Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Study notes importance of manual, automated code checking

Posted: 02 Sep 2011 ?? ?Print Version ?Bookmark and Share

Keywords:code inspection? automated tools? coding standards?

PRQA, a static analysis tool provider, has released a study highlighting the efficiency of automated tools over engineers in identifying violations in coding standards. This, however, does not underscore the importance of the skills of an engineer, which can be more efficiently allocated in identifying more subjective issues that may come from automated code inspection.

The study is based on the results of PRQA's Developers' Challenge, held at the Embedded Systems Conference in Silicon Valley earlier this year, which targeted engineers with a "genuine interest in writing high quality code."

While its primary objective is to unashamedly demonstrate the value of automated code inspection and review, it highlighted the significant gap between engineers' ability to (rapidly) identify coding violations in a sample of C/C++ source code provided, which compiled with only a few warnings, yet contravened a number of recognized coding standards.

The inability of compilers to do a good job of reviewing code isn't news, neither is the fact that software can check software quicker than wetware, but the follow-on conclusion is that engineers are still needed to apply discretion to the results. In the challenge, 50 engineers of varying ability spent around 30 minutes (although one particularly diligent participant returned the sample the following day) to identify between none and 33 issues contained within the code.

The automated tool took considerably less time to identify 120. However, once the less subjective issues were identified and addressed (by engineers) there remained a number of violations that could only be assessed in context; something that even PRQA admits isn't possible using an automated approach.

In PRQA's defense, the intention isn't to replace code reviews but to expedite them. It's only fair to point out too that the static analysis tool was configured to mimic the compiler's own settings, as well as modifying the coding standards against which it was analyzed. This was intended to exclude violations that were perhaps not relevant to the code's level of completion, as well as avoiding compiler-centric issues that would otherwise be omitted.

Software beats wetware
This resulted in the 120 "real world" issues; four times as many as the best effort returned by an engineer. PRQA argues, therefore, that the results were relevant, identifiable and posed a real risk to the quality of the code. Once these major issues were addressed, the code was re-assessed, this time returning 44 violations. At this point, PRQA proposes that the code is still not ready for a full (and costly) code review, because many of the remaining issues can be addressed more cost-effectively using automated code inspection.

1???2?Next Page?Last Page

Article Comments - Study notes importance of manual, au...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top