NASA's 10 Rules for Developing Safety-Critical Code
NASA Jet Propulsion Laboratory’s Laboratory for Reliable Software developed a set of code guidelines for developing safety-critical code. The NASA's 10 rules are intended to eliminate C coding practices that make it difficult to review or properly analyze with static analysis tools.
➡️ Enforce NASA's 10 Rules With Klocwork
What Is NASA Power of 10 Coding?
If you want to improve the safety of your embedded systems, you could start by coding like NASA, whose mission-critical projects, launched in the extreme environment of outer space, require extreme safety controls. Strict coding standards with rigorous rules and requirements prevent errors from the start and keep embedded software safe.
Since 2006, NASA has followed 10 rules they developed, which are aimed at testability, readability, and reliability, based on a paper by Gerard Holzmann of the NASA JPL's Laboratory for Reliable Software titled, "The Power of 10: Rules for Developing Safety-Critical Code."
Coding guidelines help development teams write cleaner code and implement coding best practices, so that quality remains high throughout the software development lifeycle. Like many safety-critical guidelines, the NASA power of 10 coding rules target primarily the C programming language and help developers check the reliability of critical applications written in C.
Back to topNASA Power of 10: The NASA’s 10 Rules
NASA’s 10 rules for developing safety-critical code are:
- Restrict all code to very simple control flow constructs—do not use goto statements, setjmp or longjmp constructs, or direct or indirect recursion.
- Give all loops a fixed upper bound.
- Do not use dynamic memory allocation after initialization.
- No function should be longer than what can be printed on a single sheet of paper in a standard format with one line per statement and one line per declaration.
- The code's assertion density should average to minimally two assertions per function.
- Declare all data objects at the smallest possible level of scope.
- Each calling function must check the return value of nonvoid functions, and each called function must check the validity of all parameters provided by the caller.
- The use of the preprocessor must be limited to the inclusion of header files and simple macro definitions.
- Limit pointer use to a single dereference, and do not use function pointers.
- Compile with all possible warnings active; all warnings should then be addressed before the release of the software.
How to Implement Safety-Critical Code Like NASA's 10 Rules
The best way to ensure safety-critical code is to use a static code analyzer.
Static code analyzers enforce coding rules and flag standard violations. Klocwork comes with quality coding taxonomies — NASA, MISRA, and AUTOSAR — to ensure secure, reliable, and compliant software.
Enforce NASA Compliance with Klocwork
Running static analysis is an important part of the process of developing safety-critical applications and is a tool to use when complying with functional safety standards, such as IEC 61508 and EN 50128. Klocwork can check your code against the NASA coding practice guidelines to automatically flag violations and enforce its quality coding standard.
Try Klocwork for Safety-Critical Code
See for yourself how Klocwork helps ensure safety-critical code.
➡️ Start your free Klocwork trial
Back to top