| 1 | Restrict to simple control flow constructs. | (details) | |
| 2 | Give all loops a fixed upper-bound. | (details) | |
| 3 | Do not use dynamic memory allocation after initialization. | (details) | |
| 4 | Limit functions to no more than 60 lines of text. | (details) | |
| 5 | Use minimally two assertions per function on average. | (details) | |
| 6 | Declare data objects at the smallest possible level of scope. | (details) | |
| 7 | Check the return value of non-void functions, and check the validity of function parameters. | (details) | |
| 8 | Limit the use of the preprocessor to file inclusion and simple macros. | (details) | |
| 9 | Limit the use of pointers. Use no more than two levels of dereferencing per expression. | (details) | |
| 10 | Compile with all warnings enabled, and use one or more source code analyzers. | (details) |