safety-critical-patterns

# Safety-Critical Coding Patterns Guidelines adapted from NASA's Power of 10 rules for safety-critical software. ## When to Apply **Full rigor**: Safety-critical systems, financial transactions, data integrity code **Selective application**: Business logic, API handlers, core algorithms **Light touch**: Scripts, prototypes, non-critical utilities > "Match rigor to consequence" - The real engineering principle ## The 10 Rules (Adapted) ### 1. Restrict Control Flow Avoid `goto`, `setjmp/longjmp`, and **limit recursion**. **Why**: Ensures acyclic call graphs that tools can verify. **Adaptation**: Recursion acceptable with provable termination (tail recursion, bounded depth). ### 2. Fixed Loop Bounds All loops should have verifiable upper bounds. ```python # Good - bound is clear for i in range(min(len(items), MAX_ITEMS)): process(item) # Risky - unbounded while not_done: # When does this end? process_next() ``` **Adaptation**: Document expected bounds; add safety limits on potentially unbounded loops. ### 3. No Dynamic Memory After Initialization Avoid heap allocation in critical paths after startup. **Why**: Prevents allocation failures at runtime. **Adaptation**: Pre-allocate pools; use object reuse patterns in hot paths. ### 4. Function Length ~60 Lines Functions should fit on one screen/page. **Why**: Cognitive limits on comprehension remain valid. **Adaptation**: Flexible for declarative code; strict for complex logic. ### 5. Assertion Density Inclu...