Power of Ten Checks

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

"Power of Ten" Checks

The categories list for each CodeSonar warning includes any relevant Power of Ten rule numbers.

A broader set of correspondences is shown in Broad Mapping: Power of Ten .

CSV tables of warning classes by Power of Ten rule are provided in POW10-mapping.csv.

The Power of Ten Rules
Relevant Warning Classes
Enabling Power of Ten Checks

The Power of Ten Rules

"The Power of Ten" refers to a set of ten rules developed by Gerard Holzmann of the NASA Jet Propulsion Laboratory for use in writing safety-critical software. The rules are simple, but they specify strict limits on the forms code can take. These limits support code clarity and analyzability, which are especially important for safety-critical applications.

The rules and rationales are described in a 2006 paper:

Gerard J. Holzmann, "The Power of 10: Rules for Developing Safety-Critical Code," Computer, 39(6), pp. 95-97, June 2006

See the Power of Ten website for more information.

Relevant Warning Classes

The following table shows the CodeSonar warning classes that are associated with Power of Ten rules. The tenth rule, POW10:10, is associated with some checks and also requires the use of a static analysis tool such as CodeSonar.

POW10	C/C++ Warning Classes
POW10:1 Restrict to simple control flow constructs.	Goto Statement Initialization Cycle Recursion Unordered Initialization Use of <setjmp.h> Use of longjmp Use of setjmp
POW10:2 Give all loops a fixed upper-bound.	Potential Unbounded Loop
POW10:3 Do not use dynamic memory allocation after initialization.	Dynamic Allocation After Initialization Use of <stdlib.h> Allocator/Deallocator Use of <stdlib.h> Allocator/Deallocator Macro
POW10:4 Limit functions to no more than 60 lines of text.	Function Too Long
POW10:5 Use minimally two assertions per function on average.	Not Enough Assertions
POW10:6 Declare data objects at the smallest possible level of scope.	Scope Could Be File Static Scope Could Be Local Static
POW10:7 Check the return value of non-void functions, and check the validity of function parameters.	Ignored Return Value Unchecked Parameter Dereference
POW10:8 Limit the use of the preprocessor to file inclusion and simple macros.	## Follows # Operator Conditional Compilation Macro Argument is both Mixed and Expanded Macro Does Not End With } or ) Macro Does Not Start With { or ( Macro Name is C Keyword Macro Uses # Operator Macro Uses ## Operator Non-Boolean Preprocessor Expression Preprocessing Directives in Macro Argument Recursive Macro Unbalanced Parenthesis Use of #elif Use of #elifdef Use of #elifndef Use of #else Use of #error Use of #if Use of #ifdef Use of #import Use of #include_next Use of #line Use of #pragma Use of #using Use of #warning Use of <stdio.h> Input/Output Macro Use of <wchar.h> Input/Output Macro Variadic Macro
POW10:9 Limit the use of pointers. Use no more than two levels of dereferencing per expression.	Function Pointer Macro Uses -> Operator Macro Uses Unary * Operator Macro Uses [] Operator Pointer Type Inside Typedef Too Many Dereferences
POW10:10 Compile with all warnings enabled, and use one or more source code analyzers.	Not All Warnings Are Enabled Warnings Not Treated As Errors

Enabling Power of Ten Checks

Because the rules are extremely strict, most of the associated checks are disabled by default.

CodeSonar ships with a taxonomy preset for Power of Ten checks:

pow10

Enables warning classes such that a given class C is enabled if all of the following are true.

C is closely mapped to one or more Power of Ten rules (that is, it appears in the table above), and
no other classes enabled by the preset are more closely related to the same rules, and
C is not diagnostic-only (that is, it does not have a DIAG.* mnemonic).

You can apply the pow10 preset to the CodeSonar build/analysis as shown in the following table.

Command Line	Specify -preset pow10 as part of your build/analysis command. For example: codesonar analyze MyProj -preset pow10 localhost:7340 make
Define as a default preset	Copy pow10.conf from $CSONAR/codesonar/presets/ to $CSONAR/codesonar/default_presets/. OR Use the CodeSonar Configuration Tool Modify Analysis Settings option.
Windows Build Wizard	Select pow10 from the Preset list on screen 2.
Eclipse Plug-In	Select pow10 from the Presets list in the Properties dialog.
Visual Studio Plug-In	Select pow10 from the Presets list in the Project Properties dialog.

Enabling checks for specific Power of Ten rules

To enable checks for all the warning classes associated with a specific Power of Ten rule, include the following in the project configuration file:

WARNING_FILTER += allow categories:"POW10:num"

num is the Power of Ten rule number.
To enable checks for several rule numbers, include several lines of this form.
If you are enabling the Pointer Type Inside Typedef check, include RETAIN_UNNORMALIZED_C_AST = yes as well.

Enabling individual warning classes

To enable a single warning class check, follow the instructions in the documentation for the corresponding warning class. Warning class documentation links are provided above.