See edit history of this section
Post feedback on this section
- 1. The Requirement
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
- 7. Software Assurance
1. Requirements
4.4.3 The project manager shall select, define, and adhere to software coding methods, standards, and criteria.
1.1 Notes
NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.
1.2 History
1.3 Applicability Across Classes
Class A B C D E F Applicable?
Key: - Applicable | - Not Applicable
2. Rationale
To ensure safety, security, reliability, quality, maintainability, readability, and testability of the NASA code products.
3. Guidance
NASA programs and projects have multi-year life cycle times. Often the software personnel who develop the original software work products move on to other projects. These developers are then backfilled on the team by other developers for the remainder of the development, operations, maintenance, and disposal phases of the life cycle. This personnel turnover process may occur several times during the project's life cycle. The use of uniform software coding methods, standards, and/or criteria ensures uniform coding practices, reduces errors through safe language subsets, and improves code readability. Verification that these practices have been adhered to reduces the risk of software malfunction for the project during its operations and maintenance phases.
See also SWE-060 - Coding Software,
There are five key benefits of using coding standards:
- Understanding, maintainability, and readability of the code.
- Consistent code quality — no matter who writes the code.
- Software security from the start.
- Reduced development costs.
- Testability of the code.
Coding standards help prevent or reduce unsafe coding practices such as defect-prone coding styles, security issues from specific coding sequences, and numerous coding errors, mistakes, and misunderstandings.
"Coding standards are the ‘materials and manufacturing standards’ for implemented software...
Human-rated certification and mission-critical software both require applying a recognized coding standard, one that is supported by automated analysis tools, for all software required to be certified for human spaceflight and mission-critical applications. Manual verification is all but impossible.
The reduction in effort by simply adhering to a coding standard that can be tested through automation is the one certification process that truly has no other efficient verification method. ... As security becomes an issue, security coding standards should also be applied.”
476
3.1 General Coding Standard Guidance
Planning for the adoption and use of coding standards at the beginning of a software development activity sets the right tone and approach for the development team.
Software coding standards are classified by language, usage, and severity levels.
To assist you in fulfilling this requirement, interpret the text in section 1 as "software coding methods," "software coding standards," and "software coding criteria." Also, interpret the terms "methods" and "criteria" as indicative of the software developer's style.
Correlations between bugs and coding practices resulted in rules that helped prevent coding errors from occurring. These activities resulted in recommendations to develop and use coding standards.
In a team environment or group collaboration, the use of coding standards ensures uniform coding practices and reduces oversight errors and the time spent in code reviews. When NASA software development work is outsourced to a supplier (see 7.03 - Acquisition Guidance), having a set of coding standards in place helps ensure that the code meets quality requirements mandated by NASA in the NASA Software Assurance Standard, NASA STD 8739.8.
A coding standard document may be written as a general document that is independent of any project. Project-specific needs are then added as amendments to the document. Note that there is an important difference between a coding style and a coding standard. A coding style specifies how you indent lines or employ tabs and spaces to make the code easier to read by the software development team. A coding standard, which often includes a coding style, goes beyond just how to name a variable. It tells you how that variable is to be treated and when it is to be used (and not used).
See also PAT-022 - Programming Practices Checklist,
3.2 How Coding Standards are Classified
Software coding standards are classified by language, usage, and severity levels. Industry experts determine Language-specific rules and best coding practices in that particular language.
Coding standards should address (for all the languages used):
- Code structure (includes overall project layout (files, and so on), classes, resources, and other source file types).
- Error handling (describes how objects handle errors, reporting, and logging).
- Module size (should be limited).
- Library routines, especially the following:
- Operating system routines.
- Commercial library routines (e.g., numerical analysis).
- Project-specific utility routines.
- Constants and data types (rules for defining).
- Global data use.
- Compiler-specific features are not in the language standard.
The following items may be an integral part of the coding standard to the extent their implementation affects the execution of the software. Otherwise, they are part of the coding style.
- Formatting: Includes the use of white space, indentation, and length of statement lines in code. Some standards might include, for example, common editor setup and handling for tabs versus spaces for indentation.
- Naming conventions: Specifies how developers name their methods, classes, variables, events, and parameters.
- Comments: An English description in the code that explains the logic of the code. (Quality code is usually self-documenting by default.) The use of quality commenting gives quality code better maintainability and easier understandability.
