[Source](http://spinroot.com/p10/ "Permalink to The Power of Ten -- Rules for Writing Safety Critical Code")

# The Power of Ten -- Rules for Writing Safety Critical Code

# `The Power of Ten  
10 Rules for Writing Safety Critical Code`

* * *

| ----- |
|  1  |   |  Restrict to simple control flow constructs. |  [(details)][1] |  
|  2  |   |  Give all loops a fixed upper-bound. |  [(details)][2] |  
|  3  |   |  Do not use dynamic memory allocation after initialization. |  [(details)][3] |  
|  4  |   |  Limit functions to no more than 60 lines of text. |  [(details)][4] |  
|  5  |   |  Use minimally two assertions per function on average. |  [(details)][5] |  
|  6  |   |  Declare data objects at the smallest possible level of scope. |  [(details)][6] |  
|  7  |   |  Check the return value of non-void functions, and check the validity of function parameters. |  [(details)][7] |  
|  8  |   |  Limit the use of the preprocessor to file inclusion and simple macros. |  [(details)][8] |  
|  9  |   |  Limit the use of pointers. Use no more than two levels of dereferencing per expression. |  [(details)][9] |  
|  10  |   |  Compile with all warnings enabled, and use one or more source code analyzers. |  [(details)][10] | 

* * *

Based on: ''The Power of Ten -- Rules for Developing Safety Critical Code,'' _IEEE Computer_, June 2006, pp. 93-95 [(PDF)][11]. 
* * *

[1]: http://spinroot.com/rule1.html
[2]: http://spinroot.com/rule2.html
[3]: http://spinroot.com/rule3.html
[4]: http://spinroot.com/rule4.html
[5]: http://spinroot.com/rule5.html
[6]: http://spinroot.com/rule6.html
[7]: http://spinroot.com/rule7.html
[8]: http://spinroot.com/rule8.html
[9]: http://spinroot.com/rule9.html
[10]: http://spinroot.com/rule10.html
[11]: http://spinroot.com/gerard/pdf/P10.pdf