We suggest seven rules as follows:
- Rule #1 : Check all APIs for their failure case.
- Rule #2 : Compile with warnings on (-Wall -Wextra) and eliminate all warnings as far as is possible.
- Rule #3 : Never trust (user) input; validate it.
- Rule #4 : Use assertions in your code.
- Rule #5 : Eliminate unused (or dead) code from the codebase immediately.
- Rule #6 : Test thoroughly; 100% code coverage is the objective. Take the time and trouble to learn to use powerful tools: memory checkers (Valgrind, the sanitizer toolset), static and dynamic analyzers, security checkers (checksec), fuzzers (see the following explanation).
- Rule #7 : Do not assume anything (assume makes an ass out of u and me).
Here are some examples ...