Professional Documents
Culture Documents
Z17490000220154009ISYS6338 - Week 10 Review
Z17490000220154009ISYS6338 - Week 10 Review
3. Individual preparation
for each work product;
reading the document
and noting problems
• That said, make sure you have some rules about what it
means for something to be ready for review.
• For each data item and operations on data items, Marick says
we should ask the following questions:
– Are all strings NULL terminated? If we have shortened or lengthened a
string, or processed it in any way, did the final byte get changed?
– Did we check every assignment to a buffer for length?
– When using bitfields, are our manipulations (shifts, rotates, etc.) going to
be portable to other architectures and endian schemes?
– Does every sizeof() function call actually go to the object we meant it to?
Marick’s Code Review
Checklist (Cont.)
• For every allocation, deallocation, and reallocation of memory,
Marick says we should ask the following questions:
– Is the amount of memory sufficient to the purpose without being
wasteful?
– How will the memory be initialized?
– Are all fields being initialized correctly if it is a complex data structure?
– Is the memory freed correctly after use?
– Do we ever have side effects from static storage in functions or methods?
– After reallocating memory, do we still have any pointers to the old
memory
– location?
– Is there any chance that the memory might be freed multiple times?
– After deallocation, are there still pointers to the memory?
– Are we mistakenly freeing data we don’t mean to?
– Is it possible that the pointer we are using to free the memory is already
NULL?
Marick’s Code Review
Checklist (Cont.)
• For all operations on files, Marick says we should ask the
following questions:
– Do we have a way of ensuring that each temp file we create is unique?
– Is it possible to reuse a file pointer while it is pointing to an open file?
– Do we recover each file handle when we are done with it?
– Do we close each file explicitly when we are done with it?
(i) testing policies with an emphasis on defect detection and quality, and measurements for controlling and monitoring;
(ii) a test organization with staff devoted to defect detection and quality issues;
(iii) policies and standards that define requirements, design, test plan, and other documents;
(iv) organizational culture with a focus on quality products and quality processes.
Review-related Policies
(Cont.)
• Review policies should specify when reviews should take
place, what is to be reviewed, types of reviews that will take
place, who is responsible, what training is required and what
the review deliverables are.
• Review procedures should define the steps and phases for
each type of review.
• Policies should ensure that each project has an associated
project plan, test plan, configuration management plan, and a
review plan, and/or a software quality assurance plan.
• Project plans and the review plans should ensure that
adequate time and resources are available for reviews and
that cycle time is set aside for reviews.
• Managers need to follow-up and enforce the stated policies.
Only strong managerial commitment will lead to a successful
review program.
Components of Review Plans
Review Plan Components
• The first column lists all the defect types or potential problem
areas that may occur in the item under review. Sources for
these defect types are usually data from past projects.
Abbreviations for detect/ problem types can be developed to
simplify the checklist forms. Status refers to coverage during
the review meeting—has the item been discussed? If so, a
check mark is placed in the column.
Example Components for an
Inspection Checklist (Cont.)
• Major or minor are the two severity or impact levels shown
here. Each organization needs to decide on the severity levels
that work for them. Using this simple severity scale, a defect
or problem that is classified as major has a large impact on
product quality; it can cause failure or deviation from
specification. A minor problem has a small impact on these; in
general, it would affect a nonfunctional aspect of the software.
The letters M, I, and S indicate whether a checklist item is
missing (M), incorrect (I), or superfluous (S).
General Review Checklist
Source: Burnstein
(2003, pg. 333)
Reporting Review Results
Review Reports