3.3 Adherence and Verification
“Code should be checked against the standards with the help of state-of-the-art static source code analyzers. ... Flight code should be checked nightly for compliance with a coding standard and subjected to rigorous analysis with state-of-the-art (static source code analysis tools). The warnings generated by each of these tools are combined with the output of mission-specific checkers that secure compliance with naming conventions, coding style, etc. Also, all warnings, if any (there should be none), from the standard C compiler, used in pedantic mode with all warnings enabled, should be provided to the software developers... (who) are required to close out all reports before a formal code review is initiated. In peer code reviews, an additional source of input is provided by designated peer code reviewers... Separately, key parts of the software design can also be checked for correctness and compliance with higher-level design requirements with the help of logic model checkers.” 477
Assuring the developed software's adherence to the coding standards provides the greatest benefit when followed from software development inception to completion. Coding standards are selected at the start of the software development effort. Verification activities of the software work products include reviews, such as peer reviews and inspections (see SWE-087 - Software Peer Reviews and Inspections for Requirements, Plans, Design, Code, and Test Procedures), and assessments of how the coding standards are used to develop the software work products. See also Topic 7.10 - Peer Review and Inspections Including Checklists.
Automated tools for assessing adherence to standards at appropriate reviews, or even on a batch mode run overnight, will assist the project team in adherence and verification.
Training should be provided for the software development team to use the logic model checkers for the analysis and verification of flight software.
3.4 MISRA and CERT-C Coding Standards
“The CERT C Secure Coding Standard is composed of 89 rules and 132 recommendations for producing secure code. It is recommended that compliance with a standard like CERT C be performed by a static analyzer, depending on program size and complexity. A source code static analysis tool meeting ISO/IEC TS 17961 conformance is recommended.
The following quote from the author of the second edition of the CERT C Coding Standard describes what static analysis for conformance can imply.
While the application of these rules and recommendations does not guarantee the security of a software system, it does tell you ...that the software was developed to a set of industry-standard rules and recommendations developed by the leading experts in the field. ... that ...time and effort went into producing code that is free from the common coding errors that have resulted in numerous vulnerabilities ...over the past two decades ... that the software developers who produced the code have done so with a real knowledge of the types of vulnerabilities that can exist and the exploits that can be used against them, and consequently have developed the software with a real security mindset.”
476
Two example coding standards to improve safety, reliability, and security in software systems are MISRA, and CERT C. MISRA C has become the de facto standard for embedded C programming in safety-related industries and is also used to improve software quality even where safety is not the main consideration.
See also SWE-023 - Software Safety-Critical Requirements, SWE-157 - Protect Against Unauthorized Access, SWE-185 - Secure Coding Standards Verification,
3.5 How to Interpret the "and/or" Phrase in the Requirements Statement
The "and/or" in the text of the requirement statement is meant for flexibility in tailoring the requirement to the project's needs. Inappropriate (e.g., less "critical") settings, a subset of ”methods, standards, criteria” would be sufficient and compliant. For human-rated applications, the project would want to cover methods, standards, and criteria (e.g., the use of the Klocwork® Insight tool as part of the method,)
MISRA C (a software development standard for the C programming language developed by MISRA (Motor Industry Software Reliability Association)
as part of the standards, avoidance of the project's restricted language constructs as criteria, etc.).
NASA-specific coding standards information and resources are available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
3.6 Checklists Relevant To Languages
The checklists below contain specific checks and things to be aware of in certain languages:
- 6.5 - Checklist for C Programming Practices
- 6.6 - Checklist for C++ Programming Practices
- 6.7 - Checklist for Ada Programming Practices
- 6.8 - Checklist for Fortran Programming Practices
- 6.9 - Checklist for Generic (Non-Language-Specific) Programming Practices
- 6.10 - Checklist for General Good Programming Practices
- 6.11 - Examples of Programming Practices for Exception Handling
3.7 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook:
3.8 Center Process Asset Libraries
SPAN - Software Processes Across NASA
SPAN contains links to Center managed Process Asset Libraries. Consult these Process Asset Libraries (PALs) for Center-specific guidance including processes, forms, checklists, training, and templates related to Software Development. See SPAN in the Software Engineering Community of NEN. Available to NASA only. https://nen.nasa.gov/web/software/wiki 197
See the following link(s) in SPAN for process assets from contributing Centers (NASA Only).
SPAN Links |
---|
4. Small Projects
Smaller projects may consider using previously developed/tailored coding methods, standards, and guidelines rather than developing their own. These standard applications may be available in the software Process Asset Library (PAL) of other Centers, if not available at the performing Center.
5. Resources
5.1 References
- (SWEREF-006) Twine, J.R. (2003).
- (SWEREF-007) WBS Checklist Tool, NASA Goddard Space Flight Center (GSFC), 2007. This NASA-specific information and resource is available in Software Processes Across NASA (SPAN), accessible to NASA users from the SPAN tab in this Handbook.
- (SWEREF-077) ESA PSS-05-05, Issue 1, Revision 1, ESA Board for Software Standardisation and Control, 1995. The PSS family of standards was the ESA internal set of standards which was replaced by ECSS. It inluded a software engineering standard and a set of guides. This page contains the cited resource as well as others in the collection.
