http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf

"Walter Bright" <newshound2@digitalmars.com> wrote in message news:m8n4c2$2ovq$1@digitalmars.com...
> http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf

Misra is also a good set of guidelines to follow...

http://www.misra.org.uk/

-=mike=- 

On Friday, 9 January 2015 at 10:37:43 UTC, Mike James wrote:
> "Walter Bright" <newshound2@digitalmars.com> wrote in message news:m8n4c2$2ovq$1@digitalmars.com...
>> http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf
>
> Misra is also a good set of guidelines to follow...
>
> http://www.misra.org.uk/
>
> -=mike=-

The interesting part of those rules is that in the end, C + rules
+ static analyzer ends up being the type of language that the C
designers decided to ignore.

--
Paulo

On Friday, 9 January 2015 at 11:50:04 UTC, Paulo  Pinto wrote:
> On Friday, 9 January 2015 at 10:37:43 UTC, Mike James wrote:
>> "Walter Bright" <newshound2@digitalmars.com> wrote in message news:m8n4c2$2ovq$1@digitalmars.com...

> The interesting part of those rules is that in the end, C + rules
> + static analyzer ends up being the type of language that the C
> designers decided to ignore.

In their defense, not really. The line they usually use is that "C provides freedom". One cannot deny that C provides the freedom to be bent according to the MISRA and JPL standards.

Yes, it is not sane by default. But it gives one the freedom to be sane or to be mad...

On Thursday, 8 January 2015 at 23:37:38 UTC, Walter Bright wrote:
> http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf

from the document (Rule 5):

A typical use of an assertion would be as follows:

if (!c_assert(p >= 0) == true) {
     return ERROR;
}

that is just bad code. IMO I'm not sure if I would trust their
advice.

But the ESA coding manual properly has worse stuff in it, but
this is getting OT way to fast.