Reliable Software

NASA/JPL's Gerard Holzmann offers Ten Rules for Developing Safety Critical Code. wikipedia

The short paper is worth reading. It makes clear the attention to detail required of any programmer writing code that has to work reliably.


simple control flow constructs

loops with fixed upper-bounds

no memory allocation after initialization

no function longer than a printed page

minimum of two assertions per function

data declared in smallest possible scope

check validity of parameters and return values

use of the preprocessor must be limited

pointers should be restricted

code must compile without any warnings


The most striking difference from casual programming is the avoidance of recursive data structures or control flows. However, when these are allowed one cannot state with authority that a finite computer will not run out of time or memory.

Contrast these rules with my own patterns for Information Integrity wherein a user could run the program out of memory, detect the subsequent Meaningless Behavior, and then reduce their demand on the system by closing windows.