What Use a Code Review?

Well, if all the reviewer is looking for is the correct format for variable names and indentation of statements, then no use at all! However, code reviews are an important element of building the evidence to satisfy a safety case so they must be good for something!

Many infrastructure projects last for decades and are required to be maintained for that time. Coding standards are put in place to try to remove personality from the software so that it all has the same look and feel and is hopefully easier to understand and update.  Also coding standards ensure that constructs that are considered unsafe are avoided. Static analysis tools can be configured to check for most of the requirements of a standard and contraventions must be justified to a reviewer if they are to be allowed to stand. These tools can also measure the complexity, and therefore the ‘testability’ of a software component with a limit being placed on the level of complexity being set.

A manual code review is also required and should look to ensure that defensive programming is being used.  For example, that error conditions are captured, logged and handled properly. It can also check any parts of the coding standards not covered by the static analysis tool.

A code walk through will check the correct functioning of the code and its adherence to the design. It can also check the testability of the component and can highlight unreachable code. A review of the component test specification at this stage will ensure maximum test coverage.

These steps may seem a lot of extra work, but time invested in reviews at this level will reduce time component and integration testing later. This was shown in a recent project that we undertook to perform reviews at this level for a system that required a CENELEC 50128 SIL2 safety case. We undertook:

  • Component design reviews
  • Static analysis of component code
  • Component test specifications
  • Walk-throughs of component code

Our client made the changes that our reviews suggested and the component and integration testing proceeded without a hitch.