The Power of 10

From Lazarus wiki
Jump to navigationJump to search

Software security is critical for every project. This applies especially to applications in medicine, military, industry and aerospace. This is why the National Aeronautics and Space Administration (NASA) defined a set of rules called The Power of 10 summarising basic principles on how to improve the security of code.

The Pascal language already implements some basic measures for improved security from the ground up, including strong typing and the encouragement of safe control structures. It is advisable, however, to have some additional principles in mind, especially at the beginning of a new project. Of course, it is possible to implement these principles in later stages, too.

The Power of 10 Rules was defined in 2006 by Gerard J. Holzmann at the JPL|NASA/JPL Laboratory for Reliable Software. Their main intention is eliminating certain C coding practices which make code difficult to review or statically analyze. These rules have been incorporated into the coding standards of multiple institutions.

Rules

The ten rules are:

  1. Avoid complex flow constructs, such as goto, direct or indirect recursion.
  2. All loops must have a fixed upper bound in order to prevent runaway code.
  3. Avoid heap memory allocation after initialisation.
  4. Restrict procedures, functions and methods to a single printed page. Typically, this means no more than about 60 lines of code per block.
  5. Use a minimum of two runtime assertions per function.
  6. Restrict the scope of data to the smallest possible. Therefore, local variables should be preferred over global variables
  7. Check the return value of all functions or return nil or NaN in order to indicate that the return value is useless. Additionally, each called function must check the validity of all actual parameters provided by the caller.
  8. Use compiler directives or IDE directives sparingly. If possible, they should be restricted to the interface section of a unit.
  9. Limit the use of pointers to a single dereference and avoid using function pointers.
  10. Compile with all possible warnings active; all warnings should then be addressed before release of the software.

References

  1. GJ Holzmann: The Power of 10: Rules for Developing Safety-Critical Code DOI: 10.1002/9781119174240.ch10
  2. R Giorato: The Power of 10 — NASA’s Rules for Coding. Medium, October 2nd, 2019