This section considers the guidelines for creating safe software discussed by SoHaR [SoH95], in the context of the C++ programming language. The SoHaR report provides general programming guidelines for the assessment of software used in safety systems. It then considers these guidelines in the context of several programming languages (including C++); however, SoHaR's discussion treats C and C++ together, and was written with a strong C bias. There is a need for a true C++ assessment.
This paper partitions the SoHaR guidelines into three groups:
The first column of the following table indicates the group for each guideline. A further discussion of those guidelines in the general and specific categories appears after the table. Discussion of outside guidelines can be found in [SoH95].
| Group | Number | Guideline |
| Group | Number | Guideline |
| 1 | Reliability | |
| 1.1 | Predictability of Memory Utilization | |
| Specific | 1.1.1 | Minimizing Dynamic Memory Allocation |
| Outside | 1.1.2 | Minimizing Memory Paging and Swapping |
| 1.2 | Predictability of Control Flow | |
| Specific | 1.2.1 | Maximizing Structure |
| Specific | 1.2.2 | Minimizing Control Flow Complexity |
| Specific | 1.2.3 | Initialization of Variables before Use |
| Specific | 1.2.4 | Single Entry and Exit Points in Subprograms |
| Specific | 1.2.5 | Minimizing Interface Ambiguities |
| Specific | 1.2.6 | Use of Data Typing |
| General | 1.2.7 | Precision and Accuracy |
| Specific | 1.2.8 | Use of Parentheses rather than Default Order of Precedence |
| Specific | 1.2.9 | Separating Assignment from Evaluation |
| Outside | 1.2.10 | Proper Handling of Program Instrumentation |
| General | 1.2.11 | Control of Class Library Size |
| General | 1.2.12 | Minimizing Dynamic Binding |
| General | 1.2.13 | Control of Operator Overloading |
| 1.3 | Predictability of Timing | |
| Outside | 1.3.1 | Minimizing the Use of Tasking |
| Outside | 1.3.2 | Minimizing the Use of Interrupt Driven Processing |
| 2 | Robustness | |
| 2.1 | Controlled Use of Software Diversity | |
| General | 2.1.1 | Control of Internal Diversity |
| Outside | 2.1.2 | Control of External Diversity |
| 2.2 | Controlled Use of Exception Handling | |
| Outside | 2.2.1 | Local Handling of Exceptions |
| Outside | 2.2.2 | Preservation of External Control Flow |
| Outside | 2.2.3 | Uniformity of Exception Handling |
| 2.3 | Input and Output Checking | |
| General | 2.3.1 | Input Data Checking |
| General | 2.3.2 | Output Data Checking |
| 3 | Traceability | |
| 3.1 | Use of Built-In Functions | |
| General | 3.1.1 | Controlled Use of Built-in Functions |
| 3.2 | Use of Compiled Libraries | |
| General | 3.2.1 | Controlled Use of Compiled Libraries |
| 4 | Maintainability | |
| 4.1 | Readability | |
| General | 4.1.1 | Conformance to Indentation Guidelines |
| General | 4.1.2 | Descriptive Identifier Names |
| General | 4.1.3 | Comments and Internal Documentation |
| General | 4.1.4 | Limitations on Subprogram Size |
| Outside | 4.1.5 | Minimizing Mixed Language Programming |
| Specific | 4.1.6 | Minimizing Obscure or Subtle Programming Constructs |
| Specific | 4.1.7 | Minimizing Dispersion of Related Elements |
| Specific | 4.1.8 | Minimizing Use of Literals |
| 4.2 | Data Abstraction | |
| Specific | 4.2.1 | Minimizing the Use of Global Variables |
| Specific | 4.2.2 | Minimizing the Complexity of Class and |
| Function Interfaces | ||
| 4.3 | Functional Cohesiveness | |
| General | 4.3.1 | Single Purpose Function and Procedure |
| 4.4 | Malleability | |
| General | 4.4.1 | Isolation of Alterable Functions |
| 4.5 | Portability | |
| General | 4.5.1 | Isolation of Non-Standard Constructs |