CODING STANDARD

The team adopted a new, risk-based (not style-based!) CODING STANDARD with tool-based compliance checks.

Dr. Holzmann observed that Coding Standards are not actually followed by developers. Every mission at JPL had its own Coding Standard. Dr. Holzmann checked actual production code. For example, coding standard says every "switch" statement has to have a "default" case. grep "switch", grep "default", and you get wildly different numbers! Standards were not being followed.

So Dr. Holzmann said, suppose you could pick only 10 rules (as opposed to hundreds of rules that are ignored). Which rules would you pick? He interviewed a lot of people, including programming luminaries Brian Kernighan and Dennis Ritchie, and picked rules based on risk. This led to the "Power of Ten" coding rules, where every rule is related to a mishap or an accident or a loss of a mission that has happened to NASA.

Again, that’s very few rules, with a bad case (example) of what happened when that rule was broken.

Thus the "The Power of 10: Rules for Developing Safety-Critical Code" was published in June 2006 issue of IEEE Computer Society "Computer" magazine. It is a small standard, easy to understand and remember; mechanically verifiable; and measurably effective.

The MSL mission’s coding standard was based on "The Power of 10" standard. There were four distinct levels of compliance (LOC). There are 32 rules at LOC-4. Each level brings more rules.

For example, LOC-1 deals with Language Compliance. The target is zero warnings from static analyzers with all warnings turned on and in pedantic mode. NASA didn’t quite get to that point with MSL, but next mission, Earth Orbiter, reached it.

LOC-2 deals with predictable execution, such as avoiding GOTOs and recursion.

LOC-3 deals with defensive coding, such as making the order of evaluation in compound expressions explicit.

LOC-4 deals with code clarity, such as making only very limited use of the C pre-processor, and forbidding redifinition of macros.

"JPL Institutional Coding Standard for the C Programming Language" (http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf) details each LOC.