety-critical code is to write fine artisan GNU C.
  
  You can either just write it correctly or prove it correct with a mathematical proof.
  
  In conversation Tuesday, 08-Aug-2023 20:49:01 JST permalink

Public

Conversation

Notices

Feeds