We suggest seven rules as follows:
- Rule #1 : Check all APIs for their failure case.
- Rule #2 : Compile with warnings on (-Wall -Wextra) and eliminate all warnings as far as is possible.
- Rule #3 : Never trust (user) input; validate it.
- Rule #4 : Use assertions in your code.
- Rule #5 : Eliminate unused (or dead) code from the codebase immediately.
- Rule #6 : Test thoroughly; 100% code coverage is the objective. Take the time and trouble to learn to use powerful tools: memory checkers (Valgrind, the sanitizer toolset), static and dynamic analyzers, security checkers (checksec), fuzzers (see the following explanation).
- Rule #7 : Do not assume anything (assume makes an ass out of u and me).
Here are some examples of how serious failures can result from not following the rules: An Ariane 5 unmanned rocket crashed early in its launch (June 4, 1996); the bug was ultimately traced to a register overflow issue, a single type casting error (rule #5). The Knight Capital Group lost $460 million in 45 minutes. Don’t assume the size of a page. Use the getpagesize(2) system call or the sysconf(3) to obtain it. Further along these lines, see the blog article entitled Low-Level Software Design (there are links to these in the Further reading section on GitHub repository).