Organizations / JSF (Lockheed Martin)
JSF (Lockheed Martin)
JSF Air Vehicle C++ Coding Standards — F-35 program (Lockheed Martin) · www.stroustrup.com/JSF-AV-rules.pdf
The JSF Air Vehicle C++ Coding Standards ("JSF++") were developed for the Lockheed Martin F-35 Joint Strike Fighter, with input from Bjarne Stroustrup. Like MISRA they are a safety-critical C++ standard, but with a distinctive three-tier rule scheme (Shall / Will / Should) and a tiered deviation-approval process — the basis for the pack below.
How the publications map to ponens policies
JSF++ is a C++ coding standard whose 221 numbered rules are checked by static analysis — so, as with MISRA, ponens does not re-encode the rules. What it governs is JSF++'s distinctive compliance process: its three rule categories (Shall = mandatory and verified, Will = mandatory without verification, Should = advisory) and its tiered deviation-approval chain (AV Rules 4-7). Each becomes a policy over a coding/CI trace — breaking a 'should' needs engineering-lead approval, breaking a 'shall' or 'will' needs the engineering lead AND the product manager, and every 'shall' deviation must be documented in the file that contains it.
The standard also carries explicit safety-critical obligations that map cleanly to per-trace policies: provision for run-time checking (AV Rule 15), use of only DO-178B Level A certifiable libraries for safety-critical code (AV Rule 16 — a direct link to the DO-178C pack), and the prohibition on dead code not traceable to a requirement. Running the pack with ponens trace check aggregates to Green / Amber / Red: an undeviated shall/will violation, a single-approved shall deviation, uncertified safety-critical libraries, or dead code is Red; should-rule deviations and records are Amber.
JSF Air Vehicle C++
The JSF++ (F-35) C++ compliance process — Shall/Will/Should categories, tiered deviation approval, verification, and safety-critical library/run-time obligations — as computable policies.
Maps the JSF Air Vehicle C++ Coding Standards' compliance process onto ponens policies. The 221 coding rules are enforced by static analysis; this pack checks the process around them — the Shall/Will/Should deviation-approval chain (engineering lead for should; lead + product manager for shall/will; shall deviations documented in-file), shall-rule verification, run-time checking, certified libraries, and no dead code.
Source: JSF Air Vehicle C++ Coding Standards (Lockheed Martin, Rev C, 2005).
Deviation Approval (AV 4-7) 3
jsf_shall_deviation_documented error JSF++: Shall Deviation Documented In File
Each deviation from a 'shall' rule is documented in the file that contains the deviation.
G(shall_deviation → documented_in_file)jsf_shall_will_deviation_dual_approved error JSF++: Shall/Will Deviation Dual-Approved
Breaking a 'shall' or 'will' (mandatory) rule is approved by BOTH the software engineering lead and the software product manager.
G((shall_deviation ∨ will_deviation) → eng_lead_approved ∧ product_manager_approved)jsf_should_deviation_approved warning JSF++: Should-Rule Deviation Approved
Breaking a 'should' (advisory) rule is approved by the software engineering lead.
G(should_deviation → eng_lead_approved)Shall / Will / Should 3
jsf_shall_violation_deviated error JSF++: Shall Violation Has Deviation
Any violation of a 'shall' rule is covered by an approved deviation.
G(shall_violation → P(deviation_approved))jsf_should_violation_recorded warning JSF++: Should Violation Recorded
Departures from 'should' (advisory) rules are recorded.
G(should_violation → recorded)jsf_will_violation_deviated error JSF++: Will Violation Has Deviation
Any violation of a 'will' rule is covered by an approved deviation.
G(will_violation → P(deviation_approved))Verification & Enforcement 2
jsf_shall_rules_verified error JSF++: Shall Rules Verified
Compliance with 'shall' rules is verified (automatically or manually) before code is committed.
G(GitCommit → P(shall_verified))jsf_static_analysis_before_commit error JSF++: Static Analysis Before Commit
Source is checked against the JSF++ ruleset by static analysis before it is committed.
G(GitCommit → P(StaticAnalysis ∧ jsf_ruleset))Safety-Critical (SEAL 1) 3
jsf_certified_libraries_only error JSF++: Certified Libraries Only
Only DO-178B Level A certifiable (SEAL 1) C/C++ libraries are used with safety-critical code.
G(safety_critical ∧ library_use → certified_library)jsf_no_dead_code error JSF++: No Dead Code
Dead code — executable code or data not traceable to a system or software requirement — is not present.
G(¬dead_code)jsf_runtime_checking_provided error JSF++: Run-Time Checking Provided
Safety-critical (SEAL 1/2) software makes provision for run-time checking (defensive programming).
G(safety_critical → runtime_checking)