What Use is a Code Review?

Well, if all the reviewer is looking for is the correct format for variable names and indentation of statements, then no use at all! However, code reviews are an important element of building the evidence to satisfy a safety case so they must be good for something!

Many infrastructure projects last for decades and are required to be maintained for that time. Coding standards are put in place to try to remove personality from the software so that it all has the same look and feel and is hopefully easier to understand and update.  Also coding standards ensure that constructs that are considered unsafe are avoided. Static analysis tools can be configured to check for most of the requirements of a standard and contraventions must be justified to a reviewer if they are to be allowed to stand. These tools can also measure the complexity, and therefore the ‘testability’ of a software component with a limit being placed on the level of complexity being set.

A manual code review is also required and should look to ensure that defensive programming is being used.  For example, that error conditions are captured, logged and handled properly. It can also check any parts of the coding standards not covered by the static analysis tool.

A code walk through will check the correct functioning of the code and its adherence to the design. It can also check the testability of the component and can highlight unreachable code. A review of the component test specification at this stage will ensure maximum test coverage.

These steps may seem a lot of extra work, but time invested in reviews at this level will reduce time component and integration testing later. This was shown in a recent project that we undertook to perform reviews at this level for a system that required a CENELEC 50128 SIL2 safety case. We undertook:

  • Component design reviews
  • Static analysis of component code
  • Component test specifications
  • Walk-throughs of component code

Our client made the changes that our reviews suggested and the component and integration testing proceeded without a hitch.

 

More From The Blog

IR35, Here it Comes Again…

IR35, Here it Comes Again…

IR35, Here it Comes Again...In 2021 the reform to IR35 Off-Payroll rules is to be rolled out to the private sector. As before the reform will only affect companies that do not meet the following attributes: an annual turnover below £10m fewer than 50 employees or a...

Solving the Resource Conundrum

Solving the Resource Conundrum

Solving the Resource ConundrumPicture this. One minute all is fine and dandy, you have access to all the resources you could possibly need, then bam an unexpected challenge arises. Suddenly you find yourself lacking the capacity to meet the new need. What are your...

Quality – An Aid to Produce Consistent Rubbish

Quality – An Aid to Produce Consistent Rubbish

Quality - An Aid to Produce Consistent RubbishAnother year has passed, and myself and a colleague have hosted a BSI auditor for our annual ISO9001/TickITplus check-up, and in fact this was more than the regular check, in that it was our 3-year re-certification audit,...

The Hazards of Legacy Systems

The Hazards of Legacy Systems

The Hazards of Legacy SystemsBeing the owner of a software system with a dedicated customer base sounds like the kind of position one would like to find themselves in. At least until it gets superseded and you have to face dealing with a legacy system. Many developers...

How to Test Without Access to The Test Environment

How to Test Without Access to The Test Environment

How to Test Without Access to The Test EnvironmentIn many of our previous articles, we have expressed the importance of achieving a high standard of testing. Potentially blocking this achievement, several factors can come together to affect the quality of your...

The Technical Workshop – How To Make Them Work For You

The Technical Workshop – How To Make Them Work For You

The Technical Workshop - How To Make Them Work For YouAnyone experienced in product design will understand just how valuable a facilitated workshop can be. Bringing together a project's key stakeholders into a single space allows for the exploration of diverse...

Developing Software for Safety Related Systems

Developing Software for Safety Related Systems

Developing Software for Safety Related SystemsSoftware systems should always be both robust and reliable, however the moment you introduce a safety element, this need for reliability increases significantly. The level of safety required is governed by the severity and...

How to Choose an Outsourcing Partner

How to Choose an Outsourcing Partner

How to Choose an Outsourcing PartnerHaving recognised a need to outsource, and worked your way through the initial preparations, you are now in a strong position to seek out a suitable partner. Choosing an outsourcing partner is no trivial affair, so taking the time...