- (SWEREF-161) MSDN Library, 2003. Accessed May 23, 2011 from http://msdn.microsoft.com/en-us/library/aa291591%28v=vs.71%29.aspx. Checked 6/10/2019, document retired and no longer available, need to find suitable replacement
- (SWEREF-162) Milan Malkani, 2011. Accessed May 20, 2011 at http://ezinearticles.com/6122965.
- (SWEREF-197) Software Processes Across NASA (SPAN) web site in NEN SPAN is a compendium of Processes, Procedures, Job Aids, Examples and other recommended best practices.
- (SWEREF-199) MISRA Consortium, ISBN 0 9524156 2 3 (paperback), ISBN 0 9524156 4 X (PDF), October 2004.
- (SWEREF-278) NASA-STD-8739.8B , NASA TECHNICAL STANDARD, Approved 2022-09-08 Superseding "NASA-STD-8739.8A,
- (SWEREF-326) Software Coding Standards Parasoft®. This document is not available but other development resources may be found at http://www.parasoft.com
- (SWEREF-476) Michael Aguilar, NASA Engineering and Safety Center, October 21, 2014.
- (SWEREF-477) Klaus Havelund and Gerard J. Holzmann Laboratory for Reliable Software (LaRS) Jet Propulsion Laboratory, California Institute of Technology 4800 Oak Grove Drive, Pasadena, California, 91109-8099.
- (SWEREF-510) Public Lessons Learned Entry: 590.
- (SWEREF-526) Public Lessons Learned Entry: 838.
- (SWEREF-563) Public Lessons Learned Number: 24503, Lesson Date 2018-08-23, Submitting Organization: NESC,
5.2 Tools
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.
6. Lessons Learned
6.1 NASA Lessons Learned
The NASA Lessons Learned database contains the following lessons learned related to coding standards:
- Software Design for Maintainability. Lesson Number 0838 526: NASA has long recognized that software maintenance is a large cost driver in its software systems. Early planning for maintenance, which includes appropriate and consistent coding standards, coding styles, and software configuration management systems, helps hold down software maintenance costs over the software life cycle. The lessons learned citation given below provides additional information on this topic of coding standards.
- Mars Pathfinder Flight Software Development Process (1997). Lesson Number 0590 510: The software developer should also recognize that there is a benefit to using coding standards dedicated to the project at hand. As this set of lessons learned from the Mars Pathfinder project shows, even though the coding standards and styles were tailored for the project, maintaining the set of derived coding standards for future upgrades and improvements will assure cost control.
The reader of these lessons learned can also indicate that the use of tailored coding standards for a new project raises the potential for error if extensive reuse of software work products is anticipated.
- Static Software Analysis of the NASA Autonomous Flight Termination Software Lesson Number 24503 563:
- Software development teams should specify specific coding standards to be applied to the software development for both ground utilities and flight software.
- Software development teams should configure the static analysis tool to best match the specified coding standard. Matching the coding standard and the static analysis tool capability leverages the tool as a verification asset.
- Software development teams should define how the reported issues are to be reviewed, and what defines an issue that should be corrected.
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.
7. Software Assurance
7.1 Tasking for Software Assurance
1. Assure the project manager selected and/or defined software coding methods, standards, and criteria.
7.2 Software Assurance Products
- Static analysis of the source code to a coding standard
The SA independent analysis of the software code to the software coding standard, including any risk or issues.
Objective Evidence
- Coding standard (Secure coding standard)
- Results of static code analysis showing compliance with the project's coding standard
7.3 Metrics
- # of coding standard violations identified (Open, Closed, type of violation, Severity)
- # of software process Non-Conformances by life cycle phase over time
See also Topic 8.18 - SA Suggested Metrics
7.4 Guidance
Task 1: Review the project software development/management plan to learn what kind of software coding standards, methods, rules, and principles are used for the project. The coding standards could include any project-defined standards that dictate the safe use of code, secure coding standards, reliability coding standards, etc. They may also include a set of “principles” or best practices that have been collected for particular software applications, such as principles for developing flight software. These coding standards and principles are reviewed by software assurance during the development and selection of the project processes, as per SWE-013 - Software Plans. After becoming familiar with these standards, practices, and principles, analyze the software code using the static analyzers' results to help determine whether these standards, methods, and principles are being used consistently. Any risks or issues should be brought up with project management.
Task 2: Software assurance will perform independent static code analysis on the coding standard practices, methods rules, and principles. They should review the results of the static code analysis runs to determine whether the project's coding standards, etc., are being followed. Results should be reported to the project management at the end of the analysis. Information on code standard usage, static code analysis tools, their effectiveness, and the developers’ responses to the results should also be shared with the project management.
7.5 Additional Guidance
Additional guidance related to this requirement may be found in the following materials in this Handbook: